Package org.nuxeo.ecm.core.security
Class SecurityPolicyServiceImpl
java.lang.Object
org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl
- All Implemented Interfaces:
Serializable
,SecurityPolicyService
Security policy service implementation.
Iterates over ordered policies. First policy to give a known access (grant or deny) applies.
- Author:
- Anahide Tchertchian
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionboolean
arePoliciesExpressibleInQuery
(String repositoryName) Checks if the policies can be expressed in a query for a given repository.boolean
arePoliciesRestrictingPermission
(String permission) Checks if any policy restricts the given permission.checkPermission
(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals) Checks given permission for doc and principal.Gets the list of registered security policies.getPoliciesQueryTransformers
(String repositoryName) Get the transformers to apply the policies to a query for given repository.void
registerDescriptor
(SecurityPolicyDescriptor descriptor) void
unregisterDescriptor
(SecurityPolicyDescriptor descriptor)
-
Constructor Details
-
SecurityPolicyServiceImpl
public SecurityPolicyServiceImpl()
-
-
Method Details
-
getPolicies
Description copied from interface:SecurityPolicyService
Gets the list of registered security policies.- Specified by:
getPolicies
in interfaceSecurityPolicyService
- Returns:
- the policies
-
arePoliciesRestrictingPermission
Description copied from interface:SecurityPolicyService
Checks if any policy restricts the given permission.If not, then no post-filtering on policies will be needed for query results.
- Specified by:
arePoliciesRestrictingPermission
in interfaceSecurityPolicyService
- Returns:
true
if a policy restricts the permission
-
arePoliciesExpressibleInQuery
Description copied from interface:SecurityPolicyService
Checks if the policies can be expressed in a query for a given repository.If not, then any query made will have to be post-filtered.
- Specified by:
arePoliciesExpressibleInQuery
in interfaceSecurityPolicyService
- Parameters:
repositoryName
- the target repository name.- Returns:
true
if all policies can be expressed in a query
-
getPoliciesQueryTransformers
Description copied from interface:SecurityPolicyService
Get the transformers to apply the policies to a query for given repository.- Specified by:
getPoliciesQueryTransformers
in interfaceSecurityPolicyService
- Parameters:
repositoryName
- the target repository name.- Returns:
- the transformers.
-
registerDescriptor
- Specified by:
registerDescriptor
in interfaceSecurityPolicyService
-
unregisterDescriptor
- Specified by:
unregisterDescriptor
in interfaceSecurityPolicyService
-
checkPermission
public Access checkPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals) Description copied from interface:SecurityPolicyService
Checks given permission for doc and principal.The security service checks this service for a security access. This access is defined iterating over pluggable policies in a defined order. If access is not specified, security service applies its default policy.
- Specified by:
checkPermission
in interfaceSecurityPolicyService
- Parameters:
doc
- the document to checkmergedAcp
- merged acp resolved for this documentprincipal
- principal to checkpermission
- permission to checkresolvedPermissions
- permissions or groups of permissions containing permissionadditionalPrincipals
- principals (groups) to check for principal- Returns:
- access: true, false, or nothing. When nothing is returned, following policies or default core security are applied.
-