java.lang.Object

org.nuxeo.ecm.core.security.AbstractSecurityPolicy

org.nuxeo.ecm.core.storage.sql.security.NoFileSecurityPolicy

All Implemented Interfaces:: SecurityPolicy

Direct Known Subclasses:: NoFile2SecurityPolicy

public class NoFileSecurityPolicy extends AbstractSecurityPolicy implements SecurityPolicy

Dummy security policy denying all access to File objects.

Author:: Florent Guillaume

Nested Class Summary

Nested classes/interfaces inherited from interface org.nuxeo.ecm.core.security.SecurityPolicy
SecurityPolicy.IdentityQueryTransformer, SecurityPolicy.QueryTransformer
Constructor Summary

Constructors

Constructor

Description

NoFileSecurityPolicy()
Method Summary

Modifier and Type

Method

Description

Access

checkPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals)

Checks given permission for doc and principal.

SQLQuery.Transformer

getQueryTransformer(String repositoryName)

Get the transformer to use to apply this policy to a query.

boolean

isExpressibleInQuery(String repositoryName)

Checks if this policy can be expressed in a query for given repository.

boolean

isRestrictingPermission(String permission)

Checks if this policy is restricting the given permission.

Methods inherited from class org.nuxeo.ecm.core.security.AbstractSecurityPolicy
getQueryTransformer, isExpressibleInQuery

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.nuxeo.ecm.core.security.SecurityPolicy
getQueryTransformer, isExpressibleInQuery

Constructor Details
- NoFileSecurityPolicy
  
  public NoFileSecurityPolicy()
Method Details
- checkPermission
  
  public Access checkPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals)
  
  Description copied from interface: SecurityPolicy
  
  Checks given permission for doc and principal.
  Note that for the Browse permission, which is also implemented in SQL using SecurityPolicy.getQueryTransformer(java.lang.String), a security policy must never bypass standard ACL access, it must only return DENY or UNKNOWN. Failing to do this would make direct access and queries behave differently.
  
  Specified by:
  
  checkPermission in interface SecurityPolicy
  
  Parameters:
  
  doc - the document to check
  
  mergedAcp - merged ACP resolved for this document
  
  principal - principal to check
  
  permission - permission to check
  
  resolvedPermissions - permissions or groups of permissions containing permission
  
  Returns:
  
  access: GRANT, DENY, or UNKNOWN. When UNKNOWN is returned, following policies or default core security are applied.
- isRestrictingPermission
  
  public boolean isRestrictingPermission(String permission)
  
  Description copied from interface: SecurityPolicy
  
  Checks if this policy is restricting the given permission.
  Queries check the BROWSE permission.
  
  Specified by:
  
  isRestrictingPermission in interface SecurityPolicy
  
  Overrides:
  
  isRestrictingPermission in class AbstractSecurityPolicy
  
  Parameters:
  
  permission - the permission to check for
  
  Returns:
  
  true if the policy restricts the permission
- isExpressibleInQuery
  
  public boolean isExpressibleInQuery(String repositoryName)
  
  Description copied from interface: SecurityPolicy
  
  Checks if this policy can be expressed in a query for given repository.
  If not, then any query made will have to be post-filtered.
  
  Specified by:
  
  isExpressibleInQuery in interface SecurityPolicy
  
  Overrides:
  
  isExpressibleInQuery in class AbstractSecurityPolicy
  
  Parameters:
  
  repositoryName - the target repository name.
  
  Returns:
  
  true if the policy can be expressed in a query
- getQueryTransformer
  
  public SQLQuery.Transformer getQueryTransformer(String repositoryName)
  
  Description copied from interface: SecurityPolicy
  
  Get the transformer to use to apply this policy to a query.
  Called only when SecurityPolicy.isExpressibleInQuery(String) returned true
  
  Specified by:
  
  getQueryTransformer in interface SecurityPolicy
  
  Overrides:
  
  getQueryTransformer in class AbstractSecurityPolicy
  
  Parameters:
  
  repositoryName - the target repository name.
  
  Returns:
  
  the transformer

Class NoFileSecurityPolicy

Nested Class Summary

Nested classes/interfaces inherited from interface org.nuxeo.ecm.core.security.SecurityPolicy

Constructor Summary

Method Summary

Methods inherited from class org.nuxeo.ecm.core.security.AbstractSecurityPolicy

Methods inherited from class java.lang.Object

Methods inherited from interface org.nuxeo.ecm.core.security.SecurityPolicy

Constructor Details

NoFileSecurityPolicy

Method Details

checkPermission

isRestrictingPermission

isExpressibleInQuery

getQueryTransformer