Class NoFileSecurityPolicy
java.lang.Object
org.nuxeo.ecm.core.security.AbstractSecurityPolicy
org.nuxeo.ecm.core.storage.sql.security.NoFileSecurityPolicy
- All Implemented Interfaces:
SecurityPolicy
- Direct Known Subclasses:
NoFile2SecurityPolicy
Dummy security policy denying all access to File objects.
- Author:
- Florent Guillaume
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.nuxeo.ecm.core.security.SecurityPolicy
SecurityPolicy.IdentityQueryTransformer, SecurityPolicy.QueryTransformer
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptioncheckPermission
(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals) Checks given permission for doc and principal.getQueryTransformer
(String repositoryName) Get the transformer to use to apply this policy to a query.boolean
isExpressibleInQuery
(String repositoryName) Checks if this policy can be expressed in a query for given repository.boolean
isRestrictingPermission
(String permission) Checks if this policy is restricting the given permission.Methods inherited from class org.nuxeo.ecm.core.security.AbstractSecurityPolicy
getQueryTransformer, isExpressibleInQuery
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.nuxeo.ecm.core.security.SecurityPolicy
getQueryTransformer, isExpressibleInQuery
-
Constructor Details
-
NoFileSecurityPolicy
public NoFileSecurityPolicy()
-
-
Method Details
-
checkPermission
public Access checkPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals) Description copied from interface:SecurityPolicy
Checks given permission for doc and principal.Note that for the
Browse
permission, which is also implemented in SQL usingSecurityPolicy.getQueryTransformer(java.lang.String)
, a security policy must never bypass standard ACL access, it must only return DENY or UNKNOWN. Failing to do this would make direct access and queries behave differently.- Specified by:
checkPermission
in interfaceSecurityPolicy
- Parameters:
doc
- the document to checkmergedAcp
- merged ACP resolved for this documentprincipal
- principal to checkpermission
- permission to checkresolvedPermissions
- permissions or groups of permissions containing permission- Returns:
- access: GRANT, DENY, or UNKNOWN. When UNKNOWN is returned, following policies or default core security are applied.
-
isRestrictingPermission
Description copied from interface:SecurityPolicy
Checks if this policy is restricting the given permission.Queries check the BROWSE permission.
- Specified by:
isRestrictingPermission
in interfaceSecurityPolicy
- Overrides:
isRestrictingPermission
in classAbstractSecurityPolicy
- Parameters:
permission
- the permission to check for- Returns:
true
if the policy restricts the permission
-
isExpressibleInQuery
Description copied from interface:SecurityPolicy
Checks if this policy can be expressed in a query for given repository.If not, then any query made will have to be post-filtered.
- Specified by:
isExpressibleInQuery
in interfaceSecurityPolicy
- Overrides:
isExpressibleInQuery
in classAbstractSecurityPolicy
- Parameters:
repositoryName
- the target repository name.- Returns:
true
if the policy can be expressed in a query
-
getQueryTransformer
Description copied from interface:SecurityPolicy
Get the transformer to use to apply this policy to a query.Called only when
SecurityPolicy.isExpressibleInQuery(String)
returnedtrue
- Specified by:
getQueryTransformer
in interfaceSecurityPolicy
- Overrides:
getQueryTransformer
in classAbstractSecurityPolicy
- Parameters:
repositoryName
- the target repository name.- Returns:
- the transformer
-