Class WOPILockSecurityPolicy

All Implemented Interfaces:
SecurityPolicy

public class WOPILockSecurityPolicy extends LockSecurityPolicy
Security policy to allow collaborative edition with WOPI.

See Co-authoring using Office Online.

Unlike the standard LockSecurityPolicy, even if the document is locked by someone else, the WRITE permission is not blocked if a WOPI lock exists for the document and the request originated from a WOPI client.

This handles the case of multiple users editing a document at the same time in Office Online, which is considered by the Nuxeo WOPI host as a single WOPI client.

Since:
10.3
  • Constructor Details

    • WOPILockSecurityPolicy

      public WOPILockSecurityPolicy()
  • Method Details

    • checkPermission

      public Access checkPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals)
      Description copied from interface: SecurityPolicy
      Checks given permission for doc and principal.

      Note that for the Browse permission, which is also implemented in SQL using SecurityPolicy.getQueryTransformer(java.lang.String), a security policy must never bypass standard ACL access, it must only return DENY or UNKNOWN. Failing to do this would make direct access and queries behave differently.

      Specified by:
      checkPermission in interface SecurityPolicy
      Overrides:
      checkPermission in class LockSecurityPolicy
      Parameters:
      doc - the document to check
      mergedAcp - merged ACP resolved for this document
      principal - principal to check
      permission - permission to check
      resolvedPermissions - permissions or groups of permissions containing permission
      Returns:
      access: GRANT, DENY, or UNKNOWN. When UNKNOWN is returned, following policies or default core security are applied.