Package org.nuxeo.wopi.lock

Class WOPILockSecurityPolicy

java.lang.Object

org.nuxeo.ecm.core.security.AbstractSecurityPolicy

org.nuxeo.ecm.core.security.LockSecurityPolicy

org.nuxeo.wopi.lock.WOPILockSecurityPolicy

All Implemented Interfaces:

SecurityPolicy

public class WOPILockSecurityPolicy
extends LockSecurityPolicy

Security policy to allow collaborative edition with WOPI.

See Co-authoring using Office Online.

Unlike the standard LockSecurityPolicy, even if the document is locked by someone else, the WRITE permission is not blocked if a WOPI lock exists for the document and the request originated from a WOPI client.

This handles the case of multiple users editing a document at the same time in Office Online, which is considered by the Nuxeo WOPI host as a single WOPI client.

Since:

10.3

Nested Class Summary

Nested classes/interfaces inherited from interface org.nuxeo.ecm.core.security.SecurityPolicy

SecurityPolicy.IdentityQueryTransformer, SecurityPolicy.QueryTransformer

Field Summary

Fields inherited from class org.nuxeo.ecm.core.security.LockSecurityPolicy

IGNORE_POLICY

Constructor Summary

Constructors

Constructor	Description
WOPILockSecurityPolicy()

Method Summary

Modifier and Type	Method	Description
Access	checkPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals)	Checks given permission for doc and principal.

Methods inherited from class org.nuxeo.ecm.core.security.LockSecurityPolicy

getQueryTransformer, isExpressibleInQuery, isIgnorePolicy, isRestrictingPermission, setIgnorePolicy

Methods inherited from class org.nuxeo.ecm.core.security.AbstractSecurityPolicy

getQueryTransformer, isExpressibleInQuery

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

WOPILockSecurityPolicy

public WOPILockSecurityPolicy()

Method Details

checkPermission

public Access checkPermission(Document doc,
 ACP mergedAcp,
 NuxeoPrincipal principal,
 String permission,
 String[] resolvedPermissions,
 String[] additionalPrincipals)

Description copied from interface: SecurityPolicy

Checks given permission for doc and principal.

Note that for the Browse permission, which is also implemented in SQL using SecurityPolicy.getQueryTransformer(java.lang.String), a security policy must never bypass standard ACL access, it must only return DENY or UNKNOWN. Failing to do this would make direct access and queries behave differently.

Specified by:

checkPermission in interface SecurityPolicy

Overrides:

checkPermission in class LockSecurityPolicy

Parameters:

doc - the document to check

mergedAcp - merged ACP resolved for this document

principal - principal to check

permission - permission to check

resolvedPermissions - permissions or groups of permissions containing permission

Returns:

access: GRANT, DENY, or UNKNOWN. When UNKNOWN is returned, following policies or default core security are applied.