public interface SecurityPolicy
Modifier and Type | Method and Description |
---|---|
Access |
checkPermission(Document doc,
ACP mergedAcp,
Principal principal,
String permission,
String[] resolvedPermissions,
String[] additionalPrincipals)
Checks given permission for doc and principal.
|
SQLQuery.Transformer |
getQueryTransformer(String repositoryName)
Get the transformer to use to apply this policy to a query.
|
boolean |
isExpressibleInQuery(String repositoryName)
Checks if this policy can be expressed in a query for given repository.
|
boolean |
isRestrictingPermission(String permission)
Checks if this policy is restricting the given permission.
|
Access checkPermission(Document doc, ACP mergedAcp, Principal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals)
Note that for the Browse
permission, which is also implemented
in SQL using getQueryTransformer(java.lang.String)
, a security policy must never
bypass standard ACL access, it must only return DENY or UNKNOWN. Failing
to do this would make direct access and queries behave differently.
doc
- the document to checkmergedAcp
- merged ACP resolved for this documentprincipal
- principal to checkpermission
- permission to checkresolvedPermissions
- permissions or groups of permissions
containing permissionadditionalPrincipals
- boolean isRestrictingPermission(String permission)
Queries check the BROWSE permission.
permission
- the permission to check fortrue
if the policy restricts the permissionboolean isExpressibleInQuery(String repositoryName)
If not, then any query made will have to be post-filtered.
repositoryName
- the target repository name.true
if the policy can be expressed in a querySQLQuery.Transformer getQueryTransformer(String repositoryName)
Called only when #isExpressibleInQuery()
returned true
repositoryName
- the target repository name.Copyright © 2011 Nuxeo SA. All Rights Reserved.