public class WOPILockSecurityPolicy extends LockSecurityPolicy
See Co-authoring using Office Online.
Unlike the standard LockSecurityPolicy
, even if the document is locked by someone else, the WRITE permission
is not blocked if a WOPI lock exists for the document and the request originated from a WOPI client.
This handles the case of multiple users editing a document at the same time in Office Online, which is considered by the Nuxeo WOPI host as a single WOPI client.
SecurityPolicy.IdentityQueryTransformer, SecurityPolicy.QueryTransformer
Constructor and Description |
---|
WOPILockSecurityPolicy() |
Modifier and Type | Method and Description |
---|---|
Access |
checkPermission(Document doc,
ACP mergedAcp,
NuxeoPrincipal principal,
String permission,
String[] resolvedPermissions,
String[] additionalPrincipals)
Checks given permission for doc and principal.
|
getQueryTransformer, isExpressibleInQuery, isRestrictingPermission
getQueryTransformer, isExpressibleInQuery
public WOPILockSecurityPolicy()
public Access checkPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals)
SecurityPolicy
Note that for the Browse
permission, which is also implemented in SQL using SecurityPolicy.getQueryTransformer(java.lang.String)
,
a security policy must never bypass standard ACL access, it must only return DENY or UNKNOWN. Failing to do this
would make direct access and queries behave differently.
checkPermission
in interface SecurityPolicy
checkPermission
in class LockSecurityPolicy
doc
- the document to checkmergedAcp
- merged ACP resolved for this documentprincipal
- principal to checkpermission
- permission to checkresolvedPermissions
- permissions or groups of permissions containing permissionCopyright © 2019 Nuxeo. All rights reserved.