Package org.nuxeo.wopi.lock
Class WOPILockSecurityPolicy
- java.lang.Object
-
- org.nuxeo.ecm.core.security.AbstractSecurityPolicy
-
- org.nuxeo.ecm.core.security.LockSecurityPolicy
-
- org.nuxeo.wopi.lock.WOPILockSecurityPolicy
-
- All Implemented Interfaces:
SecurityPolicy
public class WOPILockSecurityPolicy extends LockSecurityPolicy
Security policy to allow collaborative edition with WOPI.See Co-authoring using Office Online.
Unlike the standard
LockSecurityPolicy
, even if the document is locked by someone else, the WRITE permission is not blocked if a WOPI lock exists for the document and the request originated from a WOPI client.This handles the case of multiple users editing a document at the same time in Office Online, which is considered by the Nuxeo WOPI host as a single WOPI client.
- Since:
- 10.3
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.nuxeo.ecm.core.security.SecurityPolicy
SecurityPolicy.IdentityQueryTransformer, SecurityPolicy.QueryTransformer
-
-
Field Summary
-
Fields inherited from class org.nuxeo.ecm.core.security.LockSecurityPolicy
IGNORE_POLICY
-
-
Constructor Summary
Constructors Constructor Description WOPILockSecurityPolicy()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Access
checkPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals)
Checks given permission for doc and principal.-
Methods inherited from class org.nuxeo.ecm.core.security.LockSecurityPolicy
getQueryTransformer, isExpressibleInQuery, isIgnorePolicy, isRestrictingPermission, setIgnorePolicy
-
Methods inherited from class org.nuxeo.ecm.core.security.AbstractSecurityPolicy
getQueryTransformer, isExpressibleInQuery
-
-
-
-
Constructor Detail
-
WOPILockSecurityPolicy
public WOPILockSecurityPolicy()
-
-
Method Detail
-
checkPermission
public Access checkPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals)
Description copied from interface:SecurityPolicy
Checks given permission for doc and principal.Note that for the
Browse
permission, which is also implemented in SQL usingSecurityPolicy.getQueryTransformer(java.lang.String)
, a security policy must never bypass standard ACL access, it must only return DENY or UNKNOWN. Failing to do this would make direct access and queries behave differently.- Specified by:
checkPermission
in interfaceSecurityPolicy
- Overrides:
checkPermission
in classLockSecurityPolicy
- Parameters:
doc
- the document to checkmergedAcp
- merged ACP resolved for this documentprincipal
- principal to checkpermission
- permission to checkresolvedPermissions
- permissions or groups of permissions containing permission- Returns:
- access: GRANT, DENY, or UNKNOWN. When UNKNOWN is returned, following policies or default core security are applied.
-
-