SecurityPolicyService (Nuxeo ECM Projects 5.4.3-SNAPSHOT API Documentation)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Nuxeo ECM Projects 5.4.3-SNAPSHOT

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.nuxeo.ecm.core.security
Interface SecurityPolicyService

All Superinterfaces:: Serializable

All Known Implementing Classes:: SecurityPolicyServiceImpl

public interface SecurityPolicyService
extends Serializable
extends Serializable

Service checking permissions for pluggable policies.

Author:: Anahide Tchertchian, Florent Guillaume

Method Summary
`boolean`	`arePoliciesExpressibleInQuery(String repositoryName)` Checks if the policies can be expressed in a query for a given repository.
`boolean`	`arePoliciesRestrictingPermission(String permission)` Checks if any policy restricts the given permission.
`Access`	`checkPermission(Document doc, ACP mergedAcp, Principal principal, String permission, String[] resolvedPermissions, String[] principalsToCheck)` Checks given permission for doc and principal.
`Collection<SQLQuery.Transformer>`	`getPoliciesQueryTransformers(String repositoryName)` Get the transformers to apply the policies to a query for given repository.
`void`	`registerDescriptor(SecurityPolicyDescriptor descriptor)`
`void`	`unregisterDescriptor(SecurityPolicyDescriptor descriptor)`

Method Detail

checkPermission

Access checkPermission(Document doc,
                       ACP mergedAcp,
                       Principal principal,
                       String permission,
                       String[] resolvedPermissions,
                       String[] principalsToCheck)

Checks given permission for doc and principal.

The security service checks this service for a security access. This access is defined iterating over pluggable policies in a defined order. If access is not specified, security service applies its default policy.

Parameters:: doc - the document to check; mergedAcp - merged acp resolved for this document; principal - principal to check; permission - permission to check; resolvedPermissions - permissions or groups of permissions containing permission; principalsToCheck - principals (groups) to check for principal
Returns:: access: true, false, or nothing. When nothing is returned, following policies or default core security are applied.

registerDescriptor

void registerDescriptor(SecurityPolicyDescriptor descriptor)

unregisterDescriptor

void unregisterDescriptor(SecurityPolicyDescriptor descriptor)

arePoliciesRestrictingPermission

boolean arePoliciesRestrictingPermission(String permission)

Checks if any policy restricts the given permission.

If not, then no post-filtering on policies will be needed for query results.

Returns:: true if a policy restricts the permission

arePoliciesExpressibleInQuery

boolean arePoliciesExpressibleInQuery(String repositoryName)

Checks if the policies can be expressed in a query for a given repository.

If not, then any query made will have to be post-filtered.

Parameters:: repositoryName - the target repository name.
Returns:: true if all policies can be expressed in a query

getPoliciesQueryTransformers

Collection<SQLQuery.Transformer> getPoliciesQueryTransformers(String repositoryName)

Get the transformers to apply the policies to a query for given repository.

Parameters:: repositoryName - the target repository name.
Returns:: the transformers.