SecurityPolicy (Nuxeo ECM Projects 5.5-SNAPSHOT API Documentation)

All Known Implementing Classes:

AbstractSecurityPolicy, CheckInSecurityPolicy, LockSecurityPolicy, ReadSecurityPolicy
```
public interface SecurityPolicy
```
Interface for pluggable core security policy.

Author:

Anahide Tchertchian, Florent Guillaume

Method Summary

Methods
Modifier and Type	Method and Description
`Access`	`checkPermission(Document doc, ACP mergedAcp, Principal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals)` Checks given permission for doc and principal.
`SQLQuery.Transformer`	`getQueryTransformer(String repositoryName)` Get the transformer to use to apply this policy to a query.
`boolean`	`isExpressibleInQuery(String repositoryName)` Checks if this policy can be expressed in a query for given repository.
`boolean`	`isRestrictingPermission(String permission)` Checks if this policy is restricting the given permission.

- Method Detail
  - checkPermission
```
Access checkPermission(Document doc,
                     ACP mergedAcp,
                     Principal principal,
                     String permission,
                     String[] resolvedPermissions,
                     String[] additionalPrincipals)
```
    Checks given permission for doc and principal.
    Note that for the Browse permission, which is also implemented in SQL using getQueryTransformer(java.lang.String), a security policy must never bypass standard ACL access, it must only return DENY or UNKNOWN. Failing to do this would make direct access and queries behave differently.
    
    Parameters:
    doc - the document to check
    mergedAcp - merged ACP resolved for this document
    principal - principal to check
    permission - permission to check
    resolvedPermissions - permissions or groups of permissions containing permission
    additionalPrincipals -
    
    Returns:
    access: GRANT, DENY, or UNKNOWN. When UNKNOWN is returned, following policies or default core security are applied.
  - isRestrictingPermission
```
boolean isRestrictingPermission(String permission)
```
    Checks if this policy is restricting the given permission.
    Queries check the BROWSE permission.
    
    Parameters:
    permission - the permission to check for
    
    Returns:
    true if the policy restricts the permission
  - isExpressibleInQuery
```
boolean isExpressibleInQuery(String repositoryName)
```
    Checks if this policy can be expressed in a query for given repository.
    If not, then any query made will have to be post-filtered.
    
    Parameters:
    repositoryName - the target repository name.
    
    Returns:
    true if the policy can be expressed in a query
  - getQueryTransformer
```
SQLQuery.Transformer getQueryTransformer(String repositoryName)
```
    Get the transformer to use to apply this policy to a query.
    Called only when #isExpressibleInQuery() returned true
    
    Parameters:
    repositoryName - the target repository name.
    
    Returns:
    the transformer

Interface SecurityPolicy

Method Summary

Method Detail

checkPermission

isRestrictingPermission

isExpressibleInQuery

getQueryTransformer