public class SecurityPolicyServiceImpl extends Object implements SecurityPolicyService
Iterates over ordered policies. First policy to give a known access (grant or deny) applies.
Constructor and Description |
---|
SecurityPolicyServiceImpl() |
Modifier and Type | Method and Description |
---|---|
boolean |
arePoliciesExpressibleInQuery(String repositoryName)
Checks if the policies can be expressed in a query for a given repository.
|
boolean |
arePoliciesRestrictingPermission(String permission)
Checks if any policy restricts the given permission.
|
Access |
checkPermission(Document doc,
ACP mergedAcp,
Principal principal,
String permission,
String[] resolvedPermissions,
String[] additionalPrincipals)
Checks given permission for doc and principal.
|
List<SecurityPolicy> |
getPolicies()
Gets the list of registered security policies.
|
Collection<SQLQuery.Transformer> |
getPoliciesQueryTransformers(String repositoryName)
Get the transformers to apply the policies to a query for given repository.
|
void |
registerDescriptor(SecurityPolicyDescriptor descriptor) |
void |
unregisterDescriptor(SecurityPolicyDescriptor descriptor) |
public SecurityPolicyServiceImpl()
public List<SecurityPolicy> getPolicies()
SecurityPolicyService
getPolicies
in interface SecurityPolicyService
public boolean arePoliciesRestrictingPermission(String permission)
SecurityPolicyService
If not, then no post-filtering on policies will be needed for query results.
arePoliciesRestrictingPermission
in interface SecurityPolicyService
true
if a policy restricts the permissionpublic boolean arePoliciesExpressibleInQuery(String repositoryName)
SecurityPolicyService
If not, then any query made will have to be post-filtered.
arePoliciesExpressibleInQuery
in interface SecurityPolicyService
repositoryName
- the target repository name.true
if all policies can be expressed in a querypublic Collection<SQLQuery.Transformer> getPoliciesQueryTransformers(String repositoryName)
SecurityPolicyService
getPoliciesQueryTransformers
in interface SecurityPolicyService
repositoryName
- the target repository name.public void registerDescriptor(SecurityPolicyDescriptor descriptor)
registerDescriptor
in interface SecurityPolicyService
public void unregisterDescriptor(SecurityPolicyDescriptor descriptor)
unregisterDescriptor
in interface SecurityPolicyService
public Access checkPermission(Document doc, ACP mergedAcp, Principal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals)
SecurityPolicyService
The security service checks this service for a security access. This access is defined iterating over pluggable policies in a defined order. If access is not specified, security service applies its default policy.
checkPermission
in interface SecurityPolicyService
doc
- the document to checkmergedAcp
- merged acp resolved for this documentprincipal
- principal to checkpermission
- permission to checkresolvedPermissions
- permissions or groups of permissions containing permissionadditionalPrincipals
- principals (groups) to check for principalCopyright © 2018 Nuxeo. All rights reserved.