|Constructor and Description|
|Modifier and Type||Method and Description|
Checks given permission for doc and principal.
Get the transformer to use to apply this policy to a query.
Checks if this policy can be expressed in a query for given repository.
Checks if this policy is restricting the given permission.
public Access checkPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String resolvedPermissions, String additionalPrincipals)
Note that for the
Browse permission, which is also implemented in SQL using
a security policy must never bypass standard ACL access, it must only return DENY or UNKNOWN. Failing to do this
would make direct access and queries behave differently.
doc- the document to check
mergedAcp- merged ACP resolved for this document
principal- principal to check
permission- permission to check
resolvedPermissions- permissions or groups of permissions containing permission
public boolean isRestrictingPermission(String permission)
Queries check the BROWSE permission.
public boolean isExpressibleInQuery(String repositoryName)
If not, then any query made will have to be post-filtered.
public SQLQuery.Transformer getQueryTransformer(String repositoryName)
Called only when
Copyright © 2019 Nuxeo. All rights reserved.