Interface SecurityPolicyService

    • Method Detail

      • checkPermission

        Access checkPermission​(Document doc,
                               ACP mergedAcp,
                               NuxeoPrincipal principal,
                               String permission,
                               String[] resolvedPermissions,
                               String[] principalsToCheck)
        Checks given permission for doc and principal.

        The security service checks this service for a security access. This access is defined iterating over pluggable policies in a defined order. If access is not specified, security service applies its default policy.

        Parameters:
        doc - the document to check
        mergedAcp - merged acp resolved for this document
        principal - principal to check
        permission - permission to check
        resolvedPermissions - permissions or groups of permissions containing permission
        principalsToCheck - principals (groups) to check for principal
        Returns:
        access: true, false, or nothing. When nothing is returned, following policies or default core security are applied.
      • arePoliciesRestrictingPermission

        boolean arePoliciesRestrictingPermission​(String permission)
        Checks if any policy restricts the given permission.

        If not, then no post-filtering on policies will be needed for query results.

        Returns:
        true if a policy restricts the permission
      • arePoliciesExpressibleInQuery

        boolean arePoliciesExpressibleInQuery​(String repositoryName)
        Checks if the policies can be expressed in a query for a given repository.

        If not, then any query made will have to be post-filtered.

        Parameters:
        repositoryName - the target repository name.
        Returns:
        true if all policies can be expressed in a query