|
Nuxeo Enterprise Platform 5.4 | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface SecurityPolicy
Interface for pluggable core security policy.
Method Summary | |
---|---|
Access |
checkPermission(Document doc,
ACP mergedAcp,
java.security.Principal principal,
java.lang.String permission,
java.lang.String[] resolvedPermissions,
java.lang.String[] additionalPrincipals)
Checks given permission for doc and principal. |
SQLQuery.Transformer |
getQueryTransformer()
Get the transformer to use to apply this policy to a query. |
boolean |
isExpressibleInQuery()
Checks if this policy can be expressed in a query. |
boolean |
isRestrictingPermission(java.lang.String permission)
Checks if this policy is restricting the given permission. |
Method Detail |
---|
Access checkPermission(Document doc, ACP mergedAcp, java.security.Principal principal, java.lang.String permission, java.lang.String[] resolvedPermissions, java.lang.String[] additionalPrincipals)
Note that for the Browse
permission, which is also implemented in
SQL using getQueryTransformer()
, a security policy must never
bypass standard ACL access, it must only return DENY or UNKNOWN. Failing
to do this would make direct access and queries behave differently.
doc
- the document to checkmergedAcp
- merged ACP resolved for this documentprincipal
- principal to checkpermission
- permission to checkresolvedPermissions
- permissions or groups of permissions
containing permissionadditionalPrincipals
-
boolean isRestrictingPermission(java.lang.String permission)
Queries check the BROWSE permission.
permission
- the permission to check for
true
if the policy restricts the permissionboolean isExpressibleInQuery()
If not, then any query made will have to be post-filtered.
true
if the policy can be expressed in a querySQLQuery.Transformer getQueryTransformer()
Called only when isExpressibleInQuery()
returned true
|
Nuxeo Enterprise Platform 5.4 | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |