|
Nuxeo Enterprise Platform 5.4 | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl
public class SecurityPolicyServiceImpl
Security policy service implementation.
Iterates over ordered policies. First policy to give a known access (grant or deny) applies.
Constructor Summary | |
---|---|
SecurityPolicyServiceImpl()
|
Method Summary | |
---|---|
boolean |
arePoliciesExpressibleInQuery()
Checks if the policies can be expressed in a query. |
boolean |
arePoliciesRestrictingPermission(java.lang.String permission)
Checks if any policy restricts the given permission. |
Access |
checkPermission(Document doc,
ACP mergedAcp,
java.security.Principal principal,
java.lang.String permission,
java.lang.String[] resolvedPermissions,
java.lang.String[] additionalPrincipals)
Checks given permission for doc and principal. |
java.util.Collection<SQLQuery.Transformer> |
getPoliciesQueryTransformers()
Get the transformers to apply the policies to a query. |
void |
registerDescriptor(SecurityPolicyDescriptor descriptor)
|
void |
unregisterDescriptor(SecurityPolicyDescriptor descriptor)
|
Methods inherited from class java.lang.Object |
---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public SecurityPolicyServiceImpl()
Method Detail |
---|
public boolean arePoliciesRestrictingPermission(java.lang.String permission)
SecurityPolicyService
If not, then no post-filtering on policies will be needed for query results.
arePoliciesRestrictingPermission
in interface SecurityPolicyService
true
if a policy restricts the permissionpublic boolean arePoliciesExpressibleInQuery()
SecurityPolicyService
If not, then any query made will have to be post-filtered.
arePoliciesExpressibleInQuery
in interface SecurityPolicyService
true
if all policies can be expressed in a querypublic java.util.Collection<SQLQuery.Transformer> getPoliciesQueryTransformers()
SecurityPolicyService
getPoliciesQueryTransformers
in interface SecurityPolicyService
public void registerDescriptor(SecurityPolicyDescriptor descriptor)
registerDescriptor
in interface SecurityPolicyService
public void unregisterDescriptor(SecurityPolicyDescriptor descriptor)
unregisterDescriptor
in interface SecurityPolicyService
public Access checkPermission(Document doc, ACP mergedAcp, java.security.Principal principal, java.lang.String permission, java.lang.String[] resolvedPermissions, java.lang.String[] additionalPrincipals)
SecurityPolicyService
The security service checks this service for a security access. This access is defined iterating over pluggable policies in a defined order. If access is not specified, security service applies its default policy.
checkPermission
in interface SecurityPolicyService
doc
- the document to checkmergedAcp
- merged acp resolved for this documentprincipal
- principal to checkpermission
- permission to checkresolvedPermissions
- permissions or groups of permissions
containing permissionadditionalPrincipals
- principals (groups) to check for principal
|
Nuxeo Enterprise Platform 5.4 | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |