|Modifier and Type||Method and Description|
Checks given permission for doc and principal.
Get the transformer to use to apply this policy to a query.
Checks if this policy can be expressed in a query for given repository.
Checks if this policy is restricting the given permission.
Access checkPermission(Document doc, ACP mergedAcp, Principal principal, String permission, String resolvedPermissions, String additionalPrincipals)
Note that for the
Browse permission, which is also implemented
in SQL using
getQueryTransformer(java.lang.String), a security policy must never
bypass standard ACL access, it must only return DENY or UNKNOWN. Failing
to do this would make direct access and queries behave differently.
doc- the document to check
mergedAcp- merged ACP resolved for this document
principal- principal to check
permission- permission to check
resolvedPermissions- permissions or groups of permissions containing permission
boolean isRestrictingPermission(String permission)
Queries check the BROWSE permission.
permission- the permission to check for
trueif the policy restricts the permission
boolean isExpressibleInQuery(String repositoryName)
If not, then any query made will have to be post-filtered.
repositoryName- the target repository name.
trueif the policy can be expressed in a query
Copyright © 2012 Nuxeo SA. All Rights Reserved.