public class CheckInSecurityPolicy extends AbstractSecurityPolicy
The document must be checked out before modification is allowed.
SecurityPolicy.IdentityQueryTransformer, SecurityPolicy.QueryTransformer
Constructor and Description |
---|
CheckInSecurityPolicy() |
Modifier and Type | Method and Description |
---|---|
Access |
checkPermission(Document doc,
ACP mergedAcp,
Principal principal,
String permission,
String[] resolvedPermissions,
String[] additionalPrincipals)
Checks given permission for doc and principal.
|
SQLQuery.Transformer |
getQueryTransformer(String repositoryName)
Get the transformer to use to apply this policy to a query.
|
boolean |
isExpressibleInQuery(String repositoryName)
Checks if this policy can be expressed in a query for given repository.
|
boolean |
isRestrictingPermission(String permission)
Checks if this policy is restricting the given permission.
|
getQueryTransformer, isExpressibleInQuery
public CheckInSecurityPolicy()
public Access checkPermission(Document doc, ACP mergedAcp, Principal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals)
SecurityPolicy
Note that for the Browse
permission, which is also implemented in SQL using SecurityPolicy.getQueryTransformer(java.lang.String)
,
a security policy must never bypass standard ACL access, it must only return DENY or UNKNOWN. Failing to do this
would make direct access and queries behave differently.
doc
- the document to checkmergedAcp
- merged ACP resolved for this documentprincipal
- principal to checkpermission
- permission to checkresolvedPermissions
- permissions or groups of permissions containing permissionpublic boolean isRestrictingPermission(String permission)
SecurityPolicy
Queries check the BROWSE permission.
isRestrictingPermission
in interface SecurityPolicy
isRestrictingPermission
in class AbstractSecurityPolicy
permission
- the permission to check fortrue
if the policy restricts the permissionpublic boolean isExpressibleInQuery(String repositoryName)
SecurityPolicy
If not, then any query made will have to be post-filtered.
isExpressibleInQuery
in interface SecurityPolicy
isExpressibleInQuery
in class AbstractSecurityPolicy
repositoryName
- the target repository name.true
if the policy can be expressed in a querypublic SQLQuery.Transformer getQueryTransformer(String repositoryName)
SecurityPolicy
Called only when #isExpressibleInQuery()
returned true
getQueryTransformer
in interface SecurityPolicy
getQueryTransformer
in class AbstractSecurityPolicy
repositoryName
- the target repository name.Copyright © 2018 Nuxeo. All rights reserved.