root/org.nuxeo.ecm.core/trunk/nuxeo-core/src/main/resources/OSGI-INF/SecurityService.xml

Revision 28330, 4.6 kB (checked in by lgodard, 8 months ago)

- cosmit

  • Property svn:eol-style set to native
Line 
1 <?xml version="1.0"?>
2
3 <component name="org.nuxeo.ecm.core.security.SecurityService"
4   version="1.0">
5
6   <implementation class="org.nuxeo.ecm.core.security.SecurityService" />
7
8   <service>
9     <provide interface="org.nuxeo.ecm.core.security.SecurityService" />
10     <provide
11       interface="org.nuxeo.ecm.core.api.security.PermissionProvider" />
12   </service>
13
14   <documentation>
15     The security service is responsible to check the permission on a
16     repository. Permission check will be usually forwarded to the
17     security manager defined on the repository. This may change later.
18     <p />
19     The security service also holds a permission provider that defines
20     the list of available permission names and how they are combined
21     into groups of permissions.
22     <p />
23     The security service also defines which permissions are high level
24     permissions that are to be managed through the end user interface
25     and in which order they should be display in management menus.
26
27     @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a>
28     @author <a href="mailto:og@nuxeo.com">Olivier Grisel</a>
29   </documentation>
30
31   <implementation class="org.nuxeo.ecm.core.security.SecurityService" />
32
33   <extension-point name="permissions">
34
35     <documentation>
36       Extension point to register permission definitions or override
37       existing permissions.
38       <p />
39
40       Example to define a single atomic permissions that are not meant
41       to be displayed in the rights management screen of folders:
42       <code>
43         <permission name="Browse" />
44         <permission name="ReadVersion" />
45         <permission name="ReadProperties" />
46         <permission name="ReadChildren" />
47         <permission name="ReadLifeCycle" />
48         <permission name="ReviewParticipant" />
49       </code>
50
51       <p />
52
53       Example to define a compound permission that holds many related
54       atomic permissions into a single high level (role-like)
55       permission:
56       <code>
57         <permission name="Read">
58           <include name="Browse" />
59           <include name="ReadVersion" />
60           <include name="ReadProperties" />
61           <include name="ReadChildren" />
62           <include name="ReadLifeCycle" />
63           <include name="ReviewParticipant" />
64         </permission>
65       </code>
66
67       Note that each of the included permissions should have been
68       previously registered with their on &lt;permission/&gt;
69       declaration.
70
71       <p />
72
73       It is later possible to override that definition in another
74       contribution to that extension-point to add a new permission
75       'CustomPerm' and remove 'ReviewParticipant':
76       <code>
77         <permission name="CustomPerm" />
78
79         <permission name="Read">
80           <include name="CustomPerm" />
81           <remove name="ReviewParticipant" />
82         </permission>
83       </code>
84
85       <p />
86
87       Eventually the permissions declaration also accept 'alias' tags to
88       handle backward compatibility with deprecated permissions:
89       <code>
90         <permission name="ReadVersion">
91           <!-- The Version permission is deprecated
92             since it's name is ambiguous, use
93             ReadPermission instead -->
94           <alias name="Version" />
95         </permission>
96       </code>
97
98       NB: the alias feature is parsed by the extension point but the
99       underlying SecurityManager implementation does not leverage it
100       yet.
101
102     </documentation>
103
104     <object class="org.nuxeo.ecm.core.security.PermissionDescriptor" />
105   </extension-point>
106
107   <extension-point name="permissionsVisibility">
108
109     <documentation>
110       Extension point to register permission visibility in user
111       interface or override existing settings.
112       <p />
113
114       Example to define the default list of permissions that are
115       manageable through the UI screens:
116       <code>
117         <visibility>
118           <item show="true" order="10">Read</item>
119           <item show="true" order="50">ReadWrite</item>
120           <item show="true" order="100">Everything</item>
121         </visibility>
122       </code>
123
124       This list of options items will be displayed if no type specific
125       settings are registered.
126
127       <p />
128       Example to define the default list of permissions that are
129       specific to the Section document type:
130       <code>
131         <visibility type="Section">
132           <item show="true" order="10">Read</item>
133           <item show="true" order="100">Everything</item>
134         </visibility>
135       </code>
136
137       Note: the 'show' attribute defaults to 'true' and the 'order'
138       attribute defaults to '0'.
139
140     </documentation>
141
142     <object
143       class="org.nuxeo.ecm.core.security.PermissionVisibilityDescriptor" />
144   </extension-point>
145
146
147 </component>
Note: See TracBrowser for help on using the browser.