Hyland Connect

klebervz_ · ‎06-30-2014

Hi,

I am using the SecurityPolicy class and overriding the checkPermission () method to define access to listing documents. This worked everything perfect. When I start Tomcat, the following is happening WARN:

2014-06-30 16:35:00,002 WARN [Quartz_Worker-1] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:38:19,695 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:38:19,702 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:38:19,707 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:40:00,003 WARN [Quartz_Worker-1] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:43:19,695 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:43:19,700 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query. 2014-06-30 16:43:19,702 WARN [Nuxeo-Administrative-Statuses-Notify-Scheduler] [org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl] Security policy 'org.br.ezute.security.policy.ListDocSecurityPolicy' for repository 'default' cannot be expressed in SQL query.

Follow my code

@Override public Access checkPermission(Document doc, ACP mergedAcp, Principal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals) {

	String confident = null;
	if (DocumentUtil.verifyTypeName(doc.getType().getName())) {
		try {
			confident = (String) doc
					.getPropertyValue("dcns-common:confidentiality");
		} catch (DocumentException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		if (confident != null){
			
			NuxeoPrincipal targetUser = (NuxeoPrincipal) principal;
			int levelDoc = Utils.getConfidentLevel(confident);
			
			boolean acces = false;
			for (String group : targetUser.getGroups()) {
				
				if (group.startsWith("confidentiality_")) {
					group = group.replace("confidentiality_", "");
				}
				
				int levelUser = Utils.getConfidentLevel(group);
				
				if (levelUser >= levelDoc) {
					acces = true;
				}
			}
			if (acces == false) {
				return Access.DENY;
			}
			
		}

	}
	return Access.UNKNOWN;
}

Could someone give me support? I'm not using Sql Query

Damien_Metzler · ‎07-01-2014

Hello, this means your policy can't be expressed in NXQL ie it must be checked individually for each document that a query may return.

It only a warnign and is not a big deal unless you have queries that retrieves a lot of documents. In that case Nuxeo allow to express the policy by decorating each NXQL query by adding some where clauses. See http://doc.nuxeo.com/display/NXDOC/Security+Policy+Service for SQLTransformer.

klebervz_ · ‎07-01-2014

Hello,

Damien_Metzler · ‎07-01-2014

So don't care about the warnings

Hyland Connect

Problem with SecurityPolicy