Global navigation

   Documentation Center
   eZ Studio & eZ Platform
     User Manual
     Technical Manual
     Glossary
   eZ Publish 4.x / legacy

 
eZ Publish (5.x)

eZ Publish 5.x | For eZ Platform & eZ Studio topics see Technical manual and User manual, for eZ Publish 4.x and Legacy topics see eZ Publish legacy

Skip to end of metadata
Go to start of metadata

Intro

Limitations are the building blocks of the permission system in "Platform stack", they provide the limitations you can apply to a given access right to limit the right to certain conditions.

Limitations consists of two parts:

  • Limitation (Value)
  • LimitationType

Certain limitations are also "RoleLimitations", meaning they can be used to limit the rights of a Role assignment, this is currently Subtree and Section limitation.

The Limitation represent the value, while LimitationType deals with the business logic surrounding how it actually works and is enforced.
LimitationTypes have two modes of operation in regards to permission logic (see eZ\Publish\SPI\Limitation\Type interface for more info):

MethodUsed when
evaluateEvaluating if user has access to a given object in a certain context (for instance a context can be Locations when object is Content), under the condition of the Limitation value(s)
getCriterionGenerates a Criterion using Limitation value and current user which SearchService by default applies to search criteria for filtering search based on permissions

List of Limitations

LimitationDescription
BlockingLimitationGeneric limitation that always tells permission system that user have no access, causing it to continue to next policy.

ContentTypeLimitation

Limits content access depending on its ContentType.

LanguageLimitation

Limits content access depending on its Language.

LocationLimitation

Limits content access depending on its Location.
NewObjectStateLimitationLimits content ObjectState assignment access depending on new state.

NewSectionLimitation

Limits content section assignment access depending on new section.

ObjectStateLimitation

Limits content access depending on its ObjectStates.

OwnerLimitation

Limits content access depending on its owner, as in only access if your owner of the content.

ParentContentTypeLimitation

Limits content (create) access depending on parent location ContentType, as in only access if parent is in this/these type of content.

ParentDepthLimitation

Limits content (create) access depending on parent location depth, as in only access if parent is in a given depth of the tree structure.

ParentOwnerLimitation

Limits content (create) access depending on parent location content owner, as in only access if your your owner of parent.

ParentUserGroupLimitation

Limits content (create) access depending on parent location content owner user group, as in only access if your your in same user group as owner of parent.

SectionLimitation

Limits content access depending on its Section.

SiteAccessLimitation

Limits access to an action depending on siteacces, typically used for user/login, NOTE: this limitation is planned for 5.3 and it's new login system

SubtreeLimitation

Limits content access depending on its section.
UserGroupLimitationLimits content access depending on its owner user group, as in only access if your your in same user group as owner.