General

  eZ Systems Website
  Editor documentation

  Developer documentation

  Back to the top

Versions Compared

Old Version 7

changes.mady.by.user Sarah Haïm-Lubczanski

Saved on

compared with

New Version Current

changes.mady.by.user Sarah Haïm-Lubczanski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Intro

Limitations are crucial building blocks of the permissions system in eZ Platform. They provide the restrictions you can apply to a given access right to limit the right according to certain conditions.

Limitations consist of two parts:

Limitation
(Value)
  • LimitationType

    • Certain limitations also serve as RoleLimitations, which means they can be used to limit the rights of a Role assignment. Currently this covers Subtree and Section limitations.

    Limitation represents the value, while LimitationType deals with the business logic surrounding how it actually works and is enforced.
    LimitationTypes have two modes of operation in regards to permission logic (see eZ\Publish\SPI\Limitation\Type interface for more info):

    MethodUse
    evaluate Evaluating if the user has access to a given object in a certain context (for instance the context can be Locations when the object is Content), under the condition of the Limitation value(s).
    getCriterion Generates a Criterion using Limitation value and current user which SearchService by default applies to search criteria for filtering search based on permissions.

    List of Limitations

    LimitationDescription
    BlockingLimitationGeneric limitation that always tells the permissions system that the user has no access, causing it to continue to the next policy.

    ContentTypeLimitation

    		Limits content access depending on its Content Type.

    LanguageLimitation

    		Limits content access depending on its Language.

    LocationLimitation

    		Limits content access depending on its Location.
    NewObjectStateLimitationLimits content ObjectState assignment access depending on new state.

    NewSectionLimitation

    		Limits content Section assignment access depending on new Section.

    ObjectStateLimitation

    		Limits content access depending on its ObjectStates.

    OwnerLimitation

    		Limits content access depending on its owner; access is only granted to the owner of the content.

    ParentContentTypeLimitation

    		Limits content (create) access depending on parent location Content Type; access is only granted if the parent is of this type of content.

    ParentDepthLimitation

    		Limits content (create) access depending on parent location depth; access is only granted if the parent is at a given depth of the tree structure.

    ParentOwnerLimitation

    		Limits content (create) access depending on parent location content owner; access is only granted if to the owner of the Content item's parent.

    ParentUserGroupLimitation

    		Limits content (create) access depending on parent location content owner's User group; access is only granted to a User in the same User group as owner of the Content item's parent.

    SectionLimitation

    		Limits content access depending on its Section.

    SiteAccessLimitation

    		Limits access to an action depending on siteaccess, typically used for user/login.

    SubtreeLimitation

    		Limits content access depending on its subtree.
    UserGroupLimitationLimits content access depending on its owner's User group; access is only granted to a User in the same User group as the owner.

    c

     

    In this topic:

    Table of Contents
    maxLevel3

    Related topics:

    Permissions