Module org.elasticsearch.xcore
Class DocumentPermissions
java.lang.Object
org.elasticsearch.xpack.core.security.authz.permission.DocumentPermissions
- All Implemented Interfaces:
CacheKey
Stores document level permissions in the form queries that match all the accessible documents.
The document level permissions may be limited by another set of queries in that case the limited queries are used as an additional filter.
The document level permissions may be limited by another set of queries in that case the limited queries are used as an additional filter.
-
Method Summary
Modifier and TypeMethodDescriptionstatic DocumentPermissionsallowAll()voidbooleanorg.apache.lucene.search.BooleanQueryfilter(User user, ScriptService scriptService, ShardId shardId, Function<ShardId, SearchExecutionContext> searchExecutionContextProvider) Creates aBooleanQueryto be used as filter to restrict access to documents.
Document permission queries are used to create an boolean query.
If the document permissions are limited, then there is an additional filter added restricting access to documents only allowed by the limited queries.static DocumentPermissionsfilteredBy(Set<BytesReference> queries) CreateDocumentPermissionsfor given set of queriesbooleaninthashCode()booleanlimitDocumentPermissions(DocumentPermissions limitedByDocumentPermissions) Create a document permissions, where the permissions forthisare limited by the queries from other document permissions.toString()
-
Method Details
-
getListOfQueries
-
getSingleSetOfQueries
-
hasDocumentLevelPermissions
public boolean hasDocumentLevelPermissions()- Returns:
trueif either queries or scoped queries are present for document level security else returnsfalse
-
hasStoredScript
- Throws:
IOException
-
filter
public org.apache.lucene.search.BooleanQuery filter(User user, ScriptService scriptService, ShardId shardId, Function<ShardId, SearchExecutionContext> searchExecutionContextProvider) throws IOExceptionCreates aBooleanQueryto be used as filter to restrict access to documents.
Document permission queries are used to create an boolean query.
If the document permissions are limited, then there is an additional filter added restricting access to documents only allowed by the limited queries.- Parameters:
user- authenticatedUserscriptService-ScriptServicefor evaluating query templatesshardId-ShardIdsearchExecutionContextProvider-SearchExecutionContext- Returns:
BooleanQueryfor the filter- Throws:
IOException- thrown if there is an exception during parsing
-
filteredBy
CreateDocumentPermissionsfor given set of queries- Parameters:
queries- set of queries- Returns:
DocumentPermissions
-
allowAll
-
limitDocumentPermissions
public DocumentPermissions limitDocumentPermissions(DocumentPermissions limitedByDocumentPermissions) Create a document permissions, where the permissions forthisare limited by the queries from other document permissions.- Parameters:
limitedByDocumentPermissions-DocumentPermissionsused to limit the document level access- Returns:
- instance of
DocumentPermissions
-
toString
-
buildCacheKey
public void buildCacheKey(StreamOutput out, SecurityQueryTemplateEvaluator.DlsQueryEvaluationContext context) throws IOException - Specified by:
buildCacheKeyin interfaceCacheKey- Throws:
IOException
-
equals
-
hashCode
public int hashCode()
-