General

  eZ Systems Website
  Editor documentation


  Developer documentation

  Back to the top

The documentation is moving!

We're moving our developer docs to Github and a new site.
The migration is still in progress, so please contact us in #documentation-contrib on eZ Community Slack if you have any questions or feedback.

This space will not be updated from now on except for critical fixes.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Intro

Limitations are crucial building blocks of the permissions system in eZ Platform. They provide the restrictions you can apply to a given access right to limit the right according to certain conditions.

Limitations consist of two parts:

Limitation
(Value)
  • LimitationType
  • Certain limitations also serve as RoleLimitations, which means they can be used to limit the rights of a Role assignment. Currently this covers Subtree and Section limitations.

    Limitation represents the value, while LimitationType deals with the business logic surrounding how it actually works and is enforced.
    LimitationTypes have two modes of operation in regards to permission logic (see eZ\Publish\SPI\Limitation\Type interface for more info):

    MethodUse
    evaluate Evaluating if the user has access to a given object in a certain context (for instance the context can be Locations when the object is Content), under the condition of the Limitation value(s).
    getCriterion Generates a Criterion using Limitation value and current user which SearchService by default applies to search criteria for filtering search based on permissions.

    List of Limitations

    LimitationDescription
    BlockingLimitationGeneric limitation that always tells the permissions system that the user has no access, causing it to continue to the next policy.

    ContentTypeLimitation

    Limits content access depending on its Content Type.

    LanguageLimitation

    Limits content access depending on its Language.

    LocationLimitation

    Limits content access depending on its Location.
    NewObjectStateLimitationLimits content ObjectState assignment access depending on new state.

    NewSectionLimitation

    Limits content Section assignment access depending on new Section.

    ObjectStateLimitation

    Limits content access depending on its ObjectStates.

    OwnerLimitation

    Limits content access depending on its owner; access is only granted to the owner of the content.

    ParentContentTypeLimitation

    Limits content (create) access depending on parent location Content Type; access is only granted if the parent is of this type of content.

    ParentDepthLimitation

    Limits content (create) access depending on parent location depth; access is only granted if the parent is at a given depth of the tree structure.

    ParentOwnerLimitation

    Limits content (create) access depending on parent location content owner; access is only granted if to the owner of the Content item's parent.

    ParentUserGroupLimitation

    Limits content (create) access depending on parent location content owner's User group; access is only granted to a User in the same User group as owner of the Content item's parent.

    SectionLimitation

    Limits content access depending on its Section.

    SiteAccessLimitation

    Limits access to an action depending on siteaccess, typically used for user/login.

    SubtreeLimitation

    Limits content access depending on its subtree.
    UserGroupLimitationLimits content access depending on its owner's User group; access is only granted to a User in the same User group as the owner.

    c

     

    In this topic:

    Table of Contents
    maxLevel3

    Related topics:

    Permissions