Limitations are part of the permissions system. They limit the access granted to users by Policies. While a Policy grants the user access to a function, Limitations narrow it down by different criteria.
Limitations consist of two parts:
Limitation represents the value, while
LimitationType deals with the business logic surrounding how it actually works and is enforced.
LimitationTypes have two modes of operation in regards to permission logic (see
eZ\Publish\SPI\Limitation\Type interface for more info):
|Evaluates if the User has access to a given object in a certain context (for instance the context can be Locations when the object is
Content), under the condition of the
Limitation value and current User which
SearchService by default applies to search criteria for filtering search based on permissions.
Core Policies with Limitations are defined in
Each function in one of the five modules (content, section, state, user, workflow) can be assigned different Limitations.
Functions without Limitations
If a function is not mentioned below, it can have no Limitations.
- Subtree of Location
- Owner of Parent
- Content Type Group of Parent
- Content Type of Parent
- Parent Depth
See Limitation reference for detailed information about individual Limitations.