Limitations¶
Limitations are part of the permissions system. They limit the access granted to users by policies. While a policy grants the user access to a function, Limitations narrow it down by different criteria.
Limitations consist of two parts:
Limitation
(Value)LimitationType
Certain limitations also serve as role limitations, which means they can be used to limit the rights of a role assignment. Currently, this covers subtree of location, Section and Personalization access limitations.
Limitation
represents the value, while LimitationType
deals with the business logic surrounding how it actually works and is enforced.
LimitationTypes
have two modes of operation in regard to permission logic (seeĀ Ibexa\Contracts\Core\Limitation
interface for more info):
Method | Use |
---|---|
evaluate |
Evaluates if the User has access to a given object in a certain context (for instance the context can be locations when the object is Content ), under the condition of the Limitation value(s). |
getCriterion |
Generates a Criterion based on Limitation value and current user which SearchService by default applies to Search Criteria for filtering search based on permissions. |
Limitation reference¶
See Limitation reference for detailed information about individual limitations.