Skip to content

Limitations

Limitations are part of the permissions system. They limit the access granted to users by Policies. While a Policy grants the user access to a function, Limitations narrow it down by different criteria.

Limitations consist of two parts:

  • Limitation (Value)
  • LimitationType

Certain Limitations also serve as Role Limitations, which means they can be used to limit the rights of a Role assignment. Currently this covers Subtree of Location and Section Limitations.

Limitation represents the value, while LimitationType deals with the business logic surrounding how it actually works and is enforced. LimitationTypes have two modes of operation in regards to permission logic (seeĀ eZ\Publish\SPI\Limitation\Type interface for more info):

Method Use
evaluate Evaluates if the User has access to a given object in a certain context (for instance the context can be Locations when the object is Content), under the condition of the Limitation value(s).
getCriterion Generates a Criterion using Limitation value and current User which SearchService by default applies to search criteria for filtering search based on permissions.

Available Limitations

Tip

Core Policies with Limitations are defined in EzPublishCoreBundle/Resources/config/policies.yml.

Each function in one of the five modules (content, section, state, user, workflow) can be assigned different Limitations.

Functions without Limitations

If a function is not mentioned below, it can have no Limitations.

Content

All Content Policies can be assigned the Content Type and Section Limitation. Beyond that the following Limitations are available:

content/read:

content/diff:

content/view_embed:

content/create:

content/edit:

content/publish:

content/manage_locations:

content/hide:

content/translate:

content/remove:

content/versionread:

content/versionremove:

Section

section/assign:

State

state/assign:

User

user/assign:

Workflow

workflow/change_stage:

Limitation reference

See Limitation reference for detailed information about individual Limitations.

Read the Docs