Limitations are the building blocks of the permission system in 5.x, they provide the limitations you can apply to a given access right to limit the right to certain conditions.
Limitations consists of two parts:
Limitation (Value)LimitationTypeCertain limitations are also "RoleLimitations", meaning they can be used to limit the rights of a Role assignment, this is currently Subtree and Section limitation.
The Limitation represent the value, while LimitationType deals with the business logic surrounding how it actually works and is enforced.
LimitationTypes have two modes of operation in regards to permission logic (seeĀ eZ\Publish\SPI\Limitation\Type interface for more info):
| Method | Used when |
evaluate | Evaluating if user has access to a given object in a certain context (for instance a context can be Locations when object is Content), under the condition of the Limitation value(s) |
|---|---|
getCriterion | Generates a Criterion using Limitation value and current user which SearchService by default applies to search criteria for filtering search based on permissions |