public class GrouperAccessAdapter extends GrouperNonDbAccessAdapter
Grouper Access Privilege interface.Unless you are implementing a new implementation of this interface, you should not need to directly use these methods as they are all wrapped by methods in the
This access adapter affects the HQL queries to give better performanceGroup
class.
Modifier and Type | Field and Description |
---|---|
static String |
HQL_FILTER_NO_RESULTS_INDICATOR
Caller can see if this string ends up in the filter to indicate that no results would be returned.
|
priv2list
Constructor and Description |
---|
GrouperAccessAdapter() |
Modifier and Type | Method and Description |
---|---|
boolean |
hqlFilterGroupsNotWithPrivWhereClause(GrouperSession grouperSession,
Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String groupColumn,
Privilege privilege,
boolean considerAllSubject)
for a group query, check to make sure the subject cant see the records (if filtering HQL, you can do
the postHqlFilterGroups instead if you like).
|
boolean |
hqlFilterGroupsWhereClause(GrouperSession grouperSession,
Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String groupColumn,
Set<Privilege> privInSet)
note, can use
|
boolean |
hqlFilterGroupsWithPrivWhereClause(GrouperSession grouperSession,
Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String groupColumn,
Privilege privilege,
boolean considerAllSubject)
for a group query, see if the groups have certain privs
|
Set<Group> |
postHqlFilterGroups(GrouperSession grouperSession,
Set<Group> inputGroups,
Subject subject,
Set<Privilege> privInSet)
after HQL is run, filter groups.
|
Set<Stem> |
postHqlFilterStemsWithGroups(GrouperSession grouperSession,
Set<Stem> stems,
Subject subject,
Set<Privilege> inPrivSet)
after HQL is run, filter stems with groups.
|
getGroupsWhereSubjectDoesHavePrivilege, getGroupsWhereSubjectDoesntHavePrivilege, getGroupsWhereSubjectHasPriv, getPrivs, getStemsWhereGroupThatSubjectHasPrivilege, getSubjectsWithPriv, grantPriv, hasPriv, privilegeCopy, privilegeCopy, retrievePrivileges, revokeAllPrivilegesForSubject, revokePriv, revokePriv
postHqlFilterMemberships
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
postHqlFilterMemberships
public static final String HQL_FILTER_NO_RESULTS_INDICATOR
public boolean hqlFilterGroupsWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet)
hqlFilterGroupsWhereClause
in interface AccessAdapter
hqlFilterGroupsWhereClause
in class BaseAccessAdapter
subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)groupColumn
- is the name of the group column to join toprivInSet
- find a privilege which is in this set
(e.g. for view, send all access privs). There are pre-canned sets in AccessPrivilegeAccessAdapter.hqlFilterGroupsWhereClause(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, java.util.Set)
public boolean hqlFilterGroupsNotWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject)
AccessAdapter
hqlFilterGroupsNotWithPrivWhereClause
in interface AccessAdapter
hqlFilterGroupsNotWithPrivWhereClause
in class BaseAccessAdapter
subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)groupColumn
- is the name of the group column to join toprivilege
- find a privilege which is in this set
(e.g. for view, send view).considerAllSubject
- if true, then consider GrouperAll when seeing if doesnt have privilege, else do considerAccessAdapter.hqlFilterGroupsNotWithPrivWhereClause(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege, boolean)
public Set<Group> postHqlFilterGroups(GrouperSession grouperSession, Set<Group> inputGroups, Subject subject, Set<Privilege> privInSet)
AccessAdapter
postHqlFilterGroups
in interface AccessAdapter
postHqlFilterGroups
in class BaseAccessAdapter
subject
- which needs view access to the groupsprivInSet
- find a privilege which is in this set
(e.g. for view, send all access privs). There are pre-canned sets in AccessAdapterBaseAccessAdapter.postHqlFilterGroups(edu.internet2.middleware.grouper.GrouperSession, java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)
public Set<Stem> postHqlFilterStemsWithGroups(GrouperSession grouperSession, Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet)
AccessAdapter
postHqlFilterStemsWithGroups
in interface AccessAdapter
postHqlFilterStemsWithGroups
in class BaseAccessAdapter
BaseAccessAdapter.postHqlFilterStemsWithGroups(edu.internet2.middleware.grouper.GrouperSession, java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)
public boolean hqlFilterGroupsWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject)
AccessAdapter
hqlFilterGroupsWithPrivWhereClause
in interface AccessAdapter
hqlFilterGroupsWithPrivWhereClause
in class BaseAccessAdapter
subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)groupColumn
- is the name of the group column to join toprivilege
- find a privilege which is in this set
(e.g. for view, send view).considerAllSubject
- if true, then consider GrouperAll when seeing if doesnt have privilege, else do considerAccessAdapter.hqlFilterGroupsWithPrivWhereClause(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege, boolean)
Copyright © 2016 Internet2. All rights reserved.