edu.internet2.middleware.grouper.privs

Class AttributeDefWrapper

java.lang.Object

edu.internet2.middleware.grouper.privs.AttributeDefWrapper

All Implemented Interfaces:

AttributeDefResolver

public class AttributeDefWrapper
extends Object
implements AttributeDefResolver

Class implementing wrapper around AccessAdapter interface.

Since:

1.2.1

Version:

$Id: AttributeDefWrapper.java,v 1.1 2009-09-21 06:14:26 mchyzer Exp $

Constructor Summary

Constructors

Constructor and Description
AttributeDefWrapper(GrouperSession session, AttributeDefAdapter attributeDefAdapter) Facade around AccessAdapter that implements AccessResolver.

Method Summary

Modifier and Type	Method and Description
void	flushCache() flush cache if caching resolver
Set<AttributeDef>	getAttributeDefsWhereSubjectDoesHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the attributeDefs which do have a certain privilege
Set<AttributeDef>	getAttributeDefsWhereSubjectDoesntHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the attributeDefs which do not have a certain privilege
Set<AttributeDef>	getAttributeDefsWhereSubjectHasPrivilege(Subject subject, Privilege privilege) Get all attributedefs where subject has privilege.
GrouperSession	getGrouperSession() get a reference to the session
Set<AttributeDefPrivilege>	getPrivileges(AttributeDef attributeDef, Subject subject) Get all privileges subject has on attributeDef.
Set<Subject>	getSubjectsWithPrivilege(AttributeDef attributeDef, Privilege privilege) Get all subjects with privilege on attributeDef.
void	grantPrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege, String uuid) Grant privilege to subject on attributeDef.
boolean	hasPrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege) Check whether subject has privilege on attributeDef.
boolean	hqlFilterAttrDefsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hqlTables, StringBuilder hqlWhereClause, String attrDefColumn, Set<Privilege> privInSet) for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttDefs instead if you like)
boolean	hqlFilterAttributeDefsNotWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject) for an attribute def query, check to make sure the subject cant see the records
boolean	hqlFilterAttributeDefsWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject) for an attribute def query, check to make sure the records have certain privs
Set<AttributeDef>	postHqlFilterAttrDefs(Set<AttributeDef> attributeDefs, Subject subject, Set<Privilege> privInSet) after HQL is run, filter attributeDefs.
Set<AttributeAssign>	postHqlFilterAttributeAssigns(Subject subject, Set<AttributeAssign> attributeAssigns) filter attributeDefs for things the subject can see
Set<PermissionEntry>	postHqlFilterPermissions(Subject subject, Set<PermissionEntry> permissionsEntries) filter permissions for things the subject can see
Set<PITAttributeAssign>	postHqlFilterPITAttributeAssigns(Subject subject, Set<PITAttributeAssign> pitAttributeAssigns) filter pit attribute assignments for things the subject can see
void	privilegeCopy(AttributeDef attributeDef1, AttributeDef attributeDef2, Privilege priv) Copies privileges for subjects that have the specified privilege on g1 to g2.
void	privilegeCopy(Subject subj1, Subject subj2, Privilege priv) Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.
Set<PrivilegeSubjectContainer>	retrievePrivileges(AttributeDef attributeDef, Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, Set<Member> additionalMembers) get a list of privilege subjects, there are no results with the same subject
void	revokeAllPrivilegesForSubject(Subject subject) Revoke all attrDef privileges that this subject has.
void	revokePrivilege(AttributeDef attributeDef, Privilege privilege) Revoke privilege from all subjects on attributeDef.
void	revokePrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege) Revoke privilege from subject on attributeDef.
void	stop() clean up resources, session is stopped

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AttributeDefWrapper

public AttributeDefWrapper(GrouperSession session,
                           AttributeDefAdapter attributeDefAdapter)
                    throws IllegalArgumentException

Facade around AccessAdapter that implements AccessResolver.

Parameters:

session -

attributeDefAdapter -

Throws:

IllegalArgumentException - if any parameter is null.

Since:

1.2.1

Method Detail

getAttributeDefsWhereSubjectHasPrivilege

public Set<AttributeDef> getAttributeDefsWhereSubjectHasPrivilege(Subject subject,
                                                                  Privilege privilege)
                                                           throws IllegalArgumentException

Description copied from interface: AttributeDefResolver

Get all attributedefs where subject has privilege.

Specified by:

getAttributeDefsWhereSubjectHasPrivilege in interface AttributeDefResolver

Parameters:

subject -

privilege -

Returns:

set of attributeDef

Throws:

IllegalArgumentException

Since:

1.2.1

See Also:

AttributeDefResolver.getAttributeDefsWhereSubjectHasPrivilege(Subject, Privilege), AttributeDefAdapter.getAttributeDefsWhereSubjectHasPriv(GrouperSession, Subject, Privilege)

getPrivileges

public Set<AttributeDefPrivilege> getPrivileges(AttributeDef attributeDef,
                                                Subject subject)
                                         throws IllegalArgumentException

Description copied from interface: AttributeDefResolver

Get all privileges subject has on attributeDef.

Specified by:

getPrivileges in interface AttributeDefResolver

Returns:

the set

Throws:

IllegalArgumentException - if any parameter is null.

See Also:

AttributeDefResolver.getPrivileges(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.subject.Subject)

getSubjectsWithPrivilege

public Set<Subject> getSubjectsWithPrivilege(AttributeDef attributeDef,
                                             Privilege privilege)
                                      throws IllegalArgumentException

Description copied from interface: AttributeDefResolver

Get all subjects with privilege on attributeDef.

Specified by:

getSubjectsWithPrivilege in interface AttributeDefResolver

Returns:

the set

Throws:

IllegalArgumentException - if any parameter is null.

See Also:

AttributeDefResolver.getSubjectsWithPrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.grouper.privs.Privilege)

grantPrivilege

public void grantPrivilege(AttributeDef attributeDef,
                           Subject subject,
                           Privilege privilege,
                           String uuid)
                    throws IllegalArgumentException,
                           UnableToPerformException

Description copied from interface: AttributeDefResolver

Grant privilege to subject on attributeDef.

Specified by:

grantPrivilege in interface AttributeDefResolver

uuid - is uuid or null for assigned

Throws:

IllegalArgumentException - if any parameter is null.

UnableToPerformException - if the privilege could not be granted.

See Also:

AttributeDefResolver.grantPrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege, String)

hasPrivilege

public boolean hasPrivilege(AttributeDef attributeDef,
                            Subject subject,
                            Privilege privilege)
                     throws IllegalArgumentException

Description copied from interface: AttributeDefResolver

Check whether subject has privilege on attributeDef.

Specified by:

hasPrivilege in interface AttributeDefResolver

Returns:

boolean

Throws:

IllegalArgumentException - if any parameter is null.

See Also:

AttributeDefResolver.hasPrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)

revokePrivilege

public void revokePrivilege(AttributeDef attributeDef,
                            Privilege privilege)
                     throws IllegalArgumentException,
                            UnableToPerformException

Description copied from interface: AttributeDefResolver

Revoke privilege from all subjects on attributeDef.

Specified by:

revokePrivilege in interface AttributeDefResolver

Throws:

IllegalArgumentException - if any parameter is null.

UnableToPerformException - if the privilege could not be revoked.

See Also:

AttributeDefResolver.revokePrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.grouper.privs.Privilege)

revokePrivilege

public void revokePrivilege(AttributeDef attributeDef,
                            Subject subject,
                            Privilege privilege)
                     throws IllegalArgumentException,
                            UnableToPerformException

Description copied from interface: AttributeDefResolver

Revoke privilege from subject on attributeDef.

Specified by:

revokePrivilege in interface AttributeDefResolver

Throws:

IllegalArgumentException - if any parameter is null.

UnableToPerformException - if the privilege could not be revoked.

See Also:

AttributeDefResolver.revokePrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)

postHqlFilterAttrDefs

public Set<AttributeDef> postHqlFilterAttrDefs(Set<AttributeDef> attributeDefs,
                                               Subject subject,
                                               Set<Privilege> privInSet)

Description copied from interface: AttributeDefResolver

after HQL is run, filter attributeDefs. If you are filtering in HQL, then dont filter here

Specified by:

postHqlFilterAttrDefs in interface AttributeDefResolver

subject - which needs view access to the attribute defs

privInSet - find a privilege which is in this set (e.g. for view, send all attrDef privs). There are pre-canned sets in AttributeDefAdapter

Returns:

the set of filtered attrDefs

See Also:

AttributeDefResolver.postHqlFilterAttrDefs(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)

privilegeCopy

public void privilegeCopy(AttributeDef attributeDef1,
                          AttributeDef attributeDef2,
                          Privilege priv)
                   throws IllegalArgumentException,
                          UnableToPerformException

Description copied from interface: AttributeDefResolver

Copies privileges for subjects that have the specified privilege on g1 to g2.

Specified by:

privilegeCopy in interface AttributeDefResolver

Throws:

IllegalArgumentException

UnableToPerformException

See Also:

AttributeDefResolver.privilegeCopy(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.grouper.privs.Privilege)

privilegeCopy

public void privilegeCopy(Subject subj1,
                          Subject subj2,
                          Privilege priv)
                   throws IllegalArgumentException,
                          UnableToPerformException

Description copied from interface: AttributeDefResolver

Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. For instance, if subj1 has ATTR_ADMIN privilege to AttributeDef x, this method will result with subj2 having ATTR_ADMIN privilege to AttributeDef x.

Specified by:

privilegeCopy in interface AttributeDefResolver

Throws:

IllegalArgumentException

UnableToPerformException

See Also:

AttributeDefResolver.privilegeCopy(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)

flushCache

public void flushCache()

Description copied from interface: AttributeDefResolver

flush cache if caching resolver

Specified by:

flushCache in interface AttributeDefResolver

See Also:

AttributeDefResolver.flushCache()

hqlFilterAttrDefsWhereClause

public boolean hqlFilterAttrDefsWhereClause(Subject subject,
                                            HqlQuery hqlQuery,
                                            StringBuilder hqlTables,
                                            StringBuilder hqlWhereClause,
                                            String attrDefColumn,
                                            Set<Privilege> privInSet)

Description copied from interface: AttributeDefResolver

for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttDefs instead if you like)

Specified by:

hqlFilterAttrDefsWhereClause in interface AttributeDefResolver

Parameters:

subject - which needs view access to the attrDefs

hqlTables - the select and current from part

hqlWhereClause - is there where clause part of the query

attrDefColumn - is the name of the attributeDef column to join to

privInSet - find a privilege which is in this set (e.g. for view, send all attrDef privs)

Returns:

if the statement was changed

See Also:

AttributeDefResolver.hqlFilterAttrDefsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.StringBuilder, java.lang.String, java.util.Set)

getGrouperSession

public GrouperSession getGrouperSession()

Description copied from interface: AttributeDefResolver

get a reference to the session

Specified by:

getGrouperSession in interface AttributeDefResolver

Returns:

the session

See Also:

AttributeDefResolver.getGrouperSession()

postHqlFilterAttributeAssigns

public Set<AttributeAssign> postHqlFilterAttributeAssigns(Subject subject,
                                                          Set<AttributeAssign> attributeAssigns)

Description copied from interface: AttributeDefResolver

filter attributeDefs for things the subject can see

Specified by:

postHqlFilterAttributeAssigns in interface AttributeDefResolver

Returns:

the memberships

See Also:

AttributeDefResolver.postHqlFilterAttributeAssigns(edu.internet2.middleware.subject.Subject, java.util.Set)

postHqlFilterPITAttributeAssigns

public Set<PITAttributeAssign> postHqlFilterPITAttributeAssigns(Subject subject,
                                                                Set<PITAttributeAssign> pitAttributeAssigns)

Description copied from interface: AttributeDefResolver

filter pit attribute assignments for things the subject can see

Specified by:

postHqlFilterPITAttributeAssigns in interface AttributeDefResolver

Returns:

the pit attribute assignments

See Also:

AttributeDefResolver.postHqlFilterPITAttributeAssigns(edu.internet2.middleware.subject.Subject, java.util.Set)

stop

public void stop()

Description copied from interface: AttributeDefResolver

clean up resources, session is stopped

Specified by:

stop in interface AttributeDefResolver

See Also:

AttributeDefResolver.stop()

revokeAllPrivilegesForSubject

public void revokeAllPrivilegesForSubject(Subject subject)

Description copied from interface: AttributeDefResolver

Revoke all attrDef privileges that this subject has.

Specified by:

revokeAllPrivilegesForSubject in interface AttributeDefResolver

See Also:

AttributeDefResolver.revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject)

postHqlFilterPermissions

public Set<PermissionEntry> postHqlFilterPermissions(Subject subject,
                                                     Set<PermissionEntry> permissionsEntries)

Description copied from interface: AttributeDefResolver

filter permissions for things the subject can see

Specified by:

postHqlFilterPermissions in interface AttributeDefResolver

Returns:

the memberships

See Also:

AttributeDefResolver.postHqlFilterPermissions(edu.internet2.middleware.subject.Subject, java.util.Set)

getAttributeDefsWhereSubjectDoesntHavePrivilege

public Set<AttributeDef> getAttributeDefsWhereSubjectDoesntHavePrivilege(String stemId,
                                                                         Stem.Scope scope,
                                                                         Subject subject,
                                                                         Privilege privilege,
                                                                         boolean considerAllSubject,
                                                                         String sqlLikeString)

Description copied from interface: AttributeDefResolver

find the attributeDefs which do not have a certain privilege

Specified by:

getAttributeDefsWhereSubjectDoesntHavePrivilege in interface AttributeDefResolver

Returns:

the attributeDefs

See Also:

AttributeDefResolver#getAttributeDefsWhereSubjectDoesntHavePrivilege(String, Scope, Subject, Privilege, boolean, String)

hqlFilterAttributeDefsNotWithPrivWhereClause

public boolean hqlFilterAttributeDefsNotWithPrivWhereClause(Subject subject,
                                                            HqlQuery hqlQuery,
                                                            StringBuilder hql,
                                                            String attributeDefColumn,
                                                            Privilege privilege,
                                                            boolean considerAllSubject)

Description copied from interface: AttributeDefResolver

for an attribute def query, check to make sure the subject cant see the records

Specified by:

hqlFilterAttributeDefsNotWithPrivWhereClause in interface AttributeDefResolver

Parameters:

subject - which needs view access to the groups

hql - the select and current from part

attributeDefColumn - is the name of the attributeDef column to join to

privilege - find a privilege which is in this set (e.g. for view, attr view)

considerAllSubject - if true, then consider GrouperAll when seeign if subject has priv, else do not

Returns:

if the statement was changed

See Also:

AttributeDefResolver.hqlFilterAttributeDefsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege, boolean)

retrievePrivileges

public Set<PrivilegeSubjectContainer> retrievePrivileges(AttributeDef attributeDef,
                                                         Set<Privilege> privileges,
                                                         MembershipType membershipType,
                                                         QueryPaging queryPaging,
                                                         Set<Member> additionalMembers)

Description copied from interface: AttributeDefResolver

get a list of privilege subjects, there are no results with the same subject

Specified by:

retrievePrivileges in interface AttributeDefResolver

Parameters:

attributeDef - to search on

privileges - if blank, get all

membershipType - if immediate, effective, or blank for all

queryPaging - if a certain page should be returned, based on subject

additionalMembers - additional members to query that the user is finding or adding

Returns:

the privilege subject combinations

See Also:

AttributeDefResolver.retrievePrivileges(edu.internet2.middleware.grouper.attr.AttributeDef, java.util.Set, edu.internet2.middleware.grouper.membership.MembershipType, edu.internet2.middleware.grouper.internal.dao.QueryPaging, Set)

hqlFilterAttributeDefsWithPrivWhereClause

public boolean hqlFilterAttributeDefsWithPrivWhereClause(Subject subject,
                                                         HqlQuery hqlQuery,
                                                         StringBuilder hql,
                                                         String attributeDefColumn,
                                                         Privilege privilege,
                                                         boolean considerAllSubject)

Description copied from interface: AttributeDefResolver

for an attribute def query, check to make sure the records have certain privs

Specified by:

hqlFilterAttributeDefsWithPrivWhereClause in interface AttributeDefResolver

Parameters:

subject - which needs view access to the groups

hql - the select and current from part

attributeDefColumn - is the name of the attributeDef column to join to

privilege - find a privilege which is in this set (e.g. for view, attr view)

considerAllSubject - if true, then consider GrouperAll when seeign if subject has priv, else do not

Returns:

if the statement was changed

See Also:

AttributeDefResolver.hqlFilterAttributeDefsWithPrivWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege, boolean)

getAttributeDefsWhereSubjectDoesHavePrivilege

public Set<AttributeDef> getAttributeDefsWhereSubjectDoesHavePrivilege(String stemId,
                                                                       Stem.Scope scope,
                                                                       Subject subject,
                                                                       Privilege privilege,
                                                                       boolean considerAllSubject,
                                                                       String sqlLikeString)

Description copied from interface: AttributeDefResolver

find the attributeDefs which do have a certain privilege

Specified by:

getAttributeDefsWhereSubjectDoesHavePrivilege in interface AttributeDefResolver

Returns:

the attributeDefs

See Also:

AttributeDefResolver#getAttributeDefsWhereSubjectDoesHavePrivilege(String, Scope, Subject, Privilege, boolean, String)