public class AttributeDefWrapper extends Object implements AttributeDefResolver
AccessAdapter
interface.
Constructor and Description |
---|
AttributeDefWrapper(GrouperSession session,
AttributeDefAdapter attributeDefAdapter)
Facade around
AccessAdapter that implements AccessResolver . |
Modifier and Type | Method and Description |
---|---|
void |
flushCache()
flush cache if caching resolver
|
Set<AttributeDef> |
getAttributeDefsWhereSubjectDoesHavePrivilege(String stemId,
Stem.Scope scope,
Subject subject,
Privilege privilege,
boolean considerAllSubject,
String sqlLikeString)
find the attributeDefs which do have a certain privilege
|
Set<AttributeDef> |
getAttributeDefsWhereSubjectDoesntHavePrivilege(String stemId,
Stem.Scope scope,
Subject subject,
Privilege privilege,
boolean considerAllSubject,
String sqlLikeString)
find the attributeDefs which do not have a certain privilege
|
Set<AttributeDef> |
getAttributeDefsWhereSubjectHasPrivilege(Subject subject,
Privilege privilege)
Get all attributedefs where subject has privilege.
|
GrouperSession |
getGrouperSession()
get a reference to the session
|
Set<AttributeDefPrivilege> |
getPrivileges(AttributeDef attributeDef,
Subject subject)
Get all privileges subject has on attributeDef.
|
Set<Subject> |
getSubjectsWithPrivilege(AttributeDef attributeDef,
Privilege privilege)
Get all subjects with privilege on attributeDef.
|
void |
grantPrivilege(AttributeDef attributeDef,
Subject subject,
Privilege privilege,
String uuid)
Grant privilege to subject on attributeDef.
|
boolean |
hasPrivilege(AttributeDef attributeDef,
Subject subject,
Privilege privilege)
Check whether subject has privilege on attributeDef.
|
boolean |
hqlFilterAttrDefsWhereClause(Subject subject,
HqlQuery hqlQuery,
StringBuilder hqlTables,
StringBuilder hqlWhereClause,
String attrDefColumn,
Set<Privilege> privInSet)
for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do
the postHqlFilterAttDefs instead if you like)
|
boolean |
hqlFilterAttributeDefsNotWithPrivWhereClause(Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String attributeDefColumn,
Privilege privilege,
boolean considerAllSubject)
for an attribute def query, check to make sure the subject cant see the records
|
boolean |
hqlFilterAttributeDefsWithPrivWhereClause(Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String attributeDefColumn,
Privilege privilege,
boolean considerAllSubject)
for an attribute def query, check to make sure the records have certain privs
|
Set<AttributeDef> |
postHqlFilterAttrDefs(Set<AttributeDef> attributeDefs,
Subject subject,
Set<Privilege> privInSet)
after HQL is run, filter attributeDefs.
|
Set<AttributeAssign> |
postHqlFilterAttributeAssigns(Subject subject,
Set<AttributeAssign> attributeAssigns)
filter attributeDefs for things the subject can see
|
Set<PermissionEntry> |
postHqlFilterPermissions(Subject subject,
Set<PermissionEntry> permissionsEntries)
filter permissions for things the subject can see
|
Set<PITAttributeAssign> |
postHqlFilterPITAttributeAssigns(Subject subject,
Set<PITAttributeAssign> pitAttributeAssigns)
filter pit attribute assignments for things the subject can see
|
void |
privilegeCopy(AttributeDef attributeDef1,
AttributeDef attributeDef2,
Privilege priv)
Copies privileges for subjects that have the specified privilege on g1 to g2.
|
void |
privilegeCopy(Subject subj1,
Subject subj2,
Privilege priv)
Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.
|
Set<PrivilegeSubjectContainer> |
retrievePrivileges(AttributeDef attributeDef,
Set<Privilege> privileges,
MembershipType membershipType,
QueryPaging queryPaging,
Set<Member> additionalMembers)
get a list of privilege subjects, there are no results with the same subject
|
void |
revokeAllPrivilegesForSubject(Subject subject)
Revoke all attrDef privileges that this subject has.
|
void |
revokePrivilege(AttributeDef attributeDef,
Privilege privilege)
Revoke privilege from all subjects on attributeDef.
|
void |
revokePrivilege(AttributeDef attributeDef,
Subject subject,
Privilege privilege)
Revoke privilege from subject on attributeDef.
|
void |
stop()
clean up resources, session is stopped
|
public AttributeDefWrapper(GrouperSession session, AttributeDefAdapter attributeDefAdapter) throws IllegalArgumentException
AccessAdapter
that implements AccessResolver
.session
- attributeDefAdapter
- IllegalArgumentException
- if any parameter is null.public Set<AttributeDef> getAttributeDefsWhereSubjectHasPrivilege(Subject subject, Privilege privilege) throws IllegalArgumentException
AttributeDefResolver
getAttributeDefsWhereSubjectHasPrivilege
in interface AttributeDefResolver
subject
- privilege
- IllegalArgumentException
AttributeDefResolver.getAttributeDefsWhereSubjectHasPrivilege(Subject, Privilege)
,
AttributeDefAdapter.getAttributeDefsWhereSubjectHasPriv(GrouperSession, Subject, Privilege)
public Set<AttributeDefPrivilege> getPrivileges(AttributeDef attributeDef, Subject subject) throws IllegalArgumentException
AttributeDefResolver
getPrivileges
in interface AttributeDefResolver
IllegalArgumentException
- if any parameter is null.AttributeDefResolver.getPrivileges(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.subject.Subject)
public Set<Subject> getSubjectsWithPrivilege(AttributeDef attributeDef, Privilege privilege) throws IllegalArgumentException
AttributeDefResolver
getSubjectsWithPrivilege
in interface AttributeDefResolver
IllegalArgumentException
- if any parameter is null.AttributeDefResolver.getSubjectsWithPrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.grouper.privs.Privilege)
public void grantPrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege, String uuid) throws IllegalArgumentException, UnableToPerformException
AttributeDefResolver
grantPrivilege
in interface AttributeDefResolver
uuid
- is uuid or null for assignedIllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be granted.AttributeDefResolver.grantPrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege, String)
public boolean hasPrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege) throws IllegalArgumentException
AttributeDefResolver
hasPrivilege
in interface AttributeDefResolver
IllegalArgumentException
- if any parameter is null.AttributeDefResolver.hasPrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)
public void revokePrivilege(AttributeDef attributeDef, Privilege privilege) throws IllegalArgumentException, UnableToPerformException
AttributeDefResolver
revokePrivilege
in interface AttributeDefResolver
IllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be revoked.AttributeDefResolver.revokePrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.grouper.privs.Privilege)
public void revokePrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege) throws IllegalArgumentException, UnableToPerformException
AttributeDefResolver
revokePrivilege
in interface AttributeDefResolver
IllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be revoked.AttributeDefResolver.revokePrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)
public Set<AttributeDef> postHqlFilterAttrDefs(Set<AttributeDef> attributeDefs, Subject subject, Set<Privilege> privInSet)
AttributeDefResolver
postHqlFilterAttrDefs
in interface AttributeDefResolver
subject
- which needs view access to the attribute defsprivInSet
- find a privilege which is in this set
(e.g. for view, send all attrDef privs). There are pre-canned sets in AttributeDefAdapterAttributeDefResolver.postHqlFilterAttrDefs(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)
public void privilegeCopy(AttributeDef attributeDef1, AttributeDef attributeDef2, Privilege priv) throws IllegalArgumentException, UnableToPerformException
AttributeDefResolver
privilegeCopy
in interface AttributeDefResolver
IllegalArgumentException
UnableToPerformException
AttributeDefResolver.privilegeCopy(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.grouper.privs.Privilege)
public void privilegeCopy(Subject subj1, Subject subj2, Privilege priv) throws IllegalArgumentException, UnableToPerformException
AttributeDefResolver
public void flushCache()
AttributeDefResolver
flushCache
in interface AttributeDefResolver
AttributeDefResolver.flushCache()
public boolean hqlFilterAttrDefsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hqlTables, StringBuilder hqlWhereClause, String attrDefColumn, Set<Privilege> privInSet)
AttributeDefResolver
hqlFilterAttrDefsWhereClause
in interface AttributeDefResolver
subject
- which needs view access to the attrDefshqlTables
- the select and current from parthqlWhereClause
- is there where clause part of the queryattrDefColumn
- is the name of the attributeDef column to join toprivInSet
- find a privilege which is in this set (e.g. for view, send all attrDef privs)AttributeDefResolver.hqlFilterAttrDefsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.StringBuilder, java.lang.String, java.util.Set)
public GrouperSession getGrouperSession()
AttributeDefResolver
getGrouperSession
in interface AttributeDefResolver
AttributeDefResolver.getGrouperSession()
public Set<AttributeAssign> postHqlFilterAttributeAssigns(Subject subject, Set<AttributeAssign> attributeAssigns)
AttributeDefResolver
postHqlFilterAttributeAssigns
in interface AttributeDefResolver
AttributeDefResolver.postHqlFilterAttributeAssigns(edu.internet2.middleware.subject.Subject, java.util.Set)
public Set<PITAttributeAssign> postHqlFilterPITAttributeAssigns(Subject subject, Set<PITAttributeAssign> pitAttributeAssigns)
AttributeDefResolver
postHqlFilterPITAttributeAssigns
in interface AttributeDefResolver
AttributeDefResolver.postHqlFilterPITAttributeAssigns(edu.internet2.middleware.subject.Subject, java.util.Set)
public void stop()
AttributeDefResolver
stop
in interface AttributeDefResolver
AttributeDefResolver.stop()
public void revokeAllPrivilegesForSubject(Subject subject)
AttributeDefResolver
revokeAllPrivilegesForSubject
in interface AttributeDefResolver
AttributeDefResolver.revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject)
public Set<PermissionEntry> postHqlFilterPermissions(Subject subject, Set<PermissionEntry> permissionsEntries)
AttributeDefResolver
postHqlFilterPermissions
in interface AttributeDefResolver
AttributeDefResolver.postHqlFilterPermissions(edu.internet2.middleware.subject.Subject, java.util.Set)
public Set<AttributeDef> getAttributeDefsWhereSubjectDoesntHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString)
AttributeDefResolver
getAttributeDefsWhereSubjectDoesntHavePrivilege
in interface AttributeDefResolver
AttributeDefResolver#getAttributeDefsWhereSubjectDoesntHavePrivilege(String, Scope, Subject, Privilege, boolean, String)
public boolean hqlFilterAttributeDefsNotWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject)
AttributeDefResolver
hqlFilterAttributeDefsNotWithPrivWhereClause
in interface AttributeDefResolver
subject
- which needs view access to the groupshql
- the select and current from partattributeDefColumn
- is the name of the attributeDef column to join toprivilege
- find a privilege which is in this set (e.g. for view, attr view)considerAllSubject
- if true, then consider GrouperAll when seeign if subject has priv, else do notAttributeDefResolver.hqlFilterAttributeDefsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege, boolean)
public Set<PrivilegeSubjectContainer> retrievePrivileges(AttributeDef attributeDef, Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, Set<Member> additionalMembers)
AttributeDefResolver
retrievePrivileges
in interface AttributeDefResolver
attributeDef
- to search onprivileges
- if blank, get allmembershipType
- if immediate, effective, or blank for allqueryPaging
- if a certain page should be returned, based on subjectadditionalMembers
- additional members to query that the user is finding or addingAttributeDefResolver.retrievePrivileges(edu.internet2.middleware.grouper.attr.AttributeDef, java.util.Set, edu.internet2.middleware.grouper.membership.MembershipType, edu.internet2.middleware.grouper.internal.dao.QueryPaging, Set)
public boolean hqlFilterAttributeDefsWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject)
AttributeDefResolver
hqlFilterAttributeDefsWithPrivWhereClause
in interface AttributeDefResolver
subject
- which needs view access to the groupshql
- the select and current from partattributeDefColumn
- is the name of the attributeDef column to join toprivilege
- find a privilege which is in this set (e.g. for view, attr view)considerAllSubject
- if true, then consider GrouperAll when seeign if subject has priv, else do notAttributeDefResolver.hqlFilterAttributeDefsWithPrivWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege, boolean)
public Set<AttributeDef> getAttributeDefsWhereSubjectDoesHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString)
AttributeDefResolver
getAttributeDefsWhereSubjectDoesHavePrivilege
in interface AttributeDefResolver
AttributeDefResolver#getAttributeDefsWhereSubjectDoesHavePrivilege(String, Scope, Subject, Privilege, boolean, String)
Copyright © 2016 Internet2. All rights reserved.