public class GrouperAttributeDefAdapter extends GrouperNonDbAttrDefAdapter
Grouper Attribute Definition Access Privilege interface.Unless you are implementing a new implementation of this interface, you should not need to directly use these methods as they are all wrapped by methods in the
This access adapter affects the HQL queries to give better performanceAttributeDef
class.
priv2list
Constructor and Description |
---|
GrouperAttributeDefAdapter() |
Modifier and Type | Method and Description |
---|---|
boolean |
hqlFilterAttrDefsWhereClause(GrouperSession grouperSession,
Subject subject,
HqlQuery hqlQuery,
StringBuilder hqlTables,
StringBuilder hqlWhereClause,
String attributeDefColumn,
Set<Privilege> privInSet)
for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do
the postHqlFilterAttrDefs instead if you like).
|
boolean |
hqlFilterAttributeDefsNotWithPrivWhereClause(GrouperSession grouperSession,
Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String attributeDefColumn,
Privilege privilege,
boolean considerAllSubject)
for an attributeDef query, check to make sure the subject cant see the records (if filtering HQL, you can do
the postHqlFilterAttributeDefs instead if you like).
|
boolean |
hqlFilterAttributeDefsWithPrivWhereClause(GrouperSession grouperSession,
Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String attributeDefColumn,
Privilege privilege,
boolean considerAllSubject)
for an attributeDef query, check to make sure the subject has priv (if filtering HQL, you can do
the postHqlFilterAttributeDefs instead if you like).
|
Set<AttributeAssign> |
postHqlFilterAttributeAssigns(GrouperSession grouperSession,
Subject subject,
Set<AttributeAssign> attributeAssigns)
filter attribute assignments for things the subject can see, assume underlying assignments are ok to view
|
Set<PermissionEntry> |
postHqlFilterPermissions(GrouperSession grouperSession,
Subject subject,
Set<PermissionEntry> permissionEntries)
filter permissionEntries for things the subject can see, assume underlying assignments are ok to view
|
Set<PITAttributeAssign> |
postHqlFilterPITAttributeAssigns(GrouperSession grouperSession,
Subject subject,
Set<PITAttributeAssign> pitAttributeAssigns)
filter pit attribute assignments for things the subject can see, assume underlying assignments are ok to view
|
getAttributeDefsWhereSubjectDoesHavePrivilege, getAttributeDefsWhereSubjectDoesntHavePrivilege, getAttributeDefsWhereSubjectHasPriv, getPrivs, getSubjectsWithPriv, grantPriv, hasPriv, privilegeCopy, privilegeCopy, retrievePrivileges, revokeAllPrivilegesForSubject, revokePriv, revokePriv
postHqlFilterAttributeDefs
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
postHqlFilterAttributeDefs
public boolean hqlFilterAttrDefsWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hqlTables, StringBuilder hqlWhereClause, String attributeDefColumn, Set<Privilege> privInSet)
AttributeDefAdapter
hqlFilterAttrDefsWhereClause
in interface AttributeDefAdapter
hqlFilterAttrDefsWhereClause
in class BaseAttrDefAdapter
subject
- which needs view access to the attrDefshqlTables
- is the select and part part (hql prefix)hqlWhereClause
- is there where clause part of the queryattributeDefColumn
- is the name of the attrDef column to join toprivInSet
- find a privilege which is in this set
(e.g. for view, send all access privs). There are pre-canned sets in AccessPrivilegeBaseAttrDefAdapter.hqlFilterAttrDefsWhereClause(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.StringBuilder, java.lang.String, java.util.Set)
public Set<AttributeAssign> postHqlFilterAttributeAssigns(GrouperSession grouperSession, Subject subject, Set<AttributeAssign> attributeAssigns)
AttributeDefAdapter
postHqlFilterAttributeAssigns
in interface AttributeDefAdapter
postHqlFilterAttributeAssigns
in class BaseAttrDefAdapter
AttributeDefAdapter.postHqlFilterAttributeAssigns(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, java.util.Set)
public Set<PITAttributeAssign> postHqlFilterPITAttributeAssigns(GrouperSession grouperSession, Subject subject, Set<PITAttributeAssign> pitAttributeAssigns)
AttributeDefAdapter
postHqlFilterPITAttributeAssigns
in interface AttributeDefAdapter
postHqlFilterPITAttributeAssigns
in class BaseAttrDefAdapter
AttributeDefAdapter.postHqlFilterPITAttributeAssigns(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, java.util.Set)
public Set<PermissionEntry> postHqlFilterPermissions(GrouperSession grouperSession, Subject subject, Set<PermissionEntry> permissionEntries)
AttributeDefAdapter
postHqlFilterPermissions
in interface AttributeDefAdapter
postHqlFilterPermissions
in class BaseAttrDefAdapter
BaseAttrDefAdapter.postHqlFilterPermissions(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, java.util.Set)
public boolean hqlFilterAttributeDefsNotWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject)
AttributeDefAdapter
hqlFilterAttributeDefsNotWithPrivWhereClause
in interface AttributeDefAdapter
hqlFilterAttributeDefsNotWithPrivWhereClause
in class BaseAttrDefAdapter
subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)attributeDefColumn
- is the name of the attributeDef column to join toprivilege
- find a privilege which is in this set
(e.g. attributeDef privs).considerAllSubject
- if true, then consider GrouperAll when seeing if doesnt have privilege, else do considerAttributeDefAdapter.hqlFilterAttributeDefsNotWithPrivWhereClause(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege, boolean)
public boolean hqlFilterAttributeDefsWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject)
AttributeDefAdapter
hqlFilterAttributeDefsWithPrivWhereClause
in interface AttributeDefAdapter
hqlFilterAttributeDefsWithPrivWhereClause
in class BaseAttrDefAdapter
subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)attributeDefColumn
- is the name of the attributeDef column to join toprivilege
- find a privilege which is in this set
(e.g. attributeDef privs).considerAllSubject
- if true, then consider GrouperAll when seeing if doesnt have privilege, else do considerAttributeDefAdapter.hqlFilterAttributeDefsWithPrivWhereClause(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege, boolean)
Copyright © 2016 Internet2. All rights reserved.