public class PrivilegeHelper extends Object
TODO 20070823 Relocate these methods once I figure out the best home for them.
Constructor and Description |
---|
PrivilegeHelper() |
Modifier and Type | Method and Description |
---|---|
static boolean |
canAdmin(GrouperSession s,
Group g,
Subject subj) |
static boolean |
canAttrAdmin(GrouperSession s,
AttributeDef attributeDef,
Subject subj) |
static boolean |
canAttrDefAttrRead(GrouperSession s,
AttributeDef attributeDef,
Subject subj) |
static boolean |
canAttrDefAttrUpdate(GrouperSession s,
AttributeDef attributeDef,
Subject subj) |
static boolean |
canAttrOptin(GrouperSession s,
AttributeDef attributeDef,
Subject subj) |
static boolean |
canAttrOptout(GrouperSession s,
AttributeDef attributeDef,
Subject subj) |
static boolean |
canAttrRead(GrouperSession s,
AttributeDef attributeDef,
Subject subj) |
static boolean |
canAttrUpdate(GrouperSession s,
AttributeDef attributeDef,
Subject subj) |
static boolean |
canAttrView(GrouperSession s,
AttributeDef attributeDef,
Subject subj) |
static boolean |
canCopyStems(Subject subject)
Is this user allowed to copy stems?
|
static boolean |
canCreate(GrouperSession s,
Stem ns,
Subject subj)
TODO 20070823 find a real home for this and/or add tests
|
static boolean |
canGroupAttrRead(GrouperSession s,
Group group,
Subject subj) |
static boolean |
canGroupAttrUpdate(GrouperSession s,
Group group,
Subject subj) |
static boolean |
canMoveStems(Subject subject)
Is this user allowed to move stems?
|
static boolean |
canOptin(GrouperSession s,
Group g,
Subject subj)
TODO 20070823 find a real home for this and/or add tests
|
static boolean |
canOptout(GrouperSession s,
Group g,
Subject subj)
TODO 20070823 find a real home for this and/or add tests
|
static boolean |
canRead(GrouperSession s,
Group g,
Subject subj)
TODO 20070823 find a real home for this and/or add tests
|
static boolean |
canRenameStems(Subject subject)
Is this user allowed to rename stems?
|
static boolean |
canStem(GrouperSession s,
Stem ns,
Subject subj)
TODO 20070823 find a real home for this and/or add tests
|
static boolean |
canStem(Stem ns,
Subject subj)
TODO 20070823 find a real home for this and/or add tests
|
static boolean |
canStemAdmin(GrouperSession s,
Stem ns,
Subject subj) |
static boolean |
canStemAdmin(Stem ns,
Subject subj) |
static boolean |
canStemAttrRead(GrouperSession s,
Stem stem,
Subject subj) |
static boolean |
canStemAttrUpdate(GrouperSession s,
Stem stem,
Subject subj) |
static boolean |
canUpdate(GrouperSession s,
Group g,
Subject subj)
TODO 20070823 find a real home for this and/or add tests
|
static boolean |
canView(GrouperSession s,
Group g,
Subject subj)
TODO 20070823 find a real home for this and/or add tests
|
static boolean |
canViewAttributeAssign(GrouperSession grouperSession,
AttributeAssign attributeAssign,
boolean checkUnderlyingIfAssignmentOnAssignment)
see if the attribute assigns are viewable
|
static Set<AttributeAssign> |
canViewAttributeAssigns(GrouperSession grouperSession,
Collection<AttributeAssign> inputAttributeAssigns,
boolean checkUnderlyingIfAssignmentOnAssignment)
see if the attribute assigns are viewable
|
static Set<AttributeDef> |
canViewAttributeDefs(GrouperSession s,
Collection<AttributeDef> inputAttributeDefs)
TODO 20070823 find a real home for this and/or add tests
|
static Set |
canViewGroups(GrouperSession s,
Set candidates)
TODO 20070823 find a real home for this and/or add tests
|
static boolean |
canViewMembers(GrouperSession grouperSession,
Group group,
Field field) |
static boolean |
canViewMembership(GrouperSession grouperSession,
Membership membership) |
static Set<Membership> |
canViewMemberships(GrouperSession grouperSession,
Collection<Membership> inputMemberships) |
static Set<PermissionEntry> |
canViewPermissions(GrouperSession grouperSession,
Collection<PermissionEntry> inputPermissionEntries)
see if the attribute assigns are viewable
|
static Set<PITAttributeAssign> |
canViewPITAttributeAssigns(GrouperSession grouperSession,
Collection<PITAttributeAssign> inputPITAttributeAssigns,
boolean checkUnderlyingIfAssignmentOnAssignment)
see if the pit attribute assigns are viewable
|
static void |
dispatch(GrouperSession s,
AttributeDef attributeDef,
Subject subj,
Privilege priv)
TODO 20070823 find a real home for this and/or add tests
|
static void |
dispatch(GrouperSession s,
Group g,
Subject subj,
Privilege priv)
TODO 20070823 find a real home for this and/or add tests
|
static void |
dispatch(GrouperSession s,
Stem ns,
Subject subj,
Privilege priv)
TODO 20070823 find a real home for this and/or add tests
|
static Collection<String> |
fieldIdsFromPrivileges(Collection<Privilege> privileges)
convert a collection of privileges to a collection of fieldIds
|
static void |
flushCache()
flush all privilege caches
|
static Privilege[] |
getAccessPrivileges(Privilege[] privileges)
TODO 20070824 add tests
|
static Privilege[] |
getAttributeDefPrivileges(Privilege[] privileges)
TODO 20070824 add tests
|
static Privilege[] |
getNamingPrivileges(Privilege[] privileges)
TODO 20070824 add tests
|
static boolean |
hasImmediatePrivilege(AttributeDef attributeDef,
Subject subject,
Privilege privilege)
see if an attributeDef has an immediate privilege
|
static boolean |
hasImmediatePrivilege(Group group,
Subject subject,
Privilege privilege)
see if a group has an immediate privilege
|
static boolean |
hasImmediatePrivilege(Stem stem,
Subject subject,
Privilege privilege)
see if a stem has an immediate privilege
|
static boolean |
hasPrivilege(GrouperSession s,
AttributeDef attributeDef,
Subject subj,
Set<Privilege> privInSet) |
static boolean |
hasPrivilege(GrouperSession s,
Group g,
Subject subj,
Set<Privilege> privInSet) |
static boolean |
hasPrivilege(GrouperSession s,
Stem stem,
Subject subj,
Set<Privilege> privInSet) |
static boolean |
isRoot(GrouperSession s)
TODO 20070823 find a real home for this and/or add tests
|
static boolean |
isSystemSubject(Subject subject)
see if system subject
|
static boolean |
isWheel(GrouperSession s)
TODO 20070823 find a real home for this and/or add tests
|
static boolean |
isWheelOrRoot(Subject subject)
see if a subject is wheel or root
|
static boolean |
isWheelOrRootOrReadonlyRoot(Subject subject)
see if a subject is wheel or root or readonly root
|
static boolean |
isWheelOrRootOrViewonlyRoot(Subject subject)
see if a subject is wheel or root or viewonly root (or readonly)
|
static void |
main(String[] args) |
static void |
resolveSubjects(Collection<GrouperPrivilege> grouperPrivileges,
boolean resolveAllAlways)
resolve subjects in one batch
|
static void |
wheelMemberCacheClear()
clear cache on this jvm when adjusting wheel members
|
public static void main(String[] args)
public static Collection<String> fieldIdsFromPrivileges(Collection<Privilege> privileges)
privileges
- public static boolean hasImmediatePrivilege(Group group, Subject subject, Privilege privilege)
group
- subject
- privilege
- public static void flushCache()
public static void resolveSubjects(Collection<GrouperPrivilege> grouperPrivileges, boolean resolveAllAlways)
grouperPrivileges
- resolveAllAlways
- true to always resolve all no matter how many, false
if there are more than 2000 or however many (e.g. for UI)public static boolean canAdmin(GrouperSession s, Group g, Subject subj)
s
- g
- subj
- public static boolean canAttrAdmin(GrouperSession s, AttributeDef attributeDef, Subject subj)
s
- attributeDef
- subj
- public static boolean canAttrRead(GrouperSession s, AttributeDef attributeDef, Subject subj)
s
- attributeDef
- subj
- public static boolean canAttrView(GrouperSession s, AttributeDef attributeDef, Subject subj)
s
- attributeDef
- subj
- public static boolean canGroupAttrRead(GrouperSession s, Group group, Subject subj)
s
- group
- subj
- public static boolean canGroupAttrUpdate(GrouperSession s, Group group, Subject subj)
s
- group
- subj
- public static boolean canAttrDefAttrRead(GrouperSession s, AttributeDef attributeDef, Subject subj)
s
- attributeDef
- subj
- public static boolean canAttrDefAttrUpdate(GrouperSession s, AttributeDef attributeDef, Subject subj)
s
- attributeDef
- subj
- public static boolean canStemAttrRead(GrouperSession s, Stem stem, Subject subj)
s
- stem
- subj
- public static boolean canStemAttrUpdate(GrouperSession s, Stem stem, Subject subj)
s
- stem
- subj
- public static boolean canAttrUpdate(GrouperSession s, AttributeDef attributeDef, Subject subj)
s
- attributeDef
- subj
- public static boolean canAttrOptin(GrouperSession s, AttributeDef attributeDef, Subject subj)
s
- attributeDef
- subj
- public static boolean canAttrOptout(GrouperSession s, AttributeDef attributeDef, Subject subj)
s
- attributeDef
- subj
- public static boolean canCreate(GrouperSession s, Stem ns, Subject subj)
s
- ns
- subj
- public static boolean canOptin(GrouperSession s, Group g, Subject subj)
s
- g
- subj
- public static boolean hasPrivilege(GrouperSession s, Stem stem, Subject subj, Set<Privilege> privInSet)
s
- stem
- subj
- privInSet
- public static boolean hasPrivilege(GrouperSession s, Group g, Subject subj, Set<Privilege> privInSet)
s
- g
- subj
- privInSet
- public static boolean canOptout(GrouperSession s, Group g, Subject subj)
s
- g
- subj
- public static boolean canRead(GrouperSession s, Group g, Subject subj)
s
- g
- subj
- public static boolean canStem(Stem ns, Subject subj)
ns
- subj
- public static boolean canStemAdmin(Stem ns, Subject subj)
ns
- subj
- public static boolean canStem(GrouperSession s, Stem ns, Subject subj)
s
- ns
- subj
- public static boolean canStemAdmin(GrouperSession s, Stem ns, Subject subj)
s
- ns
- subj
- public static boolean canUpdate(GrouperSession s, Group g, Subject subj)
s
- g
- subj
- public static boolean canView(GrouperSession s, Group g, Subject subj)
s
- g
- subj
- public static Set canViewGroups(GrouperSession s, Set candidates)
s
- candidates
- public static boolean canViewMembership(GrouperSession grouperSession, Membership membership)
grouperSession
- membership
- public static Set<Membership> canViewMemberships(GrouperSession grouperSession, Collection<Membership> inputMemberships)
grouperSession
- inputMemberships
- public static boolean canViewMembers(GrouperSession grouperSession, Group group, Field field)
grouperSession
- group
- field
- public static void dispatch(GrouperSession s, Group g, Subject subj, Privilege priv) throws InsufficientPrivilegeException, SchemaException
s
- g
- subj
- priv
- InsufficientPrivilegeException
SchemaException
public static void dispatch(GrouperSession s, Stem ns, Subject subj, Privilege priv) throws InsufficientPrivilegeException, SchemaException
s
- ns
- subj
- priv
- InsufficientPrivilegeException
SchemaException
public static void dispatch(GrouperSession s, AttributeDef attributeDef, Subject subj, Privilege priv) throws InsufficientPrivilegeException, SchemaException
s
- attributeDef
- subj
- priv
- InsufficientPrivilegeException
SchemaException
public static Privilege[] getAccessPrivileges(Privilege[] privileges)
privileges
- public static Privilege[] getAttributeDefPrivileges(Privilege[] privileges)
privileges
- public static Privilege[] getNamingPrivileges(Privilege[] privileges)
privileges
- public static boolean isRoot(GrouperSession s)
s
- public static boolean isSystemSubject(Subject subject)
subject
- public static boolean isWheel(GrouperSession s)
s
- public static boolean isWheelOrRootOrViewonlyRoot(Subject subject)
subject
- public static boolean isWheelOrRootOrReadonlyRoot(Subject subject)
subject
- public static void wheelMemberCacheClear()
public static boolean isWheelOrRoot(Subject subject)
subject
- public static boolean canMoveStems(Subject subject)
subject
- public static boolean canCopyStems(Subject subject)
subject
- public static boolean canRenameStems(Subject subject)
subject
- public static boolean hasPrivilege(GrouperSession s, AttributeDef attributeDef, Subject subj, Set<Privilege> privInSet)
s
- attributeDef
- subj
- privInSet
- public static Set<AttributeDef> canViewAttributeDefs(GrouperSession s, Collection<AttributeDef> inputAttributeDefs)
s
- inputAttributeDefs
- public static boolean canViewAttributeAssign(GrouperSession grouperSession, AttributeAssign attributeAssign, boolean checkUnderlyingIfAssignmentOnAssignment)
grouperSession
- attributeAssign
- checkUnderlyingIfAssignmentOnAssignment
- if deep security check should take place on underlying assignmentspublic static Set<AttributeAssign> canViewAttributeAssigns(GrouperSession grouperSession, Collection<AttributeAssign> inputAttributeAssigns, boolean checkUnderlyingIfAssignmentOnAssignment)
grouperSession
- inputAttributeAssigns
- checkUnderlyingIfAssignmentOnAssignment
- if deep security check should take place on underlying assignmentspublic static Set<PermissionEntry> canViewPermissions(GrouperSession grouperSession, Collection<PermissionEntry> inputPermissionEntries)
grouperSession
- inputPermissionEntries
- public static Set<PITAttributeAssign> canViewPITAttributeAssigns(GrouperSession grouperSession, Collection<PITAttributeAssign> inputPITAttributeAssigns, boolean checkUnderlyingIfAssignmentOnAssignment)
grouperSession
- inputPITAttributeAssigns
- checkUnderlyingIfAssignmentOnAssignment
- if deep security check should take place on underlying assignmentspublic static boolean hasImmediatePrivilege(Stem stem, Subject subject, Privilege privilege)
stem
- subject
- privilege
- public static boolean hasImmediatePrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege)
attributeDef
- subject
- privilege
- Copyright © 2016 Internet2. All rights reserved.