Class UiPermissions
java.lang.Object
edu.internet2.middleware.grouper.ui.UiPermissions
- All Implemented Interfaces:
Serializable
New in 1.2.1, a general means of specifying UI privileges. Initially implemented to allow
selection of menu items, but hopefully will have wider application. Configured through
resources/grouper/ui-permissions.xml (if present)
<ui-permissions>if-member-of can be an actual group name. If using virtual groups, if-member-of evaluates to true if the current Subject is a member of any of the nested groups. In the example shown, members of qsuob:admins do not get the Manage Groups menu item. Manage Groups does not currently scale well for a Subject who has privileges over thousands of groups.
<virtual-groups>
<virtual-group name="HighlyPrivileged">
<group name="qsuob:admins"/>
</virtual-group>
</virtual-groups>
<permissions>
<permission can="view" target="ManageGroups" if-member-of="HighlyPrivileged" is="false"/>
</permissions>
</ui-permissions>
NB. The format above is illustrative. In the case shown it is not necessary to use a virtual group. The following would have worked just as well:
<ui-permissions>
<permissions>
<permission can="view" target="ManageGroups" if-member-of="qsuob:admins" is="false"/>
</permissions>
</ui-permissions>
- Version:
- $Id: UiPermissions.java,v 1.4 2009-08-12 04:52:14 mchyzer Exp $
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprotected classprotected classprotected class -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleanprotected UiPermissions.Targetprotected UiPermissions.VirtualGroupgetVirtualGroup(String name)
-
Constructor Details
-
UiPermissions
-
-
Method Details
-
getVirtualGroup
-
getTarget
-
can
- Parameters:
subj-target-action-- Returns:
- whether the subject can carry out the specified action on the specified target
-