Package edu.internet2.middleware.grouper
Class GrouperAccessAdapter
java.lang.Object
edu.internet2.middleware.grouper.privs.BaseAccessAdapter
edu.internet2.middleware.grouper.privs.GrouperNonDbAccessAdapter
edu.internet2.middleware.grouper.GrouperAccessAdapter
- All Implemented Interfaces:
AccessAdapter
Grouper Access Privilege interface.Unless you are implementing a new implementation of this interface, you should not need to directly use these methods as they are all wrapped by methods in the
This access adapter affects the HQL queries to give better performanceGroup
class.
- Version:
- $Id: GrouperAccessAdapter.java,v 1.84 2009-09-21 06:14:27 mchyzer Exp $
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
Caller can see if this string ends up in the filter to indicate that no results would be returned.Fields inherited from class edu.internet2.middleware.grouper.privs.GrouperNonDbAccessAdapter
priv2list
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionboolean
hqlFilterGroupsNotWithPrivWhereClause
(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) for a group query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).boolean
hqlFilterGroupsWhereClause
(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) note, can useboolean
hqlFilterGroupsWithPrivWhereClause
(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) for a group query, see if the groups have certain privspostHqlFilterGroups
(GrouperSession grouperSession, Set<Group> inputGroups, Subject subject, Set<Privilege> privInSet) after HQL is run, filter groups.postHqlFilterStemsWithGroups
(GrouperSession grouperSession, Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet) after HQL is run, filter stems with groups.Methods inherited from class edu.internet2.middleware.grouper.privs.GrouperNonDbAccessAdapter
getGroupsWhereSubjectDoesHavePrivilege, getGroupsWhereSubjectDoesntHavePrivilege, getGroupsWhereSubjectHasPriv, getPrivs, getStemsWhereGroupThatSubjectHasPrivilege, getSubjectsWithPriv, grantPriv, hasPriv, privilegeCopy, privilegeCopy, retrievePrivileges, revokeAllPrivilegesForSubject, revokePriv, revokePriv
Methods inherited from class edu.internet2.middleware.grouper.privs.BaseAccessAdapter
postHqlFilterMemberships
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface edu.internet2.middleware.grouper.privs.AccessAdapter
postHqlFilterMemberships
-
Field Details
-
HQL_FILTER_NO_RESULTS_INDICATOR
Caller can see if this string ends up in the filter to indicate that no results would be returned.- See Also:
-
-
Constructor Details
-
GrouperAccessAdapter
public GrouperAccessAdapter()
-
-
Method Details
-
hqlFilterGroupsWhereClause
public boolean hqlFilterGroupsWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) note, can use- Specified by:
hqlFilterGroupsWhereClause
in interfaceAccessAdapter
- Overrides:
hqlFilterGroupsWhereClause
in classBaseAccessAdapter
subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)groupColumn
- is the name of the group column to join toprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessPrivilege- Returns:
- if the query was changed
- See Also:
-
hqlFilterGroupsNotWithPrivWhereClause
public boolean hqlFilterGroupsNotWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) Description copied from interface:AccessAdapter
for a group query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).- Specified by:
hqlFilterGroupsNotWithPrivWhereClause
in interfaceAccessAdapter
- Overrides:
hqlFilterGroupsNotWithPrivWhereClause
in classBaseAccessAdapter
subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)groupColumn
- is the name of the group column to join toprivilege
- find a privilege which is in this set (e.g. for view, send view).considerAllSubject
- if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider- Returns:
- if the query was changed
- See Also:
-
postHqlFilterGroups
public Set<Group> postHqlFilterGroups(GrouperSession grouperSession, Set<Group> inputGroups, Subject subject, Set<Privilege> privInSet) Description copied from interface:AccessAdapter
after HQL is run, filter groups. If you are filtering in HQL, then dont filter here- Specified by:
postHqlFilterGroups
in interfaceAccessAdapter
- Overrides:
postHqlFilterGroups
in classBaseAccessAdapter
subject
- which needs view access to the groupsprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter- Returns:
- the set of filtered groups
- See Also:
-
postHqlFilterStemsWithGroups
public Set<Stem> postHqlFilterStemsWithGroups(GrouperSession grouperSession, Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet) Description copied from interface:AccessAdapter
after HQL is run, filter stems with groups. If you are filtering in HQL, then dont filter here- Specified by:
postHqlFilterStemsWithGroups
in interfaceAccessAdapter
- Overrides:
postHqlFilterStemsWithGroups
in classBaseAccessAdapter
- Returns:
- the stems
- See Also:
-
hqlFilterGroupsWithPrivWhereClause
public boolean hqlFilterGroupsWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) Description copied from interface:AccessAdapter
for a group query, see if the groups have certain privs- Specified by:
hqlFilterGroupsWithPrivWhereClause
in interfaceAccessAdapter
- Overrides:
hqlFilterGroupsWithPrivWhereClause
in classBaseAccessAdapter
subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)groupColumn
- is the name of the group column to join toprivilege
- find a privilege which is in this set (e.g. for view, send view).considerAllSubject
- if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider- Returns:
- if the query was changed
- See Also:
-