Package edu.internet2.middleware.grouper
Class GrouperAccessAdapter
java.lang.Object
edu.internet2.middleware.grouper.privs.BaseAccessAdapter
edu.internet2.middleware.grouper.privs.GrouperNonDbAccessAdapter
edu.internet2.middleware.grouper.GrouperAccessAdapter
- All Implemented Interfaces:
AccessAdapter
Grouper Access Privilege interface.Unless you are implementing a new implementation of this interface, you should not need to directly use these methods as they are all wrapped by methods in the
This access adapter affects the HQL queries to give better performanceGroupclass.
- Version:
- $Id: GrouperAccessAdapter.java,v 1.84 2009-09-21 06:14:27 mchyzer Exp $
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringCaller can see if this string ends up in the filter to indicate that no results would be returned.Fields inherited from class edu.internet2.middleware.grouper.privs.GrouperNonDbAccessAdapter
priv2list -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleanhqlFilterGroupsNotWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) for a group query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).booleanhqlFilterGroupsWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) note, can usebooleanhqlFilterGroupsWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) for a group query, see if the groups have certain privspostHqlFilterGroups(GrouperSession grouperSession, Set<Group> inputGroups, Subject subject, Set<Privilege> privInSet) after HQL is run, filter groups.postHqlFilterStemsWithGroups(GrouperSession grouperSession, Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet) after HQL is run, filter stems with groups.Methods inherited from class edu.internet2.middleware.grouper.privs.GrouperNonDbAccessAdapter
getGroupsWhereSubjectDoesHavePrivilege, getGroupsWhereSubjectDoesntHavePrivilege, getGroupsWhereSubjectHasPriv, getPrivs, getStemsWhereGroupThatSubjectHasPrivilege, getSubjectsWithPriv, grantPriv, hasPriv, privilegeCopy, privilegeCopy, retrievePrivileges, revokeAllPrivilegesForSubject, revokePriv, revokePrivMethods inherited from class edu.internet2.middleware.grouper.privs.BaseAccessAdapter
postHqlFilterMembershipsMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface edu.internet2.middleware.grouper.privs.AccessAdapter
postHqlFilterMemberships
-
Field Details
-
HQL_FILTER_NO_RESULTS_INDICATOR
Caller can see if this string ends up in the filter to indicate that no results would be returned.- See Also:
-
-
Constructor Details
-
GrouperAccessAdapter
public GrouperAccessAdapter()
-
-
Method Details
-
hqlFilterGroupsWhereClause
public boolean hqlFilterGroupsWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) note, can use- Specified by:
hqlFilterGroupsWhereClausein interfaceAccessAdapter- Overrides:
hqlFilterGroupsWhereClausein classBaseAccessAdaptersubject- which needs view access to the groupshql- is the select and part part (hql prefix)groupColumn- is the name of the group column to join toprivInSet- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessPrivilege- Returns:
- if the query was changed
- See Also:
-
hqlFilterGroupsNotWithPrivWhereClause
public boolean hqlFilterGroupsNotWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) Description copied from interface:AccessAdapterfor a group query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).- Specified by:
hqlFilterGroupsNotWithPrivWhereClausein interfaceAccessAdapter- Overrides:
hqlFilterGroupsNotWithPrivWhereClausein classBaseAccessAdaptersubject- which needs view access to the groupshql- is the select and part part (hql prefix)groupColumn- is the name of the group column to join toprivilege- find a privilege which is in this set (e.g. for view, send view).considerAllSubject- if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider- Returns:
- if the query was changed
- See Also:
-
postHqlFilterGroups
public Set<Group> postHqlFilterGroups(GrouperSession grouperSession, Set<Group> inputGroups, Subject subject, Set<Privilege> privInSet) Description copied from interface:AccessAdapterafter HQL is run, filter groups. If you are filtering in HQL, then dont filter here- Specified by:
postHqlFilterGroupsin interfaceAccessAdapter- Overrides:
postHqlFilterGroupsin classBaseAccessAdaptersubject- which needs view access to the groupsprivInSet- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter- Returns:
- the set of filtered groups
- See Also:
-
postHqlFilterStemsWithGroups
public Set<Stem> postHqlFilterStemsWithGroups(GrouperSession grouperSession, Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet) Description copied from interface:AccessAdapterafter HQL is run, filter stems with groups. If you are filtering in HQL, then dont filter here- Specified by:
postHqlFilterStemsWithGroupsin interfaceAccessAdapter- Overrides:
postHqlFilterStemsWithGroupsin classBaseAccessAdapter- Returns:
- the stems
- See Also:
-
hqlFilterGroupsWithPrivWhereClause
public boolean hqlFilterGroupsWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) Description copied from interface:AccessAdapterfor a group query, see if the groups have certain privs- Specified by:
hqlFilterGroupsWithPrivWhereClausein interfaceAccessAdapter- Overrides:
hqlFilterGroupsWithPrivWhereClausein classBaseAccessAdaptersubject- which needs view access to the groupshql- is the select and part part (hql prefix)groupColumn- is the name of the group column to join toprivilege- find a privilege which is in this set (e.g. for view, send view).considerAllSubject- if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider- Returns:
- if the query was changed
- See Also:
-