Package edu.internet2.middleware.grouper
Class GrouperNamingAdapter
java.lang.Object
edu.internet2.middleware.grouper.privs.BaseNamingAdapter
edu.internet2.middleware.grouper.privs.GrouperNonDbNamingAdapter
edu.internet2.middleware.grouper.GrouperNamingAdapter
- All Implemented Interfaces:
NamingAdapter
Default implementation of the Grouper
NamingPrivilege
interface.
This implementation uses the Groups Registry and custom list types to manage naming privileges.
- Version:
- $Id: GrouperNamingAdapter.java,v 1.85 2009-10-03 13:47:12 shilen Exp $
-
Field Summary
Fields inherited from class edu.internet2.middleware.grouper.privs.GrouperNonDbNamingAdapter
priv2list -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleanhqlFilterStemsNotWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Privilege privilege, boolean considerAllSubject) for a stem query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterStems instead if you like).booleanhqlFilterStemsWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Set<Privilege> privInSet) for a stem query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).booleanhqlFilterStemsWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Privilege privilege, boolean considerAllSubject) for a stem query, check to make sure the privs are therepostHqlFilterStems(GrouperSession grouperSession, Set<Stem> inputStems, Subject subject, Set<Privilege> privInSet) after HQL is run, filter stems.Methods inherited from class edu.internet2.middleware.grouper.privs.GrouperNonDbNamingAdapter
getPrivs, getStemsWhereSubjectDoesHavePrivilege, getStemsWhereSubjectDoesntHavePrivilege, getStemsWhereSubjectHasPriv, getSubjectsWithPriv, grantPriv, hasPriv, privilegeCopy, privilegeCopy, revokeAllPrivilegesForSubject, revokePriv, revokePriv
-
Constructor Details
-
GrouperNamingAdapter
public GrouperNamingAdapter()
-
-
Method Details
-
hqlFilterStemsWhereClause
public boolean hqlFilterStemsWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Set<Privilege> privInSet) Description copied from interface:NamingAdapterfor a stem query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like). Note, this joins to tables, so the queries should probably be "distinct"- Specified by:
hqlFilterStemsWhereClausein interfaceNamingAdapter- Overrides:
hqlFilterStemsWhereClausein classBaseNamingAdaptersubject- which needs view access to the groupshql- is the select and part part (hql prefix)stemColumn- is the name of the stem column to join toprivInSet- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter- Returns:
- if the query was changed
- See Also:
-
postHqlFilterStems
public Set<Stem> postHqlFilterStems(GrouperSession grouperSession, Set<Stem> inputStems, Subject subject, Set<Privilege> privInSet) Description copied from interface:NamingAdapterafter HQL is run, filter stems. If you are filtering in HQL, then dont filter here- Specified by:
postHqlFilterStemsin interfaceNamingAdapter- Overrides:
postHqlFilterStemsin classBaseNamingAdaptersubject- which needs view access to the groupsprivInSet- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in NamingPrivilege- Returns:
- the set of filtered groups
- See Also:
-
hqlFilterStemsNotWithPrivWhereClause
public boolean hqlFilterStemsNotWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Privilege privilege, boolean considerAllSubject) Description copied from interface:NamingAdapterfor a stem query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterStems instead if you like).- Specified by:
hqlFilterStemsNotWithPrivWhereClausein interfaceNamingAdapter- Overrides:
hqlFilterStemsNotWithPrivWhereClausein classBaseNamingAdaptersubject- which needs view access to the groupshql- is the select and part part (hql prefix)stemColumn- is the name of the stem column to join toprivilege- find a privilege which is in this set (e.g. naming privs).considerAllSubject- if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider- Returns:
- if the query was changed
- See Also:
-
hqlFilterStemsWithPrivWhereClause
public boolean hqlFilterStemsWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Privilege privilege, boolean considerAllSubject) Description copied from interface:NamingAdapterfor a stem query, check to make sure the privs are there- Specified by:
hqlFilterStemsWithPrivWhereClausein interfaceNamingAdapter- Overrides:
hqlFilterStemsWithPrivWhereClausein classBaseNamingAdaptersubject- which needs view access to the groupshql- is the select and part part (hql prefix)stemColumn- is the name of the stem column to join toprivilege- find a privilege which is in this set (e.g. naming privs).considerAllSubject- if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider- Returns:
- if the query was changed
- See Also:
-