Package edu.internet2.middleware.grouper
Class GrouperNamingAdapter
java.lang.Object
edu.internet2.middleware.grouper.privs.BaseNamingAdapter
edu.internet2.middleware.grouper.privs.GrouperNonDbNamingAdapter
edu.internet2.middleware.grouper.GrouperNamingAdapter
- All Implemented Interfaces:
NamingAdapter
Default implementation of the Grouper
NamingPrivilege
interface.
This implementation uses the Groups Registry and custom list types to manage naming privileges.
- Version:
- $Id: GrouperNamingAdapter.java,v 1.85 2009-10-03 13:47:12 shilen Exp $
-
Field Summary
Fields inherited from class edu.internet2.middleware.grouper.privs.GrouperNonDbNamingAdapter
priv2list
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionboolean
hqlFilterStemsNotWithPrivWhereClause
(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Privilege privilege, boolean considerAllSubject) for a stem query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterStems instead if you like).boolean
hqlFilterStemsWhereClause
(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Set<Privilege> privInSet) for a stem query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).boolean
hqlFilterStemsWithPrivWhereClause
(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Privilege privilege, boolean considerAllSubject) for a stem query, check to make sure the privs are therepostHqlFilterStems
(GrouperSession grouperSession, Set<Stem> inputStems, Subject subject, Set<Privilege> privInSet) after HQL is run, filter stems.Methods inherited from class edu.internet2.middleware.grouper.privs.GrouperNonDbNamingAdapter
getPrivs, getStemsWhereSubjectDoesHavePrivilege, getStemsWhereSubjectDoesntHavePrivilege, getStemsWhereSubjectHasPriv, getSubjectsWithPriv, grantPriv, hasPriv, privilegeCopy, privilegeCopy, revokeAllPrivilegesForSubject, revokePriv, revokePriv
-
Constructor Details
-
GrouperNamingAdapter
public GrouperNamingAdapter()
-
-
Method Details
-
hqlFilterStemsWhereClause
public boolean hqlFilterStemsWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Set<Privilege> privInSet) Description copied from interface:NamingAdapter
for a stem query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like). Note, this joins to tables, so the queries should probably be "distinct"- Specified by:
hqlFilterStemsWhereClause
in interfaceNamingAdapter
- Overrides:
hqlFilterStemsWhereClause
in classBaseNamingAdapter
subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)stemColumn
- is the name of the stem column to join toprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter- Returns:
- if the query was changed
- See Also:
-
postHqlFilterStems
public Set<Stem> postHqlFilterStems(GrouperSession grouperSession, Set<Stem> inputStems, Subject subject, Set<Privilege> privInSet) Description copied from interface:NamingAdapter
after HQL is run, filter stems. If you are filtering in HQL, then dont filter here- Specified by:
postHqlFilterStems
in interfaceNamingAdapter
- Overrides:
postHqlFilterStems
in classBaseNamingAdapter
subject
- which needs view access to the groupsprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in NamingPrivilege- Returns:
- the set of filtered groups
- See Also:
-
hqlFilterStemsNotWithPrivWhereClause
public boolean hqlFilterStemsNotWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Privilege privilege, boolean considerAllSubject) Description copied from interface:NamingAdapter
for a stem query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterStems instead if you like).- Specified by:
hqlFilterStemsNotWithPrivWhereClause
in interfaceNamingAdapter
- Overrides:
hqlFilterStemsNotWithPrivWhereClause
in classBaseNamingAdapter
subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)stemColumn
- is the name of the stem column to join toprivilege
- find a privilege which is in this set (e.g. naming privs).considerAllSubject
- if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider- Returns:
- if the query was changed
- See Also:
-
hqlFilterStemsWithPrivWhereClause
public boolean hqlFilterStemsWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Privilege privilege, boolean considerAllSubject) Description copied from interface:NamingAdapter
for a stem query, check to make sure the privs are there- Specified by:
hqlFilterStemsWithPrivWhereClause
in interfaceNamingAdapter
- Overrides:
hqlFilterStemsWithPrivWhereClause
in classBaseNamingAdapter
subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)stemColumn
- is the name of the stem column to join toprivilege
- find a privilege which is in this set (e.g. naming privs).considerAllSubject
- if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider- Returns:
- if the query was changed
- See Also:
-