Class PermissionFinder
java.lang.Object
edu.internet2.middleware.grouper.permissions.PermissionFinder
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionadd a action to the search criteriaaddLimitEnvVar
(String key, Object value) limitEnvVars if processing limits with PermissionProcessor, pass in a map of limits.addMemberId
(String memberId) add a member id to the search criteriaaddPermissionDef
(AttributeDef attributeDef) add a attribute def to look for.addPermissionDef
(String attributeDefName) add a attribute def to look for by name.addPermissionDefId
(String attributeDefId) add a attribute def id to the search criteriaaddPermissionName
(AttributeDefName attributeDefName) add a attribute def name to look for.addPermissionName
(String name) add a attribute def name to look for by name.addPermissionNameId
(String attributeDefNameId) add an attribute def name id to the search criteriaadd a role to look for.add a role to look for by name.add a role id to the search criteriaaddSubject
(Subject subject) add a subject to look for.assignActions
(Collection<String> theActions) assign actions to search for, return this for chainingassignEnabled
(Boolean theEnabled) true means enabled only, false, means disabled only, and null means allassignImmediateOnly
(boolean theImmediate) if we should filter out non immediate permissionsassignLimitEnvVars
(Map<String, Object> theEnvVars) limitEnvVars if processing limits, pass in a map of limits.assignMemberIds
(Collection<String> theMemberIds) add a collection of member ids to look forassignPermissionDefIds
(Collection<String> theAttributeDefIds) assign a collection of attribute def ids to look forassignPermissionNameFolder
(Stem permissionNameFolder1) if narrowing search for permissions in a certain folder onlyif searching in a folder, this is the scope: only in this folder, or also in subfoldersassignPermissionNameIds
(Collection<String> theAttributeDefNameIds) assign a collection of attribute def name ids to look forassignPermissionProcessor
(PermissionProcessor thePermissionProcessor) if we should find the best answer, or process limits, etcassignPermissionType
(PermissionEntry.PermissionType thePermissionType) are we looking for role permissions or subject permissions? cant be nullassignPointInTimeFrom
(Timestamp pointInTimeFrom) To query permissions at a certain point in time or time range in the past, set this value and/or the value of pointInTimeTo.assignPointInTimeTo
(Timestamp pointInTimeTo) To query permissions at a certain point in time or time range in the past, set this value and/or the value of pointInTimeFrom.assignRoleIds
(Collection<String> theRoleIds) assign a collection of role ids to look forfindPermission
(boolean exceptionIfNotFound) find a permissionpermission result gives helper methods in processing the resultsfind a list of permissionsget the permissions, and the limits, so the caller (e.g.boolean
based on what you are querying for, see if has permission.toString()
-
Constructor Details
-
PermissionFinder
public PermissionFinder()
-
-
Method Details
-
addLimitEnvVar
limitEnvVars if processing limits with PermissionProcessor, pass in a map of limits. The name is the name of the variable, and the value is the value. Note, you can typecast the values by putting a valid type in parens in front of the param name. e.g. name: (int)amount, value: 50- Parameters:
key
-value
-- Returns:
- this for chaining
-
assignLimitEnvVars
limitEnvVars if processing limits, pass in a map of limits. The name is the name of the variable, and the value is the value. Note, you can typecast the values by putting a valid type in parens in front of the param name. e.g. name: (int)amount, value: 50- Parameters:
theEnvVars
- the map to replace- Returns:
- this for chaining
-
addMemberId
add a member id to the search criteria- Parameters:
memberId
-- Returns:
- this for chaining
-
assignMemberIds
add a collection of member ids to look for- Parameters:
theMemberIds
-- Returns:
- this for chaining
-
addSubject
add a subject to look for.- Parameters:
subject
-- Returns:
- this for chaining
-
addRoleId
add a role id to the search criteria- Parameters:
roleId
-- Returns:
- this for chaining
-
assignRoleIds
assign a collection of role ids to look for- Parameters:
theRoleIds
-- Returns:
- this for chaining
-
addRole
add a role to look for.- Parameters:
role
-- Returns:
- this for chaining
-
addRole
add a role to look for by name.- Parameters:
name
-- Returns:
- this for chaining
-
addPermissionDefId
add a attribute def id to the search criteria- Parameters:
attributeDefId
-- Returns:
- this for chaining
-
assignPermissionDefIds
assign a collection of attribute def ids to look for- Parameters:
theAttributeDefIds
-- Returns:
- this for chaining
-
assignPermissionNameFolder
if narrowing search for permissions in a certain folder only- Parameters:
permissionNameFolder1
-- Returns:
- this for chaining
-
assignPermissionNameFolderScope
if searching in a folder, this is the scope: only in this folder, or also in subfolders- Parameters:
scope
-- Returns:
- this for chaining
-
addPermissionDef
add a attribute def to look for.- Parameters:
attributeDef
-- Returns:
- this for chaining
-
addPermissionDef
add a attribute def to look for by name.- Parameters:
attributeDefName
-- Returns:
- this for chaining
-
addPermissionNameId
add an attribute def name id to the search criteria- Parameters:
attributeDefNameId
-- Returns:
- this for chaining
-
assignPermissionNameIds
assign a collection of attribute def name ids to look for- Parameters:
theAttributeDefNameIds
-- Returns:
- this for chaining
-
addPermissionName
add a attribute def name to look for.- Parameters:
attributeDefName
-- Returns:
- this for chaining
-
addPermissionName
add a attribute def name to look for by name.- Parameters:
name
-- Returns:
- this for chaining
-
addAction
add a action to the search criteria- Parameters:
action
-- Returns:
- this for chaining
-
assignActions
assign actions to search for, return this for chaining- Parameters:
theActions
-- Returns:
- this for chaining
-
assignEnabled
true means enabled only, false, means disabled only, and null means all- Parameters:
theEnabled
-- Returns:
- this for chaining
-
assignPermissionProcessor
if we should find the best answer, or process limits, etc- Parameters:
thePermissionProcessor
-- Returns:
- this for chaining
-
assignImmediateOnly
if we should filter out non immediate permissions- Parameters:
theImmediate
-- Returns:
- this for chaining
-
assignPermissionType
are we looking for role permissions or subject permissions? cant be null- Parameters:
thePermissionType
-- Returns:
- this for chaining
-
hasPermission
public boolean hasPermission()based on what you are querying for, see if has permission. Note, you should be looking for one subject, one action, one resource, one role or multiple roles, etc If you are looking for multiple, it will see if anyone has that permission- Returns:
- true if has permission, false if not
-
findPermissionsAndLimits
get the permissions, and the limits, so the caller (e.g. the UI/WS) doesnt have to get them again- Returns:
- the map of entry to the limits and values
-
findPermissionResult
permission result gives helper methods in processing the results- Returns:
- the permission result
-
findPermissions
find a list of permissions- Returns:
- the set of permissions never null
-
findPermission
find a permission- Parameters:
exceptionIfNotFound
- true if exception should be thrown if permission not found- Returns:
- the permission or null
-
toString
-
assignPointInTimeFrom
To query permissions at a certain point in time or time range in the past, set this value and/or the value of pointInTimeTo. This parameter specifies the start of the range of the point in time query. If this is specified but pointInTimeTo is not specified, then the point in time query range will be from the time specified to now.- Parameters:
pointInTimeFrom
-- Returns:
- this for changing
-
assignPointInTimeTo
To query permissions at a certain point in time or time range in the past, set this value and/or the value of pointInTimeFrom. This parameter specifies the end of the range of the point in time query. If this is the same as pointInTimeFrom, then the query will be done at a single point in time rather than a range. If this is specified but pointInTimeFrom is not specified, then the point in time query range will be from the minimum point in time to the time specified.- Parameters:
pointInTimeTo
-- Returns:
- this for changing
-