Interface PermissionLimitInterface

All Known Implementing Classes:
PermissionLimitAmountLessThan, PermissionLimitAmountLessThanEquals, PermissionLimitBase, PermissionLimitElLogic, PermissionLimitIpOnNetworkRealm, PermissionLimitIpOnNetworks, PermissionLimitLabelsContain, PermissionLimitWeekday9to5Logic

public interface PermissionLimitInterface
implement this interface to attach logic to a permission limit
  • Method Details

    • allowPermission

      boolean allowPermission(PermissionEntry permissionEntry, AttributeAssign limitAssignment, Set<AttributeAssignValue> limitAssignmentValues, Map<String,Object> limitEnvVars, Set<PermissionLimitBean> permissionLimitBeans)
      if the limit allowed the permission to be allowed
      Parameters:
      permissionEntry - to check
      limitAssignment - the assignment of the limit (e.g. to the permission assignment a parent assignment, or the role, etc)
      limitAssignmentValues -
      limitEnvVars - value could be String, Long, or Double
      permissionLimitBeans - all limits for this permission (in case the limit logic needs it... note, dont use built in caching if this is the case)
      Returns:
      true if allowed, false if not
    • validateLimitAssignValue

      PermissionLimitDocumentation validateLimitAssignValue(AttributeAssign limitAssign, Set<AttributeAssignValue> limitAssignmentValues)
      validate a user entered value(s) on the limit assignment
      Parameters:
      limitAssign -
      limitAssignmentValues -
      Returns:
      the UI key and args for the error code (arbitrary, in Grouper should put in nav.properties) or null for ok
    • documentation

      return a UI key to documentation about the limit. for Grouper, put in nav.properties
      Returns:
      a UI key
    • cacheLimitValueResultMinutes

      int cacheLimitValueResultMinutes()
      if we can cache the result for a some minutes. i.e. for the same attribute assignment and value and input map, is the result the same... e.g. ip address math can be cached, amount limits, etc. If there are conditions about the permission names, then dont cache
      Returns:
      the number of minutes to cache