Interface AccessAdapter
- All Known Implementing Classes:
BaseAccessAdapter
,GrouperAccessAdapter
,GrouperNonDbAccessAdapter
public interface AccessAdapter
Grouper Access Privilege interface.
Unless you are implementing a new implementation of this interface,
you should not need to directly use these methods as they are all
wrapped by methods in the Group
class.
- Version:
- $Id: AccessAdapter.java,v 1.6 2009-08-29 15:57:59 shilen Exp $
-
Method Summary
Modifier and TypeMethodDescriptiongetGroupsWhereSubjectDoesHavePrivilege
(GrouperSession grouperSession, String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the groups which do not have a certain privilegegetGroupsWhereSubjectDoesntHavePrivilege
(GrouperSession grouperSession, String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the groups which do not have a certain privilegegetGroupsWhereSubjectHasPriv
(GrouperSession s, Subject subj, Privilege priv) Get all groups where this subject has this privilege.getPrivs
(GrouperSession s, Group g, Subject subj) Get all privileges held by this subject on this group.getStemsWhereGroupThatSubjectHasPrivilege
(GrouperSession grouperSession, Subject subject, Privilege privilege) get stems where a group exists where the subject has privilegegetSubjectsWithPriv
(GrouperSession s, Group g, Privilege priv) Get all subjects with this privilege on this group.void
Grant the privilege to the subject on this group.boolean
hasPriv
(GrouperSession s, Group g, Subject subj, Privilege priv) Check whether the subject has this privilege on this group.boolean
hqlFilterGroupsNotWithPrivWhereClause
(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) for a group query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).boolean
hqlFilterGroupsWhereClause
(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).boolean
hqlFilterGroupsWithPrivWhereClause
(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) for a group query, see if the groups have certain privspostHqlFilterGroups
(GrouperSession grouperSession, Set<Group> groups, Subject subject, Set<Privilege> privInSet) after HQL is run, filter groups.postHqlFilterMemberships
(GrouperSession grouperSession, Subject subject, Set<Membership> memberships) filter memberships for things the subject can seepostHqlFilterStemsWithGroups
(GrouperSession grouperSession, Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet) after HQL is run, filter stems with groups.void
privilegeCopy
(GrouperSession s, Group g1, Group g2, Privilege priv) Copies privileges for subjects that have the specified privilege on g1 to g2.void
privilegeCopy
(GrouperSession s, Subject subj1, Subject subj2, Privilege priv) Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.retrievePrivileges
(GrouperSession grouperSession, Group group, Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, Set<Member> additionalMembers) get a list of privilege subjects, there are no results with the same subject/privilege combinationvoid
revokeAllPrivilegesForSubject
(GrouperSession grouperSession, Subject subject) Revoke all access privileges that this subject has.void
revokePriv
(GrouperSession s, Group g, Privilege priv) Revoke this privilege from everyone on this group.void
revokePriv
(GrouperSession s, Group g, Subject subj, Privilege priv) Revoke the privilege from the subject on this group.
-
Method Details
-
getSubjectsWithPriv
Get all subjects with this privilege on this group.Set admins = ap.getSubjectsWithPriv(s, g, AccessPrivilege.ADMIN);
- Parameters:
s
- Get privileges within this session context.g
- Get privileges on this group.priv
- Get this privilege.- Returns:
- Set of
Subject
objects. - Throws:
SchemaException
-
getGroupsWhereSubjectHasPriv
Set<Group> getGroupsWhereSubjectHasPriv(GrouperSession s, Subject subj, Privilege priv) throws SchemaException Get all groups where this subject has this privilege.try { Set isAdmin = ap.getGroupsWhereSubjectHasPriv( s, subj, AccessPrivilege.ADMIN ); } catch (SchemaException eS) { // Invalid priv }
- Parameters:
s
- Get privileges within this session context.subj
- Get privileges for this subject.priv
- Get this privilege.- Returns:
- Set of
Group
objects. - Throws:
SchemaException
-
getGroupsWhereSubjectDoesntHavePrivilege
Set<Group> getGroupsWhereSubjectDoesntHavePrivilege(GrouperSession grouperSession, String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the groups which do not have a certain privilege- Parameters:
grouperSession
-stemId
-scope
-subject
-privilege
-considerAllSubject
-sqlLikeString
-- Returns:
- the groups
-
getStemsWhereGroupThatSubjectHasPrivilege
Set<Stem> getStemsWhereGroupThatSubjectHasPrivilege(GrouperSession grouperSession, Subject subject, Privilege privilege) get stems where a group exists where the subject has privilege- Parameters:
grouperSession
-subject
-privilege
-- Returns:
- the stems
-
getPrivs
Get all privileges held by this subject on this group.Set privs = ap.getPrivs(s, g, subj);
- Parameters:
s
- Get privileges within this session context.g
- Get privileges on this group.subj
- Get privileges for this member.- Returns:
- Set of privileges.
-
grantPriv
void grantPriv(GrouperSession s, Group g, Subject subj, Privilege priv, String uuid) throws GrantPrivilegeException, InsufficientPrivilegeException, SchemaException Grant the privilege to the subject on this group.try { ap.grantPriv(s, g, subj, AccessPrivilege.ADMIN); } catch (GrantPrivilegeException e0) { // Unable to grant the privilege } catch (InsufficientPrivilegeException e1) { // Not privileged to grant the privilege } catch (SchemaException e2) { // Invalid privilege }
- Parameters:
s
- Grant privilege in this session context.g
- Grant privilege on this group.subj
- Grant privilege to this subject.priv
- Grant this privilege.uuid
- is uuid or null if generated- Throws:
GrantPrivilegeException
InsufficientPrivilegeException
SchemaException
-
hasPriv
Check whether the subject has this privilege on this group.try { ap.hasPriv(s, g, subject, AccessPrivilege.ADMIN); } catch (SchemaException e) { // Invalid privilege }
- Parameters:
s
- Check privilege in this session context.g
- Check privilege on this group.subj
- Check privilege for this subject.priv
- Check this privilege.- Returns:
- if has priv
- Throws:
SchemaException
-
revokePriv
void revokePriv(GrouperSession s, Group g, Privilege priv) throws InsufficientPrivilegeException, RevokePrivilegeException, SchemaException Revoke this privilege from everyone on this group.try { ap.revokePriv(s, g, AccessPrivilege.ADMIN); } catch (InsufficientPrivilegeException eIP) { // Not privileged to revoke the privilege } catch (RevokePrivilegeException eRP) { // Unable to revoke the privilege }
- Parameters:
s
- Revoke privilege in this session context.g
- Revoke privilege on this group.priv
- Revoke this privilege.- Throws:
InsufficientPrivilegeException
RevokePrivilegeException
SchemaException
-
revokePriv
void revokePriv(GrouperSession s, Group g, Subject subj, Privilege priv) throws InsufficientPrivilegeException, RevokePrivilegeException, SchemaException Revoke the privilege from the subject on this group.try { ap.revokePriv(s, g, subj, AccessPrivilege.ADMIN); } catch (InsufficientPrivilegeException eIP) { // Not privileged to revoke the privilege } catch (RevokePrivilegeException eRP) { // Unable to revoke the privilege }
- Parameters:
s
- Revoke privilege in this session context.g
- Revoke privilege on this group.subj
- Revoke privilege from this subject.priv
- Revoke this privilege.- Throws:
InsufficientPrivilegeException
RevokePrivilegeException
SchemaException
-
privilegeCopy
void privilegeCopy(GrouperSession s, Group g1, Group g2, Privilege priv) throws InsufficientPrivilegeException, GrantPrivilegeException, SchemaException Copies privileges for subjects that have the specified privilege on g1 to g2.- Parameters:
s
-g1
-g2
-priv
-- Throws:
InsufficientPrivilegeException
GrantPrivilegeException
SchemaException
-
privilegeCopy
void privilegeCopy(GrouperSession s, Subject subj1, Subject subj2, Privilege priv) throws InsufficientPrivilegeException, GrantPrivilegeException, SchemaException Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. For instance, if subj1 has ADMIN privilege to Group x, this method will result with subj2 having ADMIN privilege to Group x.- Parameters:
s
-subj1
-subj2
-priv
-- Throws:
InsufficientPrivilegeException
GrantPrivilegeException
SchemaException
-
postHqlFilterGroups
Set<Group> postHqlFilterGroups(GrouperSession grouperSession, Set<Group> groups, Subject subject, Set<Privilege> privInSet) after HQL is run, filter groups. If you are filtering in HQL, then dont filter here- Parameters:
grouperSession
-groups
-subject
- which needs view access to the groupsprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter- Returns:
- the set of filtered groups
-
postHqlFilterStemsWithGroups
Set<Stem> postHqlFilterStemsWithGroups(GrouperSession grouperSession, Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet) after HQL is run, filter stems with groups. If you are filtering in HQL, then dont filter here- Parameters:
grouperSession
-stems
-subject
-inPrivSet
-- Returns:
- the stems
-
hqlFilterGroupsWhereClause
boolean hqlFilterGroupsWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like). Note, this joins to tables, so the queries should probably be "distinct"- Parameters:
grouperSession
-subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)hqlQuery
-groupColumn
- is the name of the group column to join toprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessPrivilege- Returns:
- if the query was changed
-
hqlFilterGroupsNotWithPrivWhereClause
boolean hqlFilterGroupsNotWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) for a group query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).- Parameters:
grouperSession
-subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)hqlQuery
-groupColumn
- is the name of the group column to join toprivilege
- find a privilege which is in this set (e.g. for view, send view).considerAllSubject
- if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider- Returns:
- if the query was changed
-
postHqlFilterMemberships
Set<Membership> postHqlFilterMemberships(GrouperSession grouperSession, Subject subject, Set<Membership> memberships) filter memberships for things the subject can see- Parameters:
grouperSession
-memberships
-subject
-- Returns:
- the memberships
-
revokeAllPrivilegesForSubject
Revoke all access privileges that this subject has.- Parameters:
grouperSession
-subject
-
-
retrievePrivileges
Set<PrivilegeSubjectContainer> retrievePrivileges(GrouperSession grouperSession, Group group, Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, Set<Member> additionalMembers) get a list of privilege subjects, there are no results with the same subject/privilege combination- Parameters:
grouperSession
- grouper sessiongroup
- to search onprivileges
- if blank, get allmembershipType
- if immediate, effective, or blank for allqueryPaging
- if a certain page should be returned based on subjectadditionalMembers
- additional members to query that the user is finding or adding- Returns:
- the privilege subject combinations
-
getGroupsWhereSubjectDoesHavePrivilege
Set<Group> getGroupsWhereSubjectDoesHavePrivilege(GrouperSession grouperSession, String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the groups which do not have a certain privilege- Parameters:
grouperSession
-stemId
-scope
-subject
-privilege
-considerAllSubject
-sqlLikeString
-- Returns:
- the groups
-
hqlFilterGroupsWithPrivWhereClause
boolean hqlFilterGroupsWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) for a group query, see if the groups have certain privs- Parameters:
grouperSession
-subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)hqlQuery
-groupColumn
- is the name of the group column to join toprivilege
- find a privilege which is in this set (e.g. for view, send view).considerAllSubject
- if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider- Returns:
- if the query was changed
-