Interface AccessResolver
- All Known Implementing Classes:
AccessResolverDecorator
,AccessWrapper
,CachingAccessResolver
,GrouperAllAccessResolver
,GrouperSystemAccessResolver
,ValidatingAccessResolver
,WheelAccessResolver
public interface AccessResolver
Facade for the
AccessAdapter
interface.
- Since:
- 1.2.1
- Version:
- $Id: AccessResolver.java,v 1.12 2009-08-29 15:57:59 shilen Exp $
-
Method Summary
Modifier and TypeMethodDescriptionvoid
flush cache if caching resolverget a reference to the sessiongetGroupsWhereSubjectDoesHavePrivilege
(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the groups which do have a certain privilegegetGroupsWhereSubjectDoesntHavePrivilege
(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the groups which do not have a certain privilegegetGroupsWhereSubjectHasPrivilege
(Subject subject, Privilege privilege) Get all groups where subject has privilege.getPrivileges
(Group group, Subject subject) Get all privileges subject has on group.getStemsWhereGroupThatSubjectHasPrivilege
(Subject subject, Privilege privilege) Get all stems which have groups where subject has privilege.getSubjectsWithPrivilege
(Group group, Privilege privilege) Get all subjects with privilege on group.void
grantPrivilege
(Group group, Subject subject, Privilege privilege, String uuid) Grant privilege to subject on group.boolean
hasPrivilege
(Group group, Subject subject, Privilege privilege) Check whether subject has privilege on group.boolean
hqlFilterGroupsNotWithPrivWhereClause
(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) for a group query, check to make sure the subject cant see the recordsboolean
hqlFilterGroupsWhereClause
(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like)boolean
hqlFilterGroupsWithPrivWhereClause
(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) for a group query, check to make sure the result has privsafter HQL is run, filter groups.postHqlFilterMemberships
(Subject subject, Set<Membership> memberships) filter memberships for things the subject can seeafter HQL is run, filter stems that have groups with privs.void
privilegeCopy
(Group g1, Group g2, Privilege priv) Copies privileges for subjects that have the specified privilege on g1 to g2.void
privilegeCopy
(Subject subj1, Subject subj2, Privilege priv) Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.retrievePrivileges
(Group group, Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, Set<Member> additionalMembers) get a list of privilege subjects, there are no results with the same subjectvoid
revokeAllPrivilegesForSubject
(Subject subject) Revoke all access privileges that this subject has.void
revokePrivilege
(Group group, Privilege privilege) Revoke privilege from all subjects on group.void
revokePrivilege
(Group group, Subject subject, Privilege privilege) Revoke privilege from subject on group.void
stop()
clean up resources, session is stopped
-
Method Details
-
stop
void stop()clean up resources, session is stopped -
getGrouperSession
GrouperSession getGrouperSession()get a reference to the session- Returns:
- the session
-
flushCache
void flushCache()flush cache if caching resolver -
getGroupsWhereSubjectHasPrivilege
Set<Group> getGroupsWhereSubjectHasPrivilege(Subject subject, Privilege privilege) throws IllegalArgumentException Get all groups where subject has privilege.- Parameters:
subject
-privilege
-- Returns:
- the set
- Throws:
IllegalArgumentException
- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
getGroupsWhereSubjectDoesntHavePrivilege
Set<Group> getGroupsWhereSubjectDoesntHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the groups which do not have a certain privilege- Parameters:
stemId
-scope
-subject
-privilege
-considerAllSubject
-sqlLikeString
-- Returns:
- the groups
-
getGroupsWhereSubjectDoesHavePrivilege
Set<Group> getGroupsWhereSubjectDoesHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the groups which do have a certain privilege- Parameters:
stemId
-scope
-subject
-privilege
-considerAllSubject
-sqlLikeString
-- Returns:
- the groups
-
getStemsWhereGroupThatSubjectHasPrivilege
Set<Stem> getStemsWhereGroupThatSubjectHasPrivilege(Subject subject, Privilege privilege) throws IllegalArgumentException Get all stems which have groups where subject has privilege.- Parameters:
subject
-privilege
-- Returns:
- the set
- Throws:
IllegalArgumentException
- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
getPrivileges
Get all privileges subject has on group.- Parameters:
group
-subject
-- Returns:
- the set
- Throws:
IllegalArgumentException
- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
getSubjectsWithPrivilege
Set<Subject> getSubjectsWithPrivilege(Group group, Privilege privilege) throws IllegalArgumentException Get all subjects with privilege on group.- Parameters:
group
-privilege
-- Returns:
- the set
- Throws:
IllegalArgumentException
- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
grantPrivilege
void grantPrivilege(Group group, Subject subject, Privilege privilege, String uuid) throws IllegalArgumentException, UnableToPerformException Grant privilege to subject on group.- Parameters:
group
-subject
-privilege
-uuid
- send uuid if known, else null- Throws:
IllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be granted.- Since:
- 1.2.1
- See Also:
-
AccessAdapter#grantPriv(GrouperSession, Group, Subject, Privilege)
-
hasPrivilege
boolean hasPrivilege(Group group, Subject subject, Privilege privilege) throws IllegalArgumentException Check whether subject has privilege on group.- Parameters:
group
-subject
-privilege
-- Returns:
- boolean
- Throws:
IllegalArgumentException
- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
revokePrivilege
void revokePrivilege(Group group, Privilege privilege) throws IllegalArgumentException, UnableToPerformException Revoke privilege from all subjects on group.- Parameters:
group
-privilege
-- Throws:
IllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be revoked.- Since:
- 1.2.1
- See Also:
-
revokePrivilege
void revokePrivilege(Group group, Subject subject, Privilege privilege) throws IllegalArgumentException, UnableToPerformException Revoke privilege from subject on group.- Parameters:
group
-subject
-privilege
-- Throws:
IllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be revoked.- Since:
- 1.2.1
- See Also:
-
privilegeCopy
void privilegeCopy(Group g1, Group g2, Privilege priv) throws IllegalArgumentException, UnableToPerformException Copies privileges for subjects that have the specified privilege on g1 to g2.- Parameters:
g1
-g2
-priv
-- Throws:
IllegalArgumentException
UnableToPerformException
-
privilegeCopy
void privilegeCopy(Subject subj1, Subject subj2, Privilege priv) throws IllegalArgumentException, UnableToPerformException Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. For instance, if subj1 has ADMIN privilege to Group x, this method will result with subj2 having ADMIN privilege to Group x.- Parameters:
subj1
-subj2
-priv
-- Throws:
IllegalArgumentException
UnableToPerformException
-
postHqlFilterGroups
after HQL is run, filter groups. If you are filtering in HQL, then dont filter here- Parameters:
groups
-subject
- which needs view access to the groupsprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter- Returns:
- the set of filtered groups
-
postHqlFilterStemsWithGroups
after HQL is run, filter stems that have groups with privs. If you are filtering HQL, then dont filter here.- Parameters:
stems
-subject
-inPrivSet
-- Returns:
- the set of filtered stems
-
hqlFilterGroupsWhereClause
boolean hqlFilterGroupsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like)- Parameters:
subject
- which needs view access to the groupshqlQuery
-hql
- the select and current from partgroupColumn
- is the name of the group column to join toprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs)- Returns:
- if the statement was changed
-
hqlFilterGroupsNotWithPrivWhereClause
boolean hqlFilterGroupsNotWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) for a group query, check to make sure the subject cant see the records- Parameters:
subject
- which needs view access to the groupshqlQuery
-hql
- the select and current from partgroupColumn
- is the name of the group column to join toprivilege
- find a privilege which is in this set (e.g. for view, send all access privs)considerAllSubject
- if true, then consider GrouperAll when seeign if subject has priv, else do not- Returns:
- if the statement was changed
-
hqlFilterGroupsWithPrivWhereClause
boolean hqlFilterGroupsWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) for a group query, check to make sure the result has privs- Parameters:
subject
- which needs view access to the groupshqlQuery
-hql
- the select and current from partgroupColumn
- is the name of the group column to join toprivilege
- find a privilege which is in this set (e.g. for view, send all access privs)considerAllSubject
- if true, then consider GrouperAll when seeign if subject has priv, else do not- Returns:
- if the statement was changed
-
postHqlFilterMemberships
filter memberships for things the subject can see- Parameters:
memberships
-subject
-- Returns:
- the memberships
-
revokeAllPrivilegesForSubject
Revoke all access privileges that this subject has.- Parameters:
subject
-
-
retrievePrivileges
Set<PrivilegeSubjectContainer> retrievePrivileges(Group group, Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, Set<Member> additionalMembers) get a list of privilege subjects, there are no results with the same subject- Parameters:
group
- to search onprivileges
- if blank, get allmembershipType
- if immediate, effective, or blank for allqueryPaging
- if a certain page should be returned, based on subjectadditionalMembers
- additional members to query that the user is finding or adding- Returns:
- the privilege subject combinations
-