Interface AttributeDefResolver
- All Known Implementing Classes:
AttributeDefResolverDecorator,AttributeDefWrapper,CachingAttrDefResolver,GrouperAllAttrDefResolver,GrouperSystemAttrDefResolver,ValidatingAttrDefResolver,WheelAttrDefResolver
public interface AttributeDefResolver
Facade for the
AttributeDefAdapter interface.
- Since:
- 1.2.1
- Version:
- $Id: AttributeDefResolver.java,v 1.1 2009-09-21 06:14:26 mchyzer Exp $
-
Method Summary
Modifier and TypeMethodDescriptionvoidflush cache if caching resolvergetAttributeDefsWhereSubjectDoesHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the attributeDefs which do have a certain privilegegetAttributeDefsWhereSubjectDoesntHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the attributeDefs which do not have a certain privilegegetAttributeDefsWhereSubjectHasPrivilege(Subject subject, Privilege privilege) Get all attributedefs where subject has privilege.get a reference to the sessiongetPrivileges(AttributeDef attributeDef, Subject subject) Get all privileges subject has on attributeDef.getSubjectsWithPrivilege(AttributeDef attributeDef, Privilege privilege) Get all subjects with privilege on attributeDef.voidgrantPrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege, String uuid) Grant privilege to subject on attributeDef.booleanhasPrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege) Check whether subject has privilege on attributeDef.booleanhqlFilterAttrDefsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hqlTables, StringBuilder hqlWhereClause, String attributeDefColumn, Set<Privilege> privInSet) for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttDefs instead if you like)booleanhqlFilterAttributeDefsNotWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject) for an attribute def query, check to make sure the subject cant see the recordsbooleanhqlFilterAttributeDefsWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject) for an attribute def query, check to make sure the records have certain privspostHqlFilterAttrDefs(Set<AttributeDef> attributeDefs, Subject subject, Set<Privilege> privInSet) after HQL is run, filter attributeDefs.postHqlFilterAttributeAssigns(Subject subject, Set<AttributeAssign> attributeAssigns) filter attributeDefs for things the subject can seepostHqlFilterPermissions(Subject subject, Set<PermissionEntry> permissionsEntries) filter permissions for things the subject can seepostHqlFilterPITAttributeAssigns(Subject subject, Set<PITAttributeAssign> pitAttributeAssigns) filter pit attribute assignments for things the subject can seevoidprivilegeCopy(AttributeDef attributeDef1, AttributeDef attributeDef2, Privilege priv) Copies privileges for subjects that have the specified privilege on g1 to g2.voidprivilegeCopy(Subject subj1, Subject subj2, Privilege priv) Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.retrievePrivileges(AttributeDef attributeDef, Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, Set<Member> additionalMembers) get a list of privilege subjects, there are no results with the same subjectvoidrevokeAllPrivilegesForSubject(Subject subject) Revoke all attrDef privileges that this subject has.voidrevokePrivilege(AttributeDef attributeDef, Privilege privilege) Revoke privilege from all subjects on attributeDef.voidrevokePrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege) Revoke privilege from subject on attributeDef.voidstop()clean up resources, session is stopped
-
Method Details
-
stop
void stop()clean up resources, session is stopped -
getGrouperSession
GrouperSession getGrouperSession()get a reference to the session- Returns:
- the session
-
flushCache
void flushCache()flush cache if caching resolver -
getAttributeDefsWhereSubjectHasPrivilege
Set<AttributeDef> getAttributeDefsWhereSubjectHasPrivilege(Subject subject, Privilege privilege) throws IllegalArgumentException Get all attributedefs where subject has privilege.- Parameters:
subject-privilege-- Returns:
- the set
- Throws:
IllegalArgumentException- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
getPrivileges
Set<AttributeDefPrivilege> getPrivileges(AttributeDef attributeDef, Subject subject) throws IllegalArgumentException Get all privileges subject has on attributeDef.- Parameters:
attributeDef-subject-- Returns:
- the set
- Throws:
IllegalArgumentException- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
getSubjectsWithPrivilege
Set<Subject> getSubjectsWithPrivilege(AttributeDef attributeDef, Privilege privilege) throws IllegalArgumentException Get all subjects with privilege on attributeDef.- Parameters:
attributeDef-privilege-- Returns:
- the set
- Throws:
IllegalArgumentException- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
grantPrivilege
void grantPrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege, String uuid) throws IllegalArgumentException, UnableToPerformException Grant privilege to subject on attributeDef.- Parameters:
attributeDef-subject-privilege-uuid- is uuid or null for assigned- Throws:
IllegalArgumentException- if any parameter is null.UnableToPerformException- if the privilege could not be granted.- Since:
- 1.2.1
- See Also:
-
hasPrivilege
boolean hasPrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege) throws IllegalArgumentException Check whether subject has privilege on attributeDef.- Parameters:
attributeDef-subject-privilege-- Returns:
- boolean
- Throws:
IllegalArgumentException- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
revokePrivilege
void revokePrivilege(AttributeDef attributeDef, Privilege privilege) throws IllegalArgumentException, UnableToPerformException Revoke privilege from all subjects on attributeDef.- Parameters:
attributeDef-privilege-- Throws:
IllegalArgumentException- if any parameter is null.UnableToPerformException- if the privilege could not be revoked.- Since:
- 1.2.1
- See Also:
-
revokePrivilege
void revokePrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege) throws IllegalArgumentException, UnableToPerformException Revoke privilege from subject on attributeDef.- Parameters:
attributeDef-subject-privilege-- Throws:
IllegalArgumentException- if any parameter is null.UnableToPerformException- if the privilege could not be revoked.- Since:
- 1.2.1
- See Also:
-
privilegeCopy
void privilegeCopy(AttributeDef attributeDef1, AttributeDef attributeDef2, Privilege priv) throws IllegalArgumentException, UnableToPerformException Copies privileges for subjects that have the specified privilege on g1 to g2.- Parameters:
attributeDef1-attributeDef2-priv-- Throws:
IllegalArgumentExceptionUnableToPerformException
-
privilegeCopy
void privilegeCopy(Subject subj1, Subject subj2, Privilege priv) throws IllegalArgumentException, UnableToPerformException Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. For instance, if subj1 has ATTR_ADMIN privilege to AttributeDef x, this method will result with subj2 having ATTR_ADMIN privilege to AttributeDef x.- Parameters:
subj1-subj2-priv-- Throws:
IllegalArgumentExceptionUnableToPerformException
-
postHqlFilterAttrDefs
Set<AttributeDef> postHqlFilterAttrDefs(Set<AttributeDef> attributeDefs, Subject subject, Set<Privilege> privInSet) after HQL is run, filter attributeDefs. If you are filtering in HQL, then dont filter here- Parameters:
attributeDefs-subject- which needs view access to the attribute defsprivInSet- find a privilege which is in this set (e.g. for view, send all attrDef privs). There are pre-canned sets in AttributeDefAdapter- Returns:
- the set of filtered attrDefs
-
hqlFilterAttrDefsWhereClause
boolean hqlFilterAttrDefsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hqlTables, StringBuilder hqlWhereClause, String attributeDefColumn, Set<Privilege> privInSet) for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttDefs instead if you like)- Parameters:
subject- which needs view access to the attrDefshqlQuery-hqlTables- the select and current from parthqlWhereClause- is there where clause part of the queryattributeDefColumn- is the name of the attributeDef column to join toprivInSet- find a privilege which is in this set (e.g. for view, send all attrDef privs)- Returns:
- if the statement was changed
-
postHqlFilterAttributeAssigns
Set<AttributeAssign> postHqlFilterAttributeAssigns(Subject subject, Set<AttributeAssign> attributeAssigns) filter attributeDefs for things the subject can see- Parameters:
attributeAssigns-subject-- Returns:
- the memberships
-
postHqlFilterPITAttributeAssigns
Set<PITAttributeAssign> postHqlFilterPITAttributeAssigns(Subject subject, Set<PITAttributeAssign> pitAttributeAssigns) filter pit attribute assignments for things the subject can see- Parameters:
pitAttributeAssigns-subject-- Returns:
- the pit attribute assignments
-
postHqlFilterPermissions
Set<PermissionEntry> postHqlFilterPermissions(Subject subject, Set<PermissionEntry> permissionsEntries) filter permissions for things the subject can see- Parameters:
permissionsEntries-subject-- Returns:
- the memberships
-
revokeAllPrivilegesForSubject
Revoke all attrDef privileges that this subject has.- Parameters:
subject-
-
getAttributeDefsWhereSubjectDoesntHavePrivilege
Set<AttributeDef> getAttributeDefsWhereSubjectDoesntHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the attributeDefs which do not have a certain privilege- Parameters:
stemId-scope-subject-privilege-considerAllSubject-sqlLikeString-- Returns:
- the attributeDefs
-
hqlFilterAttributeDefsNotWithPrivWhereClause
boolean hqlFilterAttributeDefsNotWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject) for an attribute def query, check to make sure the subject cant see the records- Parameters:
subject- which needs view access to the groupshqlQuery-hql- the select and current from partattributeDefColumn- is the name of the attributeDef column to join toprivilege- find a privilege which is in this set (e.g. for view, attr view)considerAllSubject- if true, then consider GrouperAll when seeign if subject has priv, else do not- Returns:
- if the statement was changed
-
retrievePrivileges
Set<PrivilegeSubjectContainer> retrievePrivileges(AttributeDef attributeDef, Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, Set<Member> additionalMembers) get a list of privilege subjects, there are no results with the same subject- Parameters:
attributeDef- to search onprivileges- if blank, get allmembershipType- if immediate, effective, or blank for allqueryPaging- if a certain page should be returned, based on subjectadditionalMembers- additional members to query that the user is finding or adding- Returns:
- the privilege subject combinations
-
hqlFilterAttributeDefsWithPrivWhereClause
boolean hqlFilterAttributeDefsWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject) for an attribute def query, check to make sure the records have certain privs- Parameters:
subject- which needs view access to the groupshqlQuery-hql- the select and current from partattributeDefColumn- is the name of the attributeDef column to join toprivilege- find a privilege which is in this set (e.g. for view, attr view)considerAllSubject- if true, then consider GrouperAll when seeign if subject has priv, else do not- Returns:
- if the statement was changed
-
getAttributeDefsWhereSubjectDoesHavePrivilege
Set<AttributeDef> getAttributeDefsWhereSubjectDoesHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the attributeDefs which do have a certain privilege- Parameters:
stemId-scope-subject-privilege-considerAllSubject-sqlLikeString-- Returns:
- the attributeDefs
-