Package edu.internet2.middleware.grouper.privs

Class BaseAccessAdapter

java.lang.Object

edu.internet2.middleware.grouper.privs.BaseAccessAdapter

All Implemented Interfaces:

AccessAdapter

Direct Known Subclasses:

GrouperNonDbAccessAdapter

public abstract class BaseAccessAdapter
extends Object
implements AccessAdapter

Base class for access adapter

Constructor Summary

Constructors

Constructor	Description
BaseAccessAdapter()

Method Summary

Modifier and Type	Method	Description
boolean	hqlFilterGroupsNotWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject)	for a group query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).
boolean	hqlFilterGroupsWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet)	for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).
boolean	hqlFilterGroupsWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject)	for a group query, see if the groups have certain privs
Set<Group>	postHqlFilterGroups(GrouperSession grouperSession, Set<Group> inputGroups, Subject subject, Set<Privilege> privInSet)	after HQL is run, filter groups.
Set<Membership>	postHqlFilterMemberships(GrouperSession grouperSession, Subject subject, Set<Membership> memberships)	filter memberships for things the subject can see
Set<Stem>	postHqlFilterStemsWithGroups(GrouperSession grouperSession, Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet)	after HQL is run, filter stems with groups.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface edu.internet2.middleware.grouper.privs.AccessAdapter

getGroupsWhereSubjectDoesHavePrivilege, getGroupsWhereSubjectDoesntHavePrivilege, getGroupsWhereSubjectHasPriv, getPrivs, getStemsWhereGroupThatSubjectHasPrivilege, getSubjectsWithPriv, grantPriv, hasPriv, privilegeCopy, privilegeCopy, retrievePrivileges, revokeAllPrivilegesForSubject, revokePriv, revokePriv

Constructor Details

BaseAccessAdapter

public BaseAccessAdapter()

Method Details

postHqlFilterGroups

public Set<Group> postHqlFilterGroups(GrouperSession grouperSession,
 Set<Group> inputGroups,
 Subject subject,
 Set<Privilege> privInSet)

Description copied from interface: AccessAdapter

after HQL is run, filter groups. If you are filtering in HQL, then dont filter here

Specified by:

postHqlFilterGroups in interface AccessAdapter

subject - which needs view access to the groups

privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter

Returns:

the set of filtered groups

See Also:

• AccessAdapter.postHqlFilterGroups(edu.internet2.middleware.grouper.GrouperSession, java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)

postHqlFilterStemsWithGroups

public Set<Stem> postHqlFilterStemsWithGroups(GrouperSession grouperSession,
 Set<Stem> stems,
 Subject subject,
 Set<Privilege> inPrivSet)

Description copied from interface: AccessAdapter

after HQL is run, filter stems with groups. If you are filtering in HQL, then dont filter here

Specified by:

postHqlFilterStemsWithGroups in interface AccessAdapter

Returns:

the stems

See Also:

• AccessAdapter.postHqlFilterStemsWithGroups(edu.internet2.middleware.grouper.GrouperSession, java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)

hqlFilterGroupsWhereClause

public boolean hqlFilterGroupsWhereClause(GrouperSession grouperSession,
 Subject subject,
 HqlQuery hqlQuery,
 StringBuilder hql,
 String groupColumn,
 Set<Privilege> privInSet)

Description copied from interface: AccessAdapter

for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like). Note, this joins to tables, so the queries should probably be "distinct"

Specified by:

hqlFilterGroupsWhereClause in interface AccessAdapter

subject - which needs view access to the groups

hql - is the select and part part (hql prefix)

groupColumn - is the name of the group column to join to

privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessPrivilege

Returns:

if the query was changed

See Also:

• AccessAdapter.hqlFilterGroupsWhereClause(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, java.util.Set)

hqlFilterGroupsNotWithPrivWhereClause

public boolean hqlFilterGroupsNotWithPrivWhereClause(GrouperSession grouperSession,
 Subject subject,
 HqlQuery hqlQuery,
 StringBuilder hql,
 String groupColumn,
 Privilege privilege,
 boolean considerAllSubject)

Description copied from interface: AccessAdapter

for a group query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).

Specified by:

hqlFilterGroupsNotWithPrivWhereClause in interface AccessAdapter

subject - which needs view access to the groups

hql - is the select and part part (hql prefix)

groupColumn - is the name of the group column to join to

privilege - find a privilege which is in this set (e.g. for view, send view).

considerAllSubject - if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider

Returns:

if the query was changed

See Also:

• AccessAdapter.hqlFilterGroupsNotWithPrivWhereClause(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege, boolean)

postHqlFilterMemberships

public Set<Membership> postHqlFilterMemberships(GrouperSession grouperSession,
 Subject subject,
 Set<Membership> memberships)

Description copied from interface: AccessAdapter

filter memberships for things the subject can see

Specified by:

postHqlFilterMemberships in interface AccessAdapter

Returns:

the memberships

See Also:

• AccessAdapter.postHqlFilterMemberships(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, java.util.Set)

hqlFilterGroupsWithPrivWhereClause

public boolean hqlFilterGroupsWithPrivWhereClause(GrouperSession grouperSession,
 Subject subject,
 HqlQuery hqlQuery,
 StringBuilder hql,
 String groupColumn,
 Privilege privilege,
 boolean considerAllSubject)

Description copied from interface: AccessAdapter

for a group query, see if the groups have certain privs

Specified by:

hqlFilterGroupsWithPrivWhereClause in interface AccessAdapter

subject - which needs view access to the groups

hql - is the select and part part (hql prefix)

groupColumn - is the name of the group column to join to

privilege - find a privilege which is in this set (e.g. for view, send view).

considerAllSubject - if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider

Returns:

if the query was changed

See Also:

• AccessAdapter.hqlFilterGroupsWithPrivWhereClause(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege, boolean)