Class BaseAccessAdapter
java.lang.Object
edu.internet2.middleware.grouper.privs.BaseAccessAdapter
- All Implemented Interfaces:
AccessAdapter
- Direct Known Subclasses:
GrouperNonDbAccessAdapter
Base class for access adapter
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionboolean
hqlFilterGroupsNotWithPrivWhereClause
(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) for a group query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).boolean
hqlFilterGroupsWhereClause
(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).boolean
hqlFilterGroupsWithPrivWhereClause
(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) for a group query, see if the groups have certain privspostHqlFilterGroups
(GrouperSession grouperSession, Set<Group> inputGroups, Subject subject, Set<Privilege> privInSet) after HQL is run, filter groups.postHqlFilterMemberships
(GrouperSession grouperSession, Subject subject, Set<Membership> memberships) filter memberships for things the subject can seepostHqlFilterStemsWithGroups
(GrouperSession grouperSession, Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet) after HQL is run, filter stems with groups.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface edu.internet2.middleware.grouper.privs.AccessAdapter
getGroupsWhereSubjectDoesHavePrivilege, getGroupsWhereSubjectDoesntHavePrivilege, getGroupsWhereSubjectHasPriv, getPrivs, getStemsWhereGroupThatSubjectHasPrivilege, getSubjectsWithPriv, grantPriv, hasPriv, privilegeCopy, privilegeCopy, retrievePrivileges, revokeAllPrivilegesForSubject, revokePriv, revokePriv
-
Constructor Details
-
BaseAccessAdapter
public BaseAccessAdapter()
-
-
Method Details
-
postHqlFilterGroups
public Set<Group> postHqlFilterGroups(GrouperSession grouperSession, Set<Group> inputGroups, Subject subject, Set<Privilege> privInSet) Description copied from interface:AccessAdapter
after HQL is run, filter groups. If you are filtering in HQL, then dont filter here- Specified by:
postHqlFilterGroups
in interfaceAccessAdapter
subject
- which needs view access to the groupsprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter- Returns:
- the set of filtered groups
- See Also:
-
postHqlFilterStemsWithGroups
public Set<Stem> postHqlFilterStemsWithGroups(GrouperSession grouperSession, Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet) Description copied from interface:AccessAdapter
after HQL is run, filter stems with groups. If you are filtering in HQL, then dont filter here- Specified by:
postHqlFilterStemsWithGroups
in interfaceAccessAdapter
- Returns:
- the stems
- See Also:
-
hqlFilterGroupsWhereClause
public boolean hqlFilterGroupsWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) Description copied from interface:AccessAdapter
for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like). Note, this joins to tables, so the queries should probably be "distinct"- Specified by:
hqlFilterGroupsWhereClause
in interfaceAccessAdapter
subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)groupColumn
- is the name of the group column to join toprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessPrivilege- Returns:
- if the query was changed
- See Also:
-
hqlFilterGroupsNotWithPrivWhereClause
public boolean hqlFilterGroupsNotWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) Description copied from interface:AccessAdapter
for a group query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).- Specified by:
hqlFilterGroupsNotWithPrivWhereClause
in interfaceAccessAdapter
subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)groupColumn
- is the name of the group column to join toprivilege
- find a privilege which is in this set (e.g. for view, send view).considerAllSubject
- if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider- Returns:
- if the query was changed
- See Also:
-
postHqlFilterMemberships
public Set<Membership> postHqlFilterMemberships(GrouperSession grouperSession, Subject subject, Set<Membership> memberships) Description copied from interface:AccessAdapter
filter memberships for things the subject can see- Specified by:
postHqlFilterMemberships
in interfaceAccessAdapter
- Returns:
- the memberships
- See Also:
-
hqlFilterGroupsWithPrivWhereClause
public boolean hqlFilterGroupsWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) Description copied from interface:AccessAdapter
for a group query, see if the groups have certain privs- Specified by:
hqlFilterGroupsWithPrivWhereClause
in interfaceAccessAdapter
subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)groupColumn
- is the name of the group column to join toprivilege
- find a privilege which is in this set (e.g. for view, send view).considerAllSubject
- if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider- Returns:
- if the query was changed
- See Also:
-