Class CachingAttrDefResolver
java.lang.Object
edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator
edu.internet2.middleware.grouper.privs.CachingAttrDefResolver
- All Implemented Interfaces:
AttributeDefResolver
Decorator that provides caching for
AttributeDefResolver.
- Since:
- 1.2.1
- Version:
- $Id: CachingAttrDefResolver.java,v 1.2 2009-09-28 05:06:46 mchyzer Exp $
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidflush cache if caching resolvergetAttributeDefsWhereSubjectHasPrivilege(Subject subject, Privilege privilege) Get all attributedefs where subject has privilege.get a reference to the sessiongetPrivileges(AttributeDef attributeDef, Subject subject) Get all privileges subject has on attributeDef.getSubjectsWithPrivilege(AttributeDef attributeDef, Privilege privilege) Get all subjects with privilege on attributeDef.voidgrantPrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege, String uuid) Grant privilege to subject on attributeDef.booleanhasPrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege) Check whether subject has privilege on attributeDef.booleanhqlFilterAttrDefsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hqlTables, StringBuilder hqlWhereClause, String attrDefColumn, Set<Privilege> privInSet) for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttDefs instead if you like)booleanhqlFilterAttributeDefsNotWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject) for an attribute def query, check to make sure the subject cant see the recordsbooleanhqlFilterAttributeDefsWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject) for an attribute def query, check to make sure the records have certain privspostHqlFilterAttrDefs(Set<AttributeDef> attributeDefs, Subject subject, Set<Privilege> privInSet) after HQL is run, filter attributeDefs.postHqlFilterAttributeAssigns(Subject subject, Set<AttributeAssign> attributeAssigns) filter attributeDefs for things the subject can seepostHqlFilterPermissions(Subject subject, Set<PermissionEntry> permissionsEntries) filter permissions for things the subject can seepostHqlFilterPITAttributeAssigns(Subject subject, Set<PITAttributeAssign> pitAttributeAssigns) filter pit attribute assignments for things the subject can seevoidprivilegeCopy(AttributeDef attributeDef1, AttributeDef attributeDef2, Privilege priv) Copies privileges for subjects that have the specified privilege on g1 to g2.voidprivilegeCopy(Subject subj1, Subject subj2, Privilege priv) Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.voidrevokeAllPrivilegesForSubject(Subject subject) Revoke all attrDef privileges that this subject has.voidrevokePrivilege(AttributeDef attributeDef, Privilege privilege) Revoke privilege from all subjects on attributeDef.voidrevokePrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege) Revoke privilege from subject on attributeDef.voidstop()clean up resources, session is stoppedMethods inherited from class edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator
getAttributeDefsWhereSubjectDoesHavePrivilege, getAttributeDefsWhereSubjectDoesntHavePrivilege, getDecoratedResolver, retrievePrivileges
-
Field Details
-
CACHE_HASPRIV
-
-
Constructor Details
-
CachingAttrDefResolver
- Parameters:
resolver-- Since:
- 1.2.1
-
-
Method Details
-
getAttributeDefsWhereSubjectHasPrivilege
public Set<AttributeDef> getAttributeDefsWhereSubjectHasPrivilege(Subject subject, Privilege privilege) throws IllegalArgumentException Description copied from interface:AttributeDefResolverGet all attributedefs where subject has privilege.- Specified by:
getAttributeDefsWhereSubjectHasPrivilegein interfaceAttributeDefResolver- Overrides:
getAttributeDefsWhereSubjectHasPrivilegein classAttributeDefResolverDecorator- Returns:
- the set
- Throws:
IllegalArgumentException- if any parameter is null.- See Also:
-
getPrivileges
public Set<AttributeDefPrivilege> getPrivileges(AttributeDef attributeDef, Subject subject) throws IllegalArgumentException Description copied from interface:AttributeDefResolverGet all privileges subject has on attributeDef.- Specified by:
getPrivilegesin interfaceAttributeDefResolver- Overrides:
getPrivilegesin classAttributeDefResolverDecorator- Returns:
- the set
- Throws:
IllegalArgumentException- if any parameter is null.- See Also:
-
getStats
- Parameters:
cache-- Returns:
- ehcache statistics for cache.
- Since:
- 1.2.1
-
getSubjectsWithPrivilege
public Set<Subject> getSubjectsWithPrivilege(AttributeDef attributeDef, Privilege privilege) throws IllegalArgumentException Description copied from interface:AttributeDefResolverGet all subjects with privilege on attributeDef.- Specified by:
getSubjectsWithPrivilegein interfaceAttributeDefResolver- Overrides:
getSubjectsWithPrivilegein classAttributeDefResolverDecorator- Returns:
- the set
- Throws:
IllegalArgumentException- if any parameter is null.- See Also:
-
grantPrivilege
public void grantPrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege, String uuid) throws IllegalArgumentException, UnableToPerformException Description copied from interface:AttributeDefResolverGrant privilege to subject on attributeDef.- Specified by:
grantPrivilegein interfaceAttributeDefResolver- Overrides:
grantPrivilegein classAttributeDefResolverDecoratoruuid- is uuid or null for assigned- Throws:
IllegalArgumentException- if any parameter is null.UnableToPerformException- if the privilege could not be granted.- See Also:
-
hasPrivilege
public boolean hasPrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege) throws IllegalArgumentException Description copied from interface:AttributeDefResolverCheck whether subject has privilege on attributeDef.- Specified by:
hasPrivilegein interfaceAttributeDefResolver- Overrides:
hasPrivilegein classAttributeDefResolverDecorator- Returns:
- boolean
- Throws:
IllegalArgumentException- if any parameter is null.- See Also:
-
revokePrivilege
public void revokePrivilege(AttributeDef attributeDef, Privilege privilege) throws IllegalArgumentException, UnableToPerformException Description copied from interface:AttributeDefResolverRevoke privilege from all subjects on attributeDef.- Specified by:
revokePrivilegein interfaceAttributeDefResolver- Overrides:
revokePrivilegein classAttributeDefResolverDecorator- Throws:
IllegalArgumentException- if any parameter is null.UnableToPerformException- if the privilege could not be revoked.- See Also:
-
revokePrivilege
public void revokePrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege) throws IllegalArgumentException, UnableToPerformException Description copied from interface:AttributeDefResolverRevoke privilege from subject on attributeDef.- Specified by:
revokePrivilegein interfaceAttributeDefResolver- Overrides:
revokePrivilegein classAttributeDefResolverDecorator- Throws:
IllegalArgumentException- if any parameter is null.UnableToPerformException- if the privilege could not be revoked.- See Also:
-
privilegeCopy
public void privilegeCopy(AttributeDef attributeDef1, AttributeDef attributeDef2, Privilege priv) throws IllegalArgumentException, UnableToPerformException Description copied from interface:AttributeDefResolverCopies privileges for subjects that have the specified privilege on g1 to g2.- Specified by:
privilegeCopyin interfaceAttributeDefResolver- Overrides:
privilegeCopyin classAttributeDefResolverDecorator- Throws:
IllegalArgumentExceptionUnableToPerformException- See Also:
-
privilegeCopy
public void privilegeCopy(Subject subj1, Subject subj2, Privilege priv) throws IllegalArgumentException, UnableToPerformException Description copied from interface:AttributeDefResolverCopies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. For instance, if subj1 has ATTR_ADMIN privilege to AttributeDef x, this method will result with subj2 having ATTR_ADMIN privilege to AttributeDef x.- Specified by:
privilegeCopyin interfaceAttributeDefResolver- Overrides:
privilegeCopyin classAttributeDefResolverDecorator- Throws:
IllegalArgumentExceptionUnableToPerformException- See Also:
-
flushCache
public void flushCache()Description copied from interface:AttributeDefResolverflush cache if caching resolver- Specified by:
flushCachein interfaceAttributeDefResolver- Overrides:
flushCachein classAttributeDefResolverDecorator- See Also:
-
postHqlFilterAttrDefs
public Set<AttributeDef> postHqlFilterAttrDefs(Set<AttributeDef> attributeDefs, Subject subject, Set<Privilege> privInSet) Description copied from interface:AttributeDefResolverafter HQL is run, filter attributeDefs. If you are filtering in HQL, then dont filter here- Specified by:
postHqlFilterAttrDefsin interfaceAttributeDefResolver- Overrides:
postHqlFilterAttrDefsin classAttributeDefResolverDecoratorsubject- which needs view access to the attribute defsprivInSet- find a privilege which is in this set (e.g. for view, send all attrDef privs). There are pre-canned sets in AttributeDefAdapter- Returns:
- the set of filtered attrDefs
- See Also:
-
hqlFilterAttrDefsWhereClause
public boolean hqlFilterAttrDefsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hqlTables, StringBuilder hqlWhereClause, String attrDefColumn, Set<Privilege> privInSet) Description copied from interface:AttributeDefResolverfor an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttDefs instead if you like)- Specified by:
hqlFilterAttrDefsWhereClausein interfaceAttributeDefResolver- Overrides:
hqlFilterAttrDefsWhereClausein classAttributeDefResolverDecorator- Parameters:
subject- which needs view access to the attrDefshqlTables- the select and current from parthqlWhereClause- is there where clause part of the queryattrDefColumn- is the name of the attributeDef column to join toprivInSet- find a privilege which is in this set (e.g. for view, send all attrDef privs)- Returns:
- if the statement was changed
- See Also:
-
getGrouperSession
Description copied from interface:AttributeDefResolverget a reference to the session- Specified by:
getGrouperSessionin interfaceAttributeDefResolver- Overrides:
getGrouperSessionin classAttributeDefResolverDecorator- Returns:
- the session
- See Also:
-
postHqlFilterAttributeAssigns
public Set<AttributeAssign> postHqlFilterAttributeAssigns(Subject subject, Set<AttributeAssign> attributeAssigns) Description copied from interface:AttributeDefResolverfilter attributeDefs for things the subject can see- Specified by:
postHqlFilterAttributeAssignsin interfaceAttributeDefResolver- Overrides:
postHqlFilterAttributeAssignsin classAttributeDefResolverDecorator- Returns:
- the memberships
- See Also:
-
postHqlFilterPITAttributeAssigns
public Set<PITAttributeAssign> postHqlFilterPITAttributeAssigns(Subject subject, Set<PITAttributeAssign> pitAttributeAssigns) Description copied from interface:AttributeDefResolverfilter pit attribute assignments for things the subject can see- Specified by:
postHqlFilterPITAttributeAssignsin interfaceAttributeDefResolver- Overrides:
postHqlFilterPITAttributeAssignsin classAttributeDefResolverDecorator- Returns:
- the pit attribute assignments
- See Also:
-
stop
public void stop()Description copied from interface:AttributeDefResolverclean up resources, session is stopped- Specified by:
stopin interfaceAttributeDefResolver- Overrides:
stopin classAttributeDefResolverDecorator- See Also:
-
revokeAllPrivilegesForSubject
Description copied from interface:AttributeDefResolverRevoke all attrDef privileges that this subject has.- Specified by:
revokeAllPrivilegesForSubjectin interfaceAttributeDefResolver- Overrides:
revokeAllPrivilegesForSubjectin classAttributeDefResolverDecorator- See Also:
-
postHqlFilterPermissions
public Set<PermissionEntry> postHqlFilterPermissions(Subject subject, Set<PermissionEntry> permissionsEntries) Description copied from interface:AttributeDefResolverfilter permissions for things the subject can see- Specified by:
postHqlFilterPermissionsin interfaceAttributeDefResolver- Overrides:
postHqlFilterPermissionsin classAttributeDefResolverDecorator- Returns:
- the memberships
- See Also:
-
hqlFilterAttributeDefsNotWithPrivWhereClause
public boolean hqlFilterAttributeDefsNotWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject) Description copied from interface:AttributeDefResolverfor an attribute def query, check to make sure the subject cant see the records- Specified by:
hqlFilterAttributeDefsNotWithPrivWhereClausein interfaceAttributeDefResolver- Overrides:
hqlFilterAttributeDefsNotWithPrivWhereClausein classAttributeDefResolverDecorator- Parameters:
subject- which needs view access to the groupshql- the select and current from partattributeDefColumn- is the name of the attributeDef column to join toprivilege- find a privilege which is in this set (e.g. for view, attr view)considerAllSubject- if true, then consider GrouperAll when seeign if subject has priv, else do not- Returns:
- if the statement was changed
- See Also:
-
hqlFilterAttributeDefsWithPrivWhereClause
public boolean hqlFilterAttributeDefsWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject) Description copied from interface:AttributeDefResolverfor an attribute def query, check to make sure the records have certain privs- Specified by:
hqlFilterAttributeDefsWithPrivWhereClausein interfaceAttributeDefResolver- Overrides:
hqlFilterAttributeDefsWithPrivWhereClausein classAttributeDefResolverDecorator- Parameters:
subject- which needs view access to the groupshql- the select and current from partattributeDefColumn- is the name of the attributeDef column to join toprivilege- find a privilege which is in this set (e.g. for view, attr view)considerAllSubject- if true, then consider GrouperAll when seeign if subject has priv, else do not- Returns:
- if the statement was changed
- See Also:
-