Package edu.internet2.middleware.grouper.privs

Class GrouperAttributeDefAdapter

java.lang.Object

edu.internet2.middleware.grouper.privs.BaseAttrDefAdapter

edu.internet2.middleware.grouper.privs.GrouperNonDbAttrDefAdapter

edu.internet2.middleware.grouper.privs.GrouperAttributeDefAdapter

All Implemented Interfaces:

AttributeDefAdapter

public class GrouperAttributeDefAdapter
extends GrouperNonDbAttrDefAdapter

 
 Grouper Attribute Definition Access Privilege interface.
 

 Unless you are implementing a new implementation of this interface,
 you should not need to directly use these methods as they are all
 wrapped by methods in the AttributeDef class.
 
 This access adapter affects the HQL queries to give better performance
 
 

Version:

$Id: GrouperAttributeDefAdapter.java,v 1.1 2009-09-21 06:14:26 mchyzer Exp $

Field Summary

Fields inherited from class edu.internet2.middleware.grouper.privs.GrouperNonDbAttrDefAdapter

priv2list

Constructor Summary

Constructors

Constructor	Description
GrouperAttributeDefAdapter()

Method Summary

Modifier and Type	Method	Description
boolean	hqlFilterAttrDefsWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hqlTables, StringBuilder hqlWhereClause, String attributeDefColumn, Set<Privilege> privInSet)	for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttrDefs instead if you like).
boolean	hqlFilterAttributeDefsNotWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject)	for an attributeDef query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterAttributeDefs instead if you like).
boolean	hqlFilterAttributeDefsWithPrivWhereClause(GrouperSession grouperSession, Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject)	for an attributeDef query, check to make sure the subject has priv (if filtering HQL, you can do the postHqlFilterAttributeDefs instead if you like).
Set<AttributeAssign>	postHqlFilterAttributeAssigns(GrouperSession grouperSession, Subject subject, Set<AttributeAssign> attributeAssigns)	filter attribute assignments for things the subject can see, assume underlying assignments are ok to view
Set<PermissionEntry>	postHqlFilterPermissions(GrouperSession grouperSession, Subject subject, Set<PermissionEntry> permissionEntries)	filter permissionEntries for things the subject can see, assume underlying assignments are ok to view
Set<PITAttributeAssign>	postHqlFilterPITAttributeAssigns(GrouperSession grouperSession, Subject subject, Set<PITAttributeAssign> pitAttributeAssigns)	filter pit attribute assignments for things the subject can see, assume underlying assignments are ok to view

Methods inherited from class edu.internet2.middleware.grouper.privs.GrouperNonDbAttrDefAdapter

getAttributeDefsWhereSubjectDoesHavePrivilege, getAttributeDefsWhereSubjectDoesntHavePrivilege, getAttributeDefsWhereSubjectHasPriv, getPrivs, getSubjectsWithPriv, grantPriv, hasPriv, privilegeCopy, privilegeCopy, retrievePrivileges, revokeAllPrivilegesForSubject, revokePriv, revokePriv

Methods inherited from class edu.internet2.middleware.grouper.privs.BaseAttrDefAdapter

postHqlFilterAttributeDefs

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface edu.internet2.middleware.grouper.privs.AttributeDefAdapter

postHqlFilterAttributeDefs

Constructor Details

GrouperAttributeDefAdapter

public GrouperAttributeDefAdapter()

Method Details

hqlFilterAttrDefsWhereClause

public boolean hqlFilterAttrDefsWhereClause(GrouperSession grouperSession,
 Subject subject,
 HqlQuery hqlQuery,
 StringBuilder hqlTables,
 StringBuilder hqlWhereClause,
 String attributeDefColumn,
 Set<Privilege> privInSet)

Description copied from interface: AttributeDefAdapter

for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttrDefs instead if you like). Note, this joins to tables, so the queries should probably be "distinct"

Specified by:

hqlFilterAttrDefsWhereClause in interface AttributeDefAdapter

Overrides:

hqlFilterAttrDefsWhereClause in class BaseAttrDefAdapter

subject - which needs view access to the attrDefs

hqlTables - is the select and part part (hql prefix)

hqlWhereClause - is there where clause part of the query

attributeDefColumn - is the name of the attrDef column to join to

privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessPrivilege

Returns:

if the query was changed

See Also:

• BaseAttrDefAdapter.hqlFilterAttrDefsWhereClause(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.StringBuilder, java.lang.String, java.util.Set)

postHqlFilterAttributeAssigns

public Set<AttributeAssign> postHqlFilterAttributeAssigns(GrouperSession grouperSession,
 Subject subject,
 Set<AttributeAssign> attributeAssigns)

Description copied from interface: AttributeDefAdapter

filter attribute assignments for things the subject can see, assume underlying assignments are ok to view

Specified by:

postHqlFilterAttributeAssigns in interface AttributeDefAdapter

Overrides:

postHqlFilterAttributeAssigns in class BaseAttrDefAdapter

Returns:

the memberships

See Also:

• AttributeDefAdapter.postHqlFilterAttributeAssigns(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, java.util.Set)

postHqlFilterPITAttributeAssigns

public Set<PITAttributeAssign> postHqlFilterPITAttributeAssigns(GrouperSession grouperSession,
 Subject subject,
 Set<PITAttributeAssign> pitAttributeAssigns)

Description copied from interface: AttributeDefAdapter

filter pit attribute assignments for things the subject can see, assume underlying assignments are ok to view

Specified by:

postHqlFilterPITAttributeAssigns in interface AttributeDefAdapter

Overrides:

postHqlFilterPITAttributeAssigns in class BaseAttrDefAdapter

Returns:

the pit attribute assignments

See Also:

• AttributeDefAdapter.postHqlFilterPITAttributeAssigns(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, java.util.Set)

postHqlFilterPermissions

public Set<PermissionEntry> postHqlFilterPermissions(GrouperSession grouperSession,
 Subject subject,
 Set<PermissionEntry> permissionEntries)

Description copied from interface: AttributeDefAdapter

filter permissionEntries for things the subject can see, assume underlying assignments are ok to view

Specified by:

postHqlFilterPermissions in interface AttributeDefAdapter

Overrides:

postHqlFilterPermissions in class BaseAttrDefAdapter

Returns:

the memberships

See Also:

• BaseAttrDefAdapter.postHqlFilterPermissions(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, java.util.Set)

hqlFilterAttributeDefsNotWithPrivWhereClause

public boolean hqlFilterAttributeDefsNotWithPrivWhereClause(GrouperSession grouperSession,
 Subject subject,
 HqlQuery hqlQuery,
 StringBuilder hql,
 String attributeDefColumn,
 Privilege privilege,
 boolean considerAllSubject)

Description copied from interface: AttributeDefAdapter

for an attributeDef query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterAttributeDefs instead if you like).

Specified by:

hqlFilterAttributeDefsNotWithPrivWhereClause in interface AttributeDefAdapter

Overrides:

hqlFilterAttributeDefsNotWithPrivWhereClause in class BaseAttrDefAdapter

subject - which needs view access to the groups

hql - is the select and part part (hql prefix)

attributeDefColumn - is the name of the attributeDef column to join to

privilege - find a privilege which is in this set (e.g. attributeDef privs).

considerAllSubject - if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider

Returns:

if the query was changed

See Also:

• AttributeDefAdapter.hqlFilterAttributeDefsNotWithPrivWhereClause(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege, boolean)

hqlFilterAttributeDefsWithPrivWhereClause

public boolean hqlFilterAttributeDefsWithPrivWhereClause(GrouperSession grouperSession,
 Subject subject,
 HqlQuery hqlQuery,
 StringBuilder hql,
 String attributeDefColumn,
 Privilege privilege,
 boolean considerAllSubject)

Description copied from interface: AttributeDefAdapter

for an attributeDef query, check to make sure the subject has priv (if filtering HQL, you can do the postHqlFilterAttributeDefs instead if you like).

Specified by:

hqlFilterAttributeDefsWithPrivWhereClause in interface AttributeDefAdapter

Overrides:

hqlFilterAttributeDefsWithPrivWhereClause in class BaseAttrDefAdapter

subject - which needs view access to the groups

hql - is the select and part part (hql prefix)

attributeDefColumn - is the name of the attributeDef column to join to

privilege - find a privilege which is in this set (e.g. attributeDef privs).

considerAllSubject - if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider

Returns:

if the query was changed

See Also:

• AttributeDefAdapter.hqlFilterAttributeDefsWithPrivWhereClause(edu.internet2.middleware.grouper.GrouperSession, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege, boolean)