Package edu.internet2.middleware.grouper.privs

Class GrouperSystemNamingResolver

java.lang.Object

edu.internet2.middleware.grouper.privs.NamingResolverDecorator

edu.internet2.middleware.grouper.privs.GrouperSystemNamingResolver

All Implemented Interfaces:

NamingResolver

public class GrouperSystemNamingResolver
extends NamingResolverDecorator

Decorator that provides GrouperSystem privilege resolution for NamingResolver.

Since:

1.2.1

Version:

$Id: GrouperSystemNamingResolver.java,v 1.11 2009-09-21 06:14:26 mchyzer Exp $

Constructor Summary

Constructors

Constructor	Description
GrouperSystemNamingResolver(NamingResolver resolver)

Method Summary

Modifier and Type	Method	Description
void	flushCache()	flush cache if caching resolver
boolean	hasPrivilege(Stem stem, Subject subject, Privilege privilege)	Check whether subject has privilege on group.
boolean	hqlFilterStemsNotWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject)	for a stem query, check to make sure the subject doesnt have privs
boolean	hqlFilterStemsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Set<Privilege> privInSet)	for a stem query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).
Set<Stem>	postHqlFilterStems(Set<Stem> stems, Subject subject, Set<Privilege> privInSet)	after HQL is run, filter stems.

Methods inherited from class edu.internet2.middleware.grouper.privs.NamingResolverDecorator

getDecoratedResolver, getGrouperSession, getPrivileges, getStemsWhereSubjectDoesHavePrivilege, getStemsWhereSubjectDoesntHavePrivilege, getStemsWhereSubjectHasPrivilege, getSubjectsWithPrivilege, grantPrivilege, hqlFilterStemsWithPrivWhereClause, privilegeCopy, privilegeCopy, revokeAllPrivilegesForSubject, revokePrivilege, revokePrivilege, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

GrouperSystemNamingResolver

public GrouperSystemNamingResolver(NamingResolver resolver)

Parameters:

resolver -

Since:

1.2.1

Method Details

flushCache

public void flushCache()

Description copied from interface: NamingResolver

flush cache if caching resolver

Specified by:

flushCache in interface NamingResolver

Overrides:

flushCache in class NamingResolverDecorator

See Also:

• NamingResolver.flushCache()

hasPrivilege

public boolean hasPrivilege(Stem stem,
 Subject subject,
 Privilege privilege)
                     throws IllegalArgumentException

Description copied from interface: NamingResolver

Check whether subject has privilege on group.

Specified by:

hasPrivilege in interface NamingResolver

Overrides:

hasPrivilege in class NamingResolverDecorator

Returns:

if has privilege

Throws:

IllegalArgumentException - if any parameter is null.

Since:

1.2.1

See Also:

• NamingResolver.hasPrivilege(Stem, Subject, Privilege)

hqlFilterStemsWhereClause

public boolean hqlFilterStemsWhereClause(Subject subject,
 HqlQuery hqlQuery,
 StringBuilder hql,
 String stemColumn,
 Set<Privilege> privInSet)

Description copied from interface: NamingResolver

for a stem query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like). Note, this joins to tables, so the queries should probably be "distinct"

Specified by:

hqlFilterStemsWhereClause in interface NamingResolver

Overrides:

hqlFilterStemsWhereClause in class NamingResolverDecorator

Parameters:

subject - which needs view access to the groups

hql - is the select and part part (hql prefix)

stemColumn - is the name of the stem column to join to

privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter

Returns:

if the query was changed

See Also:

• NamingResolver.hqlFilterStemsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, java.util.Set)

postHqlFilterStems

public Set<Stem> postHqlFilterStems(Set<Stem> stems,
 Subject subject,
 Set<Privilege> privInSet)

Description copied from interface: NamingResolver

after HQL is run, filter stems. If you are filtering in HQL, then dont filter here

Specified by:

postHqlFilterStems in interface NamingResolver

Overrides:

postHqlFilterStems in class NamingResolverDecorator

subject - which needs view access to the groups

privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in NamingPrivilege

Returns:

the set of filtered groups

See Also:

• NamingResolver.postHqlFilterStems(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)

hqlFilterStemsNotWithPrivWhereClause

public boolean hqlFilterStemsNotWithPrivWhereClause(Subject subject,
 HqlQuery hqlQuery,
 StringBuilder hql,
 String groupColumn,
 Privilege privilege,
 boolean considerAllSubject)

Description copied from interface: NamingResolver

for a stem query, check to make sure the subject doesnt have privs

Specified by:

hqlFilterStemsNotWithPrivWhereClause in interface NamingResolver

Overrides:

hqlFilterStemsNotWithPrivWhereClause in class NamingResolverDecorator

Parameters:

subject - which needs view access to the groups

hql - the select and current from part

groupColumn - is the name of the group column to join to

privilege - find a privilege which is in this set (e.g. stem or create)

considerAllSubject - if true, then consider GrouperAll when seeign if subject has priv, else do not

Returns:

if the statement was changed

See Also:

• NamingResolver.hqlFilterStemsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, String, Privilege, boolean)