Package edu.internet2.middleware.grouper.privs

Interface NamingResolver

All Known Implementing Classes:

CachingNamingResolver, GrouperAllNamingResolver, GrouperSystemNamingResolver, NamingResolverDecorator, NamingWrapper, ValidatingNamingResolver, WheelNamingResolver

public interface NamingResolver

Facade for the NamingAdapter interface.

Since:

1.2.1

Version:

$Id: NamingResolver.java,v 1.12 2009-09-21 06:14:26 mchyzer Exp $

Method Summary

Modifier and Type	Method	Description
void	flushCache()	flush cache if caching resolver
GrouperSession	getGrouperSession()	get a reference to the session
Set<NamingPrivilege>	getPrivileges(Stem stem, Subject subject)	Get all privileges subject has on group.
Set<Stem>	getStemsWhereSubjectDoesHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString)	find the stems which do have a certain privilege
Set<Stem>	getStemsWhereSubjectDoesntHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString)	find the stems which do not have a certain privilege
Set<Stem>	getStemsWhereSubjectHasPrivilege(Subject subject, Privilege privilege)	Get all groups where subject has privilege.
Set<Subject>	getSubjectsWithPrivilege(Stem stem, Privilege privilege)	Get all subjects with privilege on group.
void	grantPrivilege(Stem stem, Subject subject, Privilege privilege, String uuid)	Grant privilege to subject on group.
boolean	hasPrivilege(Stem stem, Subject subject, Privilege privilege)	Check whether subject has privilege on group.
boolean	hqlFilterStemsNotWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Privilege privilege, boolean considerAllSubject)	for a stem query, check to make sure the subject doesnt have privs
boolean	hqlFilterStemsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Set<Privilege> privInSet)	for a stem query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).
boolean	hqlFilterStemsWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Privilege privilege, boolean considerAllSubject)	for a stem query, check to make sure the subject has privs
Set<Stem>	postHqlFilterStems(Set<Stem> stems, Subject subject, Set<Privilege> privInSet)	after HQL is run, filter stems.
void	privilegeCopy(Stem stem1, Stem stem2, Privilege priv)	Copies privileges for subjects that have the specified privilege on stem1 to stem2.
void	privilegeCopy(Subject subj1, Subject subj2, Privilege priv)	Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.
void	revokeAllPrivilegesForSubject(Subject subject)	Revoke all naming privileges that this subject has.
void	revokePrivilege(Stem stem, Privilege privilege)	Revoke privilege from all subjects on group.
void	revokePrivilege(Stem stem, Subject subject, Privilege privilege)	Revoke privilege from subject on group.
void	stop()	clean up resources, session is stopped

Method Details

getStemsWhereSubjectDoesntHavePrivilege

Set<Stem> getStemsWhereSubjectDoesntHavePrivilege(String stemId,
 Stem.Scope scope,
 Subject subject,
 Privilege privilege,
 boolean considerAllSubject,
 String sqlLikeString)

find the stems which do not have a certain privilege

Parameters:

stemId -

scope -

subject -

privilege -

considerAllSubject -

sqlLikeString -

Returns:

the stems

getStemsWhereSubjectDoesHavePrivilege

Set<Stem> getStemsWhereSubjectDoesHavePrivilege(String stemId,
 Stem.Scope scope,
 Subject subject,
 Privilege privilege,
 boolean considerAllSubject,
 String sqlLikeString)

find the stems which do have a certain privilege

Parameters:

stemId -

scope -

subject -

privilege -

considerAllSubject -

sqlLikeString -

Returns:

the stems

flushCache

void flushCache()

flush cache if caching resolver

stop

void stop()

clean up resources, session is stopped

getStemsWhereSubjectHasPrivilege

Set<Stem> getStemsWhereSubjectHasPrivilege(Subject subject,
 Privilege privilege)
                                    throws IllegalArgumentException

Get all groups where subject has privilege.

Parameters:

subject -

privilege -

Returns:

set

Throws:

IllegalArgumentException - if any parameter is null.

Since:

1.2.1

See Also:

• NamingAdapter.getStemsWhereSubjectHasPriv(GrouperSession, Subject, Privilege)

getPrivileges

Set<NamingPrivilege> getPrivileges(Stem stem,
 Subject subject)
                            throws IllegalArgumentException

Get all privileges subject has on group.

Parameters:

stem -

subject -

Returns:

set of naming privileges

Throws:

IllegalArgumentException - if any parameter is null.

Since:

1.2.1

See Also:

• NamingAdapter.getPrivs(GrouperSession, Stem, Subject)

getSubjectsWithPrivilege

Set<Subject> getSubjectsWithPrivilege(Stem stem,
 Privilege privilege)
                               throws IllegalArgumentException

Get all subjects with privilege on group.

Parameters:

stem -

privilege -

Returns:

set of subjects

Throws:

IllegalArgumentException - if any parameter is null.

Since:

1.2.1

See Also:

• NamingAdapter.getSubjectsWithPriv(GrouperSession, Stem, Privilege)

grantPrivilege

void grantPrivilege(Stem stem,
 Subject subject,
 Privilege privilege,
 String uuid)
             throws IllegalArgumentException,
UnableToPerformException

Grant privilege to subject on group.

Parameters:

stem -

subject -

privilege -

uuid - if known or null

Throws:

IllegalArgumentException - if any parameter is null.

UnableToPerformException - if the privilege could not be granted.

Since:

1.2.1

See Also:

• edu.internet2.middleware.grouper.privs.NamingAdapter#grantPriv(GrouperSession, Stem, Subject, Privilege)

hasPrivilege

boolean hasPrivilege(Stem stem,
 Subject subject,
 Privilege privilege)
              throws IllegalArgumentException

Check whether subject has privilege on group.

Parameters:

stem -

subject -

privilege -

Returns:

if has privilege

Throws:

IllegalArgumentException - if any parameter is null.

Since:

1.2.1

See Also:

• NamingAdapter.hasPriv(GrouperSession, Stem, Subject, Privilege)

revokePrivilege

void revokePrivilege(Stem stem,
 Privilege privilege)
              throws IllegalArgumentException,
UnableToPerformException

Revoke privilege from all subjects on group.

Parameters:

stem -

privilege -

Throws:

IllegalArgumentException - if any parameter is null.

UnableToPerformException - if the privilege could not be revoked.

Since:

1.2.1

See Also:

• NamingAdapter.revokePriv(GrouperSession, Stem, Privilege)

revokePrivilege

void revokePrivilege(Stem stem,
 Subject subject,
 Privilege privilege)
              throws IllegalArgumentException,
UnableToPerformException

Revoke privilege from subject on group.

Parameters:

stem -

subject -

privilege -

Throws:

IllegalArgumentException - if any parameter is null.

UnableToPerformException - if the privilege could not be revoked.

Since:

1.2.1

See Also:

• NamingAdapter.revokePriv(GrouperSession, Stem, Subject, Privilege)

privilegeCopy

void privilegeCopy(Stem stem1,
 Stem stem2,
 Privilege priv)
            throws IllegalArgumentException,
UnableToPerformException

Copies privileges for subjects that have the specified privilege on stem1 to stem2.

Parameters:

stem1 -

stem2 -

priv -

Throws:

IllegalArgumentException

UnableToPerformException

privilegeCopy

void privilegeCopy(Subject subj1,
 Subject subj2,
 Privilege priv)
            throws IllegalArgumentException,
UnableToPerformException

Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. For instance, if subj1 has STEM privilege to Stem x, this method will result with subj2 having STEM privilege to Stem x.

Parameters:

subj1 -

subj2 -

priv -

Throws:

IllegalArgumentException

UnableToPerformException

getGrouperSession

GrouperSession getGrouperSession()

get a reference to the session

Returns:

the session

hqlFilterStemsWhereClause

boolean hqlFilterStemsWhereClause(Subject subject,
 HqlQuery hqlQuery,
 StringBuilder hql,
 String stemColumn,
 Set<Privilege> privInSet)

for a stem query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like). Note, this joins to tables, so the queries should probably be "distinct"

Parameters:

subject - which needs view access to the groups

hql - is the select and part part (hql prefix)

hqlQuery -

stemColumn - is the name of the stem column to join to

privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter

Returns:

if the query was changed

postHqlFilterStems

Set<Stem> postHqlFilterStems(Set<Stem> stems,
 Subject subject,
 Set<Privilege> privInSet)

after HQL is run, filter stems. If you are filtering in HQL, then dont filter here

Parameters:

stems -

subject - which needs view access to the groups

privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in NamingPrivilege

Returns:

the set of filtered groups

revokeAllPrivilegesForSubject

void revokeAllPrivilegesForSubject(Subject subject)

Revoke all naming privileges that this subject has.

Parameters:

subject -

hqlFilterStemsNotWithPrivWhereClause

boolean hqlFilterStemsNotWithPrivWhereClause(Subject subject,
 HqlQuery hqlQuery,
 StringBuilder hql,
 String stemColumn,
 Privilege privilege,
 boolean considerAllSubject)

for a stem query, check to make sure the subject doesnt have privs

Parameters:

subject - which needs view access to the groups

hqlQuery -

hql - the select and current from part

stemColumn - is the name of the group column to join to

privilege - find a privilege which is in this set (e.g. stem or create)

considerAllSubject - if true, then consider GrouperAll when seeign if subject has priv, else do not

Returns:

if the statement was changed

hqlFilterStemsWithPrivWhereClause

boolean hqlFilterStemsWithPrivWhereClause(Subject subject,
 HqlQuery hqlQuery,
 StringBuilder hql,
 String stemColumn,
 Privilege privilege,
 boolean considerAllSubject)

for a stem query, check to make sure the subject has privs

Parameters:

subject - which needs view access to the groups

hqlQuery -

hql - the select and current from part

stemColumn - is the name of the group column to join to

privilege - find a privilege which is in this set (e.g. stem or create)

considerAllSubject - if true, then consider GrouperAll when seeign if subject has priv, else do not

Returns:

if the statement was changed