Interface NamingResolver
- All Known Implementing Classes:
CachingNamingResolver
,GrouperAllNamingResolver
,GrouperSystemNamingResolver
,NamingResolverDecorator
,NamingWrapper
,ValidatingNamingResolver
,WheelNamingResolver
public interface NamingResolver
Facade for the
NamingAdapter
interface.
- Since:
- 1.2.1
- Version:
- $Id: NamingResolver.java,v 1.12 2009-09-21 06:14:26 mchyzer Exp $
-
Method Summary
Modifier and TypeMethodDescriptionvoid
flush cache if caching resolverget a reference to the sessiongetPrivileges
(Stem stem, Subject subject) Get all privileges subject has on group.getStemsWhereSubjectDoesHavePrivilege
(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the stems which do have a certain privilegegetStemsWhereSubjectDoesntHavePrivilege
(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the stems which do not have a certain privilegegetStemsWhereSubjectHasPrivilege
(Subject subject, Privilege privilege) Get all groups where subject has privilege.getSubjectsWithPrivilege
(Stem stem, Privilege privilege) Get all subjects with privilege on group.void
grantPrivilege
(Stem stem, Subject subject, Privilege privilege, String uuid) Grant privilege to subject on group.boolean
hasPrivilege
(Stem stem, Subject subject, Privilege privilege) Check whether subject has privilege on group.boolean
hqlFilterStemsNotWithPrivWhereClause
(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Privilege privilege, boolean considerAllSubject) for a stem query, check to make sure the subject doesnt have privsboolean
hqlFilterStemsWhereClause
(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Set<Privilege> privInSet) for a stem query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).boolean
hqlFilterStemsWithPrivWhereClause
(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Privilege privilege, boolean considerAllSubject) for a stem query, check to make sure the subject has privsafter HQL is run, filter stems.void
privilegeCopy
(Stem stem1, Stem stem2, Privilege priv) Copies privileges for subjects that have the specified privilege on stem1 to stem2.void
privilegeCopy
(Subject subj1, Subject subj2, Privilege priv) Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.void
revokeAllPrivilegesForSubject
(Subject subject) Revoke all naming privileges that this subject has.void
revokePrivilege
(Stem stem, Privilege privilege) Revoke privilege from all subjects on group.void
revokePrivilege
(Stem stem, Subject subject, Privilege privilege) Revoke privilege from subject on group.void
stop()
clean up resources, session is stopped
-
Method Details
-
getStemsWhereSubjectDoesntHavePrivilege
Set<Stem> getStemsWhereSubjectDoesntHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the stems which do not have a certain privilege- Parameters:
stemId
-scope
-subject
-privilege
-considerAllSubject
-sqlLikeString
-- Returns:
- the stems
-
getStemsWhereSubjectDoesHavePrivilege
Set<Stem> getStemsWhereSubjectDoesHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the stems which do have a certain privilege- Parameters:
stemId
-scope
-subject
-privilege
-considerAllSubject
-sqlLikeString
-- Returns:
- the stems
-
flushCache
void flushCache()flush cache if caching resolver -
stop
void stop()clean up resources, session is stopped -
getStemsWhereSubjectHasPrivilege
Set<Stem> getStemsWhereSubjectHasPrivilege(Subject subject, Privilege privilege) throws IllegalArgumentException Get all groups where subject has privilege.- Parameters:
subject
-privilege
-- Returns:
- set
- Throws:
IllegalArgumentException
- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
getPrivileges
Get all privileges subject has on group.- Parameters:
stem
-subject
-- Returns:
- set of naming privileges
- Throws:
IllegalArgumentException
- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
getSubjectsWithPrivilege
Set<Subject> getSubjectsWithPrivilege(Stem stem, Privilege privilege) throws IllegalArgumentException Get all subjects with privilege on group.- Parameters:
stem
-privilege
-- Returns:
- set of subjects
- Throws:
IllegalArgumentException
- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
grantPrivilege
void grantPrivilege(Stem stem, Subject subject, Privilege privilege, String uuid) throws IllegalArgumentException, UnableToPerformException Grant privilege to subject on group.- Parameters:
stem
-subject
-privilege
-uuid
- if known or null- Throws:
IllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be granted.- Since:
- 1.2.1
- See Also:
-
edu.internet2.middleware.grouper.privs.NamingAdapter#grantPriv(GrouperSession, Stem, Subject, Privilege)
-
hasPrivilege
boolean hasPrivilege(Stem stem, Subject subject, Privilege privilege) throws IllegalArgumentException Check whether subject has privilege on group.- Parameters:
stem
-subject
-privilege
-- Returns:
- if has privilege
- Throws:
IllegalArgumentException
- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
revokePrivilege
void revokePrivilege(Stem stem, Privilege privilege) throws IllegalArgumentException, UnableToPerformException Revoke privilege from all subjects on group.- Parameters:
stem
-privilege
-- Throws:
IllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be revoked.- Since:
- 1.2.1
- See Also:
-
revokePrivilege
void revokePrivilege(Stem stem, Subject subject, Privilege privilege) throws IllegalArgumentException, UnableToPerformException Revoke privilege from subject on group.- Parameters:
stem
-subject
-privilege
-- Throws:
IllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be revoked.- Since:
- 1.2.1
- See Also:
-
privilegeCopy
void privilegeCopy(Stem stem1, Stem stem2, Privilege priv) throws IllegalArgumentException, UnableToPerformException Copies privileges for subjects that have the specified privilege on stem1 to stem2.- Parameters:
stem1
-stem2
-priv
-- Throws:
IllegalArgumentException
UnableToPerformException
-
privilegeCopy
void privilegeCopy(Subject subj1, Subject subj2, Privilege priv) throws IllegalArgumentException, UnableToPerformException Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. For instance, if subj1 has STEM privilege to Stem x, this method will result with subj2 having STEM privilege to Stem x.- Parameters:
subj1
-subj2
-priv
-- Throws:
IllegalArgumentException
UnableToPerformException
-
getGrouperSession
GrouperSession getGrouperSession()get a reference to the session- Returns:
- the session
-
hqlFilterStemsWhereClause
boolean hqlFilterStemsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Set<Privilege> privInSet) for a stem query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like). Note, this joins to tables, so the queries should probably be "distinct"- Parameters:
subject
- which needs view access to the groupshql
- is the select and part part (hql prefix)hqlQuery
-stemColumn
- is the name of the stem column to join toprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter- Returns:
- if the query was changed
-
postHqlFilterStems
after HQL is run, filter stems. If you are filtering in HQL, then dont filter here- Parameters:
stems
-subject
- which needs view access to the groupsprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in NamingPrivilege- Returns:
- the set of filtered groups
-
revokeAllPrivilegesForSubject
Revoke all naming privileges that this subject has.- Parameters:
subject
-
-
hqlFilterStemsNotWithPrivWhereClause
boolean hqlFilterStemsNotWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Privilege privilege, boolean considerAllSubject) for a stem query, check to make sure the subject doesnt have privs- Parameters:
subject
- which needs view access to the groupshqlQuery
-hql
- the select and current from partstemColumn
- is the name of the group column to join toprivilege
- find a privilege which is in this set (e.g. stem or create)considerAllSubject
- if true, then consider GrouperAll when seeign if subject has priv, else do not- Returns:
- if the statement was changed
-
hqlFilterStemsWithPrivWhereClause
boolean hqlFilterStemsWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Privilege privilege, boolean considerAllSubject) for a stem query, check to make sure the subject has privs- Parameters:
subject
- which needs view access to the groupshqlQuery
-hql
- the select and current from partstemColumn
- is the name of the group column to join toprivilege
- find a privilege which is in this set (e.g. stem or create)considerAllSubject
- if true, then consider GrouperAll when seeign if subject has priv, else do not- Returns:
- if the statement was changed
-