Package edu.internet2.middleware.grouper.privs

Class PrivilegeHelper

java.lang.Object
edu.internet2.middleware.grouper.privs.PrivilegeHelper
public class PrivilegeHelper extends Object
Privilege helper class.

TODO 20070823 Relocate these methods once I figure out the best home for them.

Since:
1.2.1
Version:
$Id: PrivilegeHelper.java,v 1.12 2009-09-28 05:06:46 mchyzer Exp $

  • Constructor Details

    • PrivilegeHelper

      public PrivilegeHelper()

  • Method Details

    • main

      public static void main(String[] args)

    • fieldIdsFromPrivileges

      public static Collection<String> fieldIdsFromPrivileges(Collection<Privilege> privileges)
      convert a collection of privileges to a collection of fieldIds
      Parameters:
      privileges -
      Returns:
      the field

    • hasImmediatePrivilege

      public static boolean hasImmediatePrivilege(Group group, Subject subject, Privilege privilege)
      see if a group has an immediate privilege
      Parameters:
      group -
      subject -
      privilege -
      Returns:
      true if has immediate privilege, false if not

    • flushCache

      public static void flushCache()
      flush all privilege caches

    • resolveSubjects

      public static void resolveSubjects(Collection<GrouperPrivilege> grouperPrivileges, boolean resolveAllAlways)
      resolve subjects in one batch
      Parameters:
      grouperPrivileges -
      resolveAllAlways - true to always resolve all no matter how many, false if there are more than 2000 or however many (e.g. for UI)

    • canAdmin

      public static boolean canAdmin(GrouperSession s, Group g, Subject subj)
      Parameters:
      s -
      g -
      subj -
      Returns:
      admin
      Since:
      1.2.1

    • canAttrAdmin

      public static boolean canAttrAdmin(GrouperSession s, AttributeDef attributeDef, Subject subj)
      Parameters:
      s -
      attributeDef -
      subj -
      Returns:
      admin

    • canAttrRead

      public static boolean canAttrRead(GrouperSession s, AttributeDef attributeDef, Subject subj)
      Parameters:
      s -
      attributeDef -
      subj -
      Returns:
      admin

    • canAttrView

      public static boolean canAttrView(GrouperSession s, AttributeDef attributeDef, Subject subj)
      Parameters:
      s -
      attributeDef -
      subj -
      Returns:
      admin

    • canGroupAttrRead

      public static boolean canGroupAttrRead(GrouperSession s, Group group, Subject subj)
      Parameters:
      s -
      group -
      subj -
      Returns:
      true if allowed

    • canGroupAttrUpdate

      public static boolean canGroupAttrUpdate(GrouperSession s, Group group, Subject subj)
      Parameters:
      s -
      group -
      subj -
      Returns:
      true if allowed

    • canAttrDefAttrRead

      public static boolean canAttrDefAttrRead(GrouperSession s, AttributeDef attributeDef, Subject subj)
      Parameters:
      s -
      attributeDef -
      subj -
      Returns:
      true if allowed

    • canAttrDefAttrUpdate

      public static boolean canAttrDefAttrUpdate(GrouperSession s, AttributeDef attributeDef, Subject subj)
      Parameters:
      s -
      attributeDef -
      subj -
      Returns:
      true if allowed

    • canStemAttrRead

      public static boolean canStemAttrRead(GrouperSession s, Stem stem, Subject subj)
      Parameters:
      s -
      stem -
      subj -
      Returns:
      true if allowed

    • canStemView

      public static boolean canStemView(GrouperSession s, Stem stem, Subject subj)
      Parameters:
      s -
      stem -
      subj -
      Returns:
      true if allowed

    • canStemAttrUpdate

      public static boolean canStemAttrUpdate(GrouperSession s, Stem stem, Subject subj)
      Parameters:
      s -
      stem -
      subj -
      Returns:
      true if allowed

    • canAttrUpdate

      public static boolean canAttrUpdate(GrouperSession s, AttributeDef attributeDef, Subject subj)
      Parameters:
      s -
      attributeDef -
      subj -
      Returns:
      admin

    • canAttrOptin

      public static boolean canAttrOptin(GrouperSession s, AttributeDef attributeDef, Subject subj)
      Parameters:
      s -
      attributeDef -
      subj -
      Returns:
      admin

    • canAttrOptout

      public static boolean canAttrOptout(GrouperSession s, AttributeDef attributeDef, Subject subj)
      Parameters:
      s -
      attributeDef -
      subj -
      Returns:
      admin

    • canCreate

      public static boolean canCreate(GrouperSession s, Stem ns, Subject subj)
      TODO 20070823 find a real home for this and/or add tests
      Parameters:
      s -
      ns -
      subj -
      Returns:
      can create
      Since:
      1.2.1

    • canOptin

      public static boolean canOptin(GrouperSession s, Group g, Subject subj)
      TODO 20070823 find a real home for this and/or add tests
      Parameters:
      s -
      g -
      subj -
      Returns:
      can
      Since:
      1.2.1

    • hasPrivilege

      public static boolean hasPrivilege(GrouperSession s, Stem stem, Subject subj, Set<Privilege> privInSet)
      Parameters:
      s -
      stem -
      subj -
      privInSet -
      Returns:
      if has privilege

    • hasPrivilege

      public static boolean hasPrivilege(GrouperSession s, Group g, Subject subj, Set<Privilege> privInSet)
      Parameters:
      s -
      g -
      subj -
      privInSet -
      Returns:
      if has privilege

    • canOptout

      public static boolean canOptout(GrouperSession s, Group g, Subject subj)
      TODO 20070823 find a real home for this and/or add tests
      Parameters:
      s -
      g -
      subj -
      Returns:
      can optout
      Since:
      1.2.1

    • canRead

      public static boolean canRead(GrouperSession s, Group g, Subject subj)
      TODO 20070823 find a real home for this and/or add tests
      Parameters:
      s -
      g -
      subj -
      Returns:
      can read
      Since:
      1.2.1

    • canStem

      public static boolean canStem(Stem ns, Subject subj)
      TODO 20070823 find a real home for this and/or add tests
      Parameters:
      ns -
      subj -
      Returns:
      can stem
      Since:
      1.2.1

    • canStemAdmin

      public static boolean canStemAdmin(Stem ns, Subject subj)
      Parameters:
      ns -
      subj -
      Returns:
      can stem admin

    • canStem

      public static boolean canStem(GrouperSession s, Stem ns, Subject subj)
      TODO 20070823 find a real home for this and/or add tests
      Parameters:
      s -
      ns -
      subj -
      Returns:
      can stem
      Since:
      1.2.1

    • canStemAdmin

      public static boolean canStemAdmin(GrouperSession s, Stem ns, Subject subj)
      Parameters:
      s -
      ns -
      subj -
      Returns:
      can stem admin

    • canUpdate

      public static boolean canUpdate(GrouperSession s, Group g, Subject subj)
      TODO 20070823 find a real home for this and/or add tests
      Parameters:
      s -
      g -
      subj -
      Returns:
      can update
      Since:
      1.2.1

    • canView

      public static boolean canView(GrouperSession s, Group g, Subject subj)
      TODO 20070823 find a real home for this and/or add tests
      Parameters:
      s -
      g -
      subj -
      Returns:
      can view
      Since:
      1.2.1

    • canViewGroups

      public static Set canViewGroups(GrouperSession s, Set candidates)
      TODO 20070823 find a real home for this and/or add tests
      Parameters:
      s -
      candidates -
      Returns:
      can view
      Since:
      1.2.1

    • canViewMembership

      public static boolean canViewMembership(GrouperSession grouperSession, Membership membership)
      Parameters:
      grouperSession -
      membership -
      Returns:
      true if ok, false if not

    • canViewMemberships

      public static Set<Membership> canViewMemberships(GrouperSession grouperSession, Collection<Membership> inputMemberships)
      Parameters:
      grouperSession -
      inputMemberships -
      Returns:
      filtered memberships

    • canViewMembers

      public static boolean canViewMembers(GrouperSession grouperSession, Group group, Field field)
      Parameters:
      grouperSession -
      group -
      field -
      Returns:
      true or false

    • dispatch

      public static void dispatch(GrouperSession s, Group g, Subject subj, Privilege priv) throws InsufficientPrivilegeException, SchemaException
      TODO 20070823 find a real home for this and/or add tests
      Parameters:
      s -
      g -
      subj -
      priv -
      Throws:
      InsufficientPrivilegeException
      SchemaException

    • dispatch

      public static void dispatch(GrouperSession s, Stem ns, Subject subj, Privilege priv) throws InsufficientPrivilegeException, SchemaException
      TODO 20070823 find a real home for this and/or add tests
      Parameters:
      s -
      ns -
      subj -
      priv -
      Throws:
      InsufficientPrivilegeException
      SchemaException

    • dispatch

      public static void dispatch(GrouperSession s, AttributeDef attributeDef, Subject subj, Privilege priv) throws InsufficientPrivilegeException, SchemaException
      TODO 20070823 find a real home for this and/or add tests
      Parameters:
      s -
      attributeDef -
      subj -
      priv -
      Throws:
      InsufficientPrivilegeException
      SchemaException

    • getAccessPrivileges

      public static Privilege[] getAccessPrivileges(Privilege[] privileges)
      TODO 20070824 add tests
      Parameters:
      privileges -
      Returns:
      Given an array of privileges return an array of access privileges.
      Since:
      1.2.1

    • getAttributeDefPrivileges

      public static Privilege[] getAttributeDefPrivileges(Privilege[] privileges)
      TODO 20070824 add tests
      Parameters:
      privileges -
      Returns:
      Given an array of privileges return an array of access privileges.
      Since:
      1.2.1

    • getNamingPrivileges

      public static Privilege[] getNamingPrivileges(Privilege[] privileges)
      TODO 20070824 add tests
      Parameters:
      privileges -
      Returns:
      Given an array of privileges return an array of naming privileges.
      Since:
      1.2.1

    • isRoot

      public static boolean isRoot(GrouperSession s)
      TODO 20070823 find a real home for this and/or add tests
      Parameters:
      s -
      Returns:
      is root

    • isSystemSubject

      public static boolean isSystemSubject(Subject subject)
      see if system subject
      Parameters:
      subject -
      Returns:
      true if grouper system

    • isWheel

      public static boolean isWheel(GrouperSession s)
      TODO 20070823 find a real home for this and/or add tests
      Parameters:
      s -
      Returns:
      is wheel

    • isWheelOrRootOrViewonlyRoot

      public static boolean isWheelOrRootOrViewonlyRoot(Subject subject)
      see if a subject is wheel or root or viewonly root (or readonly)
      Parameters:
      subject -
      Returns:
      true or false

    • isWheelOrRootOrReadonlyRoot

      public static boolean isWheelOrRootOrReadonlyRoot(Subject subject)
      see if a subject is wheel or root or readonly root
      Parameters:
      subject -
      Returns:
      true or false

    • wheelMemberCacheClear

      public static void wheelMemberCacheClear()
      clear cache on this jvm when adjusting wheel members

    • isWheelOrRoot

      public static boolean isWheelOrRoot(Subject subject)
      see if a subject is wheel or root
      Parameters:
      subject -
      Returns:
      true or false

    • canMoveStems

      public static boolean canMoveStems(Subject subject)
      Is this user allowed to move stems?
      Parameters:
      subject -
      Returns:
      boolean

    • canCopyStems

      public static boolean canCopyStems(Subject subject)
      Is this user allowed to copy stems?
      Parameters:
      subject -
      Returns:
      boolean

    • canRenameStems

      public static boolean canRenameStems(Subject subject)
      Is this user allowed to rename stems?
      Parameters:
      subject -
      Returns:
      boolean

    • hasPrivilege

      public static boolean hasPrivilege(GrouperSession s, AttributeDef attributeDef, Subject subj, Set<Privilege> privInSet)
      Parameters:
      s -
      attributeDef -
      subj -
      privInSet -
      Returns:
      if has privilege

    • canViewAttributeDefs

      public static Set<AttributeDef> canViewAttributeDefs(GrouperSession s, Collection<AttributeDef> inputAttributeDefs)
      TODO 20070823 find a real home for this and/or add tests
      Parameters:
      s -
      inputAttributeDefs -
      Returns:
      filtered attributeDefs

    • canViewAttributeAssign

      public static boolean canViewAttributeAssign(GrouperSession grouperSession, AttributeAssign attributeAssign, boolean checkUnderlyingIfAssignmentOnAssignment)
      see if the attribute assigns are viewable
      Parameters:
      grouperSession -
      attributeAssign -
      checkUnderlyingIfAssignmentOnAssignment - if deep security check should take place on underlying assignments
      Returns:
      filtered memberships

    • canViewAttributeAssigns

      public static Set<AttributeAssign> canViewAttributeAssigns(GrouperSession grouperSession, Collection<AttributeAssign> inputAttributeAssigns, boolean checkUnderlyingIfAssignmentOnAssignment)
      see if the attribute assigns are viewable
      Parameters:
      grouperSession -
      inputAttributeAssigns -
      checkUnderlyingIfAssignmentOnAssignment - if deep security check should take place on underlying assignments
      Returns:
      filtered memberships

    • canViewPermissions

      public static Set<PermissionEntry> canViewPermissions(GrouperSession grouperSession, Collection<PermissionEntry> inputPermissionEntries)
      see if the attribute assigns are viewable
      Parameters:
      grouperSession -
      inputPermissionEntries -
      Returns:
      filtered memberships

    • canViewPITAttributeAssigns

      public static Set<PITAttributeAssign> canViewPITAttributeAssigns(GrouperSession grouperSession, Collection<PITAttributeAssign> inputPITAttributeAssigns, boolean checkUnderlyingIfAssignmentOnAssignment)
      see if the pit attribute assigns are viewable
      Parameters:
      grouperSession -
      inputPITAttributeAssigns -
      checkUnderlyingIfAssignmentOnAssignment - if deep security check should take place on underlying assignments
      Returns:
      filtered pit attribute assignments

    • hasImmediatePrivilege

      public static boolean hasImmediatePrivilege(Stem stem, Subject subject, Privilege privilege)
      see if a stem has an immediate privilege
      Parameters:
      stem -
      subject -
      privilege -
      Returns:
      true if has immediate privilege, false if not

    • hasImmediatePrivilege

      public static boolean hasImmediatePrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege)
      see if an attributeDef has an immediate privilege
      Parameters:
      attributeDef -
      subject -
      privilege -
      Returns:
      true if has immediate privilege, false if not