Class ValidatingAccessResolver
java.lang.Object
edu.internet2.middleware.grouper.privs.AccessResolverDecorator
edu.internet2.middleware.grouper.privs.ValidatingAccessResolver
- All Implemented Interfaces:
AccessResolver
Decorator that provides parameter validation for
AccessResolver
.
- Since:
- 1.2.1
- Version:
- $Id: ValidatingAccessResolver.java,v 1.13 2009-09-21 06:14:26 mchyzer Exp $
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
flush cache if caching resolvergetGroupsWhereSubjectDoesntHavePrivilege
(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) find the groups which do not have a certain privilegegetGroupsWhereSubjectHasPrivilege
(Subject subject, Privilege privilege) Get all groups where subject has privilege.getPrivileges
(Group group, Subject subject) Get all privileges subject has on group.getStemsWhereGroupThatSubjectHasPrivilege
(Subject subject, Privilege privilege) Get all stems which have groups where subject has privilege.getSubjectsWithPrivilege
(Group group, Privilege privilege) Get all subjects with privilege on group.void
grantPrivilege
(Group group, Subject subject, Privilege privilege, String uuid) Grant privilege to subject on group.boolean
hasPrivilege
(Group group, Subject subject, Privilege privilege) Check whether subject has privilege on group.boolean
hqlFilterGroupsNotWithPrivWhereClause
(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) for a group query, check to make sure the subject cant see the recordsboolean
hqlFilterGroupsWhereClause
(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like)after HQL is run, filter groups.postHqlFilterMemberships
(Subject subject, Set<Membership> memberships) filter memberships for things the subject can seeafter HQL is run, filter stems that have groups with privs.void
privilegeCopy
(Group g1, Group g2, Privilege priv) Copies privileges for subjects that have the specified privilege on g1 to g2.void
privilegeCopy
(Subject subj1, Subject subj2, Privilege priv) Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.retrievePrivileges
(Group group, Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, Set<Member> additionalMembers) get a list of privilege subjects, there are no results with the same subjectvoid
revokeAllPrivilegesForSubject
(Subject subject) Revoke all access privileges that this subject has.void
revokePrivilege
(Group group, Privilege privilege) Revoke privilege from all subjects on group.void
revokePrivilege
(Group group, Subject subject, Privilege privilege) Revoke privilege from subject on group.Methods inherited from class edu.internet2.middleware.grouper.privs.AccessResolverDecorator
getDecoratedResolver, getGrouperSession, getGroupsWhereSubjectDoesHavePrivilege, hqlFilterGroupsWithPrivWhereClause, stop
-
Constructor Details
-
ValidatingAccessResolver
- Parameters:
resolver
-- Since:
- 1.2.1
-
-
Method Details
-
flushCache
public void flushCache()Description copied from interface:AccessResolver
flush cache if caching resolver- Specified by:
flushCache
in interfaceAccessResolver
- Overrides:
flushCache
in classAccessResolverDecorator
- See Also:
-
getGroupsWhereSubjectHasPrivilege
public Set<Group> getGroupsWhereSubjectHasPrivilege(Subject subject, Privilege privilege) throws IllegalArgumentException Description copied from interface:AccessResolver
Get all groups where subject has privilege.- Specified by:
getGroupsWhereSubjectHasPrivilege
in interfaceAccessResolver
- Overrides:
getGroupsWhereSubjectHasPrivilege
in classAccessResolverDecorator
- Returns:
- the set
- Throws:
IllegalArgumentException
- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
getGroupsWhereSubjectDoesntHavePrivilege
public Set<Group> getGroupsWhereSubjectDoesntHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString) throws IllegalArgumentException Description copied from interface:AccessResolver
find the groups which do not have a certain privilege- Specified by:
getGroupsWhereSubjectDoesntHavePrivilege
in interfaceAccessResolver
- Overrides:
getGroupsWhereSubjectDoesntHavePrivilege
in classAccessResolverDecorator
- Returns:
- the groups
- Throws:
IllegalArgumentException
- See Also:
-
getStemsWhereGroupThatSubjectHasPrivilege
public Set<Stem> getStemsWhereGroupThatSubjectHasPrivilege(Subject subject, Privilege privilege) throws IllegalArgumentException Description copied from interface:AccessResolver
Get all stems which have groups where subject has privilege.- Specified by:
getStemsWhereGroupThatSubjectHasPrivilege
in interfaceAccessResolver
- Overrides:
getStemsWhereGroupThatSubjectHasPrivilege
in classAccessResolverDecorator
- Returns:
- the set
- Throws:
IllegalArgumentException
- if any parameter is null.- See Also:
-
getPrivileges
public Set<AccessPrivilege> getPrivileges(Group group, Subject subject) throws IllegalArgumentException Description copied from interface:AccessResolver
Get all privileges subject has on group.- Specified by:
getPrivileges
in interfaceAccessResolver
- Overrides:
getPrivileges
in classAccessResolverDecorator
- Returns:
- the set
- Throws:
IllegalArgumentException
- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
getSubjectsWithPrivilege
public Set<Subject> getSubjectsWithPrivilege(Group group, Privilege privilege) throws IllegalArgumentException Description copied from interface:AccessResolver
Get all subjects with privilege on group.- Specified by:
getSubjectsWithPrivilege
in interfaceAccessResolver
- Overrides:
getSubjectsWithPrivilege
in classAccessResolverDecorator
- Returns:
- the set
- Throws:
IllegalArgumentException
- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
grantPrivilege
public void grantPrivilege(Group group, Subject subject, Privilege privilege, String uuid) throws IllegalArgumentException, UnableToPerformException Description copied from interface:AccessResolver
Grant privilege to subject on group.- Specified by:
grantPrivilege
in interfaceAccessResolver
- Overrides:
grantPrivilege
in classAccessResolverDecorator
uuid
- send uuid if known, else null- Throws:
IllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be granted.- Since:
- 1.2.1
- See Also:
-
hasPrivilege
public boolean hasPrivilege(Group group, Subject subject, Privilege privilege) throws IllegalArgumentException Description copied from interface:AccessResolver
Check whether subject has privilege on group.- Specified by:
hasPrivilege
in interfaceAccessResolver
- Overrides:
hasPrivilege
in classAccessResolverDecorator
- Returns:
- boolean
- Throws:
IllegalArgumentException
- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
revokePrivilege
public void revokePrivilege(Group group, Privilege privilege) throws IllegalArgumentException, UnableToPerformException Description copied from interface:AccessResolver
Revoke privilege from all subjects on group.- Specified by:
revokePrivilege
in interfaceAccessResolver
- Overrides:
revokePrivilege
in classAccessResolverDecorator
- Throws:
IllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be revoked.- Since:
- 1.2.1
- See Also:
-
postHqlFilterGroups
Description copied from interface:AccessResolver
after HQL is run, filter groups. If you are filtering in HQL, then dont filter here- Specified by:
postHqlFilterGroups
in interfaceAccessResolver
- Overrides:
postHqlFilterGroups
in classAccessResolverDecorator
subject
- which needs view access to the groupsprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter- Returns:
- the set of filtered groups
- See Also:
-
postHqlFilterStemsWithGroups
public Set<Stem> postHqlFilterStemsWithGroups(Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet) Description copied from interface:AccessResolver
after HQL is run, filter stems that have groups with privs. If you are filtering HQL, then dont filter here.- Specified by:
postHqlFilterStemsWithGroups
in interfaceAccessResolver
- Overrides:
postHqlFilterStemsWithGroups
in classAccessResolverDecorator
- Returns:
- the set of filtered stems
- See Also:
-
revokePrivilege
public void revokePrivilege(Group group, Subject subject, Privilege privilege) throws IllegalArgumentException, UnableToPerformException Description copied from interface:AccessResolver
Revoke privilege from subject on group.- Specified by:
revokePrivilege
in interfaceAccessResolver
- Overrides:
revokePrivilege
in classAccessResolverDecorator
- Throws:
IllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be revoked.- Since:
- 1.2.1
- See Also:
-
privilegeCopy
public void privilegeCopy(Group g1, Group g2, Privilege priv) throws IllegalArgumentException, UnableToPerformException Description copied from interface:AccessResolver
Copies privileges for subjects that have the specified privilege on g1 to g2.- Specified by:
privilegeCopy
in interfaceAccessResolver
- Overrides:
privilegeCopy
in classAccessResolverDecorator
- Throws:
IllegalArgumentException
UnableToPerformException
- See Also:
-
privilegeCopy
public void privilegeCopy(Subject subj1, Subject subj2, Privilege priv) throws IllegalArgumentException, UnableToPerformException Description copied from interface:AccessResolver
Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. For instance, if subj1 has ADMIN privilege to Group x, this method will result with subj2 having ADMIN privilege to Group x.- Specified by:
privilegeCopy
in interfaceAccessResolver
- Overrides:
privilegeCopy
in classAccessResolverDecorator
- Throws:
IllegalArgumentException
UnableToPerformException
- See Also:
-
hqlFilterGroupsWhereClause
public boolean hqlFilterGroupsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) Description copied from interface:AccessResolver
for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like)- Specified by:
hqlFilterGroupsWhereClause
in interfaceAccessResolver
- Overrides:
hqlFilterGroupsWhereClause
in classAccessResolverDecorator
- Parameters:
subject
- which needs view access to the groupshql
- the select and current from partgroupColumn
- is the name of the group column to join toprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs)- Returns:
- if the statement was changed
- See Also:
-
hqlFilterGroupsNotWithPrivWhereClause
public boolean hqlFilterGroupsNotWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject) Description copied from interface:AccessResolver
for a group query, check to make sure the subject cant see the records- Specified by:
hqlFilterGroupsNotWithPrivWhereClause
in interfaceAccessResolver
- Overrides:
hqlFilterGroupsNotWithPrivWhereClause
in classAccessResolverDecorator
- Parameters:
subject
- which needs view access to the groupshql
- the select and current from partgroupColumn
- is the name of the group column to join toprivilege
- find a privilege which is in this set (e.g. for view, send all access privs)considerAllSubject
- if true, then consider GrouperAll when seeign if subject has priv, else do not- Returns:
- if the statement was changed
- See Also:
-
edu.internet2.middleware.grouper.privs.AccessResolver#hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, String, Privilege, boolean)
-
postHqlFilterMemberships
Description copied from interface:AccessResolver
filter memberships for things the subject can see- Specified by:
postHqlFilterMemberships
in interfaceAccessResolver
- Overrides:
postHqlFilterMemberships
in classAccessResolverDecorator
- Returns:
- the memberships
- See Also:
-
revokeAllPrivilegesForSubject
Description copied from interface:AccessResolver
Revoke all access privileges that this subject has.- Specified by:
revokeAllPrivilegesForSubject
in interfaceAccessResolver
- Overrides:
revokeAllPrivilegesForSubject
in classAccessResolverDecorator
- See Also:
-
retrievePrivileges
public Set<PrivilegeSubjectContainer> retrievePrivileges(Group group, Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, Set<Member> additionalMembers) Description copied from interface:AccessResolver
get a list of privilege subjects, there are no results with the same subject- Specified by:
retrievePrivileges
in interfaceAccessResolver
- Overrides:
retrievePrivileges
in classAccessResolverDecorator
- Parameters:
group
- to search onprivileges
- if blank, get allmembershipType
- if immediate, effective, or blank for allqueryPaging
- if a certain page should be returned, based on subjectadditionalMembers
- additional members to query that the user is finding or adding- Returns:
- the privilege subject combinations
- See Also:
-