Class WheelAccessResolver
java.lang.Object
edu.internet2.middleware.grouper.privs.AccessResolverDecorator
edu.internet2.middleware.grouper.privs.WheelAccessResolver
- All Implemented Interfaces:
AccessResolver
Decorator that provides Wheel privilege resolution for
AccessResolver.
- Since:
- 1.2.1
- Version:
- $Id: WheelAccessResolver.java,v 1.26 2009-09-21 06:14:26 mchyzer Exp $
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidflush cache if caching resolvergetPrivileges(Group group, Subject subject) Get all privileges subject has on group.booleanhasPrivilege(Group group, Subject subject, Privilege privilege) Check whether subject has privilege on group.booleanhqlFilterGroupsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like)after HQL is run, filter groups.postHqlFilterMemberships(Subject subject, Set<Membership> memberships) filter memberships for things the subject can seeafter HQL is run, filter stems that have groups with privs.voidstop()clean up resources, session is stoppedMethods inherited from class edu.internet2.middleware.grouper.privs.AccessResolverDecorator
getDecoratedResolver, getGrouperSession, getGroupsWhereSubjectDoesHavePrivilege, getGroupsWhereSubjectDoesntHavePrivilege, getGroupsWhereSubjectHasPrivilege, getStemsWhereGroupThatSubjectHasPrivilege, getSubjectsWithPrivilege, grantPrivilege, hqlFilterGroupsNotWithPrivWhereClause, hqlFilterGroupsWithPrivWhereClause, privilegeCopy, privilegeCopy, retrievePrivileges, revokeAllPrivilegesForSubject, revokePrivilege, revokePrivilege
-
Constructor Details
-
WheelAccessResolver
- Parameters:
resolver- resolver- Since:
- 1.2.1
-
-
Method Details
-
stop
public void stop()Description copied from interface:AccessResolverclean up resources, session is stopped- Specified by:
stopin interfaceAccessResolver- Overrides:
stopin classAccessResolverDecorator- See Also:
-
getPrivileges
public Set<AccessPrivilege> getPrivileges(Group group, Subject subject) throws IllegalArgumentException Description copied from interface:AccessResolverGet all privileges subject has on group.- Specified by:
getPrivilegesin interfaceAccessResolver- Overrides:
getPrivilegesin classAccessResolverDecorator- Returns:
- the set
- Throws:
IllegalArgumentException- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
hasPrivilege
public boolean hasPrivilege(Group group, Subject subject, Privilege privilege) throws IllegalArgumentException Description copied from interface:AccessResolverCheck whether subject has privilege on group.- Specified by:
hasPrivilegein interfaceAccessResolver- Overrides:
hasPrivilegein classAccessResolverDecorator- Returns:
- boolean
- Throws:
IllegalArgumentException- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
flushCache
public void flushCache()Description copied from interface:AccessResolverflush cache if caching resolver- Specified by:
flushCachein interfaceAccessResolver- Overrides:
flushCachein classAccessResolverDecorator- See Also:
-
postHqlFilterGroups
Description copied from interface:AccessResolverafter HQL is run, filter groups. If you are filtering in HQL, then dont filter here- Specified by:
postHqlFilterGroupsin interfaceAccessResolver- Overrides:
postHqlFilterGroupsin classAccessResolverDecoratorsubject- which needs view access to the groupsprivInSet- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter- Returns:
- the set of filtered groups
- See Also:
-
postHqlFilterStemsWithGroups
public Set<Stem> postHqlFilterStemsWithGroups(Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet) Description copied from interface:AccessResolverafter HQL is run, filter stems that have groups with privs. If you are filtering HQL, then dont filter here.- Specified by:
postHqlFilterStemsWithGroupsin interfaceAccessResolver- Overrides:
postHqlFilterStemsWithGroupsin classAccessResolverDecorator- Returns:
- the set of filtered stems
- See Also:
-
hqlFilterGroupsWhereClause
public boolean hqlFilterGroupsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) Description copied from interface:AccessResolverfor a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like)- Specified by:
hqlFilterGroupsWhereClausein interfaceAccessResolver- Overrides:
hqlFilterGroupsWhereClausein classAccessResolverDecorator- Parameters:
subject- which needs view access to the groupshql- the select and current from partgroupColumn- is the name of the group column to join toprivInSet- find a privilege which is in this set (e.g. for view, send all access privs)- Returns:
- if the statement was changed
- See Also:
-
postHqlFilterMemberships
Description copied from interface:AccessResolverfilter memberships for things the subject can see- Specified by:
postHqlFilterMembershipsin interfaceAccessResolver- Overrides:
postHqlFilterMembershipsin classAccessResolverDecorator- Returns:
- the memberships
- See Also:
-