Class WheelAccessResolver
java.lang.Object
edu.internet2.middleware.grouper.privs.AccessResolverDecorator
edu.internet2.middleware.grouper.privs.WheelAccessResolver
- All Implemented Interfaces:
AccessResolver
Decorator that provides Wheel privilege resolution for
AccessResolver
.
- Since:
- 1.2.1
- Version:
- $Id: WheelAccessResolver.java,v 1.26 2009-09-21 06:14:26 mchyzer Exp $
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
flush cache if caching resolvergetPrivileges
(Group group, Subject subject) Get all privileges subject has on group.boolean
hasPrivilege
(Group group, Subject subject, Privilege privilege) Check whether subject has privilege on group.boolean
hqlFilterGroupsWhereClause
(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like)after HQL is run, filter groups.postHqlFilterMemberships
(Subject subject, Set<Membership> memberships) filter memberships for things the subject can seeafter HQL is run, filter stems that have groups with privs.void
stop()
clean up resources, session is stoppedMethods inherited from class edu.internet2.middleware.grouper.privs.AccessResolverDecorator
getDecoratedResolver, getGrouperSession, getGroupsWhereSubjectDoesHavePrivilege, getGroupsWhereSubjectDoesntHavePrivilege, getGroupsWhereSubjectHasPrivilege, getStemsWhereGroupThatSubjectHasPrivilege, getSubjectsWithPrivilege, grantPrivilege, hqlFilterGroupsNotWithPrivWhereClause, hqlFilterGroupsWithPrivWhereClause, privilegeCopy, privilegeCopy, retrievePrivileges, revokeAllPrivilegesForSubject, revokePrivilege, revokePrivilege
-
Constructor Details
-
WheelAccessResolver
- Parameters:
resolver
- resolver- Since:
- 1.2.1
-
-
Method Details
-
stop
public void stop()Description copied from interface:AccessResolver
clean up resources, session is stopped- Specified by:
stop
in interfaceAccessResolver
- Overrides:
stop
in classAccessResolverDecorator
- See Also:
-
getPrivileges
public Set<AccessPrivilege> getPrivileges(Group group, Subject subject) throws IllegalArgumentException Description copied from interface:AccessResolver
Get all privileges subject has on group.- Specified by:
getPrivileges
in interfaceAccessResolver
- Overrides:
getPrivileges
in classAccessResolverDecorator
- Returns:
- the set
- Throws:
IllegalArgumentException
- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
hasPrivilege
public boolean hasPrivilege(Group group, Subject subject, Privilege privilege) throws IllegalArgumentException Description copied from interface:AccessResolver
Check whether subject has privilege on group.- Specified by:
hasPrivilege
in interfaceAccessResolver
- Overrides:
hasPrivilege
in classAccessResolverDecorator
- Returns:
- boolean
- Throws:
IllegalArgumentException
- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
flushCache
public void flushCache()Description copied from interface:AccessResolver
flush cache if caching resolver- Specified by:
flushCache
in interfaceAccessResolver
- Overrides:
flushCache
in classAccessResolverDecorator
- See Also:
-
postHqlFilterGroups
Description copied from interface:AccessResolver
after HQL is run, filter groups. If you are filtering in HQL, then dont filter here- Specified by:
postHqlFilterGroups
in interfaceAccessResolver
- Overrides:
postHqlFilterGroups
in classAccessResolverDecorator
subject
- which needs view access to the groupsprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter- Returns:
- the set of filtered groups
- See Also:
-
postHqlFilterStemsWithGroups
public Set<Stem> postHqlFilterStemsWithGroups(Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet) Description copied from interface:AccessResolver
after HQL is run, filter stems that have groups with privs. If you are filtering HQL, then dont filter here.- Specified by:
postHqlFilterStemsWithGroups
in interfaceAccessResolver
- Overrides:
postHqlFilterStemsWithGroups
in classAccessResolverDecorator
- Returns:
- the set of filtered stems
- See Also:
-
hqlFilterGroupsWhereClause
public boolean hqlFilterGroupsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) Description copied from interface:AccessResolver
for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like)- Specified by:
hqlFilterGroupsWhereClause
in interfaceAccessResolver
- Overrides:
hqlFilterGroupsWhereClause
in classAccessResolverDecorator
- Parameters:
subject
- which needs view access to the groupshql
- the select and current from partgroupColumn
- is the name of the group column to join toprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs)- Returns:
- if the statement was changed
- See Also:
-
postHqlFilterMemberships
Description copied from interface:AccessResolver
filter memberships for things the subject can see- Specified by:
postHqlFilterMemberships
in interfaceAccessResolver
- Overrides:
postHqlFilterMemberships
in classAccessResolverDecorator
- Returns:
- the memberships
- See Also:
-