Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.grouper.privs
Class WheelNamingResolver

java.lang.Object
  extended by edu.internet2.middleware.grouper.privs.NamingResolverDecorator
      extended by edu.internet2.middleware.grouper.privs.WheelNamingResolver
All Implemented Interfaces:
NamingResolver
public class WheelNamingResolver
extends NamingResolverDecorator

Decorator that provides Wheel privilege resolution for NamingResolver.

Since:
1.2.1
Version:
$Id: WheelNamingResolver.java,v 1.20 2009/09/21 06:14:26 mchyzer Exp $
Author:
blair christensen.

Field Summary
static String CACHE_IS_WHEEL_MEMBER
          2007-11-02 Gary Brown Provide cache for wheel group members Profiling showed lots of time rechecking memberships
 
Constructor Summary
WheelNamingResolver(NamingResolver resolver)
           
 
Method Summary
 boolean hasPrivilege(Stem stem, edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          Check whether subject has privilege on group.
 boolean hqlFilterStemsWhereClause(edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, StringBuilder hql, String stemColumn, Set<Privilege> privInSet)
          for a stem query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).
 Set<Stem> postHqlFilterStems(Set<Stem> stems, edu.internet2.middleware.subject.Subject subject, Set<Privilege> privInSet)
          after HQL is run, filter stems.
 
Methods inherited from class edu.internet2.middleware.grouper.privs.NamingResolverDecorator
getDecoratedResolver, getGrouperSession, getPrivileges, getStemsWhereSubjectHasPrivilege, getSubjectsWithPrivilege, grantPrivilege, privilegeCopy, privilegeCopy, revokeAllPrivilegesForSubject, revokePrivilege, revokePrivilege, stop
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CACHE_IS_WHEEL_MEMBER

public static final String CACHE_IS_WHEEL_MEMBER
2007-11-02 Gary Brown Provide cache for wheel group members Profiling showed lots of time rechecking memberships

Constructor Detail

WheelNamingResolver

public WheelNamingResolver(NamingResolver resolver)
Parameters:
resolver -
Since:
1.2.1
Method Detail

hasPrivilege

public boolean hasPrivilege(Stem stem,
                            edu.internet2.middleware.subject.Subject subject,
                            Privilege privilege)
                     throws IllegalArgumentException
Description copied from interface: NamingResolver
Check whether subject has privilege on group.

Specified by:
hasPrivilege in interface NamingResolver
Overrides:
hasPrivilege in class NamingResolverDecorator
Returns:
if has privilege
Throws:
IllegalArgumentException - if any parameter is null.
Since:
1.2.1
See Also:
NamingResolver.hasPrivilege(Stem, Subject, Privilege)

hqlFilterStemsWhereClause

public boolean hqlFilterStemsWhereClause(edu.internet2.middleware.subject.Subject subject,
                                         HqlQuery hqlQuery,
                                         StringBuilder hql,
                                         String stemColumn,
                                         Set<Privilege> privInSet)
Description copied from interface: NamingResolver
for a stem query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like). Note, this joins to tables, so the queries should probably be "distinct"

Specified by:
hqlFilterStemsWhereClause in interface NamingResolver
Overrides:
hqlFilterStemsWhereClause in class NamingResolverDecorator
Parameters:
subject - which needs view access to the groups
hql - is the select and part part (hql prefix)
stemColumn - is the name of the stem column to join to
privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter
Returns:
if the query was changed
See Also:
NamingResolver.hqlFilterStemsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, java.util.Set)

postHqlFilterStems

public Set<Stem> postHqlFilterStems(Set<Stem> stems,
                                    edu.internet2.middleware.subject.Subject subject,
                                    Set<Privilege> privInSet)
Description copied from interface: NamingResolver
after HQL is run, filter stems. If you are filtering in HQL, then dont filter here

Specified by:
postHqlFilterStems in interface NamingResolver
Overrides:
postHqlFilterStems in class NamingResolverDecorator
subject - which needs view access to the groups
privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in NamingPrivilege
Returns:
the set of filtered groups
See Also:
NamingResolver.postHqlFilterStems(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD