edu.internet2.middleware.grouper.ui
Class UiPermissions
java.lang.Object
edu.internet2.middleware.grouper.ui.UiPermissions
- All Implemented Interfaces:
- Serializable
public class UiPermissions
- extends Object
- implements Serializable
New in 1.2.1, a general means of specifying UI privileges. Initially implemented to allow
selection of menu items, but hopefully will have wider application. Configured through
resources/grouper/ui-permissions.xml (if present)
<ui-permissions>
<virtual-groups>
<virtual-group name="HighlyPrivileged">
<group name="qsuob:admins"/>
</virtual-group>
</virtual-groups>
<permissions>
<permission can="view" target="ManageGroups" if-member-of="HighlyPrivileged"
is="false"/>
</permissions>
</ui-permissions>
if-member-of can be an actual group name. If using virtual groups, if-member-of evaluates to true
if the current Subject is a member of any of the nested groups. In the example shown, members of qsuob:admins
do not get the Manage Groups menu item. Manage Groups does not currently scale well for a Subject
who has privileges over thousands of groups.
NB. The format above is illustrative. In the case shown it is not necessary to use a virtual group.
The following would have worked just as well:
<ui-permissions>
<permissions>
<permission can="view" target="ManageGroups" if-member-of="qsuob:admins"
is="false"/>
</permissions>
</ui-permissions>
- Version:
- $Id: UiPermissions.java,v 1.4 2009-08-12 04:52:14 mchyzer Exp $
- Author:
- Gary Brown.
- See Also:
- Serialized Form
UiPermissions
public UiPermissions(GrouperSession s,
Document doc)
can
public boolean can(Subject subj,
String target,
String action)
- Parameters:
subj
- target
- action
-
- Returns:
- whether the subject can carry out the specified action on the specified target