edu.internet2.middleware.grouper.ui
Class UiPermissions

java.lang.Object
  extended by edu.internet2.middleware.grouper.ui.UiPermissions
All Implemented Interfaces:
Serializable

public class UiPermissions
extends Object
implements Serializable

New in 1.2.1, a general means of specifying UI privileges. Initially implemented to allow selection of menu items, but hopefully will have wider application. Configured through resources/grouper/ui-permissions.xml (if present)

<ui-permissions>
<virtual-groups>
<virtual-group name="HighlyPrivileged">
<group name="qsuob:admins"/>
</virtual-group>
</virtual-groups>
<permissions>
<permission can="view" target="ManageGroups" if-member-of="HighlyPrivileged" is="false"/>
</permissions>
</ui-permissions>
if-member-of can be an actual group name. If using virtual groups, if-member-of evaluates to true if the current Subject is a member of any of the nested groups. In the example shown, members of qsuob:admins do not get the Manage Groups menu item. Manage Groups does not currently scale well for a Subject who has privileges over thousands of groups.

NB. The format above is illustrative. In the case shown it is not necessary to use a virtual group. The following would have worked just as well:

<ui-permissions>
<permissions>
<permission can="view" target="ManageGroups" if-member-of="qsuob:admins" is="false"/>
</permissions>
</ui-permissions>

Version:
$Id: UiPermissions.java,v 1.4 2009-08-12 04:52:14 mchyzer Exp $
Author:
Gary Brown.
See Also:
Serialized Form

Constructor Summary
UiPermissions(GrouperSession s, Document doc)
           
 
Method Summary
 boolean can(Subject subj, String target, String action)
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

UiPermissions

public UiPermissions(GrouperSession s,
                     Document doc)
Method Detail

can

public boolean can(Subject subj,
                   String target,
                   String action)
Parameters:
subj -
target -
action -
Returns:
whether the subject can carry out the specified action on the specified target