edu.internet2.middleware.grouper.privs
Class GrouperSystemAttrDefResolver

java.lang.Object
  extended by edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator
      extended by edu.internet2.middleware.grouper.privs.GrouperSystemAttrDefResolver
All Implemented Interfaces:
AttributeDefResolver

public class GrouperSystemAttrDefResolver
extends AttributeDefResolverDecorator

Decorator that provides GrouperSystem privilege resolution for AttributeDefResolver.

Since:
1.2.1
Version:
$Id: GrouperSystemAttrDefResolver.java,v 1.2 2009-09-28 05:06:46 mchyzer Exp $
Author:
blair christensen.

Constructor Summary
GrouperSystemAttrDefResolver(AttributeDefResolver resolver)
           
 
Method Summary
 Set<AttributeDefPrivilege> getPrivileges(AttributeDef attributeDef, Subject subject)
          Get all privileges subject has on attributeDef.
 boolean hasPrivilege(AttributeDef attributeDef, Subject subject, Privilege privilege)
          Check whether subject has privilege on attributeDef.
 boolean hqlFilterAttrDefsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hqlTables, StringBuilder hqlWhereClause, String groupColumn, Set<Privilege> privInSet)
          for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttDefs instead if you like)
 Set<AttributeDef> postHqlFilterAttrDefs(Set<AttributeDef> attributeDefs, Subject subject, Set<Privilege> privInSet)
          after HQL is run, filter attributeDefs.
 Set<AttributeAssign> postHqlFilterAttributeAssigns(Subject subject, Set<AttributeAssign> attributeAssigns)
          filter attributeDefs for things the subject can see
 Set<PermissionEntry> postHqlFilterPermissions(Subject subject, Set<PermissionEntry> permissionsEntries)
          filter permissions for things the subject can see
 
Methods inherited from class edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator
flushCache, getAttributeDefsWhereSubjectHasPrivilege, getDecoratedResolver, getGrouperSession, getSubjectsWithPrivilege, grantPrivilege, privilegeCopy, privilegeCopy, revokeAllPrivilegesForSubject, revokePrivilege, revokePrivilege, stop
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

GrouperSystemAttrDefResolver

public GrouperSystemAttrDefResolver(AttributeDefResolver resolver)
Parameters:
resolver -
Since:
1.2.1
Method Detail

getPrivileges

public Set<AttributeDefPrivilege> getPrivileges(AttributeDef attributeDef,
                                                Subject subject)
                                         throws IllegalArgumentException
Description copied from interface: AttributeDefResolver
Get all privileges subject has on attributeDef.

Specified by:
getPrivileges in interface AttributeDefResolver
Overrides:
getPrivileges in class AttributeDefResolverDecorator
Returns:
the set
Throws:
IllegalArgumentException - if any parameter is null.
See Also:
AttributeDefResolverDecorator.getPrivileges(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.subject.Subject)

hasPrivilege

public boolean hasPrivilege(AttributeDef attributeDef,
                            Subject subject,
                            Privilege privilege)
                     throws IllegalArgumentException
Description copied from interface: AttributeDefResolver
Check whether subject has privilege on attributeDef.

Specified by:
hasPrivilege in interface AttributeDefResolver
Overrides:
hasPrivilege in class AttributeDefResolverDecorator
Returns:
boolean
Throws:
IllegalArgumentException - if any parameter is null.
See Also:
AttributeDefResolverDecorator.hasPrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)

postHqlFilterAttrDefs

public Set<AttributeDef> postHqlFilterAttrDefs(Set<AttributeDef> attributeDefs,
                                               Subject subject,
                                               Set<Privilege> privInSet)
Description copied from interface: AttributeDefResolver
after HQL is run, filter attributeDefs. If you are filtering in HQL, then dont filter here

Specified by:
postHqlFilterAttrDefs in interface AttributeDefResolver
Overrides:
postHqlFilterAttrDefs in class AttributeDefResolverDecorator
subject - which needs view access to the attribute defs
privInSet - find a privilege which is in this set (e.g. for view, send all attrDef privs). There are pre-canned sets in AttributeDefAdapter
Returns:
the set of filtered attrDefs
See Also:
AttributeDefResolverDecorator.postHqlFilterAttrDefs(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)

hqlFilterAttrDefsWhereClause

public boolean hqlFilterAttrDefsWhereClause(Subject subject,
                                            HqlQuery hqlQuery,
                                            StringBuilder hqlTables,
                                            StringBuilder hqlWhereClause,
                                            String groupColumn,
                                            Set<Privilege> privInSet)
Description copied from interface: AttributeDefResolver
for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttDefs instead if you like)

Specified by:
hqlFilterAttrDefsWhereClause in interface AttributeDefResolver
Overrides:
hqlFilterAttrDefsWhereClause in class AttributeDefResolverDecorator
Parameters:
subject - which needs view access to the attrDefs
hqlTables - the select and current from part
hqlWhereClause - is there where clause part of the query
groupColumn - is the name of the attributeDef column to join to
privInSet - find a privilege which is in this set (e.g. for view, send all attrDef privs)
Returns:
if the statement was changed
See Also:
AttributeDefResolverDecorator.hqlFilterAttrDefsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.StringBuilder, java.lang.String, java.util.Set)

postHqlFilterAttributeAssigns

public Set<AttributeAssign> postHqlFilterAttributeAssigns(Subject subject,
                                                          Set<AttributeAssign> attributeAssigns)
Description copied from interface: AttributeDefResolver
filter attributeDefs for things the subject can see

Specified by:
postHqlFilterAttributeAssigns in interface AttributeDefResolver
Overrides:
postHqlFilterAttributeAssigns in class AttributeDefResolverDecorator
Returns:
the memberships
See Also:
AttributeDefResolverDecorator.postHqlFilterAttributeAssigns(edu.internet2.middleware.subject.Subject, java.util.Set)

postHqlFilterPermissions

public Set<PermissionEntry> postHqlFilterPermissions(Subject subject,
                                                     Set<PermissionEntry> permissionsEntries)
Description copied from interface: AttributeDefResolver
filter permissions for things the subject can see

Specified by:
postHqlFilterPermissions in interface AttributeDefResolver
Overrides:
postHqlFilterPermissions in class AttributeDefResolverDecorator
Returns:
the memberships
See Also:
AttributeDefResolver.postHqlFilterPermissions(edu.internet2.middleware.subject.Subject, java.util.Set)