|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectedu.internet2.middleware.grouper.privs.AccessResolverDecorator
public abstract class AccessResolverDecorator
Decorator for AccessResolver
.
Constructor Summary | |
---|---|
AccessResolverDecorator(AccessResolver resolver)
|
Method Summary | |
---|---|
void |
flushCache()
flush cache if caching resolver |
AccessResolver |
getDecoratedResolver()
|
GrouperSession |
getGrouperSession()
get a reference to the session |
Set<Group> |
getGroupsWhereSubjectHasPrivilege(Subject subject,
Privilege privilege)
Get all groups where subject has privilege. |
Set<AccessPrivilege> |
getPrivileges(Group group,
Subject subject)
Get all privileges subject has on group. |
Set<Stem> |
getStemsWhereGroupThatSubjectHasPrivilege(Subject subject,
Privilege privilege)
Get all stems which have groups where subject has privilege. |
Set<Subject> |
getSubjectsWithPrivilege(Group group,
Privilege privilege)
Get all subjects with privilege on group. |
void |
grantPrivilege(Group group,
Subject subject,
Privilege privilege,
String uuid)
Grant privilege to subject on group. |
boolean |
hasPrivilege(Group group,
Subject subject,
Privilege privilege)
Check whether subject has privilege on group. |
boolean |
hqlFilterGroupsWhereClause(Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String groupColumn,
Set<Privilege> privInSet)
for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like) |
Set<Group> |
postHqlFilterGroups(Set<Group> groups,
Subject subject,
Set<Privilege> privInSet)
after HQL is run, filter groups. |
Set<Membership> |
postHqlFilterMemberships(Subject subject,
Set<Membership> memberships)
filter memberships for things the subject can see |
Set<Stem> |
postHqlFilterStemsWithGroups(Set<Stem> stems,
Subject subject,
Set<Privilege> inPrivSet)
after HQL is run, filter stems that have groups with privs. |
void |
privilegeCopy(Group g1,
Group g2,
Privilege priv)
Copies privileges for subjects that have the specified privilege on g1 to g2. |
void |
privilegeCopy(Subject subj1,
Subject subj2,
Privilege priv)
Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. |
void |
revokeAllPrivilegesForSubject(Subject subject)
Revoke all access privileges that this subject has. |
void |
revokePrivilege(Group group,
Privilege privilege)
Revoke privilege from all subjects on group. |
void |
revokePrivilege(Group group,
Subject subject,
Privilege privilege)
Revoke privilege from subject on group. |
void |
stop()
clean up resources, session is stopped |
Methods inherited from class java.lang.Object |
---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public AccessResolverDecorator(AccessResolver resolver) throws IllegalArgumentException
resolver
- AccessResolver to decorate.
IllegalArgumentException
- if resolver is null.Method Detail |
---|
public AccessResolver getDecoratedResolver() throws IllegalStateException
IllegalStateException
- if no decorated AccessResolver.public void flushCache()
AccessResolver
flushCache
in interface AccessResolver
AccessResolver.flushCache()
public GrouperSession getGrouperSession()
AccessResolver
getGrouperSession
in interface AccessResolver
AccessResolver.getGrouperSession()
public Set<Group> getGroupsWhereSubjectHasPrivilege(Subject subject, Privilege privilege) throws IllegalArgumentException
AccessResolver
getGroupsWhereSubjectHasPrivilege
in interface AccessResolver
IllegalArgumentException
- if any parameter is null.AccessResolver.getGroupsWhereSubjectHasPrivilege(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)
public Set<Stem> getStemsWhereGroupThatSubjectHasPrivilege(Subject subject, Privilege privilege) throws IllegalArgumentException
AccessResolver
getStemsWhereGroupThatSubjectHasPrivilege
in interface AccessResolver
IllegalArgumentException
- if any parameter is null.AccessResolver.getStemsWhereGroupThatSubjectHasPrivilege(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)
public Set<AccessPrivilege> getPrivileges(Group group, Subject subject) throws IllegalArgumentException
AccessResolver
getPrivileges
in interface AccessResolver
IllegalArgumentException
- if any parameter is null.AccessResolver.getPrivileges(edu.internet2.middleware.grouper.Group, edu.internet2.middleware.subject.Subject)
public Set<Subject> getSubjectsWithPrivilege(Group group, Privilege privilege) throws IllegalArgumentException
AccessResolver
getSubjectsWithPrivilege
in interface AccessResolver
IllegalArgumentException
- if any parameter is null.AccessResolver.getSubjectsWithPrivilege(edu.internet2.middleware.grouper.Group, edu.internet2.middleware.grouper.privs.Privilege)
public void grantPrivilege(Group group, Subject subject, Privilege privilege, String uuid) throws IllegalArgumentException, UnableToPerformException
AccessResolver
grantPrivilege
in interface AccessResolver
uuid
- send uuid if known, else null
IllegalArgumentException
- if any parameter is null.
UnableToPerformException
- if the privilege could not be granted.AccessResolver.grantPrivilege(edu.internet2.middleware.grouper.Group, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege, String)
public boolean hasPrivilege(Group group, Subject subject, Privilege privilege) throws IllegalArgumentException
AccessResolver
hasPrivilege
in interface AccessResolver
IllegalArgumentException
- if any parameter is null.AccessResolver.hasPrivilege(edu.internet2.middleware.grouper.Group, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)
public boolean hqlFilterGroupsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet)
AccessResolver
hqlFilterGroupsWhereClause
in interface AccessResolver
subject
- which needs view access to the groupshql
- the select and current from partgroupColumn
- is the name of the group column to join toprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs)
AccessResolver.hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, java.util.Set)
public Set<Group> postHqlFilterGroups(Set<Group> groups, Subject subject, Set<Privilege> privInSet)
AccessResolver
postHqlFilterGroups
in interface AccessResolver
subject
- which needs view access to the groupsprivInSet
- find a privilege which is in this set
(e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter
AccessResolver.postHqlFilterGroups(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)
public Set<Stem> postHqlFilterStemsWithGroups(Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet)
AccessResolver
postHqlFilterStemsWithGroups
in interface AccessResolver
AccessResolver.postHqlFilterStemsWithGroups(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)
public Set<Membership> postHqlFilterMemberships(Subject subject, Set<Membership> memberships)
AccessResolver
postHqlFilterMemberships
in interface AccessResolver
AccessResolver.postHqlFilterMemberships(edu.internet2.middleware.subject.Subject, java.util.Set)
public void privilegeCopy(Group g1, Group g2, Privilege priv) throws IllegalArgumentException, UnableToPerformException
AccessResolver
privilegeCopy
in interface AccessResolver
IllegalArgumentException
UnableToPerformException
AccessResolver.privilegeCopy(edu.internet2.middleware.grouper.Group, edu.internet2.middleware.grouper.Group, edu.internet2.middleware.grouper.privs.Privilege)
public void privilegeCopy(Subject subj1, Subject subj2, Privilege priv) throws IllegalArgumentException, UnableToPerformException
AccessResolver
privilegeCopy
in interface AccessResolver
IllegalArgumentException
UnableToPerformException
AccessResolver.privilegeCopy(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)
public void revokeAllPrivilegesForSubject(Subject subject)
AccessResolver
revokeAllPrivilegesForSubject
in interface AccessResolver
AccessResolver.revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject)
public void revokePrivilege(Group group, Privilege privilege) throws IllegalArgumentException, UnableToPerformException
AccessResolver
revokePrivilege
in interface AccessResolver
IllegalArgumentException
- if any parameter is null.
UnableToPerformException
- if the privilege could not be revoked.AccessResolver.revokePrivilege(edu.internet2.middleware.grouper.Group, edu.internet2.middleware.grouper.privs.Privilege)
public void revokePrivilege(Group group, Subject subject, Privilege privilege) throws IllegalArgumentException, UnableToPerformException
AccessResolver
revokePrivilege
in interface AccessResolver
IllegalArgumentException
- if any parameter is null.
UnableToPerformException
- if the privilege could not be revoked.AccessResolver.revokePrivilege(edu.internet2.middleware.grouper.Group, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)
public void stop()
AccessResolver
stop
in interface AccessResolver
AccessResolver.stop()
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |