edu.internet2.middleware.grouper.privs
Class GrouperSystemNamingResolver

java.lang.Object
  extended by edu.internet2.middleware.grouper.privs.NamingResolverDecorator
      extended by edu.internet2.middleware.grouper.privs.GrouperSystemNamingResolver
All Implemented Interfaces:
NamingResolver

public class GrouperSystemNamingResolver
extends NamingResolverDecorator

Decorator that provides GrouperSystem privilege resolution for NamingResolver.

Since:
1.2.1
Version:
$Id: GrouperSystemNamingResolver.java,v 1.11 2009-09-21 06:14:26 mchyzer Exp $
Author:
blair christensen.

Constructor Summary
GrouperSystemNamingResolver(NamingResolver resolver)
           
 
Method Summary
 boolean hasPrivilege(Stem stem, edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          Check whether subject has privilege on group.
 boolean hqlFilterStemsWhereClause(edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, java.lang.StringBuilder hql, java.lang.String stemColumn, java.util.Set<Privilege> privInSet)
          for a stem query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).
 java.util.Set<Stem> postHqlFilterStems(java.util.Set<Stem> stems, edu.internet2.middleware.subject.Subject subject, java.util.Set<Privilege> privInSet)
          after HQL is run, filter stems.
 
Methods inherited from class edu.internet2.middleware.grouper.privs.NamingResolverDecorator
getDecoratedResolver, getGrouperSession, getPrivileges, getStemsWhereSubjectHasPrivilege, getSubjectsWithPrivilege, grantPrivilege, privilegeCopy, privilegeCopy, revokeAllPrivilegesForSubject, revokePrivilege, revokePrivilege, stop
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

GrouperSystemNamingResolver

public GrouperSystemNamingResolver(NamingResolver resolver)
Parameters:
resolver -
Since:
1.2.1
Method Detail

hasPrivilege

public boolean hasPrivilege(Stem stem,
                            edu.internet2.middleware.subject.Subject subject,
                            Privilege privilege)
                     throws java.lang.IllegalArgumentException
Description copied from interface: NamingResolver
Check whether subject has privilege on group.

Specified by:
hasPrivilege in interface NamingResolver
Overrides:
hasPrivilege in class NamingResolverDecorator
Returns:
if has privilege
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
Since:
1.2.1
See Also:
NamingResolver.hasPrivilege(Stem, Subject, Privilege)

hqlFilterStemsWhereClause

public boolean hqlFilterStemsWhereClause(edu.internet2.middleware.subject.Subject subject,
                                         HqlQuery hqlQuery,
                                         java.lang.StringBuilder hql,
                                         java.lang.String stemColumn,
                                         java.util.Set<Privilege> privInSet)
Description copied from interface: NamingResolver
for a stem query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like). Note, this joins to tables, so the queries should probably be "distinct"

Specified by:
hqlFilterStemsWhereClause in interface NamingResolver
Overrides:
hqlFilterStemsWhereClause in class NamingResolverDecorator
Parameters:
subject - which needs view access to the groups
hql - is the select and part part (hql prefix)
stemColumn - is the name of the stem column to join to
privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter
Returns:
if the query was changed
See Also:
NamingResolver.hqlFilterStemsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, java.util.Set)

postHqlFilterStems

public java.util.Set<Stem> postHqlFilterStems(java.util.Set<Stem> stems,
                                              edu.internet2.middleware.subject.Subject subject,
                                              java.util.Set<Privilege> privInSet)
Description copied from interface: NamingResolver
after HQL is run, filter stems. If you are filtering in HQL, then dont filter here

Specified by:
postHqlFilterStems in interface NamingResolver
Overrides:
postHqlFilterStems in class NamingResolverDecorator
subject - which needs view access to the groups
privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in NamingPrivilege
Returns:
the set of filtered groups
See Also:
NamingResolver.postHqlFilterStems(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)