|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface AttributeDefAdapter
Grouper AttributeDef Privilege interface.
Unless you are implementing a new implementation of this interface,
you should not need to directly use these methods as they are all
wrapped by methods in the AttributeDef
class.
Method Summary | |
---|---|
java.util.Set<AttributeDef> |
getAttributeDefsWhereSubjectHasPriv(GrouperSession grouperSession,
edu.internet2.middleware.subject.Subject subj,
Privilege priv)
Get all attribute defs where this subject has this privilege. |
java.util.Set<AttributeDefPrivilege> |
getPrivs(GrouperSession grouperSession,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj)
Get all privileges held by this subject on this attribute definition. |
java.util.Set<edu.internet2.middleware.subject.Subject> |
getSubjectsWithPriv(GrouperSession s,
AttributeDef attributeDef,
Privilege priv)
Get all subjects with this privilege on this attribute definition. |
void |
grantPriv(GrouperSession grouperSession,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj,
Privilege priv,
java.lang.String uuid)
Grant the privilege to the subject on this attrDef. |
boolean |
hasPriv(GrouperSession grouperSession,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj,
Privilege priv)
Check whether the subject has this privilege on this attrDef. |
boolean |
hqlFilterAttrDefsWhereClause(GrouperSession grouperSession,
edu.internet2.middleware.subject.Subject subject,
HqlQuery hqlQuery,
java.lang.StringBuilder hqlTables,
java.lang.StringBuilder hqlWhereClause,
java.lang.String attrDefColumn,
java.util.Set<Privilege> privInSet)
for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttrDefs instead if you like). |
java.util.Set<AttributeAssign> |
postHqlFilterAttributeAssigns(GrouperSession grouperSession,
edu.internet2.middleware.subject.Subject subject,
java.util.Set<AttributeAssign> attributeAssigns)
filter attribute assignments for things the subject can see, assume underlying assignments are ok to view |
java.util.Set<AttributeDef> |
postHqlFilterAttributeDefs(GrouperSession grouperSession,
java.util.Set<AttributeDef> attributeDefs,
edu.internet2.middleware.subject.Subject subject,
java.util.Set<Privilege> privInSet)
after HQL is run, filter attributeDefs. |
java.util.Set<PermissionEntry> |
postHqlFilterPermissions(GrouperSession grouperSession,
edu.internet2.middleware.subject.Subject subject,
java.util.Set<PermissionEntry> permissionEntries)
filter permissionEntries for things the subject can see, assume underlying assignments are ok to view |
void |
privilegeCopy(GrouperSession grouperSession,
AttributeDef attributeDef1,
AttributeDef attributeDef2,
Privilege priv)
Copies privileges for subjects that have the specified privilege on g1 to g2. |
void |
privilegeCopy(GrouperSession s,
edu.internet2.middleware.subject.Subject subj1,
edu.internet2.middleware.subject.Subject subj2,
Privilege priv)
Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. |
void |
revokeAllPrivilegesForSubject(GrouperSession grouperSession,
edu.internet2.middleware.subject.Subject subject)
Revoke all access privileges that this subject has. |
void |
revokePriv(GrouperSession grouperSession,
AttributeDef attributeDef,
Privilege priv)
Revoke this privilege from everyone on this attrDef. |
void |
revokePriv(GrouperSession grouperSession,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj,
Privilege priv)
Revoke the privilege from the subject on this attrDef. |
Method Detail |
---|
java.util.Set<edu.internet2.middleware.subject.Subject> getSubjectsWithPriv(GrouperSession s, AttributeDef attributeDef, Privilege priv) throws SchemaException
Set admins = ap.getSubjectsWithPriv(s, attrDef, AccessPrivilege.ADMIN);
s
- Get privileges within this session context.attributeDef
- Get privileges on this attribute definition.priv
- Get this privilege.
Subject
objects.
SchemaException
java.util.Set<AttributeDef> getAttributeDefsWhereSubjectHasPriv(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subj, Privilege priv) throws SchemaException
try { Set isAdmin = ap.getAttributeDefsWhereSubjectHasPriv( s, subj, AccessPrivilege.ADMIN ); } catch (SchemaException eS) { // Invalid priv }
grouperSession
- Get privileges within this session context.subj
- Get privileges for this subject.priv
- Get this privilege.
AttributeDef
objects.
SchemaException
java.util.Set<AttributeDefPrivilege> getPrivs(GrouperSession grouperSession, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)
Set privs = ap.getPrivs(s, g, subj);
grouperSession
- Get privileges within this session context.attributeDef
- Get privileges on this attrDef.subj
- Get privileges for this member.
void grantPriv(GrouperSession grouperSession, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj, Privilege priv, java.lang.String uuid) throws GrantPrivilegeException, InsufficientPrivilegeException, SchemaException
try { ap.grantPriv(s, g, subj, AccessPrivilege.ADMIN); } catch (GrantPrivilegeException e0) { // Unable to grant the privilege } catch (InsufficientPrivilegeException e1) { // Not privileged to grant the privilege } catch (SchemaException e2) { // Invalid privilege }
grouperSession
- Grant privilege in this session context.attributeDef
- Grant privilege on this attrDef.subj
- Grant privilege to this subject.priv
- Grant this privilege.uuid
- is uuid or null if assign one
GrantPrivilegeException
InsufficientPrivilegeException
SchemaException
boolean hasPriv(GrouperSession grouperSession, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj, Privilege priv) throws SchemaException
try { ap.hasPriv(s, g, subject, AccessPrivilege.ADMIN); } catch (SchemaException e) { // Invalid privilege }
grouperSession
- Check privilege in this session context.attributeDef
- Check privilege on this attrDef.subj
- Check privilege for this subject.priv
- Check this privilege.
SchemaException
void revokePriv(GrouperSession grouperSession, AttributeDef attributeDef, Privilege priv) throws InsufficientPrivilegeException, RevokePrivilegeException, SchemaException
try { ap.revokePriv(s, g, AccessPrivilege.ADMIN); } catch (InsufficientPrivilegeException eIP) { // Not privileged to revoke the privilege } catch (RevokePrivilegeException eRP) { // Unable to revoke the privilege }
grouperSession
- Revoke privilege in this session context.attributeDef
- Revoke privilege on this group.priv
- Revoke this privilege.
InsufficientPrivilegeException
RevokePrivilegeException
SchemaException
void revokePriv(GrouperSession grouperSession, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj, Privilege priv) throws InsufficientPrivilegeException, RevokePrivilegeException, SchemaException
try { ap.revokePriv(s, g, subj, AccessPrivilege.ADMIN); } catch (InsufficientPrivilegeException eIP) { // Not privileged to revoke the privilege } catch (RevokePrivilegeException eRP) { // Unable to revoke the privilege }
grouperSession
- Revoke privilege in this session context.attributeDef
- Revoke privilege on this attrDef.subj
- Revoke privilege from this subject.priv
- Revoke this privilege.
InsufficientPrivilegeException
RevokePrivilegeException
SchemaException
void privilegeCopy(GrouperSession grouperSession, AttributeDef attributeDef1, AttributeDef attributeDef2, Privilege priv) throws InsufficientPrivilegeException, GrantPrivilegeException, SchemaException
grouperSession
- attributeDef1
- attributeDef2
- priv
-
InsufficientPrivilegeException
GrantPrivilegeException
SchemaException
void privilegeCopy(GrouperSession s, edu.internet2.middleware.subject.Subject subj1, edu.internet2.middleware.subject.Subject subj2, Privilege priv) throws InsufficientPrivilegeException, GrantPrivilegeException, SchemaException
s
- subj1
- subj2
- priv
-
InsufficientPrivilegeException
GrantPrivilegeException
SchemaException
java.util.Set<AttributeDef> postHqlFilterAttributeDefs(GrouperSession grouperSession, java.util.Set<AttributeDef> attributeDefs, edu.internet2.middleware.subject.Subject subject, java.util.Set<Privilege> privInSet)
grouperSession
- attributeDefs
- subject
- which needs view access to the groupsprivInSet
- find a privilege which is in this set
(e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter
boolean hqlFilterAttrDefsWhereClause(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, java.lang.StringBuilder hqlTables, java.lang.StringBuilder hqlWhereClause, java.lang.String attrDefColumn, java.util.Set<Privilege> privInSet)
grouperSession
- subject
- which needs view access to the attrDefshqlTables
- is the select and part part (hql prefix)hqlWhereClause
- is there where clause part of the queryhqlQuery
- attrDefColumn
- is the name of the attrDef column to join toprivInSet
- find a privilege which is in this set
(e.g. for view, send all access privs). There are pre-canned sets in AccessPrivilege
java.util.Set<AttributeAssign> postHqlFilterAttributeAssigns(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject, java.util.Set<AttributeAssign> attributeAssigns)
grouperSession
- attributeAssigns
- subject
-
void revokeAllPrivilegesForSubject(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject)
grouperSession
- subject
- java.util.Set<PermissionEntry> postHqlFilterPermissions(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject, java.util.Set<PermissionEntry> permissionEntries)
grouperSession
- permissionEntries
- subject
-
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |