edu.internet2.middleware.grouper.privs
Class WheelAccessResolver

java.lang.Object
  extended by edu.internet2.middleware.grouper.privs.AccessResolverDecorator
      extended by edu.internet2.middleware.grouper.privs.WheelAccessResolver
All Implemented Interfaces:
AccessResolver

public class WheelAccessResolver
extends AccessResolverDecorator

Decorator that provides Wheel privilege resolution for AccessResolver.

Since:
1.2.1
Version:
$Id: WheelAccessResolver.java,v 1.26 2009-09-21 06:14:26 mchyzer Exp $
Author:
blair christensen.

Field Summary
static java.lang.String CACHE_IS_WHEEL_MEMBER
          2007-11-02 Gary Brown Provide cache for wheel group members Profiling showed lots of time rechecking memberships
 
Constructor Summary
WheelAccessResolver(AccessResolver resolver)
           
 
Method Summary
 void flushCache()
          flush cache if caching resolver
 java.util.Set<AccessPrivilege> getPrivileges(Group group, edu.internet2.middleware.subject.Subject subject)
          Get all privileges subject has on group.
 boolean hasPrivilege(Group group, edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          Check whether subject has privilege on group.
 boolean hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, java.lang.StringBuilder hql, java.lang.String groupColumn, java.util.Set<Privilege> privInSet)
          for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like)
 java.util.Set<Group> postHqlFilterGroups(java.util.Set<Group> groups, edu.internet2.middleware.subject.Subject subject, java.util.Set<Privilege> privInSet)
          after HQL is run, filter groups.
 java.util.Set<Membership> postHqlFilterMemberships(edu.internet2.middleware.subject.Subject subject, java.util.Set<Membership> memberships)
          filter memberships for things the subject can see
 java.util.Set<Stem> postHqlFilterStemsWithGroups(java.util.Set<Stem> stems, edu.internet2.middleware.subject.Subject subject, java.util.Set<Privilege> inPrivSet)
          after HQL is run, filter stems that have groups with privs.
 void stop()
          clean up resources, session is stopped
 
Methods inherited from class edu.internet2.middleware.grouper.privs.AccessResolverDecorator
getDecoratedResolver, getGrouperSession, getGroupsWhereSubjectHasPrivilege, getStemsWhereGroupThatSubjectHasPrivilege, getSubjectsWithPrivilege, grantPrivilege, privilegeCopy, privilegeCopy, revokeAllPrivilegesForSubject, revokePrivilege, revokePrivilege
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CACHE_IS_WHEEL_MEMBER

public static final java.lang.String CACHE_IS_WHEEL_MEMBER
2007-11-02 Gary Brown Provide cache for wheel group members Profiling showed lots of time rechecking memberships

Constructor Detail

WheelAccessResolver

public WheelAccessResolver(AccessResolver resolver)
Parameters:
resolver - resolver
Since:
1.2.1
Method Detail

stop

public void stop()
Description copied from interface: AccessResolver
clean up resources, session is stopped

Specified by:
stop in interface AccessResolver
Overrides:
stop in class AccessResolverDecorator
See Also:
AccessResolver.stop()

getPrivileges

public java.util.Set<AccessPrivilege> getPrivileges(Group group,
                                                    edu.internet2.middleware.subject.Subject subject)
                                             throws java.lang.IllegalArgumentException
Description copied from interface: AccessResolver
Get all privileges subject has on group.

Specified by:
getPrivileges in interface AccessResolver
Overrides:
getPrivileges in class AccessResolverDecorator
Returns:
the set
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
Since:
1.2.1
See Also:
AccessResolver.getPrivileges(Group, Subject)

hasPrivilege

public boolean hasPrivilege(Group group,
                            edu.internet2.middleware.subject.Subject subject,
                            Privilege privilege)
                     throws java.lang.IllegalArgumentException
Description copied from interface: AccessResolver
Check whether subject has privilege on group.

Specified by:
hasPrivilege in interface AccessResolver
Overrides:
hasPrivilege in class AccessResolverDecorator
Returns:
boolean
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
Since:
1.2.1
See Also:
AccessResolver.hasPrivilege(Group, Subject, Privilege)

flushCache

public void flushCache()
Description copied from interface: AccessResolver
flush cache if caching resolver

Specified by:
flushCache in interface AccessResolver
Overrides:
flushCache in class AccessResolverDecorator
See Also:
AccessResolver.flushCache()

postHqlFilterGroups

public java.util.Set<Group> postHqlFilterGroups(java.util.Set<Group> groups,
                                                edu.internet2.middleware.subject.Subject subject,
                                                java.util.Set<Privilege> privInSet)
Description copied from interface: AccessResolver
after HQL is run, filter groups. If you are filtering in HQL, then dont filter here

Specified by:
postHqlFilterGroups in interface AccessResolver
Overrides:
postHqlFilterGroups in class AccessResolverDecorator
subject - which needs view access to the groups
privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter
Returns:
the set of filtered groups
See Also:
AccessResolver.postHqlFilterGroups(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)

postHqlFilterStemsWithGroups

public java.util.Set<Stem> postHqlFilterStemsWithGroups(java.util.Set<Stem> stems,
                                                        edu.internet2.middleware.subject.Subject subject,
                                                        java.util.Set<Privilege> inPrivSet)
Description copied from interface: AccessResolver
after HQL is run, filter stems that have groups with privs. If you are filtering HQL, then dont filter here.

Specified by:
postHqlFilterStemsWithGroups in interface AccessResolver
Overrides:
postHqlFilterStemsWithGroups in class AccessResolverDecorator
Returns:
the set of filtered stems
See Also:
AccessResolver.postHqlFilterStemsWithGroups(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)

hqlFilterGroupsWhereClause

public boolean hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject subject,
                                          HqlQuery hqlQuery,
                                          java.lang.StringBuilder hql,
                                          java.lang.String groupColumn,
                                          java.util.Set<Privilege> privInSet)
Description copied from interface: AccessResolver
for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like)

Specified by:
hqlFilterGroupsWhereClause in interface AccessResolver
Overrides:
hqlFilterGroupsWhereClause in class AccessResolverDecorator
Parameters:
subject - which needs view access to the groups
hql - the select and current from part
groupColumn - is the name of the group column to join to
privInSet - find a privilege which is in this set (e.g. for view, send all access privs)
Returns:
if the statement was changed
See Also:
AccessResolver.hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, java.util.Set)

postHqlFilterMemberships

public java.util.Set<Membership> postHqlFilterMemberships(edu.internet2.middleware.subject.Subject subject,
                                                          java.util.Set<Membership> memberships)
Description copied from interface: AccessResolver
filter memberships for things the subject can see

Specified by:
postHqlFilterMemberships in interface AccessResolver
Overrides:
postHqlFilterMemberships in class AccessResolverDecorator
Returns:
the memberships
See Also:
AccessResolver.postHqlFilterMemberships(edu.internet2.middleware.subject.Subject, java.util.Set)