edu.internet2.middleware.grouper.privs
Class WheelAttrDefResolver

java.lang.Object
  extended by edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator
      extended by edu.internet2.middleware.grouper.privs.WheelAttrDefResolver
All Implemented Interfaces:
AttributeDefResolver

public class WheelAttrDefResolver
extends AttributeDefResolverDecorator

Decorator that provides Wheel privilege resolution for AccessResolver.

Since:
1.2.1
Version:
$Id: WheelAttrDefResolver.java,v 1.1 2009-09-21 06:14:26 mchyzer Exp $
Author:
blair christensen.

Field Summary
static java.lang.String CACHE_IS_WHEEL_MEMBER
          2007-11-02 Gary Brown Provide cache for wheel group members Profiling showed lots of time rechecking memberships
 
Constructor Summary
WheelAttrDefResolver(AttributeDefResolver resolver)
           
 
Method Summary
 void flushCache()
          flush cache if caching resolver
 java.util.Set<AttributeDefPrivilege> getPrivileges(AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subject)
          Get all privileges subject has on attributeDef.
 boolean hasPrivilege(AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          Check whether subject has privilege on attributeDef.
 boolean hqlFilterAttrDefsWhereClause(edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, java.lang.StringBuilder hqlTables, java.lang.StringBuilder hqlWhereClause, java.lang.String attributeDefColumn, java.util.Set<Privilege> privInSet)
          for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttDefs instead if you like)
 boolean hqlFilterAttributeDefsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, java.lang.StringBuilder hql, java.lang.String attributeDefColumn, Privilege privilege, boolean considerAllSubject)
          for an attribute def query, check to make sure the subject cant see the records
 java.util.Set<AttributeDef> postHqlFilterAttrDefs(java.util.Set<AttributeDef> attributeDefs, edu.internet2.middleware.subject.Subject subject, java.util.Set<Privilege> privInSet)
          after HQL is run, filter attributeDefs.
 java.util.Set<AttributeAssign> postHqlFilterAttributeAssigns(edu.internet2.middleware.subject.Subject subject, java.util.Set<AttributeAssign> attributeAssigns)
          filter attributeDefs for things the subject can see
 java.util.Set<PermissionEntry> postHqlFilterPermissions(edu.internet2.middleware.subject.Subject subject, java.util.Set<PermissionEntry> permissionsEntries)
          filter permissions for things the subject can see
 void stop()
          clean up resources, session is stopped
 
Methods inherited from class edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator
getAttributeDefsWhereSubjectDoesntHavePrivilege, getAttributeDefsWhereSubjectHasPrivilege, getDecoratedResolver, getGrouperSession, getSubjectsWithPrivilege, grantPrivilege, privilegeCopy, privilegeCopy, revokeAllPrivilegesForSubject, revokePrivilege, revokePrivilege
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CACHE_IS_WHEEL_MEMBER

public static final java.lang.String CACHE_IS_WHEEL_MEMBER
2007-11-02 Gary Brown Provide cache for wheel group members Profiling showed lots of time rechecking memberships

Constructor Detail

WheelAttrDefResolver

public WheelAttrDefResolver(AttributeDefResolver resolver)
Parameters:
resolver - resolver
Since:
1.2.1
Method Detail

stop

public void stop()
Description copied from interface: AttributeDefResolver
clean up resources, session is stopped

Specified by:
stop in interface AttributeDefResolver
Overrides:
stop in class AttributeDefResolverDecorator
See Also:
AccessResolver.stop()

getPrivileges

public java.util.Set<AttributeDefPrivilege> getPrivileges(AttributeDef attributeDef,
                                                          edu.internet2.middleware.subject.Subject subject)
                                                   throws java.lang.IllegalArgumentException
Description copied from interface: AttributeDefResolver
Get all privileges subject has on attributeDef.

Specified by:
getPrivileges in interface AttributeDefResolver
Overrides:
getPrivileges in class AttributeDefResolverDecorator
Returns:
the set
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
See Also:
AttributeDefResolverDecorator.getPrivileges(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.subject.Subject)

hasPrivilege

public boolean hasPrivilege(AttributeDef attributeDef,
                            edu.internet2.middleware.subject.Subject subject,
                            Privilege privilege)
                     throws java.lang.IllegalArgumentException
Description copied from interface: AttributeDefResolver
Check whether subject has privilege on attributeDef.

Specified by:
hasPrivilege in interface AttributeDefResolver
Overrides:
hasPrivilege in class AttributeDefResolverDecorator
Returns:
boolean
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
See Also:
AttributeDefResolverDecorator.hasPrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)

flushCache

public void flushCache()
Description copied from interface: AttributeDefResolver
flush cache if caching resolver

Specified by:
flushCache in interface AttributeDefResolver
Overrides:
flushCache in class AttributeDefResolverDecorator
See Also:
AccessResolver.flushCache()

postHqlFilterAttrDefs

public java.util.Set<AttributeDef> postHqlFilterAttrDefs(java.util.Set<AttributeDef> attributeDefs,
                                                         edu.internet2.middleware.subject.Subject subject,
                                                         java.util.Set<Privilege> privInSet)
Description copied from interface: AttributeDefResolver
after HQL is run, filter attributeDefs. If you are filtering in HQL, then dont filter here

Specified by:
postHqlFilterAttrDefs in interface AttributeDefResolver
Overrides:
postHqlFilterAttrDefs in class AttributeDefResolverDecorator
subject - which needs view access to the attribute defs
privInSet - find a privilege which is in this set (e.g. for view, send all attrDef privs). There are pre-canned sets in AttributeDefAdapter
Returns:
the set of filtered attrDefs
See Also:
AttributeDefResolverDecorator.postHqlFilterAttrDefs(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)

hqlFilterAttrDefsWhereClause

public boolean hqlFilterAttrDefsWhereClause(edu.internet2.middleware.subject.Subject subject,
                                            HqlQuery hqlQuery,
                                            java.lang.StringBuilder hqlTables,
                                            java.lang.StringBuilder hqlWhereClause,
                                            java.lang.String attributeDefColumn,
                                            java.util.Set<Privilege> privInSet)
Description copied from interface: AttributeDefResolver
for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttDefs instead if you like)

Specified by:
hqlFilterAttrDefsWhereClause in interface AttributeDefResolver
Overrides:
hqlFilterAttrDefsWhereClause in class AttributeDefResolverDecorator
Parameters:
subject - which needs view access to the attrDefs
hqlTables - the select and current from part
hqlWhereClause - is there where clause part of the query
attributeDefColumn - is the name of the attributeDef column to join to
privInSet - find a privilege which is in this set (e.g. for view, send all attrDef privs)
Returns:
if the statement was changed
See Also:
AttributeDefResolverDecorator.hqlFilterAttrDefsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.StringBuilder, java.lang.String, java.util.Set)

postHqlFilterAttributeAssigns

public java.util.Set<AttributeAssign> postHqlFilterAttributeAssigns(edu.internet2.middleware.subject.Subject subject,
                                                                    java.util.Set<AttributeAssign> attributeAssigns)
Description copied from interface: AttributeDefResolver
filter attributeDefs for things the subject can see

Specified by:
postHqlFilterAttributeAssigns in interface AttributeDefResolver
Overrides:
postHqlFilterAttributeAssigns in class AttributeDefResolverDecorator
Returns:
the memberships
See Also:
AttributeDefResolverDecorator.postHqlFilterAttributeAssigns(edu.internet2.middleware.subject.Subject, java.util.Set)

postHqlFilterPermissions

public java.util.Set<PermissionEntry> postHqlFilterPermissions(edu.internet2.middleware.subject.Subject subject,
                                                               java.util.Set<PermissionEntry> permissionsEntries)
Description copied from interface: AttributeDefResolver
filter permissions for things the subject can see

Specified by:
postHqlFilterPermissions in interface AttributeDefResolver
Overrides:
postHqlFilterPermissions in class AttributeDefResolverDecorator
Returns:
the memberships
See Also:
AttributeDefResolver.postHqlFilterPermissions(edu.internet2.middleware.subject.Subject, java.util.Set)

hqlFilterAttributeDefsNotWithPrivWhereClause

public boolean hqlFilterAttributeDefsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject subject,
                                                            HqlQuery hqlQuery,
                                                            java.lang.StringBuilder hql,
                                                            java.lang.String attributeDefColumn,
                                                            Privilege privilege,
                                                            boolean considerAllSubject)
Description copied from interface: AttributeDefResolver
for an attribute def query, check to make sure the subject cant see the records

Specified by:
hqlFilterAttributeDefsNotWithPrivWhereClause in interface AttributeDefResolver
Overrides:
hqlFilterAttributeDefsNotWithPrivWhereClause in class AttributeDefResolverDecorator
Parameters:
subject - which needs view access to the groups
hql - the select and current from part
attributeDefColumn - is the name of the attributeDef column to join to
privilege - find a privilege which is in this set (e.g. for view, attr view)
considerAllSubject - if true, then consider GrouperAll when seeign if subject has priv, else do not
Returns:
if the statement was changed
See Also:
AttributeDefResolver.hqlFilterAttributeDefsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege, boolean)