|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectedu.internet2.middleware.grouper.privs.PrivilegeHelper
public class PrivilegeHelper
Privilege helper class.
TODO 20070823 Relocate these methods once I figure out the best home for them.
| Constructor Summary | |
|---|---|
PrivilegeHelper()
|
|
| Method Summary | |
|---|---|
static boolean |
canAdmin(GrouperSession s,
Group g,
edu.internet2.middleware.subject.Subject subj)
|
static boolean |
canAttrAdmin(GrouperSession s,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj)
|
static boolean |
canAttrOptin(GrouperSession s,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj)
|
static boolean |
canAttrOptout(GrouperSession s,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj)
|
static boolean |
canAttrRead(GrouperSession s,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj)
|
static boolean |
canAttrUpdate(GrouperSession s,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj)
|
static boolean |
canAttrView(GrouperSession s,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj)
|
static boolean |
canCopyStems(edu.internet2.middleware.subject.Subject subject)
Is this user allowed to copy stems? |
static boolean |
canCreate(GrouperSession s,
Stem ns,
edu.internet2.middleware.subject.Subject subj)
TODO 20070823 find a real home for this and/or add tests |
static boolean |
canMoveStems(edu.internet2.middleware.subject.Subject subject)
Is this user allowed to move stems? |
static boolean |
canOptin(GrouperSession s,
Group g,
edu.internet2.middleware.subject.Subject subj)
TODO 20070823 find a real home for this and/or add tests |
static boolean |
canOptout(GrouperSession s,
Group g,
edu.internet2.middleware.subject.Subject subj)
TODO 20070823 find a real home for this and/or add tests |
static boolean |
canRead(GrouperSession s,
Group g,
edu.internet2.middleware.subject.Subject subj)
TODO 20070823 find a real home for this and/or add tests |
static boolean |
canRenameStems(edu.internet2.middleware.subject.Subject subject)
Is this user allowed to rename stems? |
static boolean |
canStem(Stem ns,
edu.internet2.middleware.subject.Subject subj)
TODO 20070823 find a real home for this and/or add tests |
static boolean |
canUpdate(GrouperSession s,
Group g,
edu.internet2.middleware.subject.Subject subj)
TODO 20070823 find a real home for this and/or add tests |
static boolean |
canView(GrouperSession s,
Group g,
edu.internet2.middleware.subject.Subject subj)
TODO 20070823 find a real home for this and/or add tests |
static boolean |
canViewAttributeAssign(GrouperSession grouperSession,
AttributeAssign attributeAssign,
boolean checkUnderlyingIfAssignmentOnAssignment)
see if the attribute assigns are viewable |
static java.util.Set<AttributeAssign> |
canViewAttributeAssigns(GrouperSession grouperSession,
java.util.Collection<AttributeAssign> inputAttributeAssigns,
boolean checkUnderlyingIfAssignmentOnAssignment)
see if the attribute assigns are viewable |
static java.util.Set<AttributeDef> |
canViewAttributeDefs(GrouperSession s,
java.util.Collection<AttributeDef> inputAttributeDefs)
TODO 20070823 find a real home for this and/or add tests |
static java.util.Set |
canViewGroups(GrouperSession s,
java.util.Set candidates)
TODO 20070823 find a real home for this and/or add tests |
static boolean |
canViewMembers(GrouperSession grouperSession,
Group group,
Field field)
|
static boolean |
canViewMembership(GrouperSession grouperSession,
Membership membership)
|
static java.util.Set<Membership> |
canViewMemberships(GrouperSession grouperSession,
java.util.Collection<Membership> inputMemberships)
|
static java.util.Set<PermissionEntry> |
canViewPermissions(GrouperSession grouperSession,
java.util.Collection<PermissionEntry> inputPermissionEntries)
see if the attribute assigns are viewable |
static java.util.Set<PITAttributeAssign> |
canViewPITAttributeAssigns(GrouperSession grouperSession,
java.util.Collection<PITAttributeAssign> inputPITAttributeAssigns,
boolean checkUnderlyingIfAssignmentOnAssignment)
see if the pit attribute assigns are viewable |
static void |
dispatch(GrouperSession s,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj,
Privilege priv)
TODO 20070823 find a real home for this and/or add tests |
static void |
dispatch(GrouperSession s,
Group g,
edu.internet2.middleware.subject.Subject subj,
Privilege priv)
TODO 20070823 find a real home for this and/or add tests |
static void |
dispatch(GrouperSession s,
Stem ns,
edu.internet2.middleware.subject.Subject subj,
Privilege priv)
TODO 20070823 find a real home for this and/or add tests |
static void |
flushCache()
flush all privilege caches |
static Privilege[] |
getAccessPrivileges(Privilege[] privileges)
TODO 20070824 add tests |
static Privilege[] |
getAttributeDefPrivileges(Privilege[] privileges)
TODO 20070824 add tests |
static Privilege[] |
getNamingPrivileges(Privilege[] privileges)
TODO 20070824 add tests |
static boolean |
hasImmediatePrivilege(AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
see if an attributeDef has an immediate privilege |
static boolean |
hasImmediatePrivilege(Group group,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
see if a group has an immediate privilege |
static boolean |
hasImmediatePrivilege(Stem stem,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
see if a stem has an immediate privilege |
static boolean |
hasPrivilege(GrouperSession s,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj,
java.util.Set<Privilege> privInSet)
|
static boolean |
hasPrivilege(GrouperSession s,
Group g,
edu.internet2.middleware.subject.Subject subj,
java.util.Set<Privilege> privInSet)
|
static boolean |
hasPrivilege(GrouperSession s,
Stem stem,
edu.internet2.middleware.subject.Subject subj,
java.util.Set<Privilege> privInSet)
|
static boolean |
isRoot(GrouperSession s)
TODO 20070823 find a real home for this and/or add tests |
static boolean |
isSystemSubject(edu.internet2.middleware.subject.Subject subject)
see if system subject |
static boolean |
isWheel(GrouperSession s)
TODO 20070823 find a real home for this and/or add tests |
static boolean |
isWheelOrRoot(edu.internet2.middleware.subject.Subject subject)
see if a subject is wheel or root |
static void |
resolveSubjects(java.util.Collection<GrouperPrivilege> grouperPrivileges,
boolean resolveAllAlways)
resolve subjects in one batch |
| Methods inherited from class java.lang.Object |
|---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public PrivilegeHelper()
| Method Detail |
|---|
public static boolean hasImmediatePrivilege(Group group,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
group - subject - privilege -
public static void flushCache()
public static void resolveSubjects(java.util.Collection<GrouperPrivilege> grouperPrivileges,
boolean resolveAllAlways)
grouperPrivileges - resolveAllAlways - true to always resolve all no matter how many, false
if there are more than 2000 or however many (e.g. for UI)
public static boolean canAdmin(GrouperSession s,
Group g,
edu.internet2.middleware.subject.Subject subj)
s - g - subj -
public static boolean canAttrAdmin(GrouperSession s,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj)
s - attributeDef - subj -
public static boolean canAttrRead(GrouperSession s,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj)
s - attributeDef - subj -
public static boolean canAttrView(GrouperSession s,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj)
s - attributeDef - subj -
public static boolean canAttrUpdate(GrouperSession s,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj)
s - attributeDef - subj -
public static boolean canAttrOptin(GrouperSession s,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj)
s - attributeDef - subj -
public static boolean canAttrOptout(GrouperSession s,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj)
s - attributeDef - subj -
public static boolean canCreate(GrouperSession s,
Stem ns,
edu.internet2.middleware.subject.Subject subj)
s - ns - subj -
public static boolean canOptin(GrouperSession s,
Group g,
edu.internet2.middleware.subject.Subject subj)
s - g - subj -
public static boolean hasPrivilege(GrouperSession s,
Stem stem,
edu.internet2.middleware.subject.Subject subj,
java.util.Set<Privilege> privInSet)
s - stem - subj - privInSet -
public static boolean hasPrivilege(GrouperSession s,
Group g,
edu.internet2.middleware.subject.Subject subj,
java.util.Set<Privilege> privInSet)
s - g - subj - privInSet -
public static boolean canOptout(GrouperSession s,
Group g,
edu.internet2.middleware.subject.Subject subj)
s - g - subj -
public static boolean canRead(GrouperSession s,
Group g,
edu.internet2.middleware.subject.Subject subj)
s - g - subj -
public static boolean canStem(Stem ns,
edu.internet2.middleware.subject.Subject subj)
ns - subj -
public static boolean canUpdate(GrouperSession s,
Group g,
edu.internet2.middleware.subject.Subject subj)
s - g - subj -
public static boolean canView(GrouperSession s,
Group g,
edu.internet2.middleware.subject.Subject subj)
s - g - subj -
public static java.util.Set canViewGroups(GrouperSession s,
java.util.Set candidates)
s - candidates -
public static boolean canViewMembership(GrouperSession grouperSession,
Membership membership)
grouperSession - membership -
public static java.util.Set<Membership> canViewMemberships(GrouperSession grouperSession,
java.util.Collection<Membership> inputMemberships)
grouperSession - inputMemberships -
public static boolean canViewMembers(GrouperSession grouperSession,
Group group,
Field field)
grouperSession - group - field -
public static void dispatch(GrouperSession s,
Group g,
edu.internet2.middleware.subject.Subject subj,
Privilege priv)
throws InsufficientPrivilegeException,
SchemaException
s - g - subj - priv -
InsufficientPrivilegeException
SchemaException
public static void dispatch(GrouperSession s,
Stem ns,
edu.internet2.middleware.subject.Subject subj,
Privilege priv)
throws InsufficientPrivilegeException,
SchemaException
s - ns - subj - priv -
InsufficientPrivilegeException
SchemaException
public static void dispatch(GrouperSession s,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj,
Privilege priv)
throws InsufficientPrivilegeException,
SchemaException
s - attributeDef - subj - priv -
InsufficientPrivilegeException
SchemaExceptionpublic static Privilege[] getAccessPrivileges(Privilege[] privileges)
privileges -
public static Privilege[] getAttributeDefPrivileges(Privilege[] privileges)
privileges -
public static Privilege[] getNamingPrivileges(Privilege[] privileges)
privileges -
public static boolean isRoot(GrouperSession s)
s -
public static boolean isSystemSubject(edu.internet2.middleware.subject.Subject subject)
subject -
public static boolean isWheel(GrouperSession s)
s -
public static boolean isWheelOrRoot(edu.internet2.middleware.subject.Subject subject)
subject -
public static boolean canMoveStems(edu.internet2.middleware.subject.Subject subject)
subject -
public static boolean canCopyStems(edu.internet2.middleware.subject.Subject subject)
subject -
public static boolean canRenameStems(edu.internet2.middleware.subject.Subject subject)
subject -
public static boolean hasPrivilege(GrouperSession s,
AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subj,
java.util.Set<Privilege> privInSet)
s - attributeDef - subj - privInSet -
public static java.util.Set<AttributeDef> canViewAttributeDefs(GrouperSession s,
java.util.Collection<AttributeDef> inputAttributeDefs)
s - inputAttributeDefs -
public static boolean canViewAttributeAssign(GrouperSession grouperSession,
AttributeAssign attributeAssign,
boolean checkUnderlyingIfAssignmentOnAssignment)
grouperSession - attributeAssign - checkUnderlyingIfAssignmentOnAssignment - if deep security check should take place on underlying assignments
public static java.util.Set<AttributeAssign> canViewAttributeAssigns(GrouperSession grouperSession,
java.util.Collection<AttributeAssign> inputAttributeAssigns,
boolean checkUnderlyingIfAssignmentOnAssignment)
grouperSession - inputAttributeAssigns - checkUnderlyingIfAssignmentOnAssignment - if deep security check should take place on underlying assignments
public static java.util.Set<PermissionEntry> canViewPermissions(GrouperSession grouperSession,
java.util.Collection<PermissionEntry> inputPermissionEntries)
grouperSession - inputPermissionEntries -
public static java.util.Set<PITAttributeAssign> canViewPITAttributeAssigns(GrouperSession grouperSession,
java.util.Collection<PITAttributeAssign> inputPITAttributeAssigns,
boolean checkUnderlyingIfAssignmentOnAssignment)
grouperSession - inputPITAttributeAssigns - checkUnderlyingIfAssignmentOnAssignment - if deep security check should take place on underlying assignments
public static boolean hasImmediatePrivilege(Stem stem,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
stem - subject - privilege -
public static boolean hasImmediatePrivilege(AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
attributeDef - subject - privilege -
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||