|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectedu.internet2.middleware.grouper.privs.AccessResolverDecorator
edu.internet2.middleware.grouper.privs.ValidatingAccessResolver
public class ValidatingAccessResolver
Decorator that provides parameter validation for AccessResolver.
| Constructor Summary | |
|---|---|
ValidatingAccessResolver(AccessResolver resolver)
|
|
| Method Summary | |
|---|---|
void |
flushCache()
flush cache if caching resolver |
java.util.Set<Group> |
getGroupsWhereSubjectDoesntHavePrivilege(java.lang.String stemId,
Stem.Scope scope,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege,
boolean considerAllSubject,
java.lang.String sqlLikeString)
find the groups which do not have a certain privilege |
java.util.Set<Group> |
getGroupsWhereSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
Get all groups where subject has privilege. |
java.util.Set<AccessPrivilege> |
getPrivileges(Group group,
edu.internet2.middleware.subject.Subject subject)
Get all privileges subject has on group. |
java.util.Set<Stem> |
getStemsWhereGroupThatSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
Get all stems which have groups where subject has privilege. |
java.util.Set<edu.internet2.middleware.subject.Subject> |
getSubjectsWithPrivilege(Group group,
Privilege privilege)
Get all subjects with privilege on group. |
void |
grantPrivilege(Group group,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege,
java.lang.String uuid)
Grant privilege to subject on group. |
boolean |
hasPrivilege(Group group,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
Check whether subject has privilege on group. |
boolean |
hqlFilterGroupsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject subject,
HqlQuery hqlQuery,
java.lang.StringBuilder hql,
java.lang.String groupColumn,
Privilege privilege,
boolean considerAllSubject)
for a group query, check to make sure the subject cant see the records |
boolean |
hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject subject,
HqlQuery hqlQuery,
java.lang.StringBuilder hql,
java.lang.String groupColumn,
java.util.Set<Privilege> privInSet)
for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like) |
java.util.Set<Group> |
postHqlFilterGroups(java.util.Set<Group> groups,
edu.internet2.middleware.subject.Subject subject,
java.util.Set<Privilege> privInSet)
after HQL is run, filter groups. |
java.util.Set<Membership> |
postHqlFilterMemberships(edu.internet2.middleware.subject.Subject subject,
java.util.Set<Membership> memberships)
filter memberships for things the subject can see |
java.util.Set<Stem> |
postHqlFilterStemsWithGroups(java.util.Set<Stem> stems,
edu.internet2.middleware.subject.Subject subject,
java.util.Set<Privilege> inPrivSet)
after HQL is run, filter stems that have groups with privs. |
void |
privilegeCopy(Group g1,
Group g2,
Privilege priv)
Copies privileges for subjects that have the specified privilege on g1 to g2. |
void |
privilegeCopy(edu.internet2.middleware.subject.Subject subj1,
edu.internet2.middleware.subject.Subject subj2,
Privilege priv)
Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. |
java.util.Set<PrivilegeSubjectContainer> |
retrievePrivileges(Group group,
java.util.Set<Privilege> privileges,
MembershipType membershipType,
QueryPaging queryPaging,
java.util.Set<Member> additionalMembers)
get a list of privilege subjects, there are no results with the same subject |
void |
revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject subject)
Revoke all access privileges that this subject has. |
void |
revokePrivilege(Group group,
Privilege privilege)
Revoke privilege from all subjects on group. |
void |
revokePrivilege(Group group,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
Revoke privilege from subject on group. |
| Methods inherited from class edu.internet2.middleware.grouper.privs.AccessResolverDecorator |
|---|
getDecoratedResolver, getGrouperSession, stop |
| Methods inherited from class java.lang.Object |
|---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public ValidatingAccessResolver(AccessResolver resolver)
resolver - | Method Detail |
|---|
public void flushCache()
AccessResolver
flushCache in interface AccessResolverflushCache in class AccessResolverDecoratorAccessResolver.flushCache()
public java.util.Set<Group> getGroupsWhereSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
throws java.lang.IllegalArgumentException
AccessResolver
getGroupsWhereSubjectHasPrivilege in interface AccessResolvergetGroupsWhereSubjectHasPrivilege in class AccessResolverDecoratorjava.lang.IllegalArgumentException - if any parameter is null.AccessResolver.getGroupsWhereSubjectHasPrivilege(Subject, Privilege)
public java.util.Set<Group> getGroupsWhereSubjectDoesntHavePrivilege(java.lang.String stemId,
Stem.Scope scope,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege,
boolean considerAllSubject,
java.lang.String sqlLikeString)
throws java.lang.IllegalArgumentException
AccessResolver
getGroupsWhereSubjectDoesntHavePrivilege in interface AccessResolvergetGroupsWhereSubjectDoesntHavePrivilege in class AccessResolverDecoratorjava.lang.IllegalArgumentExceptionAccessResolver#getGroupsWhereSubjectDoesntHavePrivilege(String, Scope, Subject, Privilege, boolean, String)
public java.util.Set<Stem> getStemsWhereGroupThatSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
throws java.lang.IllegalArgumentException
AccessResolver
getStemsWhereGroupThatSubjectHasPrivilege in interface AccessResolvergetStemsWhereGroupThatSubjectHasPrivilege in class AccessResolverDecoratorjava.lang.IllegalArgumentException - if any parameter is null.AccessResolverDecorator.getStemsWhereGroupThatSubjectHasPrivilege(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)
public java.util.Set<AccessPrivilege> getPrivileges(Group group,
edu.internet2.middleware.subject.Subject subject)
throws java.lang.IllegalArgumentException
AccessResolver
getPrivileges in interface AccessResolvergetPrivileges in class AccessResolverDecoratorjava.lang.IllegalArgumentException - if any parameter is null.AccessResolver.getPrivileges(Group, Subject)
public java.util.Set<edu.internet2.middleware.subject.Subject> getSubjectsWithPrivilege(Group group,
Privilege privilege)
throws java.lang.IllegalArgumentException
AccessResolver
getSubjectsWithPrivilege in interface AccessResolvergetSubjectsWithPrivilege in class AccessResolverDecoratorjava.lang.IllegalArgumentException - if any parameter is null.AccessResolver.getSubjectsWithPrivilege(Group, Privilege)
public void grantPrivilege(Group group,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege,
java.lang.String uuid)
throws java.lang.IllegalArgumentException,
UnableToPerformException
AccessResolver
grantPrivilege in interface AccessResolvergrantPrivilege in class AccessResolverDecoratoruuid - send uuid if known, else null
java.lang.IllegalArgumentException - if any parameter is null.
UnableToPerformException - if the privilege could not be granted.AccessResolver.grantPrivilege(Group, Subject, Privilege, String)
public boolean hasPrivilege(Group group,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
throws java.lang.IllegalArgumentException
AccessResolver
hasPrivilege in interface AccessResolverhasPrivilege in class AccessResolverDecoratorjava.lang.IllegalArgumentException - if any parameter is null.AccessResolver.hasPrivilege(Group, Subject, Privilege)
public void revokePrivilege(Group group,
Privilege privilege)
throws java.lang.IllegalArgumentException,
UnableToPerformException
AccessResolver
revokePrivilege in interface AccessResolverrevokePrivilege in class AccessResolverDecoratorjava.lang.IllegalArgumentException - if any parameter is null.
UnableToPerformException - if the privilege could not be revoked.AccessResolver.revokePrivilege(Group, Privilege)
public java.util.Set<Group> postHqlFilterGroups(java.util.Set<Group> groups,
edu.internet2.middleware.subject.Subject subject,
java.util.Set<Privilege> privInSet)
AccessResolver
postHqlFilterGroups in interface AccessResolverpostHqlFilterGroups in class AccessResolverDecoratorsubject - which needs view access to the groupsprivInSet - find a privilege which is in this set
(e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter
AccessResolver.postHqlFilterGroups(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)
public java.util.Set<Stem> postHqlFilterStemsWithGroups(java.util.Set<Stem> stems,
edu.internet2.middleware.subject.Subject subject,
java.util.Set<Privilege> inPrivSet)
AccessResolver
postHqlFilterStemsWithGroups in interface AccessResolverpostHqlFilterStemsWithGroups in class AccessResolverDecoratorAccessResolver.postHqlFilterStemsWithGroups(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)
public void revokePrivilege(Group group,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
throws java.lang.IllegalArgumentException,
UnableToPerformException
AccessResolver
revokePrivilege in interface AccessResolverrevokePrivilege in class AccessResolverDecoratorjava.lang.IllegalArgumentException - if any parameter is null.
UnableToPerformException - if the privilege could not be revoked.AccessResolver.revokePrivilege(Group, Subject, Privilege)
public void privilegeCopy(Group g1,
Group g2,
Privilege priv)
throws java.lang.IllegalArgumentException,
UnableToPerformException
AccessResolver
privilegeCopy in interface AccessResolverprivilegeCopy in class AccessResolverDecoratorjava.lang.IllegalArgumentException
UnableToPerformExceptionAccessResolver.privilegeCopy(edu.internet2.middleware.grouper.Group, edu.internet2.middleware.grouper.Group, edu.internet2.middleware.grouper.privs.Privilege)
public void privilegeCopy(edu.internet2.middleware.subject.Subject subj1,
edu.internet2.middleware.subject.Subject subj2,
Privilege priv)
throws java.lang.IllegalArgumentException,
UnableToPerformException
AccessResolver
privilegeCopy in interface AccessResolverprivilegeCopy in class AccessResolverDecoratorjava.lang.IllegalArgumentException
UnableToPerformExceptionAccessResolver.privilegeCopy(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)
public boolean hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject subject,
HqlQuery hqlQuery,
java.lang.StringBuilder hql,
java.lang.String groupColumn,
java.util.Set<Privilege> privInSet)
AccessResolver
hqlFilterGroupsWhereClause in interface AccessResolverhqlFilterGroupsWhereClause in class AccessResolverDecoratorsubject - which needs view access to the groupshql - the select and current from partgroupColumn - is the name of the group column to join toprivInSet - find a privilege which is in this set (e.g. for view, send all access privs)
AccessResolver.hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, String, Set)
public boolean hqlFilterGroupsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject subject,
HqlQuery hqlQuery,
java.lang.StringBuilder hql,
java.lang.String groupColumn,
Privilege privilege,
boolean considerAllSubject)
AccessResolver
hqlFilterGroupsNotWithPrivWhereClause in interface AccessResolverhqlFilterGroupsNotWithPrivWhereClause in class AccessResolverDecoratorsubject - which needs view access to the groupshql - the select and current from partgroupColumn - is the name of the group column to join toprivilege - find a privilege which is in this set (e.g. for view, send all access privs)considerAllSubject - if true, then consider GrouperAll when seeign if subject has priv, else do not
edu.internet2.middleware.grouper.privs.AccessResolver#hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, String, Privilege, boolean)
public java.util.Set<Membership> postHqlFilterMemberships(edu.internet2.middleware.subject.Subject subject,
java.util.Set<Membership> memberships)
AccessResolver
postHqlFilterMemberships in interface AccessResolverpostHqlFilterMemberships in class AccessResolverDecoratorAccessResolver.postHqlFilterMemberships(edu.internet2.middleware.subject.Subject, java.util.Set)public void revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject subject)
AccessResolver
revokeAllPrivilegesForSubject in interface AccessResolverrevokeAllPrivilegesForSubject in class AccessResolverDecoratorAccessResolver.revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject)
public java.util.Set<PrivilegeSubjectContainer> retrievePrivileges(Group group,
java.util.Set<Privilege> privileges,
MembershipType membershipType,
QueryPaging queryPaging,
java.util.Set<Member> additionalMembers)
AccessResolver
retrievePrivileges in interface AccessResolverretrievePrivileges in class AccessResolverDecoratorgroup - to search onprivileges - if blank, get allmembershipType - if immediate, effective, or blank for allqueryPaging - if a certain page should be returned, based on subjectadditionalMembers - additional members to query that the user is finding or adding
AccessResolverDecorator.retrievePrivileges(Group, java.util.Set, edu.internet2.middleware.grouper.membership.MembershipType, edu.internet2.middleware.grouper.internal.dao.QueryPaging, java.util.Set)
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||