public abstract class AccessResolverDecorator extends Object implements AccessResolver
AccessResolver
.
Constructor and Description |
---|
AccessResolverDecorator(AccessResolver resolver) |
Modifier and Type | Method and Description |
---|---|
void |
flushCache()
flush cache if caching resolver
|
AccessResolver |
getDecoratedResolver() |
GrouperSession |
getGrouperSession()
get a reference to the session
|
Set<Group> |
getGroupsWhereSubjectDoesntHavePrivilege(String stemId,
Stem.Scope scope,
Subject subject,
Privilege privilege,
boolean considerAllSubject,
String sqlLikeString)
find the groups which do not have a certain privilege
|
Set<Group> |
getGroupsWhereSubjectHasPrivilege(Subject subject,
Privilege privilege)
Get all groups where subject has privilege.
|
Set<AccessPrivilege> |
getPrivileges(Group group,
Subject subject)
Get all privileges subject has on group.
|
Set<Stem> |
getStemsWhereGroupThatSubjectHasPrivilege(Subject subject,
Privilege privilege)
Get all stems which have groups where subject has privilege.
|
Set<Subject> |
getSubjectsWithPrivilege(Group group,
Privilege privilege)
Get all subjects with privilege on group.
|
void |
grantPrivilege(Group group,
Subject subject,
Privilege privilege,
String uuid)
Grant privilege to subject on group.
|
boolean |
hasPrivilege(Group group,
Subject subject,
Privilege privilege)
Check whether subject has privilege on group.
|
boolean |
hqlFilterGroupsNotWithPrivWhereClause(Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String groupColumn,
Privilege privilege,
boolean considerAllSubject)
for a group query, check to make sure the subject cant see the records
|
boolean |
hqlFilterGroupsWhereClause(Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String groupColumn,
Set<Privilege> privInSet)
for a group query, check to make sure the subject can see the records (if filtering HQL, you can do
the postHqlFilterGroups instead if you like)
|
Set<Group> |
postHqlFilterGroups(Set<Group> groups,
Subject subject,
Set<Privilege> privInSet)
after HQL is run, filter groups.
|
Set<Membership> |
postHqlFilterMemberships(Subject subject,
Set<Membership> memberships)
filter memberships for things the subject can see
|
Set<Stem> |
postHqlFilterStemsWithGroups(Set<Stem> stems,
Subject subject,
Set<Privilege> inPrivSet)
after HQL is run, filter stems that have groups with privs.
|
void |
privilegeCopy(Group g1,
Group g2,
Privilege priv)
Copies privileges for subjects that have the specified privilege on g1 to g2.
|
void |
privilegeCopy(Subject subj1,
Subject subj2,
Privilege priv)
Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.
|
Set<PrivilegeSubjectContainer> |
retrievePrivileges(Group group,
Set<Privilege> privileges,
MembershipType membershipType,
QueryPaging queryPaging,
Set<Member> additionalMembers)
get a list of privilege subjects, there are no results with the same subject
|
void |
revokeAllPrivilegesForSubject(Subject subject)
Revoke all access privileges that this subject has.
|
void |
revokePrivilege(Group group,
Privilege privilege)
Revoke privilege from all subjects on group.
|
void |
revokePrivilege(Group group,
Subject subject,
Privilege privilege)
Revoke privilege from subject on group.
|
void |
stop()
clean up resources, session is stopped
|
public AccessResolverDecorator(AccessResolver resolver) throws IllegalArgumentException
resolver
- AccessResolver to decorate.IllegalArgumentException
- if resolver is null.public AccessResolver getDecoratedResolver() throws IllegalStateException
IllegalStateException
- if no decorated AccessResolver.public void flushCache()
AccessResolver
flushCache
in interface AccessResolver
AccessResolver.flushCache()
public GrouperSession getGrouperSession()
AccessResolver
getGrouperSession
in interface AccessResolver
AccessResolver.getGrouperSession()
public Set<Group> getGroupsWhereSubjectHasPrivilege(Subject subject, Privilege privilege) throws IllegalArgumentException
AccessResolver
getGroupsWhereSubjectHasPrivilege
in interface AccessResolver
IllegalArgumentException
- if any parameter is null.AccessResolver.getGroupsWhereSubjectHasPrivilege(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)
public Set<Group> getGroupsWhereSubjectDoesntHavePrivilege(String stemId, Stem.Scope scope, Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString)
AccessResolver
getGroupsWhereSubjectDoesntHavePrivilege
in interface AccessResolver
AccessResolver#getGroupsWhereSubjectDoesntHavePrivilege(String, Scope, Subject, Privilege, boolean, String)
public Set<Stem> getStemsWhereGroupThatSubjectHasPrivilege(Subject subject, Privilege privilege) throws IllegalArgumentException
AccessResolver
getStemsWhereGroupThatSubjectHasPrivilege
in interface AccessResolver
IllegalArgumentException
- if any parameter is null.AccessResolver.getStemsWhereGroupThatSubjectHasPrivilege(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)
public Set<AccessPrivilege> getPrivileges(Group group, Subject subject) throws IllegalArgumentException
AccessResolver
getPrivileges
in interface AccessResolver
IllegalArgumentException
- if any parameter is null.AccessResolver.getPrivileges(edu.internet2.middleware.grouper.Group, edu.internet2.middleware.subject.Subject)
public Set<Subject> getSubjectsWithPrivilege(Group group, Privilege privilege) throws IllegalArgumentException
AccessResolver
getSubjectsWithPrivilege
in interface AccessResolver
IllegalArgumentException
- if any parameter is null.AccessResolver.getSubjectsWithPrivilege(edu.internet2.middleware.grouper.Group, edu.internet2.middleware.grouper.privs.Privilege)
public void grantPrivilege(Group group, Subject subject, Privilege privilege, String uuid) throws IllegalArgumentException, UnableToPerformException
AccessResolver
grantPrivilege
in interface AccessResolver
uuid
- send uuid if known, else nullIllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be granted.AccessResolver.grantPrivilege(edu.internet2.middleware.grouper.Group, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege, String)
public boolean hasPrivilege(Group group, Subject subject, Privilege privilege) throws IllegalArgumentException
AccessResolver
hasPrivilege
in interface AccessResolver
IllegalArgumentException
- if any parameter is null.AccessResolver.hasPrivilege(edu.internet2.middleware.grouper.Group, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)
public boolean hqlFilterGroupsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet)
AccessResolver
hqlFilterGroupsWhereClause
in interface AccessResolver
subject
- which needs view access to the groupshql
- the select and current from partgroupColumn
- is the name of the group column to join toprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs)AccessResolver.hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, java.util.Set)
public boolean hqlFilterGroupsNotWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject)
AccessResolver
hqlFilterGroupsNotWithPrivWhereClause
in interface AccessResolver
subject
- which needs view access to the groupshql
- the select and current from partgroupColumn
- is the name of the group column to join toprivilege
- find a privilege which is in this set (e.g. for view, send all access privs)considerAllSubject
- if true, then consider GrouperAll when seeign if subject has priv, else do notedu.internet2.middleware.grouper.privs.AccessResolver#hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege)
public Set<Group> postHqlFilterGroups(Set<Group> groups, Subject subject, Set<Privilege> privInSet)
AccessResolver
postHqlFilterGroups
in interface AccessResolver
subject
- which needs view access to the groupsprivInSet
- find a privilege which is in this set
(e.g. for view, send all access privs). There are pre-canned sets in AccessAdapterAccessResolver.postHqlFilterGroups(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)
public Set<Stem> postHqlFilterStemsWithGroups(Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet)
AccessResolver
postHqlFilterStemsWithGroups
in interface AccessResolver
AccessResolver.postHqlFilterStemsWithGroups(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)
public Set<Membership> postHqlFilterMemberships(Subject subject, Set<Membership> memberships)
AccessResolver
postHqlFilterMemberships
in interface AccessResolver
AccessResolver.postHqlFilterMemberships(edu.internet2.middleware.subject.Subject, java.util.Set)
public void privilegeCopy(Group g1, Group g2, Privilege priv) throws IllegalArgumentException, UnableToPerformException
AccessResolver
public void privilegeCopy(Subject subj1, Subject subj2, Privilege priv) throws IllegalArgumentException, UnableToPerformException
AccessResolver
public void revokeAllPrivilegesForSubject(Subject subject)
AccessResolver
revokeAllPrivilegesForSubject
in interface AccessResolver
AccessResolver.revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject)
public void revokePrivilege(Group group, Privilege privilege) throws IllegalArgumentException, UnableToPerformException
AccessResolver
revokePrivilege
in interface AccessResolver
IllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be revoked.AccessResolver.revokePrivilege(edu.internet2.middleware.grouper.Group, edu.internet2.middleware.grouper.privs.Privilege)
public void revokePrivilege(Group group, Subject subject, Privilege privilege) throws IllegalArgumentException, UnableToPerformException
AccessResolver
revokePrivilege
in interface AccessResolver
IllegalArgumentException
- if any parameter is null.UnableToPerformException
- if the privilege could not be revoked.AccessResolver.revokePrivilege(edu.internet2.middleware.grouper.Group, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)
public void stop()
AccessResolver
stop
in interface AccessResolver
AccessResolver.stop()
public Set<PrivilegeSubjectContainer> retrievePrivileges(Group group, Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, Set<Member> additionalMembers)
AccessResolver
retrievePrivileges
in interface AccessResolver
group
- to search onprivileges
- if blank, get allmembershipType
- if immediate, effective, or blank for allqueryPaging
- if a certain page should be returned, based on subjectadditionalMembers
- additional members to query that the user is finding or addingAccessResolver.retrievePrivileges(Group, java.util.Set, edu.internet2.middleware.grouper.membership.MembershipType, edu.internet2.middleware.grouper.internal.dao.QueryPaging, java.util.Set)
Copyright © 2016 Internet2. All rights reserved.