public class GrouperSystemAccessResolver extends AccessResolverDecorator
AccessResolver
.
Constructor and Description |
---|
GrouperSystemAccessResolver(AccessResolver resolver) |
Modifier and Type | Method and Description |
---|---|
void |
flushCache()
flush cache if caching resolver
|
Set<AccessPrivilege> |
getPrivileges(Group group,
Subject subject)
Get all privileges subject has on group.
|
boolean |
hasPrivilege(Group group,
Subject subject,
Privilege privilege)
Check whether subject has privilege on group.
|
boolean |
hqlFilterGroupsNotWithPrivWhereClause(Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String groupColumn,
Privilege privilege,
boolean considerAllSubject)
for a group query, check to make sure the subject cant see the records
|
boolean |
hqlFilterGroupsWhereClause(Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String groupColumn,
Set<Privilege> privInSet)
for a group query, check to make sure the subject can see the records (if filtering HQL, you can do
the postHqlFilterGroups instead if you like)
|
Set<Group> |
postHqlFilterGroups(Set<Group> groups,
Subject subject,
Set<Privilege> privInSet)
after HQL is run, filter groups.
|
Set<Membership> |
postHqlFilterMemberships(Subject subject,
Set<Membership> memberships)
filter memberships for things the subject can see
|
Set<Stem> |
postHqlFilterStemsWithGroups(Set<Stem> stems,
Subject subject,
Set<Privilege> inPrivSet)
after HQL is run, filter stems that have groups with privs.
|
void |
stop()
clean up resources, session is stopped
|
getDecoratedResolver, getGrouperSession, getGroupsWhereSubjectDoesntHavePrivilege, getGroupsWhereSubjectHasPrivilege, getStemsWhereGroupThatSubjectHasPrivilege, getSubjectsWithPrivilege, grantPrivilege, privilegeCopy, privilegeCopy, retrievePrivileges, revokeAllPrivilegesForSubject, revokePrivilege, revokePrivilege
public GrouperSystemAccessResolver(AccessResolver resolver)
resolver
- public void stop()
AccessResolver
stop
in interface AccessResolver
stop
in class AccessResolverDecorator
AccessResolver.stop()
public void flushCache()
AccessResolver
flushCache
in interface AccessResolver
flushCache
in class AccessResolverDecorator
AccessResolver.flushCache()
public Set<AccessPrivilege> getPrivileges(Group group, Subject subject) throws IllegalArgumentException
AccessResolver
getPrivileges
in interface AccessResolver
getPrivileges
in class AccessResolverDecorator
IllegalArgumentException
- if any parameter is null.AccessResolver.getPrivileges(Group, Subject)
public boolean hasPrivilege(Group group, Subject subject, Privilege privilege) throws IllegalArgumentException
AccessResolver
hasPrivilege
in interface AccessResolver
hasPrivilege
in class AccessResolverDecorator
IllegalArgumentException
- if any parameter is null.AccessResolver.hasPrivilege(Group, Subject, Privilege)
public Set<Group> postHqlFilterGroups(Set<Group> groups, Subject subject, Set<Privilege> privInSet)
AccessResolver
postHqlFilterGroups
in interface AccessResolver
postHqlFilterGroups
in class AccessResolverDecorator
subject
- which needs view access to the groupsprivInSet
- find a privilege which is in this set
(e.g. for view, send all access privs). There are pre-canned sets in AccessAdapterAccessResolver.postHqlFilterGroups(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)
public Set<Stem> postHqlFilterStemsWithGroups(Set<Stem> stems, Subject subject, Set<Privilege> inPrivSet)
AccessResolver
postHqlFilterStemsWithGroups
in interface AccessResolver
postHqlFilterStemsWithGroups
in class AccessResolverDecorator
AccessResolver.postHqlFilterStemsWithGroups(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)
public boolean hqlFilterGroupsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet)
AccessResolver
hqlFilterGroupsWhereClause
in interface AccessResolver
hqlFilterGroupsWhereClause
in class AccessResolverDecorator
subject
- which needs view access to the groupshql
- the select and current from partgroupColumn
- is the name of the group column to join toprivInSet
- find a privilege which is in this set (e.g. for view, send all access privs)AccessResolver.hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, String, Set)
public boolean hqlFilterGroupsNotWithPrivWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject)
AccessResolver
hqlFilterGroupsNotWithPrivWhereClause
in interface AccessResolver
hqlFilterGroupsNotWithPrivWhereClause
in class AccessResolverDecorator
subject
- which needs view access to the groupshql
- the select and current from partgroupColumn
- is the name of the group column to join toprivilege
- find a privilege which is in this set (e.g. for view, send all access privs)considerAllSubject
- if true, then consider GrouperAll when seeign if subject has priv, else do notAccessResolver.hqlFilterGroupsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, String, Privilege, boolean)
public Set<Membership> postHqlFilterMemberships(Subject subject, Set<Membership> memberships)
AccessResolver
postHqlFilterMemberships
in interface AccessResolver
postHqlFilterMemberships
in class AccessResolverDecorator
AccessResolver.postHqlFilterMemberships(edu.internet2.middleware.subject.Subject, java.util.Set)
Copyright © 2016 Internet2. All rights reserved.