|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
public interface AccessResolver
Facade for the AccessAdapter interface.
| Method Summary | |
|---|---|
void |
flushCache()
flush cache if caching resolver |
GrouperSession |
getGrouperSession()
get a reference to the session |
Set<Group> |
getGroupsWhereSubjectDoesntHavePrivilege(String stemId,
Stem.Scope scope,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege,
boolean considerAllSubject,
String sqlLikeString)
find the groups which do not have a certain privilege |
Set<Group> |
getGroupsWhereSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
Get all groups where subject has privilege. |
Set<AccessPrivilege> |
getPrivileges(Group group,
edu.internet2.middleware.subject.Subject subject)
Get all privileges subject has on group. |
Set<Stem> |
getStemsWhereGroupThatSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
Get all stems which have groups where subject has privilege. |
Set<edu.internet2.middleware.subject.Subject> |
getSubjectsWithPrivilege(Group group,
Privilege privilege)
Get all subjects with privilege on group. |
void |
grantPrivilege(Group group,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege,
String uuid)
Grant privilege to subject on group. |
boolean |
hasPrivilege(Group group,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
Check whether subject has privilege on group. |
boolean |
hqlFilterGroupsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String groupColumn,
Privilege privilege,
boolean considerAllSubject)
for a group query, check to make sure the subject cant see the records |
boolean |
hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String groupColumn,
Set<Privilege> privInSet)
for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like) |
Set<Group> |
postHqlFilterGroups(Set<Group> groups,
edu.internet2.middleware.subject.Subject subject,
Set<Privilege> privInSet)
after HQL is run, filter groups. |
Set<Membership> |
postHqlFilterMemberships(edu.internet2.middleware.subject.Subject subject,
Set<Membership> memberships)
filter memberships for things the subject can see |
Set<Stem> |
postHqlFilterStemsWithGroups(Set<Stem> stems,
edu.internet2.middleware.subject.Subject subject,
Set<Privilege> inPrivSet)
after HQL is run, filter stems that have groups with privs. |
void |
privilegeCopy(Group g1,
Group g2,
Privilege priv)
Copies privileges for subjects that have the specified privilege on g1 to g2. |
void |
privilegeCopy(edu.internet2.middleware.subject.Subject subj1,
edu.internet2.middleware.subject.Subject subj2,
Privilege priv)
Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. |
Set<PrivilegeSubjectContainer> |
retrievePrivileges(Group group,
Set<Privilege> privileges,
MembershipType membershipType,
QueryPaging queryPaging,
Set<Member> additionalMembers)
get a list of privilege subjects, there are no results with the same subject |
void |
revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject subject)
Revoke all access privileges that this subject has. |
void |
revokePrivilege(Group group,
Privilege privilege)
Revoke privilege from all subjects on group. |
void |
revokePrivilege(Group group,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
Revoke privilege from subject on group. |
void |
stop()
clean up resources, session is stopped |
| Method Detail |
|---|
void stop()
GrouperSession getGrouperSession()
void flushCache()
Set<Group> getGroupsWhereSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
throws IllegalArgumentException
subject - privilege -
IllegalArgumentException - if any parameter is null.AccessAdapter.getGroupsWhereSubjectHasPriv(edu.internet2.middleware.grouper.GrouperSession, Subject, Privilege)
Set<Group> getGroupsWhereSubjectDoesntHavePrivilege(String stemId,
Stem.Scope scope,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege,
boolean considerAllSubject,
String sqlLikeString)
stemId - scope - subject - privilege - considerAllSubject - sqlLikeString -
Set<Stem> getStemsWhereGroupThatSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
throws IllegalArgumentException
subject - privilege -
IllegalArgumentException - if any parameter is null.AccessAdapter.getGroupsWhereSubjectHasPriv(edu.internet2.middleware.grouper.GrouperSession, Subject, Privilege)
Set<AccessPrivilege> getPrivileges(Group group,
edu.internet2.middleware.subject.Subject subject)
throws IllegalArgumentException
group - subject -
IllegalArgumentException - if any parameter is null.AccessAdapter.getPrivs(GrouperSession, Group, Subject)
Set<edu.internet2.middleware.subject.Subject> getSubjectsWithPrivilege(Group group,
Privilege privilege)
throws IllegalArgumentException
group - privilege -
IllegalArgumentException - if any parameter is null.AccessAdapter.getSubjectsWithPriv(GrouperSession, Group, Privilege)
void grantPrivilege(Group group,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege,
String uuid)
throws IllegalArgumentException,
UnableToPerformException
group - subject - privilege - uuid - send uuid if known, else null
IllegalArgumentException - if any parameter is null.
UnableToPerformException - if the privilege could not be granted.AccessAdapter#grantPriv(GrouperSession, Group, Subject, Privilege)
boolean hasPrivilege(Group group,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
throws IllegalArgumentException
group - subject - privilege -
IllegalArgumentException - if any parameter is null.AccessAdapter.hasPriv(GrouperSession, Group, Subject, Privilege)
void revokePrivilege(Group group,
Privilege privilege)
throws IllegalArgumentException,
UnableToPerformException
group - privilege -
IllegalArgumentException - if any parameter is null.
UnableToPerformException - if the privilege could not be revoked.AccessAdapter.revokePriv(GrouperSession, Group, Privilege)
void revokePrivilege(Group group,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
throws IllegalArgumentException,
UnableToPerformException
group - subject - privilege -
IllegalArgumentException - if any parameter is null.
UnableToPerformException - if the privilege could not be revoked.AccessAdapter.revokePriv(GrouperSession, Group, Subject, Privilege)
void privilegeCopy(Group g1,
Group g2,
Privilege priv)
throws IllegalArgumentException,
UnableToPerformException
g1 - g2 - priv -
IllegalArgumentException
UnableToPerformException
void privilegeCopy(edu.internet2.middleware.subject.Subject subj1,
edu.internet2.middleware.subject.Subject subj2,
Privilege priv)
throws IllegalArgumentException,
UnableToPerformException
subj1 - subj2 - priv -
IllegalArgumentException
UnableToPerformException
Set<Group> postHqlFilterGroups(Set<Group> groups,
edu.internet2.middleware.subject.Subject subject,
Set<Privilege> privInSet)
groups - subject - which needs view access to the groupsprivInSet - find a privilege which is in this set
(e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter
Set<Stem> postHqlFilterStemsWithGroups(Set<Stem> stems,
edu.internet2.middleware.subject.Subject subject,
Set<Privilege> inPrivSet)
stems - subject - inPrivSet -
boolean hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String groupColumn,
Set<Privilege> privInSet)
subject - which needs view access to the groupshqlQuery - hql - the select and current from partgroupColumn - is the name of the group column to join toprivInSet - find a privilege which is in this set (e.g. for view, send all access privs)
boolean hqlFilterGroupsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String groupColumn,
Privilege privilege,
boolean considerAllSubject)
subject - which needs view access to the groupshqlQuery - hql - the select and current from partgroupColumn - is the name of the group column to join toprivilege - find a privilege which is in this set (e.g. for view, send all access privs)considerAllSubject - if true, then consider GrouperAll when seeign if subject has priv, else do not
Set<Membership> postHqlFilterMemberships(edu.internet2.middleware.subject.Subject subject,
Set<Membership> memberships)
memberships - subject -
void revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject subject)
subject -
Set<PrivilegeSubjectContainer> retrievePrivileges(Group group,
Set<Privilege> privileges,
MembershipType membershipType,
QueryPaging queryPaging,
Set<Member> additionalMembers)
group - to search onprivileges - if blank, get allmembershipType - if immediate, effective, or blank for allqueryPaging - if a certain page should be returned, based on subjectadditionalMembers - additional members to query that the user is finding or adding
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||