|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface AttributeDefResolver
Facade for the AttributeDefAdapter
interface.
Method Summary | |
---|---|
void |
flushCache()
flush cache if caching resolver |
Set<AttributeDef> |
getAttributeDefsWhereSubjectDoesntHavePrivilege(String stemId,
Stem.Scope scope,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege,
boolean considerAllSubject,
String sqlLikeString)
find the attributeDefs which do not have a certain privilege |
Set<AttributeDef> |
getAttributeDefsWhereSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
Get all attributedefs where subject has privilege. |
GrouperSession |
getGrouperSession()
get a reference to the session |
Set<AttributeDefPrivilege> |
getPrivileges(AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subject)
Get all privileges subject has on attributeDef. |
Set<edu.internet2.middleware.subject.Subject> |
getSubjectsWithPrivilege(AttributeDef attributeDef,
Privilege privilege)
Get all subjects with privilege on attributeDef. |
void |
grantPrivilege(AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege,
String uuid)
Grant privilege to subject on attributeDef. |
boolean |
hasPrivilege(AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
Check whether subject has privilege on attributeDef. |
boolean |
hqlFilterAttrDefsWhereClause(edu.internet2.middleware.subject.Subject subject,
HqlQuery hqlQuery,
StringBuilder hqlTables,
StringBuilder hqlWhereClause,
String attributeDefColumn,
Set<Privilege> privInSet)
for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttDefs instead if you like) |
boolean |
hqlFilterAttributeDefsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject subject,
HqlQuery hqlQuery,
StringBuilder hql,
String attributeDefColumn,
Privilege privilege,
boolean considerAllSubject)
for an attribute def query, check to make sure the subject cant see the records |
Set<AttributeDef> |
postHqlFilterAttrDefs(Set<AttributeDef> attributeDefs,
edu.internet2.middleware.subject.Subject subject,
Set<Privilege> privInSet)
after HQL is run, filter attributeDefs. |
Set<AttributeAssign> |
postHqlFilterAttributeAssigns(edu.internet2.middleware.subject.Subject subject,
Set<AttributeAssign> attributeAssigns)
filter attributeDefs for things the subject can see |
Set<PermissionEntry> |
postHqlFilterPermissions(edu.internet2.middleware.subject.Subject subject,
Set<PermissionEntry> permissionsEntries)
filter permissions for things the subject can see |
Set<PITAttributeAssign> |
postHqlFilterPITAttributeAssigns(edu.internet2.middleware.subject.Subject subject,
Set<PITAttributeAssign> pitAttributeAssigns)
filter pit attribute assignments for things the subject can see |
void |
privilegeCopy(AttributeDef attributeDef1,
AttributeDef attributeDef2,
Privilege priv)
Copies privileges for subjects that have the specified privilege on g1 to g2. |
void |
privilegeCopy(edu.internet2.middleware.subject.Subject subj1,
edu.internet2.middleware.subject.Subject subj2,
Privilege priv)
Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. |
Set<PrivilegeSubjectContainer> |
retrievePrivileges(AttributeDef attributeDef,
Set<Privilege> privileges,
MembershipType membershipType,
QueryPaging queryPaging,
Set<Member> additionalMembers)
get a list of privilege subjects, there are no results with the same subject |
void |
revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject subject)
Revoke all attrDef privileges that this subject has. |
void |
revokePrivilege(AttributeDef attributeDef,
Privilege privilege)
Revoke privilege from all subjects on attributeDef. |
void |
revokePrivilege(AttributeDef attributeDef,
edu.internet2.middleware.subject.Subject subject,
Privilege privilege)
Revoke privilege from subject on attributeDef. |
void |
stop()
clean up resources, session is stopped |
Method Detail |
---|
void stop()
GrouperSession getGrouperSession()
void flushCache()
Set<AttributeDef> getAttributeDefsWhereSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject, Privilege privilege) throws IllegalArgumentException
subject
- privilege
-
IllegalArgumentException
- if any parameter is null.AttributeDefAdapter.getAttributeDefsWhereSubjectHasPriv(GrouperSession, Subject, Privilege)
Set<AttributeDefPrivilege> getPrivileges(AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subject) throws IllegalArgumentException
attributeDef
- subject
-
IllegalArgumentException
- if any parameter is null.AttributeDefAdapter.getPrivs(GrouperSession, AttributeDef, Subject)
Set<edu.internet2.middleware.subject.Subject> getSubjectsWithPrivilege(AttributeDef attributeDef, Privilege privilege) throws IllegalArgumentException
attributeDef
- privilege
-
IllegalArgumentException
- if any parameter is null.AttributeDefAdapter.getSubjectsWithPriv(GrouperSession, AttributeDef, Privilege)
void grantPrivilege(AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subject, Privilege privilege, String uuid) throws IllegalArgumentException, UnableToPerformException
attributeDef
- subject
- privilege
- uuid
- is uuid or null for assigned
IllegalArgumentException
- if any parameter is null.
UnableToPerformException
- if the privilege could not be granted.AttributeDefAdapter.grantPriv(GrouperSession, AttributeDef, Subject, Privilege, String)
boolean hasPrivilege(AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subject, Privilege privilege) throws IllegalArgumentException
attributeDef
- subject
- privilege
-
IllegalArgumentException
- if any parameter is null.AttributeDefAdapter.hasPriv(GrouperSession, AttributeDef, Subject, Privilege)
void revokePrivilege(AttributeDef attributeDef, Privilege privilege) throws IllegalArgumentException, UnableToPerformException
attributeDef
- privilege
-
IllegalArgumentException
- if any parameter is null.
UnableToPerformException
- if the privilege could not be revoked.AttributeDefAdapter.revokePriv(GrouperSession, AttributeDef, Privilege)
void revokePrivilege(AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subject, Privilege privilege) throws IllegalArgumentException, UnableToPerformException
attributeDef
- subject
- privilege
-
IllegalArgumentException
- if any parameter is null.
UnableToPerformException
- if the privilege could not be revoked.AttributeDefAdapter.revokePriv(GrouperSession, AttributeDef, Subject, Privilege)
void privilegeCopy(AttributeDef attributeDef1, AttributeDef attributeDef2, Privilege priv) throws IllegalArgumentException, UnableToPerformException
attributeDef1
- attributeDef2
- priv
-
IllegalArgumentException
UnableToPerformException
void privilegeCopy(edu.internet2.middleware.subject.Subject subj1, edu.internet2.middleware.subject.Subject subj2, Privilege priv) throws IllegalArgumentException, UnableToPerformException
subj1
- subj2
- priv
-
IllegalArgumentException
UnableToPerformException
Set<AttributeDef> postHqlFilterAttrDefs(Set<AttributeDef> attributeDefs, edu.internet2.middleware.subject.Subject subject, Set<Privilege> privInSet)
attributeDefs
- subject
- which needs view access to the attribute defsprivInSet
- find a privilege which is in this set
(e.g. for view, send all attrDef privs). There are pre-canned sets in AttributeDefAdapter
boolean hqlFilterAttrDefsWhereClause(edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, StringBuilder hqlTables, StringBuilder hqlWhereClause, String attributeDefColumn, Set<Privilege> privInSet)
subject
- which needs view access to the attrDefshqlQuery
- hqlTables
- the select and current from parthqlWhereClause
- is there where clause part of the queryattributeDefColumn
- is the name of the attributeDef column to join toprivInSet
- find a privilege which is in this set (e.g. for view, send all attrDef privs)
Set<AttributeAssign> postHqlFilterAttributeAssigns(edu.internet2.middleware.subject.Subject subject, Set<AttributeAssign> attributeAssigns)
attributeAssigns
- subject
-
Set<PITAttributeAssign> postHqlFilterPITAttributeAssigns(edu.internet2.middleware.subject.Subject subject, Set<PITAttributeAssign> pitAttributeAssigns)
pitAttributeAssigns
- subject
-
Set<PermissionEntry> postHqlFilterPermissions(edu.internet2.middleware.subject.Subject subject, Set<PermissionEntry> permissionsEntries)
permissionsEntries
- subject
-
void revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject subject)
subject
- Set<AttributeDef> getAttributeDefsWhereSubjectDoesntHavePrivilege(String stemId, Stem.Scope scope, edu.internet2.middleware.subject.Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString)
stemId
- scope
- subject
- privilege
- considerAllSubject
- sqlLikeString
-
boolean hqlFilterAttributeDefsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject)
subject
- which needs view access to the groupshqlQuery
- hql
- the select and current from partattributeDefColumn
- is the name of the attributeDef column to join toprivilege
- find a privilege which is in this set (e.g. for view, attr view)considerAllSubject
- if true, then consider GrouperAll when seeign if subject has priv, else do not
Set<PrivilegeSubjectContainer> retrievePrivileges(AttributeDef attributeDef, Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, Set<Member> additionalMembers)
attributeDef
- to search onprivileges
- if blank, get allmembershipType
- if immediate, effective, or blank for allqueryPaging
- if a certain page should be returned, based on subjectadditionalMembers
- additional members to query that the user is finding or adding
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |