Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.grouper.privs
Class PrivilegeHelper

java.lang.Object
  extended by edu.internet2.middleware.grouper.privs.PrivilegeHelper

public class PrivilegeHelper
extends Object

Privilege helper class.

TODO 20070823 Relocate these methods once I figure out the best home for them.

Since:
1.2.1
Version:
$Id: PrivilegeHelper.java,v 1.12 2009-09-28 05:06:46 mchyzer Exp $
Author:
blair christensen.

Constructor Summary
PrivilegeHelper()
           
 
Method Summary
static boolean canAdmin(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj)
           
static boolean canAttrAdmin(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)
           
static boolean canAttrDefAttrRead(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)
           
static boolean canAttrDefAttrUpdate(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)
           
static boolean canAttrOptin(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)
           
static boolean canAttrOptout(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)
           
static boolean canAttrRead(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)
           
static boolean canAttrUpdate(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)
           
static boolean canAttrView(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)
           
static boolean canCopyStems(edu.internet2.middleware.subject.Subject subject)
          Is this user allowed to copy stems?
static boolean canCreate(GrouperSession s, Stem ns, edu.internet2.middleware.subject.Subject subj)
          TODO 20070823 find a real home for this and/or add tests
static boolean canGroupAttrRead(GrouperSession s, Group group, edu.internet2.middleware.subject.Subject subj)
           
static boolean canGroupAttrUpdate(GrouperSession s, Group group, edu.internet2.middleware.subject.Subject subj)
           
static boolean canMoveStems(edu.internet2.middleware.subject.Subject subject)
          Is this user allowed to move stems?
static boolean canOptin(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj)
          TODO 20070823 find a real home for this and/or add tests
static boolean canOptout(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj)
          TODO 20070823 find a real home for this and/or add tests
static boolean canRead(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj)
          TODO 20070823 find a real home for this and/or add tests
static boolean canRenameStems(edu.internet2.middleware.subject.Subject subject)
          Is this user allowed to rename stems?
static boolean canStem(GrouperSession s, Stem ns, edu.internet2.middleware.subject.Subject subj)
          TODO 20070823 find a real home for this and/or add tests
static boolean canStem(Stem ns, edu.internet2.middleware.subject.Subject subj)
          TODO 20070823 find a real home for this and/or add tests
static boolean canStemAdmin(GrouperSession s, Stem ns, edu.internet2.middleware.subject.Subject subj)
           
static boolean canStemAdmin(Stem ns, edu.internet2.middleware.subject.Subject subj)
           
static boolean canStemAttrRead(GrouperSession s, Stem stem, edu.internet2.middleware.subject.Subject subj)
           
static boolean canStemAttrUpdate(GrouperSession s, Stem stem, edu.internet2.middleware.subject.Subject subj)
           
static boolean canUpdate(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj)
          TODO 20070823 find a real home for this and/or add tests
static boolean canView(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj)
          TODO 20070823 find a real home for this and/or add tests
static boolean canViewAttributeAssign(GrouperSession grouperSession, AttributeAssign attributeAssign, boolean checkUnderlyingIfAssignmentOnAssignment)
          see if the attribute assigns are viewable
static Set<AttributeAssign> canViewAttributeAssigns(GrouperSession grouperSession, Collection<AttributeAssign> inputAttributeAssigns, boolean checkUnderlyingIfAssignmentOnAssignment)
          see if the attribute assigns are viewable
static Set<AttributeDef> canViewAttributeDefs(GrouperSession s, Collection<AttributeDef> inputAttributeDefs)
          TODO 20070823 find a real home for this and/or add tests
static Set canViewGroups(GrouperSession s, Set candidates)
          TODO 20070823 find a real home for this and/or add tests
static boolean canViewMembers(GrouperSession grouperSession, Group group, Field field)
           
static boolean canViewMembership(GrouperSession grouperSession, Membership membership)
           
static Set<Membership> canViewMemberships(GrouperSession grouperSession, Collection<Membership> inputMemberships)
           
static Set<PermissionEntry> canViewPermissions(GrouperSession grouperSession, Collection<PermissionEntry> inputPermissionEntries)
          see if the attribute assigns are viewable
static Set<PITAttributeAssign> canViewPITAttributeAssigns(GrouperSession grouperSession, Collection<PITAttributeAssign> inputPITAttributeAssigns, boolean checkUnderlyingIfAssignmentOnAssignment)
          see if the pit attribute assigns are viewable
static void dispatch(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj, Privilege priv)
          TODO 20070823 find a real home for this and/or add tests
static void dispatch(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj, Privilege priv)
          TODO 20070823 find a real home for this and/or add tests
static void dispatch(GrouperSession s, Stem ns, edu.internet2.middleware.subject.Subject subj, Privilege priv)
          TODO 20070823 find a real home for this and/or add tests
static Collection<String> fieldIdsFromPrivileges(Collection<Privilege> privileges)
          convert a collection of privileges to a collection of fieldIds
static void flushCache()
          flush all privilege caches
static Privilege[] getAccessPrivileges(Privilege[] privileges)
          TODO 20070824 add tests
static Privilege[] getAttributeDefPrivileges(Privilege[] privileges)
          TODO 20070824 add tests
static Privilege[] getNamingPrivileges(Privilege[] privileges)
          TODO 20070824 add tests
static boolean hasImmediatePrivilege(AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          see if an attributeDef has an immediate privilege
static boolean hasImmediatePrivilege(Group group, edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          see if a group has an immediate privilege
static boolean hasImmediatePrivilege(Stem stem, edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          see if a stem has an immediate privilege
static boolean hasPrivilege(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj, Set<Privilege> privInSet)
           
static boolean hasPrivilege(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj, Set<Privilege> privInSet)
           
static boolean hasPrivilege(GrouperSession s, Stem stem, edu.internet2.middleware.subject.Subject subj, Set<Privilege> privInSet)
           
static boolean isRoot(GrouperSession s)
          TODO 20070823 find a real home for this and/or add tests
static boolean isSystemSubject(edu.internet2.middleware.subject.Subject subject)
          see if system subject
static boolean isWheel(GrouperSession s)
          TODO 20070823 find a real home for this and/or add tests
static boolean isWheelOrRoot(edu.internet2.middleware.subject.Subject subject)
          see if a subject is wheel or root
static boolean isWheelOrRootOrReadonlyRoot(edu.internet2.middleware.subject.Subject subject)
          see if a subject is wheel or root or readonly root
static boolean isWheelOrRootOrViewonlyRoot(edu.internet2.middleware.subject.Subject subject)
          see if a subject is wheel or root or viewonly root (or readonly)
static void resolveSubjects(Collection<GrouperPrivilege> grouperPrivileges, boolean resolveAllAlways)
          resolve subjects in one batch
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PrivilegeHelper

public PrivilegeHelper()
Method Detail

fieldIdsFromPrivileges

public static Collection<String> fieldIdsFromPrivileges(Collection<Privilege> privileges)
convert a collection of privileges to a collection of fieldIds

Parameters:
privileges -
Returns:
the field

hasImmediatePrivilege

public static boolean hasImmediatePrivilege(Group group,
                                            edu.internet2.middleware.subject.Subject subject,
                                            Privilege privilege)
see if a group has an immediate privilege

Parameters:
group -
subject -
privilege -
Returns:
true if has immediate privilege, false if not

flushCache

public static void flushCache()
flush all privilege caches

resolveSubjects

public static void resolveSubjects(Collection<GrouperPrivilege> grouperPrivileges,
                                   boolean resolveAllAlways)
resolve subjects in one batch

Parameters:
grouperPrivileges -
resolveAllAlways - true to always resolve all no matter how many, false if there are more than 2000 or however many (e.g. for UI)

canAdmin

public static boolean canAdmin(GrouperSession s,
                               Group g,
                               edu.internet2.middleware.subject.Subject subj)
Parameters:
s -
g -
subj -
Returns:
admin
Since:
1.2.1

canAttrAdmin

public static boolean canAttrAdmin(GrouperSession s,
                                   AttributeDef attributeDef,
                                   edu.internet2.middleware.subject.Subject subj)
Parameters:
s -
attributeDef -
subj -
Returns:
admin

canAttrRead

public static boolean canAttrRead(GrouperSession s,
                                  AttributeDef attributeDef,
                                  edu.internet2.middleware.subject.Subject subj)
Parameters:
s -
attributeDef -
subj -
Returns:
admin

canAttrView

public static boolean canAttrView(GrouperSession s,
                                  AttributeDef attributeDef,
                                  edu.internet2.middleware.subject.Subject subj)
Parameters:
s -
attributeDef -
subj -
Returns:
admin

canGroupAttrRead

public static boolean canGroupAttrRead(GrouperSession s,
                                       Group group,
                                       edu.internet2.middleware.subject.Subject subj)
Parameters:
s -
group -
subj -
Returns:
true if allowed

canGroupAttrUpdate

public static boolean canGroupAttrUpdate(GrouperSession s,
                                         Group group,
                                         edu.internet2.middleware.subject.Subject subj)
Parameters:
s -
group -
subj -
Returns:
true if allowed

canAttrDefAttrRead

public static boolean canAttrDefAttrRead(GrouperSession s,
                                         AttributeDef attributeDef,
                                         edu.internet2.middleware.subject.Subject subj)
Parameters:
s -
attributeDef -
subj -
Returns:
true if allowed

canAttrDefAttrUpdate

public static boolean canAttrDefAttrUpdate(GrouperSession s,
                                           AttributeDef attributeDef,
                                           edu.internet2.middleware.subject.Subject subj)
Parameters:
s -
attributeDef -
subj -
Returns:
true if allowed

canStemAttrRead

public static boolean canStemAttrRead(GrouperSession s,
                                      Stem stem,
                                      edu.internet2.middleware.subject.Subject subj)
Parameters:
s -
stem -
subj -
Returns:
true if allowed

canStemAttrUpdate

public static boolean canStemAttrUpdate(GrouperSession s,
                                        Stem stem,
                                        edu.internet2.middleware.subject.Subject subj)
Parameters:
s -
stem -
subj -
Returns:
true if allowed

canAttrUpdate

public static boolean canAttrUpdate(GrouperSession s,
                                    AttributeDef attributeDef,
                                    edu.internet2.middleware.subject.Subject subj)
Parameters:
s -
attributeDef -
subj -
Returns:
admin

canAttrOptin

public static boolean canAttrOptin(GrouperSession s,
                                   AttributeDef attributeDef,
                                   edu.internet2.middleware.subject.Subject subj)
Parameters:
s -
attributeDef -
subj -
Returns:
admin

canAttrOptout

public static boolean canAttrOptout(GrouperSession s,
                                    AttributeDef attributeDef,
                                    edu.internet2.middleware.subject.Subject subj)
Parameters:
s -
attributeDef -
subj -
Returns:
admin

canCreate

public static boolean canCreate(GrouperSession s,
                                Stem ns,
                                edu.internet2.middleware.subject.Subject subj)
TODO 20070823 find a real home for this and/or add tests

Parameters:
s -
ns -
subj -
Returns:
can create
Since:
1.2.1

canOptin

public static boolean canOptin(GrouperSession s,
                               Group g,
                               edu.internet2.middleware.subject.Subject subj)
TODO 20070823 find a real home for this and/or add tests

Parameters:
s -
g -
subj -
Returns:
can
Since:
1.2.1

hasPrivilege

public static boolean hasPrivilege(GrouperSession s,
                                   Stem stem,
                                   edu.internet2.middleware.subject.Subject subj,
                                   Set<Privilege> privInSet)
Parameters:
s -
stem -
subj -
privInSet -
Returns:
if has privilege

hasPrivilege

public static boolean hasPrivilege(GrouperSession s,
                                   Group g,
                                   edu.internet2.middleware.subject.Subject subj,
                                   Set<Privilege> privInSet)
Parameters:
s -
g -
subj -
privInSet -
Returns:
if has privilege

canOptout

public static boolean canOptout(GrouperSession s,
                                Group g,
                                edu.internet2.middleware.subject.Subject subj)
TODO 20070823 find a real home for this and/or add tests

Parameters:
s -
g -
subj -
Returns:
can optout
Since:
1.2.1

canRead

public static boolean canRead(GrouperSession s,
                              Group g,
                              edu.internet2.middleware.subject.Subject subj)
TODO 20070823 find a real home for this and/or add tests

Parameters:
s -
g -
subj -
Returns:
can read
Since:
1.2.1

canStem

public static boolean canStem(Stem ns,
                              edu.internet2.middleware.subject.Subject subj)
TODO 20070823 find a real home for this and/or add tests

Parameters:
ns -
subj -
Returns:
can stem
Since:
1.2.1

canStemAdmin

public static boolean canStemAdmin(Stem ns,
                                   edu.internet2.middleware.subject.Subject subj)
Parameters:
ns -
subj -
Returns:
can stem admin

canStem

public static boolean canStem(GrouperSession s,
                              Stem ns,
                              edu.internet2.middleware.subject.Subject subj)
TODO 20070823 find a real home for this and/or add tests

Parameters:
s -
ns -
subj -
Returns:
can stem
Since:
1.2.1

canStemAdmin

public static boolean canStemAdmin(GrouperSession s,
                                   Stem ns,
                                   edu.internet2.middleware.subject.Subject subj)
Parameters:
s -
ns -
subj -
Returns:
can stem admin

canUpdate

public static boolean canUpdate(GrouperSession s,
                                Group g,
                                edu.internet2.middleware.subject.Subject subj)
TODO 20070823 find a real home for this and/or add tests

Parameters:
s -
g -
subj -
Returns:
can update
Since:
1.2.1

canView

public static boolean canView(GrouperSession s,
                              Group g,
                              edu.internet2.middleware.subject.Subject subj)
TODO 20070823 find a real home for this and/or add tests

Parameters:
s -
g -
subj -
Returns:
can view
Since:
1.2.1

canViewGroups

public static Set canViewGroups(GrouperSession s,
                                Set candidates)
TODO 20070823 find a real home for this and/or add tests

Parameters:
s -
candidates -
Returns:
can view
Since:
1.2.1

canViewMembership

public static boolean canViewMembership(GrouperSession grouperSession,
                                        Membership membership)
Parameters:
grouperSession -
membership -
Returns:
true if ok, false if not

canViewMemberships

public static Set<Membership> canViewMemberships(GrouperSession grouperSession,
                                                 Collection<Membership> inputMemberships)
Parameters:
grouperSession -
inputMemberships -
Returns:
filtered memberships

canViewMembers

public static boolean canViewMembers(GrouperSession grouperSession,
                                     Group group,
                                     Field field)
Parameters:
grouperSession -
group -
field -
Returns:
true or false

dispatch

public static void dispatch(GrouperSession s,
                            Group g,
                            edu.internet2.middleware.subject.Subject subj,
                            Privilege priv)
                     throws InsufficientPrivilegeException,
                            SchemaException
TODO 20070823 find a real home for this and/or add tests

Parameters:
s -
g -
subj -
priv -
Throws:
InsufficientPrivilegeException
SchemaException

dispatch

public static void dispatch(GrouperSession s,
                            Stem ns,
                            edu.internet2.middleware.subject.Subject subj,
                            Privilege priv)
                     throws InsufficientPrivilegeException,
                            SchemaException
TODO 20070823 find a real home for this and/or add tests

Parameters:
s -
ns -
subj -
priv -
Throws:
InsufficientPrivilegeException
SchemaException

dispatch

public static void dispatch(GrouperSession s,
                            AttributeDef attributeDef,
                            edu.internet2.middleware.subject.Subject subj,
                            Privilege priv)
                     throws InsufficientPrivilegeException,
                            SchemaException
TODO 20070823 find a real home for this and/or add tests

Parameters:
s -
attributeDef -
subj -
priv -
Throws:
InsufficientPrivilegeException
SchemaException

getAccessPrivileges

public static Privilege[] getAccessPrivileges(Privilege[] privileges)
TODO 20070824 add tests

Parameters:
privileges -
Returns:
Given an array of privileges return an array of access privileges.
Since:
1.2.1

getAttributeDefPrivileges

public static Privilege[] getAttributeDefPrivileges(Privilege[] privileges)
TODO 20070824 add tests

Parameters:
privileges -
Returns:
Given an array of privileges return an array of access privileges.
Since:
1.2.1

getNamingPrivileges

public static Privilege[] getNamingPrivileges(Privilege[] privileges)
TODO 20070824 add tests

Parameters:
privileges -
Returns:
Given an array of privileges return an array of naming privileges.
Since:
1.2.1

isRoot

public static boolean isRoot(GrouperSession s)
TODO 20070823 find a real home for this and/or add tests

Parameters:
s -
Returns:
is root

isSystemSubject

public static boolean isSystemSubject(edu.internet2.middleware.subject.Subject subject)
see if system subject

Parameters:
subject -
Returns:
true if grouper system

isWheel

public static boolean isWheel(GrouperSession s)
TODO 20070823 find a real home for this and/or add tests

Parameters:
s -
Returns:
is wheel

isWheelOrRootOrViewonlyRoot

public static boolean isWheelOrRootOrViewonlyRoot(edu.internet2.middleware.subject.Subject subject)
see if a subject is wheel or root or viewonly root (or readonly)

Parameters:
subject -
Returns:
true or false

isWheelOrRootOrReadonlyRoot

public static boolean isWheelOrRootOrReadonlyRoot(edu.internet2.middleware.subject.Subject subject)
see if a subject is wheel or root or readonly root

Parameters:
subject -
Returns:
true or false

isWheelOrRoot

public static boolean isWheelOrRoot(edu.internet2.middleware.subject.Subject subject)
see if a subject is wheel or root

Parameters:
subject -
Returns:
true or false

canMoveStems

public static boolean canMoveStems(edu.internet2.middleware.subject.Subject subject)
Is this user allowed to move stems?

Parameters:
subject -
Returns:
boolean

canCopyStems

public static boolean canCopyStems(edu.internet2.middleware.subject.Subject subject)
Is this user allowed to copy stems?

Parameters:
subject -
Returns:
boolean

canRenameStems

public static boolean canRenameStems(edu.internet2.middleware.subject.Subject subject)
Is this user allowed to rename stems?

Parameters:
subject -
Returns:
boolean

hasPrivilege

public static boolean hasPrivilege(GrouperSession s,
                                   AttributeDef attributeDef,
                                   edu.internet2.middleware.subject.Subject subj,
                                   Set<Privilege> privInSet)
Parameters:
s -
attributeDef -
subj -
privInSet -
Returns:
if has privilege

canViewAttributeDefs

public static Set<AttributeDef> canViewAttributeDefs(GrouperSession s,
                                                     Collection<AttributeDef> inputAttributeDefs)
TODO 20070823 find a real home for this and/or add tests

Parameters:
s -
inputAttributeDefs -
Returns:
filtered attributeDefs

canViewAttributeAssign

public static boolean canViewAttributeAssign(GrouperSession grouperSession,
                                             AttributeAssign attributeAssign,
                                             boolean checkUnderlyingIfAssignmentOnAssignment)
see if the attribute assigns are viewable

Parameters:
grouperSession -
attributeAssign -
checkUnderlyingIfAssignmentOnAssignment - if deep security check should take place on underlying assignments
Returns:
filtered memberships

canViewAttributeAssigns

public static Set<AttributeAssign> canViewAttributeAssigns(GrouperSession grouperSession,
                                                           Collection<AttributeAssign> inputAttributeAssigns,
                                                           boolean checkUnderlyingIfAssignmentOnAssignment)
see if the attribute assigns are viewable

Parameters:
grouperSession -
inputAttributeAssigns -
checkUnderlyingIfAssignmentOnAssignment - if deep security check should take place on underlying assignments
Returns:
filtered memberships

canViewPermissions

public static Set<PermissionEntry> canViewPermissions(GrouperSession grouperSession,
                                                      Collection<PermissionEntry> inputPermissionEntries)
see if the attribute assigns are viewable

Parameters:
grouperSession -
inputPermissionEntries -
Returns:
filtered memberships

canViewPITAttributeAssigns

public static Set<PITAttributeAssign> canViewPITAttributeAssigns(GrouperSession grouperSession,
                                                                 Collection<PITAttributeAssign> inputPITAttributeAssigns,
                                                                 boolean checkUnderlyingIfAssignmentOnAssignment)
see if the pit attribute assigns are viewable

Parameters:
grouperSession -
inputPITAttributeAssigns -
checkUnderlyingIfAssignmentOnAssignment - if deep security check should take place on underlying assignments
Returns:
filtered pit attribute assignments

hasImmediatePrivilege

public static boolean hasImmediatePrivilege(Stem stem,
                                            edu.internet2.middleware.subject.Subject subject,
                                            Privilege privilege)
see if a stem has an immediate privilege

Parameters:
stem -
subject -
privilege -
Returns:
true if has immediate privilege, false if not

hasImmediatePrivilege

public static boolean hasImmediatePrivilege(AttributeDef attributeDef,
                                            edu.internet2.middleware.subject.Subject subject,
                                            Privilege privilege)
see if an attributeDef has an immediate privilege

Parameters:
attributeDef -
subject -
privilege -
Returns:
true if has immediate privilege, false if not
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD