com.arsdigita.kernel.permissions
Class PermissionService

java.lang.Object
  extended bycom.arsdigita.domain.DomainService
      extended bycom.arsdigita.kernel.permissions.PermissionService

public class PermissionService
extends DomainService

A utility class for controlling user access to domain/data objects.

Version:
1.0
Author:
Oumi Mehrotra, Michael Bryzek
See Also:
PermissionDescriptor

Field Summary
static String versionId
           
 
Constructor Summary
PermissionService()
           
 
Method Summary
static void assertPermission(PermissionDescriptor permission)
          Throws a PermissionException if the result of checkPermission on the given PermissionDescriptor is false.
static boolean checkDirectPermission(PermissionDescriptor permission)
           
static boolean checkPermission(PermissionDescriptor permission)
          Checks the permission represented by the passed in PermissionDescriptor.
static void clonePermissions(ACSObject acsObject)
          Adds explicit permissions to the object specified by acsObject to all permissions currently inherited from its permission context and resets the permissions context to null.
static void clonePermissions(OID acsObjectOID)
          Adds explicit permissions to the object specified by acsObjectOID to all permissions currently inherited from its permission context and resets the permissions context to null.
static void filterObjects(DataCollection dataCollection, PrivilegeDescriptor privilege, OID userOID)
          Filters a data collection to include only those objects that the specified user has the specified privilege on.
static void filterObjects(DomainCollection domainCollection, PrivilegeDescriptor privilege, OID userOID)
          Filters a domain collection to include only those objects that the specified user has the specified privilege on.
static void filterQuery(DataQuery dataQuery, String propertyName, PrivilegeDescriptor privilege, OID userOID)
          
Filters a data query to include only those results where the specified user has the specified privilege on the ACSObject identified by the specified property name.
static DataObject getContext(ACSObject acsObject)
          Returns the data object that serves as the permission context of the specified ACS object.
static DataObject getContext(OID oid)
          Returns the data object that serves as the permission context of the ACS object specified by OID.
static ObjectPermissionCollection getDirectGrantedPermissions(OID acsObjectOID)
          Returns the set of permissions that have been granted directly on the specified object, excluding those inherited from the object's permission context.
static Iterator getDirectPrivileges(OID object, OID party)
          Gets the privileges that the specified party has been directly granted on the specified object.
static Filter getFilterQuery(FilterFactory factory, String propertyName, PrivilegeDescriptor privilege, OID partyOID)
          Returns a Filter to include only those results where the specified user has the specified privilege on the ACSObject identified by the specified property name.
static ObjectPermissionCollection getGrantedPermissions(OID acsObjectOID)
          Returns the set of permissions that have been granted on the specified object, including those inherited from the object's permission context.
static ObjectPermissionCollection getGrantedUniversalPermissions()
          Returns the set of permissions that have been granted universally.
static Iterator getImpliedPrivileges(OID object, OID party)
          Gets all the privileges that the specified party has on the specified object, including implied privileges.
static Filter getObjectFilterQuery(FilterFactory factory, String propertyName, PrivilegeDescriptor privilege, OID oid)
           
static Iterator getPrivileges(OID object, OID party)
          Gets the privileges that the specified party has on the specified object.
static void grantPermission(PermissionDescriptor permission)
          Grants the permission as specified by the PermissionDescriptor parameters.
static boolean isEnabled()
          Returns true if permission checks are currently enabled, false if they are disabled.
static void objectFilterQuery(DataQuery dataQuery, String propertyName, PrivilegeDescriptor privilege, OID objectOID)
          Filters a data query that retrieves a list of users by only allowing the users who have access to the specified object.
static void revokePartyPermissions(OID partyOID)
          Revoke all permissions belonging to the specified party.
static void revokePermission(PermissionDescriptor permission)
          Revokes the permission that is specified by the passed in PermissionDescriptor.
static void setContext(ACSObject acsObject, ACSObject context)
          Sets the permission context of the object specified by acsObject to the object specified by context.
static void setContext(OID acsObjectOID, OID contextOID)
          Sets the permission context of the object specified by acsObjectOID to the object specified by contextOID.
static void setEnabled(boolean value)
          Used to enable or disable permission checks on a system wide basis.
static void setPermissionManager(PermissionManager manager)
          Sets the PermissionManager
 
Methods inherited from class com.arsdigita.domain.DomainService
add, add, clear, get, getDataCollection, getDataObject, remove, remove, set, setAssociation
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

versionId

public static final String versionId
See Also:
Constant Field Values
Constructor Detail

PermissionService

public PermissionService()
Method Detail

setPermissionManager

public static void setPermissionManager(PermissionManager manager)
Sets the PermissionManager

Parameters:
manager - The permission manager to use. If the value is null, the default PermissionManager is used,

isEnabled

public static final boolean isEnabled()
Returns true if permission checks are currently enabled, false if they are disabled.

Returns:
True if permission checks are currently enabled, false if they are disabled.

setEnabled

public static final void setEnabled(boolean value)
Used to enable or disable permission checks on a system wide basis.

Parameters:
value - If value is false then permission wide system checks are disabled.

assertPermission

public static void assertPermission(PermissionDescriptor permission)
Throws a PermissionException if the result of checkPermission on the given PermissionDescriptor is false.

Parameters:
permission - the PermissionDescriptor to check

checkPermission

public static boolean checkPermission(PermissionDescriptor permission)
Checks the permission represented by the passed in PermissionDescriptor.

Parameters:
permission - the PermissionDescriptor to provide service to
Returns:
true if the PermissionDescriptor's base object has the specified permission; false otherwise.

checkDirectPermission

public static boolean checkDirectPermission(PermissionDescriptor permission)

grantPermission

public static void grantPermission(PermissionDescriptor permission)
Grants the permission as specified by the PermissionDescriptor parameters.

Parameters:
permission - the PermissionDescriptor to retrieve
See Also:
ACSObject, PrivilegeDescriptor

revokePermission

public static void revokePermission(PermissionDescriptor permission)
Revokes the permission that is specified by the passed in PermissionDescriptor.

Parameters:
permission - the PermissionDescriptor that contains the parameters of the permission to revoke
See Also:
ACSObject, PrivilegeDescriptor

getContext

public static DataObject getContext(OID oid)
Returns the data object that serves as the permission context of the ACS object specified by OID. The permission context is the object from which the specified object inherits permissions.

Parameters:
oid - the OID of the ACS object for which to retrieve the permission context
Returns:
the data object that serves as the permission context of the ACS object specified by OID.
See Also:
ACSObject, OID

getContext

public static DataObject getContext(ACSObject acsObject)
Returns the data object that serves as the permission context of the specified ACS object. The permission context is the object from which the specified object inherits permissions.

Parameters:
acsObject - the ACS object for which to retrieve the permission context
Returns:
the data object that serves as the permission context of the specified ACS object.
See Also:
ACSObject, OID

setContext

public static void setContext(ACSObject acsObject,
                              ACSObject context)
                       throws PersistenceException
Sets the permission context of the object specified by acsObject to the object specified by context. This means that the object specified by acsObject will inherit any permissions on the object specified by context. If the context is set to null, the object does not inherit permissions from any other object, but universal permissions still apply.

Parameters:
acsObject - the object whose permission context is being set
context - the object to set as the permission context
Throws:
PersistenceException - when the setting of the permission context could not be saved.
See Also:
UniversalPermissionDescriptor

setContext

public static void setContext(OID acsObjectOID,
                              OID contextOID)
                       throws PersistenceException
Sets the permission context of the object specified by acsObjectOID to the object specified by contextOID. This means that the object specified by acsObjectOID will inherit any permissions on the object specified by contextOID. If the context is set to null, the object does not inherit permissions from any other object, but universal permissions still apply.

Parameters:
acsObjectOID - the object whose permission context is being set
contextOID - the object to set as the permission context
Throws:
PersistenceException - when the setting of the permission context could not be saved.
See Also:
UniversalPermissionDescriptor

clonePermissions

public static void clonePermissions(ACSObject acsObject)
                             throws PersistenceException
Adds explicit permissions to the object specified by acsObject to all permissions currently inherited from its permission context and resets the permissions context to null.

Parameters:
acsObject - the object whose permission context is being set
Throws:
PersistenceException - when the setting of the permission context could not be saved.

clonePermissions

public static void clonePermissions(OID acsObjectOID)
                             throws PersistenceException
Adds explicit permissions to the object specified by acsObjectOID to all permissions currently inherited from its permission context and resets the permissions context to null.

Parameters:
acsObjectOID - the object whose permission context is being set
Throws:
PersistenceException - when the setting of the permission context could not be saved.

getGrantedPermissions

public static ObjectPermissionCollection getGrantedPermissions(OID acsObjectOID)
Returns the set of permissions that have been granted on the specified object, including those inherited from the object's permission context. In the result set, direct permissions are returned first, followed by inherited permissions.

Parameters:
acsObjectOID - the OID of the ACS object whose permissions are to be returned
Returns:
the permissions that have been granted on the specified object (direct permissions followed by inherited permisions).

getDirectGrantedPermissions

public static ObjectPermissionCollection getDirectGrantedPermissions(OID acsObjectOID)
Returns the set of permissions that have been granted directly on the specified object, excluding those inherited from the object's permission context.

Parameters:
acsObjectOID - the OID of the ACS object whose permissions are to be returned
Returns:
the permissions that have been granted on the specified object (direct permissions followed by inherited permisions).

getGrantedUniversalPermissions

public static ObjectPermissionCollection getGrantedUniversalPermissions()
Returns the set of permissions that have been granted universally.

Returns:
the permissions that have been granted to all ACS objects.

filterObjects

public static void filterObjects(DataCollection dataCollection,
                                 PrivilegeDescriptor privilege,
                                 OID userOID)
Filters a data collection to include only those objects that the specified user has the specified privilege on.

Parameters:
dataCollection - the collection to filter. Must be a collection of type ACSObject.
privilege - the required privilege
userOID - the OID of the user whose access is being filtered

filterObjects

public static void filterObjects(DomainCollection domainCollection,
                                 PrivilegeDescriptor privilege,
                                 OID userOID)
Filters a domain collection to include only those objects that the specified user has the specified privilege on.

Parameters:
domainCollection - the collection to filter
privilege - the required privilege
userOID - the OID of the user whose access is being filtered

filterQuery

public static void filterQuery(DataQuery dataQuery,
                               String propertyName,
                               PrivilegeDescriptor privilege,
                               OID userOID)

Filters a data query to include only those results where the specified user has the specified privilege on the ACSObject identified by the specified property name.

Parameters:
dataQuery - the query to filter
propertyName - the name of the query property that contains the ID values to filter. (The values are assumed to be IDs of ACSObjects.)
privilege - the required privilege
userOID - the OID of the user whose access is being filtered

objectFilterQuery

public static void objectFilterQuery(DataQuery dataQuery,
                                     String propertyName,
                                     PrivilegeDescriptor privilege,
                                     OID objectOID)
Filters a data query that retrieves a list of users by only allowing the users who have access to the specified object. This filter handles three cases:
  1. The grantee is a user.
  2. The grantee is a group.
  3. The grantee is a site-wide admin.

Parameters:
dataQuery - the query to filter
propertyName - the name of the query property that contains the ID values to filter.
privilege - the required privilege
objectOID - the OID of the object that the users are trying to access

getFilterQuery

public static Filter getFilterQuery(FilterFactory factory,
                                    String propertyName,
                                    PrivilegeDescriptor privilege,
                                    OID partyOID)
Returns a Filter to include only those results where the specified user has the specified privilege on the ACSObject identified by the specified property name.

Parameters:
factory - A FilterFactory to generate the filter
propertyName - the name of the query property that contains the ID values to filter. (The values are assumed to be IDs of ACSObjects.)
privilege - the required privilege
partyOID - the OID of the user whose access is being filtered
Returns:
a filter which is true if the user has the required permission on the specified property

getObjectFilterQuery

public static Filter getObjectFilterQuery(FilterFactory factory,
                                          String propertyName,
                                          PrivilegeDescriptor privilege,
                                          OID oid)

getDirectPrivileges

public static Iterator getDirectPrivileges(OID object,
                                           OID party)
Gets the privileges that the specified party has been directly granted on the specified object.

Parameters:
object - the OID of the specified object
party - the OID of the specified party

getPrivileges

public static Iterator getPrivileges(OID object,
                                     OID party)
Gets the privileges that the specified party has on the specified object.

Parameters:
object - the OID of the target object of the privileges to be returned
party - the OID of the party that privileges are to be returned for
Returns:
an iterator of PrivilegeDescriptors.

getImpliedPrivileges

public static Iterator getImpliedPrivileges(OID object,
                                            OID party)
Gets all the privileges that the specified party has on the specified object, including implied privileges. If PrivilegeDescriptor.ADMIN is returned, then all privileges are returned because admin implies all privileges.

Parameters:
object - the OID of the target object of the privileges to be returned
party - the OID of the party that privileges are to be returned for
Returns:
an iterator of PrivilegeDescriptors.
See Also:
getPrivileges(OID, OID)

revokePartyPermissions

public static void revokePartyPermissions(OID partyOID)
Revoke all permissions belonging to the specified party.

Parameters:
partyOID - OID of the party whose permissions are to be revoked.


Copyright (c) 2004 Red Hat, Inc. Corporation. All Rights Reserved. Generated at July 20 2004:2337 UTC