com.arsdigita.kernel.permissions
Class PermissionManager

java.lang.Object
  extended bycom.arsdigita.kernel.permissions.PermissionManager

public class PermissionManager
extends Object

default implementation of PermissionService.

Version:
1.0
Author:
Oumi Mehrotra, Michael Bryzek, Scott Seago
See Also:
PermissionService

Field Summary
static int SYSTEM_PARTY
           
static int VIRTUAL_PUBLIC_ID
           
static int VIRTUAL_REGISTERED_ID
           
 
Constructor Summary
PermissionManager()
           
 
Method Summary
 OID checkOID(OID oid)
          this takes in an OID and returns the public OID if the passed in value is null.
 boolean checkPermission(PermissionDescriptor permission)
          Checks the permission represented by the passed in PermissionDescriptor.
 void clonePermissions(ACSObject acsObject)
          Adds explicit permissions to the object specified by acsObjectOID to all permissions currently inherited from its permission context and resets the permissions context to null.
 void clonePermissions(OID acsObjectOID)
          Adds explicit permissions to the object specified by acsObjectOID to all permissions currently inherited from its permission context and resets the permissions context to null.
static Collection constructAccessList(OID partyOID)
          Deprecated. this is slower than using "normal" permission checks since "in ("") transformed into union by Oracle SQL Optimizer
 void filterObjects(DataCollection dataCollection, PrivilegeDescriptor privilege, OID partyOID)
          
Filters a data collection to include only those objects that the specified party has the specified privilege on.
 void filterQuery(DataQuery dataQuery, String propertyName, PrivilegeDescriptor privilege, OID partyOID)
          Filters a data query to include only those results where the specified party has the specified privilege on the ACSObject identified by the specified property name.
 DataObject getContext(ACSObject acsObject)
          Returns the data object that serves as the permission context of the specified ACS object.
 DataObject getContext(OID oid)
          Returns the data object that serves as the permission context of the ACS object specified by OID.
 Filter getFilterQuery(FilterFactory factory, String propertyName, PrivilegeDescriptor privilege, OID partyOID)
          Returns a Filter to include only those results where the specified party has the specified privilege on the ACSObject identified by the specified property name.
 ObjectPermissionCollection getGrantedPermissions(OID acsObjectOID)
          Returns the set of permissions that have been granted on the specified object, including those inherited from the object's permission context.
 ObjectPermissionCollection getGrantedUniversalPermissions()
          Returns the set of permissions that have been granted universally.
 Iterator getImpliedPrivileges(OID object, OID party)
          Gets all the privileges that the specified party has on the specified object, including implied privileges.
 Filter getObjectFilterQuery(FilterFactory factory, String propertyName, PrivilegeDescriptor privilege, OID objectOID)
           
 Iterator getPrivileges(OID object, OID party)
          Gets the privileges that the specified party has on the specified object.
 void grantPermission(PermissionDescriptor permission)
          Grants the permission as specified by the PermissionDescriptor parameters.
 void revokePermission(PermissionDescriptor permission)
          Revokes the permission that is specified by the passed in PermissionDescriptor.
 void setContext(ACSObject acsObject, ACSObject context)
          Sets the permission context of the object specified by acsObject to the object specified by context.
 void setContext(OID acsObjectOID, OID contextOID)
          Sets the permission context of the object specified by acsObjectOID to the object specified by contextOID.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

VIRTUAL_PUBLIC_ID

public static final int VIRTUAL_PUBLIC_ID
See Also:
Constant Field Values

VIRTUAL_REGISTERED_ID

public static final int VIRTUAL_REGISTERED_ID
See Also:
Constant Field Values

SYSTEM_PARTY

public static final int SYSTEM_PARTY
See Also:
Constant Field Values
Constructor Detail

PermissionManager

public PermissionManager()
Method Detail

checkPermission

public boolean checkPermission(PermissionDescriptor permission)
Checks the permission represented by the passed in PermissionDescriptor.

Parameters:
permission - the PermissionDescriptor to provide service to
Returns:
true if the PermissionDescriptor's base object has the specified permission; false otherwise.

grantPermission

public void grantPermission(PermissionDescriptor permission)
Grants the permission as specified by the PermissionDescriptor parameters.

Parameters:
permission - the PermissionDescriptor to retrieve
See Also:
ACSObject, PrivilegeDescriptor

revokePermission

public void revokePermission(PermissionDescriptor permission)
Revokes the permission that is specified by the passed in PermissionDescriptor.

Parameters:
permission - the PermissionDescriptor that contains the parameters of the permission to revoke
See Also:
ACSObject, PrivilegeDescriptor

getContext

public DataObject getContext(OID oid)
Returns the data object that serves as the permission context of the ACS object specified by OID. The permission context is the object from which the specified object inherits permissions.

Parameters:
oid - the OID of the ACS object for which to retrieve the permission context
Returns:
the data object that serves as the permission context of the ACS object specified by OID.
See Also:
ACSObject, OID

getContext

public DataObject getContext(ACSObject acsObject)
Returns the data object that serves as the permission context of the specified ACS object. The permission context is the object from which the specified object inherits permissions.

Parameters:
acsObject - the ACS object for which to retrieve the permission context
Returns:
the data object that serves as the permission context of the specified ACS object.
See Also:
ACSObject, OID

setContext

public void setContext(ACSObject acsObject,
                       ACSObject context)
                throws PersistenceException
Sets the permission context of the object specified by acsObject to the object specified by context. This means that the object specified by acsObject will inherit any permissions on the object specified by context. If the context is set to null, the object does not inherit permissions from any other object, but universal permissions still apply.

Parameters:
acsObject - the object whose permission context is being set
context - the object to set as the permission context
Throws:
PersistenceException - when the setting of the permission context could not be saved.
See Also:
UniversalPermissionDescriptor

setContext

public void setContext(OID acsObjectOID,
                       OID contextOID)
                throws PersistenceException
Sets the permission context of the object specified by acsObjectOID to the object specified by contextOID. This means that the object specified by acsObjectOID will inherit any permissions on the object specified by contextOID. If the context is set to null, the object does not inherit permissions from any other object, but universal permissions still apply.

Parameters:
acsObjectOID - the object whose permission context is being set
contextOID - the object to set as the permission context
Throws:
PersistenceException - when the setting of the permission context could not be saved.
See Also:
UniversalPermissionDescriptor

clonePermissions

public void clonePermissions(ACSObject acsObject)
                      throws PersistenceException
Adds explicit permissions to the object specified by acsObjectOID to all permissions currently inherited from its permission context and resets the permissions context to null.

Parameters:
acsObject - the object whose permission context is being set
Throws:
PersistenceException - when the setting of the permission context could not be saved.

clonePermissions

public void clonePermissions(OID acsObjectOID)
                      throws PersistenceException
Adds explicit permissions to the object specified by acsObjectOID to all permissions currently inherited from its permission context and resets the permissions context to null.

Parameters:
acsObjectOID - the object whose permission context is being set
Throws:
PersistenceException - when the setting of the permission context could not be saved.

getGrantedPermissions

public ObjectPermissionCollection getGrantedPermissions(OID acsObjectOID)
Returns the set of permissions that have been granted on the specified object, including those inherited from the object's permission context. In the result set, direct permissions are returned first, followed by inherited permissions.

Parameters:
acsObjectOID - the OID of the ACS object whose permissions are to be returned
Returns:
the permissions that have been granted on the specified object (direct permissions followed by inherited permisions).

getGrantedUniversalPermissions

public ObjectPermissionCollection getGrantedUniversalPermissions()
Returns the set of permissions that have been granted universally.

Returns:
the permissions that have been granted to all ACS objects.

filterObjects

public void filterObjects(DataCollection dataCollection,
                          PrivilegeDescriptor privilege,
                          OID partyOID)

Filters a data collection to include only those objects that the specified party has the specified privilege on.

Parameters:
dataCollection - the collection to filter. Must be a collection of type ACSObject.
privilege - the required privilege
partyOID - the OID of the party whose access is being filtered

filterQuery

public void filterQuery(DataQuery dataQuery,
                        String propertyName,
                        PrivilegeDescriptor privilege,
                        OID partyOID)
Filters a data query to include only those results where the specified party has the specified privilege on the ACSObject identified by the specified property name.

Parameters:
dataQuery - the query to filter
propertyName - the name of the query property that contains the ID values to filter. (The values are assumed to be IDs of ACSObjects.)
privilege - the required privilege
partyOID - the OID of the party whose access is being filtered

getFilterQuery

public Filter getFilterQuery(FilterFactory factory,
                             String propertyName,
                             PrivilegeDescriptor privilege,
                             OID partyOID)
Returns a Filter to include only those results where the specified party has the specified privilege on the ACSObject identified by the specified property name.

Parameters:
factory - A FilterFactory to generate the filter
propertyName - the name of the query property that contains the ID values to filter. (The values are assumed to be IDs of ACSObjects.)
privilege - the required privilege
partyOID - the OID of the party whose access is being filtered
Returns:
a filter which is true if the party has the required permission on the specified property

getObjectFilterQuery

public Filter getObjectFilterQuery(FilterFactory factory,
                                   String propertyName,
                                   PrivilegeDescriptor privilege,
                                   OID objectOID)

getPrivileges

public Iterator getPrivileges(OID object,
                              OID party)
Gets the privileges that the specified party has on the specified object.

Parameters:
object - the OID of the target object of the privileges to be returned
party - the OID of the party that privileges are to be returned for
Returns:
an iterator of PrivilegeDescriptors.

getImpliedPrivileges

public Iterator getImpliedPrivileges(OID object,
                                     OID party)
Gets all the privileges that the specified party has on the specified object, including implied privileges. If PrivilegeDescriptor.ADMIN is returned, then all privileges are returned because admin implies all privileges.

Parameters:
object - the OID of the target object of the privileges to be returned
party - the OID of the party that privileges are to be returned for
Returns:
an iterator of PrivilegeDescriptors.
See Also:
getPrivileges(OID, OID)

constructAccessList

public static Collection constructAccessList(OID partyOID)
Deprecated. this is slower than using "normal" permission checks since "in ("") transformed into union by Oracle SQL Optimizer

Returns the collection of Users to include in permission checks for a given User. if the User is the Virtual Public User, then only the Virtual Public User is appropriate. if the User is an authenticated User, that User, the Virtual Public User, and the Virtual registered User must also be checked as a permission granted to either Virtual User must be extended to any real User. This has been made "public static" instead of "private" so that the information can be used for an inner query in FolderTreeModelBuilder in CMS

Parameters:
partyOID - an OID value
Returns:
a Collection value

checkOID

public OID checkOID(OID oid)
this takes in an OID and returns the public OID if the passed in value is null. Otherwise, it returns the passed in value.



Copyright (c) 2004 Red Hat, Inc. Corporation. All Rights Reserved. Generated at July 21 2004:2337 UTC