public class RightManager extends AbstractLogEnabled implements Serviceable, Configurable, ThreadSafe, Component, Contextualizable
Modifier and Type | Class and Description |
---|---|
static class |
RightManager.RightResult
Enumeration of all possible values returned by hasRight(user, right, context)
|
Modifier and Type | Field and Description |
---|---|
protected static UserIdentity |
__ANONYMOUS_USER_IDENTITY
The instance of ObjectUserIdentity for anonymous
|
protected static UserIdentity |
__ANY_CONTECTED_USER_IDENTITY
The instance of ObjectUserIdentity for any connected user
|
protected AccessControllerExtensionPoint |
_accessControllerEP
The extension point for Access Controllers
|
private Context |
_context |
protected CurrentUserProvider |
_currentUserProvider
The current user provider
|
protected GroupDirectoryDAO |
_groupDirectoryDAO
The DAO for group directories
|
protected GroupManager |
_groupManager
The group manager
|
protected ServiceManager |
_manager
Avalon ServiceManager
|
protected RightProfilesDAO |
_profilesDAO
The rights DAO
|
protected SourceResolver |
_resolver
Avalon SourceResolver
|
protected RightContextConvertorExtensionPoint |
_rightContextConvertorEP
The extension point for the Right Context Convertors
|
protected RightsExtensionPoint |
_rightsEP
The rights' list container
|
protected UserManager |
_userManager
The user manager
|
protected UserPopulationDAO |
_userPopulationDAO
The DAO for user populations
|
private static String |
CACHE_1
This first cache is for right result on non-null contexts when calling
hasRight(UserIdentity, String, Object)
{
UserIdentity :
{
RightId :
{
Context : RightResult
}
}
} |
private static String |
CACHE_2
This second cache is for right result on null contexts when calling
hasRight(UserIdentity, String, Object)
{
UserIdentity :
{
RightId :
{
WorkspaceContexts : RightResult
}
}
} |
static String |
CACHE_REQUEST_ATTRIBUTE_NAME
The id of the READER profile
|
static String |
READER_PROFILE_ID
The id of the READER profile
|
static String |
ROLE
For avalon service manager
|
Constructor and Description |
---|
RightManager() |
Modifier and Type | Method and Description |
---|---|
private Map<String,AccessController.AccessResult> |
_getAccessResultByRight(UserIdentity userIdentity,
Set<GroupIdentity> groups,
Set<Object> objects) |
private Set<AccessController.AccessResult> |
_getAccessResults(UserIdentity userIdentity,
Set<GroupIdentity> groups,
String rightId,
Set<Object> objects) |
private AllowedUsers |
_getAllowedUsers(String rightId,
Object object) |
private Set<Object> |
_getConvertedObjects(Object object) |
private Set<GroupIdentity> |
_getGroups(UserIdentity userIdentity) |
protected RightProfilesDAO |
_getProfileDAO()
Returns the DAO for profiles
|
private RightManager.RightResult |
_hasRight(UserIdentity userIdentity,
String rightId,
Object object) |
private RightManager.RightResult |
_hasRightOrRead(UserIdentity userIdentity,
String rightId)
Has the user/anonymous/anyconnected the non null right on any content of the current workspace?
|
private RightManager.RightResult |
_hasRightOrRead(UserIdentity userIdentity,
String rightId,
Object object) |
private RightManager.RightResult |
_hasRightResultInFirstCache(UserIdentity userIdentity,
String rightId,
Object object) |
private RightManager.RightResult |
_hasRightResultInSecondCache(Set<Object> workspacesContexts,
UserIdentity userIdentity,
String rightId) |
private void |
_putInFirstCache(UserIdentity userIdentity,
String rightId,
Object object,
RightManager.RightResult rightResult) |
private void |
_putInSecondCache(Set<Object> workspacesContexts,
UserIdentity userIdentity,
String rightId,
RightManager.RightResult rightResult) |
void |
configure(Configuration configuration) |
private void |
configureRights(Configuration configuration) |
void |
contextualize(Context context) |
boolean |
currentUserHasReadAccess(Object object)
Returns true if the current user has READ access on the given object
|
RightManager.RightResult |
currentUserHasRight(String rightId,
Object object)
Checks a permission for the current logged user, on a given object (or context).
If null, it checks if there is at least one object with this permission |
AllowedUsers |
getAllowedUsers(String rightId,
Object object)
Get the list of users that have a particular right in a particular context.
|
Map |
getCache(String cacheKey,
boolean createIfUnexisting)
Get the RightManager cache.
|
AllowedUsers |
getReadAccessAllowedUsers(Object object)
Get the users with a READ access on given object
|
Set<String> |
getUserRights(UserIdentity userIdentity,
Object object)
Get the list of rights a user is allowed, on a particular object.
|
boolean |
hasAnonymousReadAccess(Object object)
Returns true if the object is not restricted, i.e.
|
RightManager.RightResult |
hasAnonymousRight(String rightId,
Object object)
Gets the right result for anonymous with given right on given object context
|
boolean |
hasAnyConnectedUserReadAccess(Object object)
Returns true if any connected user has READ access allowed on the object
|
RightManager.RightResult |
hasAnyConnectedUserRight(String rightId,
Object object)
Gets the right result for any connected user with given profile on given object context
|
boolean |
hasReadAccess(UserIdentity userIdentity,
Object object)
Returns true if the given user has READ access on the given object
|
RightManager.RightResult |
hasRight(UserIdentity userIdentity,
String rightId,
Object object)
Checks a permission for a user, on a given object (or context).
If null, it checks if there is at least one object with this permission |
void |
service(ServiceManager manager) |
getLogger, setLogger
public static final String READER_PROFILE_ID
public static final String CACHE_REQUEST_ATTRIBUTE_NAME
protected static final UserIdentity __ANONYMOUS_USER_IDENTITY
protected static final UserIdentity __ANY_CONTECTED_USER_IDENTITY
private static final String CACHE_1
hasRight(UserIdentity, String, Object)
{
UserIdentity :
{
RightId :
{
Context : RightResult
}
}
}private static final String CACHE_2
hasRight(UserIdentity, String, Object)
{
UserIdentity :
{
RightId :
{
WorkspaceContexts : RightResult
}
}
}protected ServiceManager _manager
protected SourceResolver _resolver
protected RightsExtensionPoint _rightsEP
protected RightContextConvertorExtensionPoint _rightContextConvertorEP
protected AccessControllerExtensionPoint _accessControllerEP
protected UserManager _userManager
protected GroupManager _groupManager
protected UserPopulationDAO _userPopulationDAO
protected GroupDirectoryDAO _groupDirectoryDAO
protected CurrentUserProvider _currentUserProvider
protected RightProfilesDAO _profilesDAO
public RightManager()
public void contextualize(Context context) throws ContextException
contextualize
in interface Contextualizable
ContextException
public void service(ServiceManager manager) throws ServiceException
service
in interface Serviceable
ServiceException
protected RightProfilesDAO _getProfileDAO()
public void configure(Configuration configuration) throws ConfigurationException
configure
in interface Configurable
ConfigurationException
private void configureRights(Configuration configuration) throws ConfigurationException
ConfigurationException
public RightManager.RightResult currentUserHasRight(String rightId, Object object) throws RightsException
rightId
- The name of the right to check. Cannot be null.object
- The object to check the right. Can be null to search on any object.RightManager.RightResult.RIGHT_ALLOW
, RightManager.RightResult.RIGHT_DENY
or RightManager.RightResult.RIGHT_UNKNOWN
RightsException
- if an error occurs.public RightManager.RightResult hasRight(UserIdentity userIdentity, String rightId, Object object) throws RightsException
userIdentity
- The user identity. Can be null for anonymousrightId
- The name of the right to check. Cannot be null.object
- The object to check the right. Can be null to search on any object.RightManager.RightResult.RIGHT_ALLOW
, RightManager.RightResult.RIGHT_DENY
or RightManager.RightResult.RIGHT_UNKNOWN
RightsException
- if an error occurs.public RightManager.RightResult hasAnonymousRight(String rightId, Object object)
rightId
- The id of the rightobject
- The object to checkpublic RightManager.RightResult hasAnyConnectedUserRight(String rightId, Object object)
rightId
- The right id to testobject
- The object to checkprivate RightManager.RightResult _hasRight(UserIdentity userIdentity, String rightId, Object object)
private RightManager.RightResult _hasRightOrRead(UserIdentity userIdentity, String rightId, Object object)
private RightManager.RightResult _hasRightOrRead(UserIdentity userIdentity, String rightId)
userIdentity
- The user connecter or the value for anonymous or any connected userrightId
- The right id to test. Can be null to test read accessprivate Set<AccessController.AccessResult> _getAccessResults(UserIdentity userIdentity, Set<GroupIdentity> groups, String rightId, Set<Object> objects)
public boolean currentUserHasReadAccess(Object object)
object
- The object to check the right. Can be null to search on any object.public boolean hasReadAccess(UserIdentity userIdentity, Object object)
userIdentity
- The user identity. Cannot be null.object
- The object to check the right. Can be null to search on any object.public boolean hasAnonymousReadAccess(Object object)
object
- The object to check. Cannot be nullpublic boolean hasAnyConnectedUserReadAccess(Object object)
object
- The object to check. Cannot be nullpublic AllowedUsers getAllowedUsers(String rightId, Object object)
rightId
- The name of the right to check. Cannot be null.object
- The object to check the right. Cannot be null.RightsException
- if an error occurs.public AllowedUsers getReadAccessAllowedUsers(Object object)
object
- The objectprivate AllowedUsers _getAllowedUsers(String rightId, Object object)
public Set<String> getUserRights(UserIdentity userIdentity, Object object) throws RightsException
userIdentity
- the user identity. Cannot be null.object
- The object to check the right. Cannot be null.RightsException
- if an error occurs.private Map<String,AccessController.AccessResult> _getAccessResultByRight(UserIdentity userIdentity, Set<GroupIdentity> groups, Set<Object> objects)
private Set<Object> _getConvertedObjects(Object object)
private Set<GroupIdentity> _getGroups(UserIdentity userIdentity)
private RightManager.RightResult _hasRightResultInFirstCache(UserIdentity userIdentity, String rightId, Object object)
private void _putInFirstCache(UserIdentity userIdentity, String rightId, Object object, RightManager.RightResult rightResult)
private RightManager.RightResult _hasRightResultInSecondCache(Set<Object> workspacesContexts, UserIdentity userIdentity, String rightId)
private void _putInSecondCache(Set<Object> workspacesContexts, UserIdentity userIdentity, String rightId, RightManager.RightResult rightResult)
public Map getCache(String cacheKey, boolean createIfUnexisting)
cacheKey
- The cache keycreateIfUnexisting
- Creates a new HashMap if the cache does not exists yet