public abstract class AbstractProfileStorageBasedAccessController extends AbstractLogEnabled implements AccessController, Component, Serviceable
Modifier and Type | Class and Description |
---|---|
protected static class |
AbstractProfileStorageBasedAccessController.CacheKind
The knd of cache to get/set
|
AccessController.AccessResult
Modifier and Type | Field and Description |
---|---|
protected static UserIdentity |
__ANONYMOUS_USER_IDENTITY
The instance of ObjectUserIdentity for anonymous
|
protected static UserIdentity |
__ANY_CONTECTED_USER_IDENTITY
The instance of ObjectUserIdentity for any connected user
|
private String |
_cache1
This first cache is for right result on non-null contexts when calling hasXXX methods
On the contratry of the other cache, this one is split between profiles, as we check for the first true result (no negativity)
{
UserIdentity :
{
Set<ProfileId> :
{
Context : boolean
}
}
}
|
private String |
_cache2
This second cache is for right result on non-null contexts when calling getXXXByGroup methods
{
Set<ProfileId> :
{
Context : {
CacheKind.ANONYMOUS: AccessResult
CacheKind.ANY_CONNECTED_USER: AccessResult
CacheKind.USERS: Map<UserIdentity, AccessResult>,
CacheKind.USER: Map<UserIdentity, AccessResult>,
CacheKind.GROUPS: Map<GroupIdentity, AccessResult>
}
}
}
|
protected ProfileAssignmentStorageExtensionPoint |
_profileAssignmentStorageEP
The extension point for the profile assignment storages
|
protected RightManager |
_rightManager
The right manager
|
protected RightProfilesDAO |
_rightProfileDAO
The right profile DAO
|
Constructor and Description |
---|
AbstractProfileStorageBasedAccessController() |
Modifier and Type | Method and Description |
---|---|
protected Object |
_convertContext(Object initialContext)
For methods getXXXXPermissionYYY allow to have a modification of the context before transfering it to the profile assignment storage extension point
The default implemenation keep the context as it is
|
protected abstract Set<? extends Object> |
_convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts)
Get the current workspaces contexts and turn it into root contexts in order to allow methods hasXXXAnyPermissionOnWorkspace to work
|
protected AccessController.AccessResult |
_getPermission(UserIdentity user,
Set<GroupIdentity> userGroups,
Set<String> profilesIds,
Object object,
Object convertedObject)
Works for getPermission or getReadAccessPermission
|
protected Map<GroupIdentity,AccessController.AccessResult> |
_getPermissionByGroup(Set<String> profilesIds,
Object object,
Object convertedObject)
Works for getPermissionByGroup and getReadAccessPermissionByGroup
|
protected Map<UserIdentity,AccessController.AccessResult> |
_getPermissionByUser(Set<String> profilesIds,
Object object,
Object convertedObject)
Works for getPermissionByUser and getReadAccessPermissionByUser
|
protected AccessController.AccessResult |
_getPermissionForAnonymous(Set<String> profilesIds,
Object object,
Object convertedObject)
Works for getPermissionForAnonymous and getReadAccessPermissionForAnonymous
|
protected AccessController.AccessResult |
_getPermissionForAnyConnectedUser(Set<String> profilesIds,
Object object,
Object convertedObject)
Works for getPermissionForAnyConnectedUser and getReadAccessPermissionForAnyConnectedUser
|
private boolean |
_hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts,
Set<String> profilesIds) |
private boolean |
_hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts,
Set<String> profilesIds) |
protected Boolean |
_hasRightResultInFirstCache(UserIdentity userIdentity,
Set<String> profilesIds,
Object object)
Seek in cache
|
protected Object |
_hasRightResultInSecondCache(Object object,
Set<String> profilesIds,
AbstractProfileStorageBasedAccessController.CacheKind key)
Seek in cache
|
private boolean |
_hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts,
UserIdentity user,
Set<GroupIdentity> userGroups,
Set<String> profilesIds) |
protected void |
_putInFirstCache(UserIdentity userIdentity,
Set<String> profilesIds,
Object object,
boolean rightResult)
Add to cache
|
protected void |
_putInSecondCache(Set<String> profilesIds,
Object object,
Object result,
AbstractProfileStorageBasedAccessController.CacheKind key)
Add to cache
|
AccessController.AccessResult |
getPermission(UserIdentity user,
Set<GroupIdentity> userGroups,
String rightId,
Object object)
Gets the kind of access a user has on an object for a given right
|
Map<GroupIdentity,AccessController.AccessResult> |
getPermissionByGroup(String rightId,
Object object)
Gets the permission by group only on an object for the given right.
|
Map<String,AccessController.AccessResult> |
getPermissionByRight(UserIdentity user,
Set<GroupIdentity> userGroups,
Object object)
Gets the kind of access a user has on an object for all rights
|
Map<UserIdentity,AccessController.AccessResult> |
getPermissionByUser(String rightId,
Object object)
Gets the permission by user only on an object for the given right.
|
AccessController.AccessResult |
getPermissionForAnonymous(String rightId,
Object object)
Gets the permission for Anonymous only on an object for a given right
|
AccessController.AccessResult |
getPermissionForAnyConnectedUser(String rightId,
Object object)
Gets the permission for any connected user only on an object for a given right
|
AccessController.AccessResult |
getReadAccessPermission(UserIdentity user,
Set<GroupIdentity> userGroups,
Object object)
Gets the kind of access a user has on an object for thye read access
|
Map<GroupIdentity,AccessController.AccessResult> |
getReadAccessPermissionByGroup(Object object)
Gets the read access permission by group only on an object.
|
Map<UserIdentity,AccessController.AccessResult> |
getReadAccessPermissionByUser(Object object)
Gets the read access permission by user only on an object.
|
AccessController.AccessResult |
getReadAccessPermissionForAnonymous(Object object)
Gets the read access permission for Anonymous only on an object
|
AccessController.AccessResult |
getReadAccessPermissionForAnyConnectedUser(Object object)
Gets the read access permission for any connected user only on an object
|
boolean |
hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts,
String rightId)
Returns true if anonymous has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
|
boolean |
hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
Returns true if anonymous has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
|
boolean |
hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts,
String rightId)
Returns true if any connected user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
|
boolean |
hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
Returns true if any connected user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
|
boolean |
hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts,
UserIdentity user,
Set<GroupIdentity> userGroups,
String rightId)
Returns true if the user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
|
boolean |
hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts,
UserIdentity user,
Set<GroupIdentity> userGroups)
Returns true if the user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
|
void |
service(ServiceManager manager) |
getLogger, setLogger
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
isSupported
protected static final UserIdentity __ANONYMOUS_USER_IDENTITY
protected static final UserIdentity __ANY_CONTECTED_USER_IDENTITY
protected ProfileAssignmentStorageExtensionPoint _profileAssignmentStorageEP
protected RightProfilesDAO _rightProfileDAO
protected RightManager _rightManager
private final String _cache1
private final String _cache2
public AbstractProfileStorageBasedAccessController()
public void service(ServiceManager manager) throws ServiceException
service
in interface Serviceable
ServiceException
public Map<String,AccessController.AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
AccessController
getPermissionByRight
in interface AccessController
user
- The user. Cannot be null.userGroups
- The groups the user belongs toobject
- The context object to check the accesspublic AccessController.AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
AccessController
getPermission
in interface AccessController
user
- The user. Cannot be null.userGroups
- The groups the user belongs torightId
- The id of the right of the userobject
- The context object to check the accesspublic AccessController.AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
AccessController
getReadAccessPermission
in interface AccessController
user
- The user. Cannot be null.userGroups
- The groups the user belongs toobject
- The context object to check the accessprotected AccessController.AccessResult _getPermission(UserIdentity user, Set<GroupIdentity> userGroups, Set<String> profilesIds, Object object, Object convertedObject)
user
- The useuserGroups
- The groupsprofilesIds
- The profilesobject
- The original contextconvertedObject
- The converted contextpublic AccessController.AccessResult getPermissionForAnonymous(String rightId, Object object)
AccessController
getPermissionForAnonymous
in interface AccessController
rightId
- The id of the right to checkobject
- The objectpublic AccessController.AccessResult getReadAccessPermissionForAnonymous(Object object)
AccessController
getReadAccessPermissionForAnonymous
in interface AccessController
object
- The objectprotected AccessController.AccessResult _getPermissionForAnonymous(Set<String> profilesIds, Object object, Object convertedObject)
profilesIds
- The profiles idsobject
- The contextconvertedObject
- The converted contextpublic AccessController.AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
AccessController
getPermissionForAnyConnectedUser
in interface AccessController
rightId
- The id of the right to checkobject
- The objectpublic AccessController.AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
AccessController
getReadAccessPermissionForAnyConnectedUser
in interface AccessController
object
- The objectprotected AccessController.AccessResult _getPermissionForAnyConnectedUser(Set<String> profilesIds, Object object, Object convertedObject)
profilesIds
- The profiles idsobject
- The contextconvertedObject
- The converted contextpublic Map<UserIdentity,AccessController.AccessResult> getPermissionByUser(String rightId, Object object)
AccessController
getPermissionByUser
in interface AccessController
rightId
- The id of the right to checkobject
- The objectpublic Map<UserIdentity,AccessController.AccessResult> getReadAccessPermissionByUser(Object object)
AccessController
getReadAccessPermissionByUser
in interface AccessController
object
- The objectprotected Map<UserIdentity,AccessController.AccessResult> _getPermissionByUser(Set<String> profilesIds, Object object, Object convertedObject)
profilesIds
- The profiles idsobject
- The contextconvertedObject
- The converted contextpublic Map<GroupIdentity,AccessController.AccessResult> getPermissionByGroup(String rightId, Object object)
AccessController
getPermissionByGroup
in interface AccessController
rightId
- The id of the right to checkobject
- The objectpublic Map<GroupIdentity,AccessController.AccessResult> getReadAccessPermissionByGroup(Object object)
AccessController
getReadAccessPermissionByGroup
in interface AccessController
object
- The objectprotected Map<GroupIdentity,AccessController.AccessResult> _getPermissionByGroup(Set<String> profilesIds, Object object, Object convertedObject)
profilesIds
- The profiles idsobject
- The contextconvertedObject
- The converted contextprotected Object _convertContext(Object initialContext)
initialContext
- The right context that is supportedpublic boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
AccessController
hasAnonymousAnyReadAccessPermissionOnWorkspace
in interface AccessController
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
AccessController
hasAnonymousAnyPermissionOnWorkspace
in interface AccessController
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}rightId
- The id of the right to checkprivate boolean _hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, Set<String> profilesIds)
public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
AccessController
hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace
in interface AccessController
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
AccessController
hasAnyConnectedUserAnyPermissionOnWorkspace
in interface AccessController
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}rightId
- The id of the right to checkprivate boolean _hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, Set<String> profilesIds)
public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups)
AccessController
hasUserAnyReadAccessPermissionOnWorkspace
in interface AccessController
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}user
- The useruserGroups
- The groupspublic boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId)
AccessController
hasUserAnyPermissionOnWorkspace
in interface AccessController
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}user
- The useruserGroups
- The groupsrightId
- The id of the right to checkprivate boolean _hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, Set<String> profilesIds)
protected abstract Set<? extends Object> _convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts)
workspacesContexts
- The workspace contexts. Such as '/${WorkspaceName}', '/admin'protected Boolean _hasRightResultInFirstCache(UserIdentity userIdentity, Set<String> profilesIds, Object object)
userIdentity
- The user identity or AbstractProfileStorageBasedAccessController.__ANONYMOUS_USER_IDENTITY or AbstractProfileStorageBasedAccessController.__ANY_CONTECTED_USER_IDENTITYprofilesIds
- The profiles identifiersobject
- The contextprotected void _putInFirstCache(UserIdentity userIdentity, Set<String> profilesIds, Object object, boolean rightResult)
userIdentity
- The user identity or AbstractProfileStorageBasedAccessController.__ANONYMOUS_USER_IDENTITY or AbstractProfileStorageBasedAccessController.__ANY_CONTECTED_USER_IDENTITYprofilesIds
- The profiles identifiersobject
- The contextrightResult
- The cache value. true if hasXXX or false otherwise.protected Object _hasRightResultInSecondCache(Object object, Set<String> profilesIds, AbstractProfileStorageBasedAccessController.CacheKind key)
object
- The contextprofilesIds
- The set of profile ids to considerkey
- The kind of cache to useprotected void _putInSecondCache(Set<String> profilesIds, Object object, Object result, AbstractProfileStorageBasedAccessController.CacheKind key)
profilesIds
- The profiles ids to considerobject
- The contextresult
- The resultkey
- The kind of cache to use