Package org.ametys.core.right

Interface ProfileAssignmentStorage

    • Method Detail

      • hasAnonymousDeniedProfile

        @Deprecated
boolean hasAnonymousDeniedProfile​(Set<? extends Object> rootContexts,
                                  Set<String> profileIds)
        Deprecated.
        This method used to be used by ProfileAssignmentStorageExtensionPoint but was proved to be useless and may be removed from the API in the future (see RUNTIME-2688).
        Returns true if anonymous user has the denied profile for any given root context (or any sub context), given some profiles.
        Only supported objects are transmitted
        Parameters:
        rootContexts - The root contexts to search rights for
        profileIds - The ids of the profiles
        Returns:
        true if any connected user has a permission on at least one object supported by this profile assignment storage, given some groups and profiles

      • hasAnonymousAllowedProfile

        boolean hasAnonymousAllowedProfile​(Set<? extends Object> rootContexts,
                                   Set<String> profileIds)
        Returns true if anonymous user has the allowed profile for any given root context (or any sub context), given some profiles.
        Only supported objects are transmitted
        Parameters:
        rootContexts - The root contexts to search rights for
        profileIds - The ids of the profiles
        Returns:
        true if any connected user has a permission on at least one object supported by this profile assignment storage, given some groups and profiles

      • hasAnyConnectedDeniedProfile

        @Deprecated
boolean hasAnyConnectedDeniedProfile​(Set<? extends Object> rootContexts,
                                     Set<String> profileIds)
        Deprecated.
        This method used to be used by ProfileAssignmentStorageExtensionPoint but was proved to be useless and may be removed from the API in the future (see RUNTIME-2688).
        Returns true if any connected user has the denied profile for any given root context (or any sub context), given some profiles.
        Only supported objects are transmitted
        Parameters:
        rootContexts - The root contexts to search rights for
        profileIds - The ids of the profiles
        Returns:
        true if any connected user has a permission on at least one object supported by this profile assignment storage, given some groups and profiles

      • hasAnyConnectedAllowedProfile

        boolean hasAnyConnectedAllowedProfile​(Set<? extends Object> rootContexts,
                                      Set<String> profileIds)
        Returns true if any connected user has the allowed profile for any given root context (or any sub context), given some profiles.
        Only supported objects are transmitted
        Parameters:
        rootContexts - The root contexts to search rights for
        profileIds - The ids of the profiles
        Returns:
        true if any connected user has a permission on at least one object supported by this profile assignment storage, given some groups and profiles

      • hasUserDeniedProfile

        @Deprecated
boolean hasUserDeniedProfile​(Set<? extends Object> rootContexts,
                             UserIdentity user,
                             Set<String> profileIds)
        Deprecated.
        This method used to be used by ProfileAssignmentStorageExtensionPoint but was proved to be useless and may be removed from the API in the future (see RUNTIME-2688).
        Returns true if user has the denied profile for any given root context (or any sub context), given some profiles.
        Only supported objects are transmitted
        Parameters:
        rootContexts - The root contexts to search rights for
        user - The user to test
        profileIds - The ids of the profiles
        Returns:
        true if any connected user has a permission on at least one object supported by this profile assignment storage, given some groups and profiles

      • hasUserAllowedProfile

        boolean hasUserAllowedProfile​(Set<? extends Object> rootContexts,
                              UserIdentity user,
                              Set<String> profileIds)
        Returns true if user has the allowed profile for any given root context (or any sub context), given some profiles.
        Only supported objects are transmitted
        Parameters:
        rootContexts - The root contexts to search rights for
        user - The user to test
        profileIds - The ids of the profiles
        Returns:
        true if any connected user has a permission on at least one object supported by this profile assignment storage, given some groups and profiles

      • hasGroupDeniedProfile

        @Deprecated
boolean hasGroupDeniedProfile​(Set<? extends Object> rootContexts,
                              GroupIdentity group,
                              Set<String> profileIds)
        Deprecated.
        This method used to be used by ProfileAssignmentStorageExtensionPoint but was proved to be useless and may be removed from the API in the future (see RUNTIME-2688).
        Returns true if group has the denied profile for any given root context (or any sub context), given some profiles.
        Only supported objects are transmitted
        Parameters:
        rootContexts - The root contexts to search rights for
        group - The group to test
        profileIds - The ids of the profiles
        Returns:
        true if any connected user has a permission on at least one object supported by this profile assignment storage, given some groups and profiles

      • hasGroupAllowedProfile

        boolean hasGroupAllowedProfile​(Set<? extends Object> rootContexts,
                               GroupIdentity group,
                               Set<String> profileIds)
        Returns true if group has the allowed profile for any given root context (or any sub context), given some profiles.
        Only supported objects are transmitted
        Parameters:
        rootContexts - The root contexts to search rights for
        group - The group to test
        profileIds - The ids of the profiles
        Returns:
        true if any connected user has a permission on at least one object supported by this profile assignment storage, given some groups and profiles

      • getAllowedProfilesForAnyConnectedUser

        Set<StringgetAllowedProfilesForAnyConnectedUser​(Object object)
        Gets the allowed profiles any connected user has on the given object
        Parameters:
        object - The object
        Returns:
        the allowed profiles any connected user has on the given object

      • isAnyConnectedUserAllowed

        boolean isAnyConnectedUserAllowed​(Object object,
                                  String profileId)
        Returns true if any connected user is allowed with the given profile
        Parameters:
        object - The object
        profileId - The id of the profile
        Returns:
        true if any connected user is allowed with the given profile

      • getDeniedProfilesForAnyConnectedUser

        Set<StringgetDeniedProfilesForAnyConnectedUser​(Object object)
        Gets the denied profiles any connected user has on the given object
        Parameters:
        object - The object
        Returns:
        the denied profiles any connected user has on the given object

      • isAnyConnectedUserDenied

        boolean isAnyConnectedUserDenied​(Object object,
                                 String profileId)
        Returns true if any connected user is denied with the given profile
        Parameters:
        object - The object
        profileId - The id of the profile
        Returns:
        true if any connected user is denied with the given profile

      • getAllowedProfilesForAnonymous

        Set<StringgetAllowedProfilesForAnonymous​(Object object)
        Gets the allowed profiles an anonymous user has on the given object
        Parameters:
        object - The object
        Returns:
        the allowed profiles an anonymous user has on the given object

      • isAnonymousAllowed

        boolean isAnonymousAllowed​(Object object,
                           String profileId)
        Returns true if anonymous is allowed with the given profile
        Parameters:
        object - The object
        profileId - The id of the profile
        Returns:
        true if anonymous is allowed with the given profile

      • getDeniedProfilesForAnonymous

        Set<StringgetDeniedProfilesForAnonymous​(Object object)
        Gets the denied profiles an anonymous user has on the given object
        Parameters:
        object - The object
        Returns:
        the denied profiles an anonymous user has on the given object

      • isAnonymousDenied

        boolean isAnonymousDenied​(Object object,
                          String profileId)
        Returns true if anonymous is denied with the given profile
        Parameters:
        object - The object
        profileId - The id of the profile
        Returns:
        true if anonymous is denied with the given profile

      • getAllowedProfilesForUser

        Set<StringgetAllowedProfilesForUser​(UserIdentity user,
                                      Object object)
        Get the allowed profiles assigned on the given object for the given user
        Parameters:
        user - The user
        object - The object to test
        Returns:
        The allowed profiles

      • getAllowedProfilesForUsers

        Map<UserIdentity,​Set<String>> getAllowedProfilesForUsers​(Object object)
        Gets the users that have allowed profiles assigned on the given object
        Parameters:
        object - The object to test
        Returns:
        The map of allowed users (keys) with their assigned profiles (values)

      • getAllowedUsers

        Set<UserIdentitygetAllowedUsers​(Object object,
                                  String profileId)
        Gets the users that have the given allowed profile on the given object
        Parameters:
        object - The object to test
        profileId - The id of the profile
        Returns:
        The allowed users with that profile on that object

      • getAllowedProfilesForGroups

        Map<GroupIdentity,​Set<String>> getAllowedProfilesForGroups​(Object object)
        Gets the groups that have allowed profiles assigned on the given object
        Parameters:
        object - The object to test
        Returns:
        The map of allowed groups (keys) with their assigned profiles (values)

      • getAllowedGroups

        Set<GroupIdentitygetAllowedGroups​(Object object,
                                    String profileId)
        Gets the groups that have the given allowed profile on the given object
        Parameters:
        object - The object to test
        profileId - The id of the profile
        Returns:
        The allowed groups with that profile on that object

      • getDeniedProfilesForUser

        Set<StringgetDeniedProfilesForUser​(UserIdentity user,
                                     Object object)
        Get the denied profiles assigned on the given object for the given user
        Parameters:
        user - The user
        object - The object to test
        Returns:
        The denied profiles

      • getDeniedProfilesForUsers

        Map<UserIdentity,​Set<String>> getDeniedProfilesForUsers​(Object object)
        Gets the users that have denied profiles assigned on the given object
        Parameters:
        object - The object to test
        Returns:
        The map of denied users (keys) with their assigned profiles (values)

      • getDeniedUsers

        Set<UserIdentitygetDeniedUsers​(Object object,
                                 String profileId)
        Gets the users that have the given denied profile on the given object
        Parameters:
        object - The object to test
        profileId - The id of the profile
        Returns:
        The denied users with that profile on that object

      • getDeniedProfilesForGroups

        Map<GroupIdentity,​Set<String>> getDeniedProfilesForGroups​(Object object)
        Gets the groups that have denied profiles assigned on the given object
        Parameters:
        object - The object to test
        Returns:
        The map of denied groups (keys) with their assigned profiles (values)

      • getDeniedGroups

        Set<GroupIdentitygetDeniedGroups​(Object object,
                                   String profileId)
        Gets the groups that have the given denied profile on the given object
        Parameters:
        object - The object to test
        profileId - The id of the profile
        Returns:
        The denied groups with that profile on that object

      • isSupported

        boolean isSupported​(Object object)
        Returns true if this profile storage supports the given object, i.e. if it is able to retrieve the allowed users/groups on that object
        Parameters:
        object - The object to test
        Returns:
        true if this profile storage supports the given object

      • isRootContextSupported

        boolean isRootContextSupported​(Object rootContext)
        Returns true if this profile storage supports the given object as a root context i.e. it can seek any permission under this object
        Parameters:
        rootContext - The object to start searching
        Returns:
        true if this profile storage support this a as root context to search in

      • getPriority

        int getPriority()
        Returns the priority of this profile storage The ProfileAssignmentStorageExtensionPoint will take the profile storage which supports the object with the highest priority to return the allowed/denied users/groups
        Returns:
        the priority of this profile storage

      • isInheritanceDisallowed

        boolean isInheritanceDisallowed​(Object object)
        Returns true if the inheritance of permissions is disallowed on the given object
        Parameters:
        object - The object to test
        Returns:
        true if the inheritance of permissions is disallowed on the given object