Package org.ametys.core.right

Class ProfileAssignmentStorageExtensionPoint

java.lang.Object

org.ametys.runtime.plugin.component.AbstractLogEnabled

org.ametys.runtime.plugin.component.AbstractThreadSafeComponentExtensionPoint<ProfileAssignmentStorage>

org.ametys.core.right.ProfileAssignmentStorageExtensionPoint

All Implemented Interfaces:

LogEnabled, ExtensionPoint<ProfileAssignmentStorage>, Disposable, Initializable, Component, Contextualizable, Serviceable, ThreadSafe

public class ProfileAssignmentStorageExtensionPoint
extends AbstractThreadSafeComponentExtensionPoint<ProfileAssignmentStorage>

ExtensionPoint handling ProfileAssignmentStorages.

Field Summary

Fields

Modifier and Type	Field	Description
static String	ROLE	Avalon Role

Fields inherited from class org.ametys.runtime.plugin.component.AbstractThreadSafeComponentExtensionPoint

_cocoonManager, _context, _manager

Constructor Summary

Constructors

Constructor	Description
ProfileAssignmentStorageExtensionPoint()

Method Summary

Modifier and Type	Method	Description
private void	_fillAllowedProfilesAnyConnectedUser(Map<String,AccessController.AccessResult> results, UserIdentity user, Set<GroupIdentity> userGroups, Collection<String> profileIds, Object object)
private void	_fillAllowedProfilesForAnonymous(Map<String,AccessController.AccessResult> results, UserIdentity user, Set<GroupIdentity> userGroups, Collection<String> profileIds, Object object)
private void	_fillAllowedProfilesForGroups(Map<String,AccessController.AccessResult> results, UserIdentity user, Set<GroupIdentity> userGroups, Collection<String> profileIds, Object object)
private void	_fillAllowedProfilesForUser(Map<String,AccessController.AccessResult> results, UserIdentity user, Set<GroupIdentity> userGroups, Collection<String> profileIds, Object object)
private void	_fillDeniedProfilesAnyConnectedUser(Map<String,AccessController.AccessResult> results, UserIdentity user, Set<GroupIdentity> userGroups, Collection<String> profileIds, Object object)
private void	_fillDeniedProfilesForAnonymous(Map<String,AccessController.AccessResult> results, UserIdentity user, Set<GroupIdentity> userGroups, Collection<String> profileIds, Object object)
private void	_fillDeniedProfilesForGroups(Map<String,AccessController.AccessResult> results, UserIdentity user, Set<GroupIdentity> userGroups, Collection<String> profileIds, Object object)
private void	_fillDeniedProfilesForUser(Map<String,AccessController.AccessResult> results, UserIdentity user, Set<GroupIdentity> userGroups, Collection<String> profileIds, Object object)
private Optional<ModifiableProfileAssignmentStorage>	_getFirstModifiableProfileAssignmentStorage(Object object)
private Optional<ProfileAssignmentStorage>	_getFirstProfileAssignmentStorage(Object object)
private boolean	_hasAnonymousAnyPermission(ProfileAssignmentStorage profileAssignmentStorage, Set<? extends Object> rootContexts, Set<String> profileIds)
private boolean	_hasAnyConnectedUserAnyPermission(ProfileAssignmentStorage profileAssignmentStorage, Set<? extends Object> rootContexts, Set<String> profileIds)
private boolean	_hasUserAnyPermission(ProfileAssignmentStorage profileAssignmentStorage, Set<? extends Object> rootContexts, UserIdentity user, Set<GroupIdentity> userGroups, Set<String> profileIds)
private void	_logResult(UserIdentity user, Set<GroupIdentity> userGroups, String profileId, Object object, AccessController.AccessResult result)
private void	_updatePermissionsMap(Map<String,AccessController.AccessResult> permissionsMap, Set<String> keys, AccessController.AccessResult value)
void	allowProfileToAnonymous(String profileId, Object context)	Adds allowed profile an anonymous user has on the given object
void	allowProfileToAnyConnectedUser(String profileId, Object context)	Adds allowed profile any connected user has on the given object
void	allowProfileToGroup(GroupIdentity group, String profileId, Object context)	Allows a group to a profile on a given object
void	allowProfileToUser(UserIdentity user, String profileId, Object context)	Allows a user to a profile on a given object
void	denyProfileToAnonymous(String profileId, Object context)	Adds denied profile an anonymous user has on the given object
void	denyProfileToAnyConnectedUser(String profileId, Object context)	Adds denied profile any connected user has on the given object
void	denyProfileToGroup(GroupIdentity group, String profileId, Object context)	Denies a group to a profile on a given object
void	denyProfileToUser(UserIdentity user, String profileId, Object context)	Denies a user to a profile on a given object
void	disallowInheritance(Object context, boolean disallow)	Allow or disallow the inheritance of permissions on a given context
Set<GroupIdentity>	getAllowedGroups(Object object, String profileId)	Gets the groups that have the given allowed profile on the given object
Set<String>	getAllowedProfilesForAnonymous(Object context)	Gets the allowed profiles for Anonymous user on the given object
Set<String>	getAllowedProfilesForAnyConnectedUser(Object context)	Gets the allowed profiles for any connected user on the given object
Set<String>	getAllowedProfilesForGroup(Object object, GroupIdentity group)	Gets the allowed profiles for the given group on the given object
Map<GroupIdentity,Set<String>>	getAllowedProfilesForGroups(Object object)	Gets the allowed profiles by groups on the given object
Set<String>	getAllowedProfilesForUser(Object object, UserIdentity user)	Gets the allowed profiles for the given user on the given object
Map<UserIdentity,Set<String>>	getAllowedProfilesForUsers(Object object)	Gets the allowed profiles by users on the given object
Set<UserIdentity>	getAllowedUsers(Object object, String profileId)	Gets the users that have the given allowed profile on the given object
Set<GroupIdentity>	getDeniedGroups(Object object, String profileId)	Gets the groups that have the given denied profile on the given object
Set<String>	getDeniedProfilesForAnonymous(Object context)	Gets the denied profiles for Anonymous user on the given object
Set<String>	getDeniedProfilesForAnyConnectedUser(Object context)	Gets the denied profiles for any connected user on the given object
Set<String>	getDeniedProfilesForGroup(Object object, GroupIdentity group)	Gets the denied profiles for the given group on the given object
Map<GroupIdentity,Set<String>>	getDeniedProfilesForGroups(Object context)	Gets the denied profiles by groups on the given object
Set<String>	getDeniedProfilesForUser(Object object, UserIdentity user)	Gets the denied profiles for the given user on the given object
Map<UserIdentity,Set<String>>	getDeniedProfilesForUsers(Object object)	Gets the denied profiles by users on the given object
Set<UserIdentity>	getDeniedUsers(Object object, String profileId)	Gets the users that have the given denied profile on the given object
AccessController.AccessResult	getPermissionForAnonymous(Set<String> profileIds, Object object)	Gets the permissions for Anonymous for the given profiles
AccessController.AccessResult	getPermissionForAnyConnectedUser(Set<String> profileIds, Object object)	Gets the permissions for Anonymous for the given profiles
Map<String,AccessController.AccessResult>	getPermissions(UserIdentity user, Set<GroupIdentity> userGroups, Set<String> profileIds, Object object)	Gets the permissions a user has, given some groups and profiles, on an object.
Map<GroupIdentity,AccessController.AccessResult>	getPermissionsByGroup(Set<String> profileIds, Object object)	Gets the permission by group only on an object, according to the given profiles.
Map<String,AccessController.AccessResult>	getPermissionsByProfile(UserIdentity user, Set<GroupIdentity> userGroups, Object object)	Gets the permissions a user has on an object, for every profile in the application.
Map<UserIdentity,AccessController.AccessResult>	getPermissionsByUser(Set<String> profileIds, Object object)	Gets the permission by user only on an object, according to the given profiles.
boolean	hasAnonymousAnyPermission(Set<? extends Object> rootContexts, Set<String> profileIds)	Returns true if anybody has a permission on at least one object, given some profiles
boolean	hasAnyConnectedUserAnyPermission(Set<? extends Object> rootContexts, Set<String> profileIds)	Returns true if any connected user has a permission on at least one object, given some profiles
boolean	hasUserAnyPermission(Set<? extends Object> rootContexts, UserIdentity user, Set<GroupIdentity> userGroups, Set<String> profileIds)	Returns true if the user has a permission on at least one object, given some groups and profiles
boolean	isInheritanceDisallowed(Object context)	Determines if the inheritance of permissions is disallowed on a given context
void	removeAllowedProfileFromAnonymous(String profileId, Object context)	Removes allowed profile an anonymous user has on the given object
void	removeAllowedProfileFromAnyConnectedUser(String profileId, Object context)	Removes allowed profile any connected user has on the given object
void	removeAllowedProfileFromGroup(GroupIdentity group, String profileId, Object context)	Removes the association between a group and an allowed profile on a given object
void	removeAllowedProfileFromUser(UserIdentity user, String profileId, Object context)	Removes the association between a user and an allowed profile on a given object
void	removeDeniedProfileFromAnonymous(String profileId, Object context)	Removes denied profile an anonymous user has on the given object
void	removeDeniedProfileFromAnyConnectedUser(String profileId, Object context)	Removes denied profile any connected user has on the given object
void	removeDeniedProfileFromGroup(GroupIdentity group, String profileId, Object context)	Removes the association between a group and a denied profile on a given object
void	removeDeniedProfileFromUser(UserIdentity user, String profileId, Object context)	Removes the association between a user and a denied profile on a given object

Methods inherited from class org.ametys.runtime.plugin.component.AbstractThreadSafeComponentExtensionPoint

addComponent, addExtension, contextualize, dispose, getExtension, getExtensionsIds, hasExtension, initialize, initializeExtensions, service

Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled

getLogger, setLogger

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ROLE

public static final String ROLE

Avalon Role

Constructor Detail

ProfileAssignmentStorageExtensionPoint

public ProfileAssignmentStorageExtensionPoint()

Method Detail

getPermissions

public Map<String,AccessController.AccessResult> getPermissions(UserIdentity user,
                                                                      Set<GroupIdentity> userGroups,
                                                                      Set<String> profileIds,
                                                                      Object object)

Gets the permissions a user has, given some groups and profiles, on an object.

Parameters:

user - The user

userGroups - The groups

profileIds - The ids of the profiles

object - The object

Returns:

the permissions a user has, given some groups and profiles on an object.

_fillAllowedProfilesForAnonymous

private void _fillAllowedProfilesForAnonymous(Map<String,AccessController.AccessResult> results,
                                              UserIdentity user,
                                              Set<GroupIdentity> userGroups,
                                              Collection<String> profileIds,
                                              Object object)

_fillDeniedProfilesForAnonymous

private void _fillDeniedProfilesForAnonymous(Map<String,AccessController.AccessResult> results,
                                             UserIdentity user,
                                             Set<GroupIdentity> userGroups,
                                             Collection<String> profileIds,
                                             Object object)

_fillDeniedProfilesForUser

private void _fillDeniedProfilesForUser(Map<String,AccessController.AccessResult> results,
                                        UserIdentity user,
                                        Set<GroupIdentity> userGroups,
                                        Collection<String> profileIds,
                                        Object object)

_fillAllowedProfilesForUser

private void _fillAllowedProfilesForUser(Map<String,AccessController.AccessResult> results,
                                         UserIdentity user,
                                         Set<GroupIdentity> userGroups,
                                         Collection<String> profileIds,
                                         Object object)

_fillDeniedProfilesAnyConnectedUser

private void _fillDeniedProfilesAnyConnectedUser(Map<String,AccessController.AccessResult> results,
                                                 UserIdentity user,
                                                 Set<GroupIdentity> userGroups,
                                                 Collection<String> profileIds,
                                                 Object object)

_fillAllowedProfilesAnyConnectedUser

private void _fillAllowedProfilesAnyConnectedUser(Map<String,AccessController.AccessResult> results,
                                                  UserIdentity user,
                                                  Set<GroupIdentity> userGroups,
                                                  Collection<String> profileIds,
                                                  Object object)

_fillDeniedProfilesForGroups

private void _fillDeniedProfilesForGroups(Map<String,AccessController.AccessResult> results,
                                          UserIdentity user,
                                          Set<GroupIdentity> userGroups,
                                          Collection<String> profileIds,
                                          Object object)

_fillAllowedProfilesForGroups

private void _fillAllowedProfilesForGroups(Map<String,AccessController.AccessResult> results,
                                           UserIdentity user,
                                           Set<GroupIdentity> userGroups,
                                           Collection<String> profileIds,
                                           Object object)

_logResult

private void _logResult(UserIdentity user,
                        Set<GroupIdentity> userGroups,
                        String profileId,
                        Object object,
                        AccessController.AccessResult result)

hasUserAnyPermission

public boolean hasUserAnyPermission(Set<? extends Object> rootContexts,
                                    UserIdentity user,
                                    Set<GroupIdentity> userGroups,
                                    Set<String> profileIds)

Returns true if the user has a permission on at least one object, given some groups and profiles

Parameters:

rootContexts - The root contexts object where to seek

user - The user

userGroups - The groups

profileIds - The ids of the profiles

Returns:

true if the user has a permission on at least one object, given some groups and profiles

_hasUserAnyPermission

private boolean _hasUserAnyPermission(ProfileAssignmentStorage profileAssignmentStorage,
                                      Set<? extends Object> rootContexts,
                                      UserIdentity user,
                                      Set<GroupIdentity> userGroups,
                                      Set<String> profileIds)

hasAnonymousAnyPermission

public boolean hasAnonymousAnyPermission(Set<? extends Object> rootContexts,
                                         Set<String> profileIds)

Returns true if anybody has a permission on at least one object, given some profiles

Parameters:

rootContexts - The root contexts object where to seek

profileIds - The ids of the profiles

Returns:

true if anonymous has a permission on at least one object, given some some profiles

_hasAnonymousAnyPermission

private boolean _hasAnonymousAnyPermission(ProfileAssignmentStorage profileAssignmentStorage,
                                           Set<? extends Object> rootContexts,
                                           Set<String> profileIds)

hasAnyConnectedUserAnyPermission

public boolean hasAnyConnectedUserAnyPermission(Set<? extends Object> rootContexts,
                                                Set<String> profileIds)

Returns true if any connected user has a permission on at least one object, given some profiles

Parameters:

rootContexts - The root contexts object where to seek

profileIds - The ids of the profiles

Returns:

true if any connected user has a permission on at least one object, given some some profiles

_hasAnyConnectedUserAnyPermission

private boolean _hasAnyConnectedUserAnyPermission(ProfileAssignmentStorage profileAssignmentStorage,
                                                  Set<? extends Object> rootContexts,
                                                  Set<String> profileIds)

getPermissionsByProfile

public Map<String,AccessController.AccessResult> getPermissionsByProfile(UserIdentity user,
                                                                               Set<GroupIdentity> userGroups,
                                                                               Object object)

Gets the permissions a user has on an object, for every profile in the application.

Parameters:

user - The user

userGroups - The groups

object - The object

Returns:

the permissions a user has on an object, for every profile in the application.

_updatePermissionsMap

private void _updatePermissionsMap(Map<String,AccessController.AccessResult> permissionsMap,
                                   Set<String> keys,
                                   AccessController.AccessResult value)

getPermissionForAnonymous

public AccessController.AccessResult getPermissionForAnonymous(Set<String> profileIds,
                                                               Object object)

Gets the permissions for Anonymous for the given profiles

Parameters:

profileIds - The profiles to get permissions on

object - The object

Returns:

the access result for each profile

getPermissionForAnyConnectedUser

public AccessController.AccessResult getPermissionForAnyConnectedUser(Set<String> profileIds,
                                                                      Object object)

Gets the permissions for Anonymous for the given profiles

Parameters:

profileIds - The profiles to get permissions on

object - The object

Returns:

the access result for each profile

getPermissionsByUser

public Map<UserIdentity,AccessController.AccessResult> getPermissionsByUser(Set<String> profileIds,
                                                                                  Object object)

Gets the permission by user only on an object, according to the given profiles. It does not take account of the groups of the user, etc.

Parameters:

profileIds - The ids of the profiles

object - The object

Returns:

the permission by user only on an object, according to the given profiles

getPermissionsByGroup

public Map<GroupIdentity,AccessController.AccessResult> getPermissionsByGroup(Set<String> profileIds,
                                                                                    Object object)

Gets the permission by group only on an object, according to the given profiles.

Parameters:

profileIds - The ids of the profiles

object - The object

Returns:

the permission by group only on an object, according to the given profiles

getAllowedProfilesForAnyConnectedUser

public Set<String> getAllowedProfilesForAnyConnectedUser(Object context)

Gets the allowed profiles for any connected user on the given object

Parameters:

context - The object context

Returns:

the allowed profiles for any connected user on the given object

getDeniedProfilesForAnyConnectedUser

public Set<String> getDeniedProfilesForAnyConnectedUser(Object context)

Gets the denied profiles for any connected user on the given object

Parameters:

context - The object context

Returns:

the denied profiles for any connected user on the given object

allowProfileToAnyConnectedUser

public void allowProfileToAnyConnectedUser(String profileId,
                                           Object context)

Adds allowed profile any connected user has on the given object

Parameters:

context - The object context

profileId - The profile to add

denyProfileToAnyConnectedUser

public void denyProfileToAnyConnectedUser(String profileId,
                                          Object context)

Adds denied profile any connected user has on the given object

Parameters:

profileId - The profile to add

context - The object context

removeAllowedProfileFromAnyConnectedUser

public void removeAllowedProfileFromAnyConnectedUser(String profileId,
                                                     Object context)

Removes allowed profile any connected user has on the given object

Parameters:

profileId - The profile to remove

context - The object context

removeDeniedProfileFromAnyConnectedUser

public void removeDeniedProfileFromAnyConnectedUser(String profileId,
                                                    Object context)

Removes denied profile any connected user has on the given object

Parameters:

context - The object context

profileId - The profile to remove

getAllowedProfilesForAnonymous

public Set<String> getAllowedProfilesForAnonymous(Object context)

Gets the allowed profiles for Anonymous user on the given object

Parameters:

context - The object context

Returns:

the allowed profiles for Anonymous user on the given object

getDeniedProfilesForAnonymous

public Set<String> getDeniedProfilesForAnonymous(Object context)

Gets the denied profiles for Anonymous user on the given object

Parameters:

context - The object context

Returns:

the denied profiles for Anonymous user on the given object

allowProfileToAnonymous

public void allowProfileToAnonymous(String profileId,
                                    Object context)

Adds allowed profile an anonymous user has on the given object

Parameters:

profileId - The profile to add

context - The object context

denyProfileToAnonymous

public void denyProfileToAnonymous(String profileId,
                                   Object context)

Adds denied profile an anonymous user has on the given object

Parameters:

profileId - The profile to add

context - The object context

removeAllowedProfileFromAnonymous

public void removeAllowedProfileFromAnonymous(String profileId,
                                              Object context)

Removes allowed profile an anonymous user has on the given object

Parameters:

profileId - The profile to remove

context - The object context

removeDeniedProfileFromAnonymous

public void removeDeniedProfileFromAnonymous(String profileId,
                                             Object context)

Removes denied profile an anonymous user has on the given object

Parameters:

context - The object context

profileId - The profile to remove

getAllowedUsers

public Set<UserIdentity> getAllowedUsers(Object object,
                                         String profileId)

Gets the users that have the given allowed profile on the given object

Parameters:

object - The object to test

profileId - The id of the profile

Returns:

The allowed users with that profile on that object

getDeniedUsers

public Set<UserIdentity> getDeniedUsers(Object object,
                                        String profileId)

Gets the users that have the given denied profile on the given object

Parameters:

object - The object to test

profileId - The id of the profile

Returns:

The allowed users with that profile on that object

getAllowedProfilesForUser

public Set<String> getAllowedProfilesForUser(Object object,
                                             UserIdentity user)

Gets the allowed profiles for the given user on the given object

Parameters:

object - The object to test

user - The user

Returns:

The allowed profiles for the user

getDeniedProfilesForUser

public Set<String> getDeniedProfilesForUser(Object object,
                                            UserIdentity user)

Gets the denied profiles for the given user on the given object

Parameters:

object - The object to test

user - The user

Returns:

The denied profiles for the user

getAllowedProfilesForUsers

public Map<UserIdentity,Set<String>> getAllowedProfilesForUsers(Object object)

Gets the allowed profiles by users on the given object

Parameters:

object - The context object

Returns:

The allowed profiles by users

getDeniedProfilesForUsers

public Map<UserIdentity,Set<String>> getDeniedProfilesForUsers(Object object)

Gets the denied profiles by users on the given object

Parameters:

object - The context object

Returns:

The denied profiles by users

allowProfileToUser

public void allowProfileToUser(UserIdentity user,
                               String profileId,
                               Object context)

Allows a user to a profile on a given object

Parameters:

user - The user to add

profileId - The id of the profile

context - The object context

denyProfileToUser

public void denyProfileToUser(UserIdentity user,
                              String profileId,
                              Object context)

Denies a user to a profile on a given object

Parameters:

user - The user to add

profileId - The id of the profile

context - The object context

removeAllowedProfileFromUser

public void removeAllowedProfileFromUser(UserIdentity user,
                                         String profileId,
                                         Object context)

Removes the association between a user and an allowed profile on a given object

Parameters:

user - The user to remove

context - The object context

profileId - The id of the profile

removeDeniedProfileFromUser

public void removeDeniedProfileFromUser(UserIdentity user,
                                        String profileId,
                                        Object context)

Removes the association between a user and a denied profile on a given object

Parameters:

user - The user to remove

profileId - The id of the profile

context - The object context

getAllowedGroups

public Set<GroupIdentity> getAllowedGroups(Object object,
                                           String profileId)

Gets the groups that have the given allowed profile on the given object

Parameters:

object - The object to test

profileId - The id of the profile

Returns:

The allowed groups with that profile on that object

getDeniedGroups

public Set<GroupIdentity> getDeniedGroups(Object object,
                                          String profileId)

Gets the groups that have the given denied profile on the given object

Parameters:

object - The object to test

profileId - The id of the profile

Returns:

The denied groups with that profile on that object

getAllowedProfilesForGroup

public Set<String> getAllowedProfilesForGroup(Object object,
                                              GroupIdentity group)

Gets the allowed profiles for the given group on the given object

Parameters:

object - The object to test

group - The group

Returns:

The allowed profiles for the group

getDeniedProfilesForGroup

public Set<String> getDeniedProfilesForGroup(Object object,
                                             GroupIdentity group)

Gets the denied profiles for the given group on the given object

Parameters:

object - The object to test

group - The group

Returns:

The denied profiles for the group

getAllowedProfilesForGroups

public Map<GroupIdentity,Set<String>> getAllowedProfilesForGroups(Object object)

Gets the allowed profiles by groups on the given object

Parameters:

object - The context object

Returns:

The allowed profiles by groups

getDeniedProfilesForGroups

public Map<GroupIdentity,Set<String>> getDeniedProfilesForGroups(Object context)

Gets the denied profiles by groups on the given object

Parameters:

context - The object context to test

Returns:

The denied profiles by groups

allowProfileToGroup

public void allowProfileToGroup(GroupIdentity group,
                                String profileId,
                                Object context)

Allows a group to a profile on a given object

Parameters:

group - The group to add

profileId - The id of the profile

context - The object context

denyProfileToGroup

public void denyProfileToGroup(GroupIdentity group,
                               String profileId,
                               Object context)

Denies a group to a profile on a given object

Parameters:

group - The group to add

profileId - The id of the profile

context - The object context

removeAllowedProfileFromGroup

public void removeAllowedProfileFromGroup(GroupIdentity group,
                                          String profileId,
                                          Object context)

Removes the association between a group and an allowed profile on a given object

Parameters:

group - The group to remove

profileId - The id of the profile

context - The object context

removeDeniedProfileFromGroup

public void removeDeniedProfileFromGroup(GroupIdentity group,
                                         String profileId,
                                         Object context)

Removes the association between a group and a denied profile on a given object

Parameters:

group - The group to remove

profileId - The id of the profile

context - The object context

isInheritanceDisallowed

public boolean isInheritanceDisallowed(Object context)

Determines if the inheritance of permissions is disallowed on a given context

Parameters:

context - The object context

Returns:

true if the inheritance is disallowed

disallowInheritance

public void disallowInheritance(Object context,
                                boolean disallow)

Allow or disallow the inheritance of permissions on a given context

Parameters:

context - The object context

disallow - true to disallow the inheritance

_getFirstProfileAssignmentStorage

private Optional<ProfileAssignmentStorage> _getFirstProfileAssignmentStorage(Object object)

_getFirstModifiableProfileAssignmentStorage

private Optional<ModifiableProfileAssignmentStorage> _getFirstModifiableProfileAssignmentStorage(Object object)