Package org.ametys.plugins.repository

Class ACLAmetysObjectProfileAssignmentStorage

java.lang.Object

org.ametys.runtime.plugin.component.AbstractLogEnabled

org.ametys.plugins.repository.ACLAmetysObjectProfileAssignmentStorage

All Implemented Interfaces:

ProfileAssignmentStorage, LogEnabled

Direct Known Subclasses:

ModifiableACLAmetysObjectProfileAssignmentStorage

public class ACLAmetysObjectProfileAssignmentStorage
extends AbstractLogEnabled
implements ProfileAssignmentStorage

Implementation of ProfileAssignmentStorage for ACLAmetysObjects which stores profile assignments in subnodes of the node representing this object.

Field Summary

Fields inherited from interface org.ametys.core.right.ProfileAssignmentStorage

MAX_PRIORITY, MIN_PRIORITY

Constructor Summary

Constructors

Constructor	Description
ACLAmetysObjectProfileAssignmentStorage()

Method Summary

Modifier and Type	Method	Description
Set<GroupIdentity>	getAllowedGroups(Object object, String profileId)	Gets the groups that have the given allowed profile on the given object
Set<String>	getAllowedProfilesForAnonymous(Object object)	Gets the allowed profiles an anonymous user has on the given object
Set<String>	getAllowedProfilesForAnyConnectedUser(Object object)	Gets the allowed profiles any connected user has on the given object
Map<GroupIdentity,Set<String>>	getAllowedProfilesForGroups(Object object)	Gets the groups that have allowed profiles assigned on the given object
Set<String>	getAllowedProfilesForUser(UserIdentity user, Object object)	Get the allowed profiles assigned on the given object for the given user
Map<UserIdentity,Set<String>>	getAllowedProfilesForUsers(Object object)	Gets the users that have allowed profiles assigned on the given object
Set<UserIdentity>	getAllowedUsers(Object object, String profileId)	Gets the users that have the given allowed profile on the given object
Set<GroupIdentity>	getDeniedGroups(Object object, String profileId)	Gets the groups that have the given denied profile on the given object
Set<String>	getDeniedProfilesForAnonymous(Object object)	Gets the denied profiles an anonymous user has on the given object
Set<String>	getDeniedProfilesForAnyConnectedUser(Object object)	Gets the denied profiles any connected user has on the given object
Map<GroupIdentity,Set<String>>	getDeniedProfilesForGroups(Object object)	Gets the groups that have denied profiles assigned on the given object
Set<String>	getDeniedProfilesForUser(UserIdentity user, Object object)	Get the denied profiles assigned on the given object for the given user
Map<UserIdentity,Set<String>>	getDeniedProfilesForUsers(Object object)	Gets the users that have denied profiles assigned on the given object
Set<UserIdentity>	getDeniedUsers(Object object, String profileId)	Gets the users that have the given denied profile on the given object
int	getPriority()	Returns the priority of this profile storage The ProfileAssignmentStorageExtensionPoint will take the profile storage which supports the object with the highest priority to return the allowed/denied users/groups
boolean	hasAnonymousAllowedProfile(Set<? extends Object> rootContexts, Set<String> profileIds)	Returns true if anonymous user has the allowed profile for any given root context (or any sub context), given some profiles. Only supported objects are transmitted
boolean	hasAnonymousDeniedProfile(Set<? extends Object> rootContexts, Set<String> profileIds)	Returns true if anonymous user has the denied profile for any given root context (or any sub context), given some profiles. Only supported objects are transmitted
boolean	hasAnyConnectedAllowedProfile(Set<? extends Object> rootContexts, Set<String> profileIds)	Returns true if any connected user has the allowed profile for any given root context (or any sub context), given some profiles. Only supported objects are transmitted
boolean	hasAnyConnectedDeniedProfile(Set<? extends Object> rootContexts, Set<String> profileIds)	Returns true if any connected user has the denied profile for any given root context (or any sub context), given some profiles. Only supported objects are transmitted
boolean	hasGroupAllowedProfile(Set<? extends Object> rootContexts, GroupIdentity group, Set<String> profileIds)	Returns true if group has the allowed profile for any given root context (or any sub context), given some profiles. Only supported objects are transmitted
boolean	hasGroupDeniedProfile(Set<? extends Object> rootContexts, GroupIdentity group, Set<String> profileIds)	Returns true if group has the denied profile for any given root context (or any sub context), given some profiles. Only supported objects are transmitted
boolean	hasUserAllowedProfile(Set<? extends Object> rootContexts, UserIdentity user, Set<String> profileIds)	Returns true if user has the allowed profile for any given root context (or any sub context), given some profiles. Only supported objects are transmitted
boolean	hasUserDeniedProfile(Set<? extends Object> rootContexts, UserIdentity user, Set<String> profileIds)	Returns true if user has the denied profile for any given root context (or any sub context), given some profiles. Only supported objects are transmitted
boolean	isAnonymousAllowed(Object object, String profileId)	Returns true if anonymous is allowed with the given profile
boolean	isAnonymousDenied(Object object, String profileId)	Returns true if anonymous is denied with the given profile
boolean	isAnyConnectedUserAllowed(Object object, String profileId)	Returns true if any connected user is allowed with the given profile
boolean	isAnyConnectedUserDenied(Object object, String profileId)	Returns true if any connected user is denied with the given profile
boolean	isInheritanceDisallowed(Object object)	Returns true if the inheritance of permissions is disallowed on the given object
boolean	isRootContextSupported(Object rootContext)	Returns true if this profile storage supports the given object as a root context i.e.
boolean	isSupported(Object object)	Returns true if this profile storage supports the given object, i.e.

Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled

getLogger, setLogger

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ACLAmetysObjectProfileAssignmentStorage

public ACLAmetysObjectProfileAssignmentStorage()

Method Detail

hasUserDeniedProfile

public boolean hasUserDeniedProfile(Set<? extends Object> rootContexts,
                                    UserIdentity user,
                                    Set<String> profileIds)

Description copied from interface: ProfileAssignmentStorage

Returns true if user has the denied profile for any given root context (or any sub context), given some profiles.
Only supported objects are transmitted

Specified by:

hasUserDeniedProfile in interface ProfileAssignmentStorage

Parameters:

rootContexts - The root contexts to search rights for

user - The user to test

profileIds - The ids of the profiles

Returns:

true if any connected user has a permission on at least one object supported by this profile assignment storage, given some groups and profiles

hasUserAllowedProfile

public boolean hasUserAllowedProfile(Set<? extends Object> rootContexts,
                                     UserIdentity user,
                                     Set<String> profileIds)

Description copied from interface: ProfileAssignmentStorage

Returns true if user has the allowed profile for any given root context (or any sub context), given some profiles.
Only supported objects are transmitted

Specified by:

hasUserAllowedProfile in interface ProfileAssignmentStorage

Parameters:

rootContexts - The root contexts to search rights for

user - The user to test

profileIds - The ids of the profiles

Returns:

true if any connected user has a permission on at least one object supported by this profile assignment storage, given some groups and profiles

hasGroupDeniedProfile

public boolean hasGroupDeniedProfile(Set<? extends Object> rootContexts,
                                     GroupIdentity group,
                                     Set<String> profileIds)

Description copied from interface: ProfileAssignmentStorage

Returns true if group has the denied profile for any given root context (or any sub context), given some profiles.
Only supported objects are transmitted

Specified by:

hasGroupDeniedProfile in interface ProfileAssignmentStorage

Parameters:

rootContexts - The root contexts to search rights for

group - The group to test

profileIds - The ids of the profiles

Returns:

true if any connected user has a permission on at least one object supported by this profile assignment storage, given some groups and profiles

hasGroupAllowedProfile

public boolean hasGroupAllowedProfile(Set<? extends Object> rootContexts,
                                      GroupIdentity group,
                                      Set<String> profileIds)

Description copied from interface: ProfileAssignmentStorage

Returns true if group has the allowed profile for any given root context (or any sub context), given some profiles.
Only supported objects are transmitted

Specified by:

hasGroupAllowedProfile in interface ProfileAssignmentStorage

Parameters:

rootContexts - The root contexts to search rights for

group - The group to test

profileIds - The ids of the profiles

Returns:

true if any connected user has a permission on at least one object supported by this profile assignment storage, given some groups and profiles

hasAnyConnectedDeniedProfile

public boolean hasAnyConnectedDeniedProfile(Set<? extends Object> rootContexts,
                                            Set<String> profileIds)

Description copied from interface: ProfileAssignmentStorage

Returns true if any connected user has the denied profile for any given root context (or any sub context), given some profiles.
Only supported objects are transmitted

Specified by:

hasAnyConnectedDeniedProfile in interface ProfileAssignmentStorage

Parameters:

rootContexts - The root contexts to search rights for

profileIds - The ids of the profiles

Returns:

true if any connected user has a permission on at least one object supported by this profile assignment storage, given some groups and profiles

hasAnyConnectedAllowedProfile

public boolean hasAnyConnectedAllowedProfile(Set<? extends Object> rootContexts,
                                             Set<String> profileIds)

Description copied from interface: ProfileAssignmentStorage

Returns true if any connected user has the allowed profile for any given root context (or any sub context), given some profiles.
Only supported objects are transmitted

Specified by:

hasAnyConnectedAllowedProfile in interface ProfileAssignmentStorage

Parameters:

rootContexts - The root contexts to search rights for

profileIds - The ids of the profiles

Returns:

true if any connected user has a permission on at least one object supported by this profile assignment storage, given some groups and profiles

hasAnonymousDeniedProfile

public boolean hasAnonymousDeniedProfile(Set<? extends Object> rootContexts,
                                         Set<String> profileIds)

Description copied from interface: ProfileAssignmentStorage

Returns true if anonymous user has the denied profile for any given root context (or any sub context), given some profiles.
Only supported objects are transmitted

Specified by:

hasAnonymousDeniedProfile in interface ProfileAssignmentStorage

Parameters:

rootContexts - The root contexts to search rights for

profileIds - The ids of the profiles

Returns:

true if any connected user has a permission on at least one object supported by this profile assignment storage, given some groups and profiles

hasAnonymousAllowedProfile

public boolean hasAnonymousAllowedProfile(Set<? extends Object> rootContexts,
                                          Set<String> profileIds)

Description copied from interface: ProfileAssignmentStorage

Returns true if anonymous user has the allowed profile for any given root context (or any sub context), given some profiles.
Only supported objects are transmitted

Specified by:

hasAnonymousAllowedProfile in interface ProfileAssignmentStorage

Parameters:

rootContexts - The root contexts to search rights for

profileIds - The ids of the profiles

Returns:

true if any connected user has a permission on at least one object supported by this profile assignment storage, given some groups and profiles

getAllowedProfilesForAnyConnectedUser

public Set<String> getAllowedProfilesForAnyConnectedUser(Object object)

Description copied from interface: ProfileAssignmentStorage

Gets the allowed profiles any connected user has on the given object

Specified by:

getAllowedProfilesForAnyConnectedUser in interface ProfileAssignmentStorage

Parameters:

object - The object

Returns:

the allowed profiles any connected user has on the given object

isAnyConnectedUserAllowed

public boolean isAnyConnectedUserAllowed(Object object,
                                         String profileId)

Description copied from interface: ProfileAssignmentStorage

Returns true if any connected user is allowed with the given profile

Specified by:

isAnyConnectedUserAllowed in interface ProfileAssignmentStorage

Parameters:

object - The object

profileId - The id of the profile

Returns:

true if any connected user is allowed with the given profile

getDeniedProfilesForAnyConnectedUser

public Set<String> getDeniedProfilesForAnyConnectedUser(Object object)

Description copied from interface: ProfileAssignmentStorage

Gets the denied profiles any connected user has on the given object

Specified by:

getDeniedProfilesForAnyConnectedUser in interface ProfileAssignmentStorage

Parameters:

object - The object

Returns:

the denied profiles any connected user has on the given object

isAnyConnectedUserDenied

public boolean isAnyConnectedUserDenied(Object object,
                                        String profileId)

Description copied from interface: ProfileAssignmentStorage

Returns true if any connected user is denied with the given profile

Specified by:

isAnyConnectedUserDenied in interface ProfileAssignmentStorage

Parameters:

object - The object

profileId - The id of the profile

Returns:

true if any connected user is denied with the given profile

getAllowedProfilesForAnonymous

public Set<String> getAllowedProfilesForAnonymous(Object object)

Description copied from interface: ProfileAssignmentStorage

Gets the allowed profiles an anonymous user has on the given object

Specified by:

getAllowedProfilesForAnonymous in interface ProfileAssignmentStorage

Parameters:

object - The object

Returns:

the allowed profiles an anonymous user has on the given object

isAnonymousAllowed

public boolean isAnonymousAllowed(Object object,
                                  String profileId)

Description copied from interface: ProfileAssignmentStorage

Returns true if anonymous is allowed with the given profile

Specified by:

isAnonymousAllowed in interface ProfileAssignmentStorage

Parameters:

object - The object

profileId - The id of the profile

Returns:

true if anonymous is allowed with the given profile

getDeniedProfilesForAnonymous

public Set<String> getDeniedProfilesForAnonymous(Object object)

Description copied from interface: ProfileAssignmentStorage

Gets the denied profiles an anonymous user has on the given object

Specified by:

getDeniedProfilesForAnonymous in interface ProfileAssignmentStorage

Parameters:

object - The object

Returns:

the denied profiles an anonymous user has on the given object

isAnonymousDenied

public boolean isAnonymousDenied(Object object,
                                 String profileId)

Description copied from interface: ProfileAssignmentStorage

Returns true if anonymous is denied with the given profile

Specified by:

isAnonymousDenied in interface ProfileAssignmentStorage

Parameters:

object - The object

profileId - The id of the profile

Returns:

true if anonymous is denied with the given profile

getAllowedProfilesForUser

public Set<String> getAllowedProfilesForUser(UserIdentity user,
                                             Object object)

Description copied from interface: ProfileAssignmentStorage

Get the allowed profiles assigned on the given object for the given user

Specified by:

getAllowedProfilesForUser in interface ProfileAssignmentStorage

Parameters:

user - The user

object - The object to test

Returns:

The allowed profiles

getAllowedProfilesForUsers

public Map<UserIdentity,Set<String>> getAllowedProfilesForUsers(Object object)

Description copied from interface: ProfileAssignmentStorage

Gets the users that have allowed profiles assigned on the given object

Specified by:

getAllowedProfilesForUsers in interface ProfileAssignmentStorage

Parameters:

object - The object to test

Returns:

The map of allowed users (keys) with their assigned profiles (values)

getAllowedUsers

public Set<UserIdentity> getAllowedUsers(Object object,
                                         String profileId)

Description copied from interface: ProfileAssignmentStorage

Gets the users that have the given allowed profile on the given object

Specified by:

getAllowedUsers in interface ProfileAssignmentStorage

Parameters:

object - The object to test

profileId - The id of the profile

Returns:

The allowed users with that profile on that object

getAllowedProfilesForGroups

public Map<GroupIdentity,Set<String>> getAllowedProfilesForGroups(Object object)

Description copied from interface: ProfileAssignmentStorage

Gets the groups that have allowed profiles assigned on the given object

Specified by:

getAllowedProfilesForGroups in interface ProfileAssignmentStorage

Parameters:

object - The object to test

Returns:

The map of allowed groups (keys) with their assigned profiles (values)

getAllowedGroups

public Set<GroupIdentity> getAllowedGroups(Object object,
                                           String profileId)

Description copied from interface: ProfileAssignmentStorage

Gets the groups that have the given allowed profile on the given object

Specified by:

getAllowedGroups in interface ProfileAssignmentStorage

Parameters:

object - The object to test

profileId - The id of the profile

Returns:

The allowed groups with that profile on that object

getDeniedProfilesForUser

public Set<String> getDeniedProfilesForUser(UserIdentity user,
                                            Object object)

Description copied from interface: ProfileAssignmentStorage

Get the denied profiles assigned on the given object for the given user

Specified by:

getDeniedProfilesForUser in interface ProfileAssignmentStorage

Parameters:

user - The user

object - The object to test

Returns:

The denied profiles

getDeniedProfilesForUsers

public Map<UserIdentity,Set<String>> getDeniedProfilesForUsers(Object object)

Description copied from interface: ProfileAssignmentStorage

Gets the users that have denied profiles assigned on the given object

Specified by:

getDeniedProfilesForUsers in interface ProfileAssignmentStorage

Parameters:

object - The object to test

Returns:

The map of denied users (keys) with their assigned profiles (values)

getDeniedUsers

public Set<UserIdentity> getDeniedUsers(Object object,
                                        String profileId)

Description copied from interface: ProfileAssignmentStorage

Gets the users that have the given denied profile on the given object

Specified by:

getDeniedUsers in interface ProfileAssignmentStorage

Parameters:

object - The object to test

profileId - The id of the profile

Returns:

The denied users with that profile on that object

getDeniedProfilesForGroups

public Map<GroupIdentity,Set<String>> getDeniedProfilesForGroups(Object object)

Description copied from interface: ProfileAssignmentStorage

Gets the groups that have denied profiles assigned on the given object

Specified by:

getDeniedProfilesForGroups in interface ProfileAssignmentStorage

Parameters:

object - The object to test

Returns:

The map of denied groups (keys) with their assigned profiles (values)

getDeniedGroups

public Set<GroupIdentity> getDeniedGroups(Object object,
                                          String profileId)

Description copied from interface: ProfileAssignmentStorage

Gets the groups that have the given denied profile on the given object

Specified by:

getDeniedGroups in interface ProfileAssignmentStorage

Parameters:

object - The object to test

profileId - The id of the profile

Returns:

The denied groups with that profile on that object

isInheritanceDisallowed

public boolean isInheritanceDisallowed(Object object)

Description copied from interface: ProfileAssignmentStorage

Returns true if the inheritance of permissions is disallowed on the given object

Specified by:

isInheritanceDisallowed in interface ProfileAssignmentStorage

Parameters:

object - The object to test

Returns:

true if the inheritance of permissions is disallowed on the given object

isSupported

public boolean isSupported(Object object)

Description copied from interface: ProfileAssignmentStorage

Returns true if this profile storage supports the given object, i.e. if it is able to retrieve the allowed users/groups on that object

Specified by:

isSupported in interface ProfileAssignmentStorage

Parameters:

object - The object to test

Returns:

true if this profile storage supports the given object

isRootContextSupported

public boolean isRootContextSupported(Object rootContext)

Description copied from interface: ProfileAssignmentStorage

Returns true if this profile storage supports the given object as a root context i.e. it can seek any permission under this object

Specified by:

isRootContextSupported in interface ProfileAssignmentStorage

Parameters:

rootContext - The object to start searching

Returns:

true if this profile storage support this a as root context to search in

getPriority

public int getPriority()

Description copied from interface: ProfileAssignmentStorage

Returns the priority of this profile storage The ProfileAssignmentStorageExtensionPoint will take the profile storage which supports the object with the highest priority to return the allowed/denied users/groups

Specified by:

getPriority in interface ProfileAssignmentStorage

Returns:

the priority of this profile storage