java.lang.Object
- org.ametys.runtime.plugin.component.AbstractLogEnabled
- - org.ametys.runtime.plugin.component.AbstractThreadSafeComponentExtensionPoint<ProfileAssignmentStorage>
  - - org.ametys.core.right.ProfileAssignmentStorageExtensionPoint

All Implemented Interfaces:

LogEnabled, ExtensionPoint<ProfileAssignmentStorage>, Disposable, Initializable, Component, Contextualizable, Serviceable, ThreadSafe
```
public class ProfileAssignmentStorageExtensionPoint
extends AbstractThreadSafeComponentExtensionPoint<ProfileAssignmentStorage>
```
ExtensionPoint handling ProfileAssignmentStorages.

Field Summary

Fields
Modifier and Type Field Description

static String ROLE
Avalon Role
- Fields inherited from class org.ametys.runtime.plugin.component.AbstractThreadSafeComponentExtensionPoint
  _cocoonManager, _context, _manager

Constructor Summary

Constructors
Constructor Description

ProfileAssignmentStorageExtensionPoint()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`private Optional<ModifiableProfileAssignmentStorage>`	`_getFirstModifiableProfileAssignmentStorage(Object object)`
`private Optional<ProfileAssignmentStorage>`	`_getFirstProfileAssignmentStorage(Object object)`
`private AccessController.AccessResult`	`_getPermissionsByGroup(Map<ProfileAssignmentStorage.UserOrGroup,Set<String>> groupProfiles, Set<String> profileIds)`
`private AccessController.AccessResult`	`_getPermissionsByUser(Map<ProfileAssignmentStorage.UserOrGroup,Set<String>> userProfiles, Set<String> profileIds)`
`private Set<String>`	`_hasAnonymousAnyPermission(ProfileAssignmentStorage profileAssignmentStorage, Set<? extends Object> rootContexts, Set<String> profileIds)`
`private Set<String>`	`_hasAnyConnectedUserAnyPermission(ProfileAssignmentStorage profileAssignmentStorage, Set<? extends Object> rootContexts, Set<String> profileIds)`
`private Set<String>`	`_hasUserAnyPermission(ProfileAssignmentStorage profileAssignmentStorage, Set<? extends Object> rootContexts, UserIdentity user, Set<GroupIdentity> userGroups, Set<String> profileIds)`
`private void`	`_logResult(UserIdentity user, Set<GroupIdentity> userGroups, Object object, Map<String,AccessController.AccessResult> accessResultsByProfile)`
`void`	`allowProfileToAnonymous(String profileId, Object context)`	Adds allowed profile an anonymous user has on the given object
`void`	`allowProfileToAnyConnectedUser(String profileId, Object context)`	Adds allowed profile any connected user has on the given object
`void`	`allowProfileToGroup(GroupIdentity group, String profileId, Object context)`	Allows a group to a profile on a given object
`void`	`allowProfileToUser(UserIdentity user, String profileId, Object context)`	Allows a user to a profile on a given object
`void`	`denyProfileToAnonymous(String profileId, Object context)`	Adds denied profile an anonymous user has on the given object
`void`	`denyProfileToAnyConnectedUser(String profileId, Object context)`	Adds denied profile any connected user has on the given object
`void`	`denyProfileToGroup(GroupIdentity group, String profileId, Object context)`	Denies a group to a profile on a given object
`void`	`denyProfileToUser(UserIdentity user, String profileId, Object context)`	Denies a user to a profile on a given object
`void`	`disallowInheritance(Object context, boolean disallow)`	Allow or disallow the inheritance of permissions on a given context
`AccessController.AccessResult`	`getPermissionForAnonymous(Set<String> profileIds, Object object)`	Gets the permissions for Anonymous for the given profiles
`AccessController.AccessResult`	`getPermissionForAnyConnectedUser(Set<String> profileIds, Object object)`	Gets the permissions for Anonymous for the given profiles
`Map<String,AccessController.AccessResult>`	`getPermissions(UserIdentity user, Set<GroupIdentity> userGroups, Set<String> profileIds, Object object)`	Gets the permissions a user has, given some groups and profiles, on an object.
`Map<GroupIdentity,AccessController.AccessResult>`	`getPermissionsByGroup(Set<String> profileIds, Object object)`	Gets the permission by group only on an object, according to the given profiles.
`Map<String,AccessController.AccessResult>`	`getPermissionsByProfile(UserIdentity user, Set<GroupIdentity> userGroups, Object object)`	Gets the permissions a user has on an object, for every profile in the application.
`Map<UserIdentity,AccessController.AccessResult>`	`getPermissionsByUser(Set<String> profileIds, Object object)`	Gets the permission by user only on an object, according to the given profiles.
`Map<ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys,Set<String>>`	`getProfilesForAnonymousAndAnyConnectedUser(Object context)`	Gets the allowed profiles any connected user has on the given object
`Map<GroupIdentity,Map<ProfileAssignmentStorage.UserOrGroup,Set<String>>>`	`getProfilesForGroups(Object context, Set<GroupIdentity> groups)`	Gets the groups that have allowed profiles assigned on the given object
`Map<UserIdentity,Map<ProfileAssignmentStorage.UserOrGroup,Set<String>>>`	`getProfilesForUsers(Object context, UserIdentity user)`	Gets the users that have allowed profiles assigned on the given object
`Set<String>`	`hasAnonymousAnyPermission(Set<? extends Object> rootContexts, Set<String> profileIds)`	Returns some profiles that are matching if anybody has a permission on at least one object, given some profiles
`Set<String>`	`hasAnyConnectedUserAnyPermission(Set<? extends Object> rootContexts, Set<String> profileIds)`	Returns some profiles that are matching if any connected user has a permission on at least one object, given some profiles
`Set<String>`	`hasUserAnyPermission(Set<? extends Object> rootContexts, UserIdentity user, Set<GroupIdentity> userGroups, Set<String> profileIds)`	Returns some profiles that are matching if the user has a permission on at least one object, given some groups and profiles
`boolean`	`isInheritanceDisallowed(Object context)`	Determines if the inheritance of permissions is disallowed on a given context
`void`	`removeAllowedProfileFromAnonymous(String profileId, Object context)`	Removes allowed profile an anonymous user has on the given object
`void`	`removeAllowedProfileFromAnyConnectedUser(String profileId, Object context)`	Removes allowed profile any connected user has on the given object
`void`	`removeAllowedProfileFromGroup(GroupIdentity group, String profileId, Object context)`	Removes the association between a group and an allowed profile on a given object
`void`	`removeAllowedProfileFromUser(UserIdentity user, String profileId, Object context)`	Removes the association between a user and an allowed profile on a given object
`void`	`removeDeniedProfileFromAnonymous(String profileId, Object context)`	Removes denied profile an anonymous user has on the given object
`void`	`removeDeniedProfileFromAnyConnectedUser(String profileId, Object context)`	Removes denied profile any connected user has on the given object
`void`	`removeDeniedProfileFromGroup(GroupIdentity group, String profileId, Object context)`	Removes the association between a group and a denied profile on a given object
`void`	`removeDeniedProfileFromUser(UserIdentity user, String profileId, Object context)`	Removes the association between a user and a denied profile on a given object

Methods inherited from class org.ametys.runtime.plugin.component.AbstractThreadSafeComponentExtensionPoint
addComponent, addExtension, contextualize, dispose, getExtension, getExtensionsIds, hasExtension, initialize, initializeExtensions, service

Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled
getLogger, setLogger

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- ROLE
```
public static final String ROLE
```
  Avalon Role

Constructor Detail
- ProfileAssignmentStorageExtensionPoint
```
public ProfileAssignmentStorageExtensionPoint()
```

Method Detail

getPermissions

public Map<String,AccessController.AccessResult> getPermissions(UserIdentity user,
                                                                      Set<GroupIdentity> userGroups,
                                                                      Set<String> profileIds,
                                                                      Object object)

Gets the permissions a user has, given some groups and profiles, on an object.

Parameters:: user - The user; userGroups - The groups; profileIds - The ids of the profiles; object - The object
Returns:: the permissions a user has, given some groups and profiles on an object.

_logResult

private void _logResult(UserIdentity user,
                        Set<GroupIdentity> userGroups,
                        Object object,
                        Map<String,AccessController.AccessResult> accessResultsByProfile)

hasUserAnyPermission
```
public Set<String> hasUserAnyPermission(Set<? extends Object> rootContexts,
                                        UserIdentity user,
                                        Set<GroupIdentity> userGroups,
                                        Set<String> profileIds)
```
Returns some profiles that are matching if the user has a permission on at least one object, given some groups and profiles

Parameters:

rootContexts - The root contexts object where to seek

user - The user

userGroups - The groups

profileIds - The ids of the profiles

Returns:

If the Set is empty, it means any connected user has no matching profile.
If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for anyconnected user AND it can contains some other profiles that were not in the given profiles

_hasUserAnyPermission

private Set<String> _hasUserAnyPermission(ProfileAssignmentStorage profileAssignmentStorage,
                                          Set<? extends Object> rootContexts,
                                          UserIdentity user,
                                          Set<GroupIdentity> userGroups,
                                          Set<String> profileIds)

hasAnonymousAnyPermission
```
public Set<String> hasAnonymousAnyPermission(Set<? extends Object> rootContexts,
                                             Set<String> profileIds)
```
Returns some profiles that are matching if anybody has a permission on at least one object, given some profiles

Parameters:

rootContexts - The root contexts object where to seek

profileIds - The ids of the profiles

Returns:

If the Set is empty, it means anonymous has no matching profile.
If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for anonymous AND it can contains some other profiles that were not in the given profiles

_hasAnonymousAnyPermission

private Set<String> _hasAnonymousAnyPermission(ProfileAssignmentStorage profileAssignmentStorage,
                                               Set<? extends Object> rootContexts,
                                               Set<String> profileIds)

hasAnyConnectedUserAnyPermission
```
public Set<String> hasAnyConnectedUserAnyPermission(Set<? extends Object> rootContexts,
                                                    Set<String> profileIds)
```
Returns some profiles that are matching if any connected user has a permission on at least one object, given some profiles

Parameters:

rootContexts - The root contexts object where to seek

profileIds - The ids of the profiles

Returns:

If the Set is empty, it means the user has no matching profile.
If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for the user AND it can contains some other profiles that were not in the given profiles

_hasAnyConnectedUserAnyPermission

private Set<String> _hasAnyConnectedUserAnyPermission(ProfileAssignmentStorage profileAssignmentStorage,
                                                      Set<? extends Object> rootContexts,
                                                      Set<String> profileIds)

getPermissionsByProfile

public Map<String,AccessController.AccessResult> getPermissionsByProfile(UserIdentity user,
                                                                               Set<GroupIdentity> userGroups,
                                                                               Object object)

Gets the permissions a user has on an object, for every profile in the application.

Parameters:: user - The user; userGroups - The groups; object - The object
Returns:: the permissions a user has on an object, for every profile in the application.

getPermissionForAnonymous

public AccessController.AccessResult getPermissionForAnonymous(Set<String> profileIds,
                                                               Object object)

Gets the permissions for Anonymous for the given profiles

Parameters:: profileIds - The profiles to get permissions on; object - The object
Returns:: the access result for each profile

getPermissionForAnyConnectedUser

public AccessController.AccessResult getPermissionForAnyConnectedUser(Set<String> profileIds,
                                                                      Object object)

Gets the permissions for Anonymous for the given profiles

Parameters:: profileIds - The profiles to get permissions on; object - The object
Returns:: the access result for each profile

_getPermissionsByUser

private AccessController.AccessResult _getPermissionsByUser(Map<ProfileAssignmentStorage.UserOrGroup,Set<String>> userProfiles,
                                                            Set<String> profileIds)

getPermissionsByUser
```
public Map<UserIdentity,AccessController.AccessResult> getPermissionsByUser(Set<String> profileIds,
                                                                                  Object object)
```
Gets the permission by user only on an object, according to the given profiles. It does not take account of the groups of the user, etc.

Parameters:

profileIds - The ids of the profiles

object - The object

Returns:

the permission by user only on an object, according to the given profiles

_getPermissionsByGroup

private AccessController.AccessResult _getPermissionsByGroup(Map<ProfileAssignmentStorage.UserOrGroup,Set<String>> groupProfiles,
                                                             Set<String> profileIds)

getPermissionsByGroup

public Map<GroupIdentity,AccessController.AccessResult> getPermissionsByGroup(Set<String> profileIds,
                                                                                    Object object)

Gets the permission by group only on an object, according to the given profiles.

Parameters:: profileIds - The ids of the profiles; object - The object
Returns:: the permission by group only on an object, according to the given profiles

getProfilesForAnonymousAndAnyConnectedUser
```
public Map<ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys,Set<String>> getProfilesForAnonymousAndAnyConnectedUser(Object context)
```
Gets the allowed profiles any connected user has on the given object

Parameters:

context - The object

Returns:

a map containing allowed/denied profiles that anonymous and any connected user has on the given object

getProfilesForUsers

public Map<UserIdentity,Map<ProfileAssignmentStorage.UserOrGroup,Set<String>>> getProfilesForUsers(Object context,
                                                                                                               UserIdentity user)

Gets the users that have allowed profiles assigned on the given object

Parameters:: context - The object to test; user - The user to get profiles for. Can be null to get profiles for all users that have rights
Returns:: The map of allowed users with their assigned allowed/denied profiles

getProfilesForGroups

public Map<GroupIdentity,Map<ProfileAssignmentStorage.UserOrGroup,Set<String>>> getProfilesForGroups(Object context,
                                                                                                                 Set<GroupIdentity> groups)

Gets the groups that have allowed profiles assigned on the given object

Parameters:: context - The object to test; groups - The group to get profiles for. Can be null to get profiles for all groups that have rights
Returns:: The map of allowed/denied groups with their assigned profiles

allowProfileToAnyConnectedUser

public void allowProfileToAnyConnectedUser(String profileId,
                                           Object context)

Adds allowed profile any connected user has on the given object

Parameters:: context - The object context; profileId - The profile to add

denyProfileToAnyConnectedUser

public void denyProfileToAnyConnectedUser(String profileId,
                                          Object context)

Adds denied profile any connected user has on the given object

Parameters:: profileId - The profile to add; context - The object context

removeAllowedProfileFromAnyConnectedUser

public void removeAllowedProfileFromAnyConnectedUser(String profileId,
                                                     Object context)

Removes allowed profile any connected user has on the given object

Parameters:: profileId - The profile to remove; context - The object context

removeDeniedProfileFromAnyConnectedUser

public void removeDeniedProfileFromAnyConnectedUser(String profileId,
                                                    Object context)

Removes denied profile any connected user has on the given object

Parameters:: context - The object context; profileId - The profile to remove

allowProfileToAnonymous

public void allowProfileToAnonymous(String profileId,
                                    Object context)

Adds allowed profile an anonymous user has on the given object

Parameters:: profileId - The profile to add; context - The object context

denyProfileToAnonymous

public void denyProfileToAnonymous(String profileId,
                                   Object context)

Adds denied profile an anonymous user has on the given object

Parameters:: profileId - The profile to add; context - The object context

removeAllowedProfileFromAnonymous

public void removeAllowedProfileFromAnonymous(String profileId,
                                              Object context)

Removes allowed profile an anonymous user has on the given object

Parameters:: profileId - The profile to remove; context - The object context

removeDeniedProfileFromAnonymous

public void removeDeniedProfileFromAnonymous(String profileId,
                                             Object context)

Removes denied profile an anonymous user has on the given object

Parameters:: context - The object context; profileId - The profile to remove

allowProfileToUser

public void allowProfileToUser(UserIdentity user,
                               String profileId,
                               Object context)

Allows a user to a profile on a given object

Parameters:: user - The user to add; profileId - The id of the profile; context - The object context

denyProfileToUser

public void denyProfileToUser(UserIdentity user,
                              String profileId,
                              Object context)

Denies a user to a profile on a given object

Parameters:: user - The user to add; profileId - The id of the profile; context - The object context

removeAllowedProfileFromUser

public void removeAllowedProfileFromUser(UserIdentity user,
                                         String profileId,
                                         Object context)

Removes the association between a user and an allowed profile on a given object

Parameters:: user - The user to remove; context - The object context; profileId - The id of the profile

removeDeniedProfileFromUser

public void removeDeniedProfileFromUser(UserIdentity user,
                                        String profileId,
                                        Object context)

Removes the association between a user and a denied profile on a given object

Parameters:: user - The user to remove; profileId - The id of the profile; context - The object context

allowProfileToGroup

public void allowProfileToGroup(GroupIdentity group,
                                String profileId,
                                Object context)

Allows a group to a profile on a given object

Parameters:: group - The group to add; profileId - The id of the profile; context - The object context

denyProfileToGroup

public void denyProfileToGroup(GroupIdentity group,
                               String profileId,
                               Object context)

Denies a group to a profile on a given object

Parameters:: group - The group to add; profileId - The id of the profile; context - The object context

removeAllowedProfileFromGroup

public void removeAllowedProfileFromGroup(GroupIdentity group,
                                          String profileId,
                                          Object context)

Removes the association between a group and an allowed profile on a given object

Parameters:: group - The group to remove; profileId - The id of the profile; context - The object context

removeDeniedProfileFromGroup

public void removeDeniedProfileFromGroup(GroupIdentity group,
                                         String profileId,
                                         Object context)

Removes the association between a group and a denied profile on a given object

Parameters:: group - The group to remove; profileId - The id of the profile; context - The object context

isInheritanceDisallowed
```
public boolean isInheritanceDisallowed(Object context)
```
Determines if the inheritance of permissions is disallowed on a given context

Parameters:

context - The object context

Returns:

true if the inheritance is disallowed

disallowInheritance
```
public void disallowInheritance(Object context,
                                boolean disallow)
```
Allow or disallow the inheritance of permissions on a given context

Parameters:

context - The object context

disallow - true to disallow the inheritance

_getFirstProfileAssignmentStorage

private Optional<ProfileAssignmentStorage> _getFirstProfileAssignmentStorage(Object object)

_getFirstModifiableProfileAssignmentStorage

private Optional<ModifiableProfileAssignmentStorage> _getFirstModifiableProfileAssignmentStorage(Object object)

Class ProfileAssignmentStorageExtensionPoint

Field Summary

Fields inherited from class org.ametys.runtime.plugin.component.AbstractThreadSafeComponentExtensionPoint

Constructor Summary