Class ThesaurusAccessController
- java.lang.Object
-
- org.ametys.runtime.plugin.component.AbstractLogEnabled
-
- org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
-
- org.ametys.plugins.thesaurus.right.ThesaurusAccessController
-
- All Implemented Interfaces:
AccessController,LogEnabled,Initializable,Component,Contextualizable,Serviceable
public class ThesaurusAccessController extends AbstractProfileStorageBasedAccessController implements Contextualizable
AccessControllerfor a thesaurus objects. The rights are checked on '/cms' context. Read access is allowed to any connected user.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
AbstractProfileStorageBasedAccessController.CacheKind
-
Nested classes/interfaces inherited from interface org.ametys.core.right.AccessController
AccessController.AccessResult
-
-
Field Summary
Fields Modifier and Type Field Description private static String__APPLICATION_RIGHT_CONTEXTThe right context for thesaurusprivate ContentTypesHelper_contentTypeHelperprivate Context_context-
Fields inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
__ANONYMOUS_USER_IDENTITY, __ANY_CONTECTED_USER_IDENTITY, _cacheManager, _profileAssignmentStorageEP, _rightProfileDAO
-
-
Constructor Summary
Constructors Constructor Description ThesaurusAccessController()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected Object_convertContext(Object initialContext)For methods getXXXXPermissionYYY allow to have a modification of the context before transfering it to the profile assignment storage extension point The default implemenation keep the context as it isprotected String_convertRightId(String rightId)Convert the asked right id to the real right to checkprotected Set<? extends Object>_convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts)Get the current workspaces contexts and turn it into root contexts in order to allow methods hasXXXAnyPermissionOnWorkspace to workprivate String_getSiteName()voidcontextualize(Context context)AccessController.AccessResultgetPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)Gets the kind of access a user has on an object for a given rightMap<GroupIdentity,AccessController.AccessResult>getPermissionByGroup(String rightId, Object object)Gets the permission by group only on an object for the given right.Map<String,AccessController.AccessResult>getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)Gets the kind of access a user has on an object for all rightsMap<UserIdentity,AccessController.AccessResult>getPermissionByUser(String rightId, Object object)Gets the permission by user only on an object for the given right.AccessController.AccessResultgetPermissionForAnonymous(String rightId, Object object)Gets the permission for Anonymous only on an object for a given rightAccessController.AccessResultgetPermissionForAnyConnectedUser(String rightId, Object object)Gets the permission for any connected user only on an object for a given rightAccessController.AccessResultgetReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)Gets the kind of access a user has on an object for thye read accessMap<GroupIdentity,AccessController.AccessResult>getReadAccessPermissionByGroup(Object object)Gets the read access permission by group only on an object.Map<UserIdentity,AccessController.AccessResult>getReadAccessPermissionByUser(Object object)Gets the read access permission by user only on an object.AccessController.AccessResultgetReadAccessPermissionForAnonymous(Object object)Gets the read access permission for Anonymous only on an objectAccessController.AccessResultgetReadAccessPermissionForAnyConnectedUser(Object object)Gets the read access permission for any connected user only on an objectbooleanisSupported(Object object)Returns true if this access controller supports the given objectvoidservice(ServiceManager manager)-
Methods inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
_getPermission, _getPermissionByGroup, _getPermissionByUser, _getPermissionForAnonymous, _getPermissionForAnyConnectedUser, _hasRightResultInFirstCache, _hasRightResultInSecondCache, _putInFirstCache, _putInSecondCache, hasAnonymousAnyPermissionOnWorkspace, hasAnonymousAnyReadAccessPermissionOnWorkspace, hasAnyConnectedUserAnyPermissionOnWorkspace, hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace, hasUserAnyPermissionOnWorkspace, hasUserAnyReadAccessPermissionOnWorkspace, initialize
-
Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled
getLogger, setLogger
-
-
-
-
Field Detail
-
__APPLICATION_RIGHT_CONTEXT
private static final String __APPLICATION_RIGHT_CONTEXT
The right context for thesaurus- See Also:
- Constant Field Values
-
_contentTypeHelper
private ContentTypesHelper _contentTypeHelper
-
-
Constructor Detail
-
ThesaurusAccessController
public ThesaurusAccessController()
-
-
Method Detail
-
contextualize
public void contextualize(Context context) throws ContextException
- Specified by:
contextualizein interfaceContextualizable- Throws:
ContextException
-
service
public void service(ServiceManager manager) throws ServiceException
- Specified by:
servicein interfaceServiceable- Overrides:
servicein classAbstractProfileStorageBasedAccessController- Throws:
ServiceException
-
isSupported
public boolean isSupported(Object object)
Description copied from interface:AccessControllerReturns true if this access controller supports the given object- Specified by:
isSupportedin interfaceAccessController- Parameters:
object- The object to test- Returns:
- true if this access controller supports the given object
-
_convertContext
protected Object _convertContext(Object initialContext)
Description copied from class:AbstractProfileStorageBasedAccessControllerFor methods getXXXXPermissionYYY allow to have a modification of the context before transfering it to the profile assignment storage extension point The default implemenation keep the context as it is- Overrides:
_convertContextin classAbstractProfileStorageBasedAccessController- Parameters:
initialContext- The right context that is supported- Returns:
- the context modified
-
_convertRightId
protected String _convertRightId(String rightId)
Convert the asked right id to the real right to check- Parameters:
rightId- The asked right id- Returns:
- the right to check
-
getPermission
public AccessController.AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
Description copied from interface:AccessControllerGets the kind of access a user has on an object for a given right- Specified by:
getPermissionin interfaceAccessController- Overrides:
getPermissionin classAbstractProfileStorageBasedAccessController- Parameters:
user- The user. Cannot be null.userGroups- The groups the user belongs torightId- The id of the right of the userobject- The context object to check the access- Returns:
- the kind of access a user has on an object for a right
-
getReadAccessPermission
public AccessController.AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
Description copied from interface:AccessControllerGets the kind of access a user has on an object for thye read access- Specified by:
getReadAccessPermissionin interfaceAccessController- Overrides:
getReadAccessPermissionin classAbstractProfileStorageBasedAccessController- Parameters:
user- The user. Cannot be null.userGroups- The groups the user belongs toobject- The context object to check the access- Returns:
- the kind of access a user has on an object for the read access
-
getPermissionByRight
public Map<String,AccessController.AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
Description copied from interface:AccessControllerGets the kind of access a user has on an object for all rights- Specified by:
getPermissionByRightin interfaceAccessController- Overrides:
getPermissionByRightin classAbstractProfileStorageBasedAccessController- Parameters:
user- The user. Cannot be null.userGroups- The groups the user belongs toobject- The context object to check the access- Returns:
- the kind of access a user has on an object for all rights
-
getPermissionForAnonymous
public AccessController.AccessResult getPermissionForAnonymous(String rightId, Object object)
Description copied from interface:AccessControllerGets the permission for Anonymous only on an object for a given right- Specified by:
getPermissionForAnonymousin interfaceAccessController- Overrides:
getPermissionForAnonymousin classAbstractProfileStorageBasedAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission for Anonymous only on an object for a given right
-
getReadAccessPermissionForAnonymous
public AccessController.AccessResult getReadAccessPermissionForAnonymous(Object object)
Description copied from interface:AccessControllerGets the read access permission for Anonymous only on an object- Specified by:
getReadAccessPermissionForAnonymousin interfaceAccessController- Overrides:
getReadAccessPermissionForAnonymousin classAbstractProfileStorageBasedAccessController- Parameters:
object- The object- Returns:
- the read access permission for Anonymous only on an object
-
getPermissionForAnyConnectedUser
public AccessController.AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
Description copied from interface:AccessControllerGets the permission for any connected user only on an object for a given right- Specified by:
getPermissionForAnyConnectedUserin interfaceAccessController- Overrides:
getPermissionForAnyConnectedUserin classAbstractProfileStorageBasedAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission for any connected user only on an object for a given right
-
getReadAccessPermissionForAnyConnectedUser
public AccessController.AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
Description copied from interface:AccessControllerGets the read access permission for any connected user only on an object- Specified by:
getReadAccessPermissionForAnyConnectedUserin interfaceAccessController- Overrides:
getReadAccessPermissionForAnyConnectedUserin classAbstractProfileStorageBasedAccessController- Parameters:
object- The object- Returns:
- the read access permission for any connected user only on an object
-
getPermissionByUser
public Map<UserIdentity,AccessController.AccessResult> getPermissionByUser(String rightId, Object object)
Description copied from interface:AccessControllerGets the permission by user only on an object for the given right. It does not take account of the groups of the user, etc.- Specified by:
getPermissionByUserin interfaceAccessController- Overrides:
getPermissionByUserin classAbstractProfileStorageBasedAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission by user only on an object for the given right
-
getReadAccessPermissionByGroup
public Map<GroupIdentity,AccessController.AccessResult> getReadAccessPermissionByGroup(Object object)
Description copied from interface:AccessControllerGets the read access permission by group only on an object.- Specified by:
getReadAccessPermissionByGroupin interfaceAccessController- Overrides:
getReadAccessPermissionByGroupin classAbstractProfileStorageBasedAccessController- Parameters:
object- The object- Returns:
- the read access permission by group only on an object
-
getReadAccessPermissionByUser
public Map<UserIdentity,AccessController.AccessResult> getReadAccessPermissionByUser(Object object)
Description copied from interface:AccessControllerGets the read access permission by user only on an object. It does not take account of the groups of the user, etc.- Specified by:
getReadAccessPermissionByUserin interfaceAccessController- Overrides:
getReadAccessPermissionByUserin classAbstractProfileStorageBasedAccessController- Parameters:
object- The object- Returns:
- the read access permission by user only on an object
-
getPermissionByGroup
public Map<GroupIdentity,AccessController.AccessResult> getPermissionByGroup(String rightId, Object object)
Description copied from interface:AccessControllerGets the permission by group only on an object for the given right.- Specified by:
getPermissionByGroupin interfaceAccessController- Overrides:
getPermissionByGroupin classAbstractProfileStorageBasedAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission by group only on an object for the given right
-
_convertWorkspaceToRootRightContexts
protected Set<? extends Object> _convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts)
Description copied from class:AbstractProfileStorageBasedAccessControllerGet the current workspaces contexts and turn it into root contexts in order to allow methods hasXXXAnyPermissionOnWorkspace to work- Specified by:
_convertWorkspaceToRootRightContextsin classAbstractProfileStorageBasedAccessController- Parameters:
workspacesContexts- The workspace contexts. Such as '/${WorkspaceName}', '/admin'- Returns:
- A null or empty set if the current AccessController does not apply to any workspace context, or the root object where ProfileAssignmentStorageExtension should start looking at to find any permission
-
_getSiteName
private String _getSiteName()
-
-