Class ProjectAccessController
- java.lang.Object
-
- org.ametys.plugins.workspaces.project.rights.accesscontroller.ProjectAccessController
-
- All Implemented Interfaces:
AccessController,Serviceable
public class ProjectAccessController extends Object implements AccessController, Serviceable
AccessControllerfor aProjectThe projects' managers have some rights on their projects The projects' members can read their projects
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.ametys.core.right.AccessController
AccessController.AccessResult
-
-
Field Summary
Fields Modifier and Type Field Description protected Set<String>_managerRightsThe rights to give for managersprotected Set<String>_memberRightsThe rights to give for membersprotected ProjectMemberManager_projectMembersThe project members
-
Constructor Summary
Constructors Constructor Description ProjectAccessController()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AccessController.AccessResultgetPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)Gets the kind of access a user has on an object for a given rightMap<GroupIdentity,AccessController.AccessResult>getPermissionByGroup(String rightId, Object object)Gets the permission by group only on an object for the given right.Map<String,AccessController.AccessResult>getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)Gets the kind of access a user has on an object for all rightsMap<UserIdentity,AccessController.AccessResult>getPermissionByUser(String rightId, Object object)Gets the permission by user only on an object for the given right.AccessController.AccessResultgetPermissionForAnonymous(String rightId, Object object)Gets the permission for Anonymous only on an object for a given rightAccessController.AccessResultgetPermissionForAnyConnectedUser(String rightId, Object object)Gets the permission for any connected user only on an object for a given rightAccessController.AccessResultgetReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)Gets the kind of access a user has on an object for thye read accessMap<GroupIdentity,AccessController.AccessResult>getReadAccessPermissionByGroup(Object object)Gets the read access permission by group only on an object.Map<UserIdentity,AccessController.AccessResult>getReadAccessPermissionByUser(Object object)Gets the read access permission by user only on an object.AccessController.AccessResultgetReadAccessPermissionForAnonymous(Object object)Gets the read access permission for Anonymous only on an objectAccessController.AccessResultgetReadAccessPermissionForAnyConnectedUser(Object object)Gets the read access permission for any connected user only on an objectbooleanhasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)Returns true if anonymous has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.booleanhasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)Returns true if anonymous has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.booleanhasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)Returns true if any connected user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.booleanhasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)Returns true if any connected user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.booleanhasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId)Returns true if the user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.booleanhasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups)Returns true if the user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.booleanisSupported(Object object)Returns true if this access controller supports the given objectvoidservice(ServiceManager manager)
-
-
-
Field Detail
-
_projectMembers
protected ProjectMemberManager _projectMembers
The project members
-
_managerRights
protected Set<String> _managerRights
The rights to give for managers
-
_memberRights
protected Set<String> _memberRights
The rights to give for members
-
-
Constructor Detail
-
ProjectAccessController
public ProjectAccessController()
-
-
Method Detail
-
service
public void service(ServiceManager manager) throws ServiceException
- Specified by:
servicein interfaceServiceable- Throws:
ServiceException
-
isSupported
public boolean isSupported(Object object)
Description copied from interface:AccessControllerReturns true if this access controller supports the given object- Specified by:
isSupportedin interfaceAccessController- Parameters:
object- The object to test- Returns:
- true if this access controller supports the given object
-
getPermission
public AccessController.AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
Description copied from interface:AccessControllerGets the kind of access a user has on an object for a given right- Specified by:
getPermissionin interfaceAccessController- Parameters:
user- The user. Cannot be null.userGroups- The groups the user belongs torightId- The id of the right of the userobject- The context object to check the access- Returns:
- the kind of access a user has on an object for a right
-
getReadAccessPermission
public AccessController.AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
Description copied from interface:AccessControllerGets the kind of access a user has on an object for thye read access- Specified by:
getReadAccessPermissionin interfaceAccessController- Parameters:
user- The user. Cannot be null.userGroups- The groups the user belongs toobject- The context object to check the access- Returns:
- the kind of access a user has on an object for the read access
-
getPermissionByRight
public Map<String,AccessController.AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
Description copied from interface:AccessControllerGets the kind of access a user has on an object for all rights- Specified by:
getPermissionByRightin interfaceAccessController- Parameters:
user- The user. Cannot be null.userGroups- The groups the user belongs toobject- The context object to check the access- Returns:
- the kind of access a user has on an object for all rights
-
getPermissionForAnonymous
public AccessController.AccessResult getPermissionForAnonymous(String rightId, Object object)
Description copied from interface:AccessControllerGets the permission for Anonymous only on an object for a given right- Specified by:
getPermissionForAnonymousin interfaceAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission for Anonymous only on an object for a given right
-
getReadAccessPermissionForAnonymous
public AccessController.AccessResult getReadAccessPermissionForAnonymous(Object object)
Description copied from interface:AccessControllerGets the read access permission for Anonymous only on an object- Specified by:
getReadAccessPermissionForAnonymousin interfaceAccessController- Parameters:
object- The object- Returns:
- the read access permission for Anonymous only on an object
-
getPermissionForAnyConnectedUser
public AccessController.AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
Description copied from interface:AccessControllerGets the permission for any connected user only on an object for a given right- Specified by:
getPermissionForAnyConnectedUserin interfaceAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission for any connected user only on an object for a given right
-
getReadAccessPermissionForAnyConnectedUser
public AccessController.AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
Description copied from interface:AccessControllerGets the read access permission for any connected user only on an object- Specified by:
getReadAccessPermissionForAnyConnectedUserin interfaceAccessController- Parameters:
object- The object- Returns:
- the read access permission for any connected user only on an object
-
getPermissionByUser
public Map<UserIdentity,AccessController.AccessResult> getPermissionByUser(String rightId, Object object)
Description copied from interface:AccessControllerGets the permission by user only on an object for the given right. It does not take account of the groups of the user, etc.- Specified by:
getPermissionByUserin interfaceAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission by user only on an object for the given right
-
getReadAccessPermissionByUser
public Map<UserIdentity,AccessController.AccessResult> getReadAccessPermissionByUser(Object object)
Description copied from interface:AccessControllerGets the read access permission by user only on an object. It does not take account of the groups of the user, etc.- Specified by:
getReadAccessPermissionByUserin interfaceAccessController- Parameters:
object- The object- Returns:
- the read access permission by user only on an object
-
getPermissionByGroup
public Map<GroupIdentity,AccessController.AccessResult> getPermissionByGroup(String rightId, Object object)
Description copied from interface:AccessControllerGets the permission by group only on an object for the given right.- Specified by:
getPermissionByGroupin interfaceAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission by group only on an object for the given right
-
getReadAccessPermissionByGroup
public Map<GroupIdentity,AccessController.AccessResult> getReadAccessPermissionByGroup(Object object)
Description copied from interface:AccessControllerGets the read access permission by group only on an object.- Specified by:
getReadAccessPermissionByGroupin interfaceAccessController- Parameters:
object- The object- Returns:
- the read access permission by group only on an object
-
hasUserAnyPermissionOnWorkspace
public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId)
Description copied from interface:AccessControllerReturns true if the user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasUserAnyPermissionOnWorkspacein interfaceAccessController- Parameters:
workspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}user- The useruserGroups- The groupsrightId- The id of the right to check- Returns:
- true if the user has a permission on at least one object, directly or though groups, for a given right
-
hasUserAnyReadAccessPermissionOnWorkspace
public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups)
Description copied from interface:AccessControllerReturns true if the user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasUserAnyReadAccessPermissionOnWorkspacein interfaceAccessController- Parameters:
workspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}user- The useruserGroups- The groups- Returns:
- true if the user has a permission on at least one object, directly or though groups, for a given right
-
hasAnonymousAnyPermissionOnWorkspace
public boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
Description copied from interface:AccessControllerReturns true if anonymous has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasAnonymousAnyPermissionOnWorkspacein interfaceAccessController- Parameters:
workspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}rightId- The id of the right to check- Returns:
- true if anonymous has a permission on at least one object, directly or though groups, for a given right
-
hasAnonymousAnyReadAccessPermissionOnWorkspace
public boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
Description copied from interface:AccessControllerReturns true if anonymous has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasAnonymousAnyReadAccessPermissionOnWorkspacein interfaceAccessController- Parameters:
workspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}- Returns:
- true if anonymous has a permission on at least one object, directly or though groups, for a given right
-
hasAnyConnectedUserAnyPermissionOnWorkspace
public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
Description copied from interface:AccessControllerReturns true if any connected user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasAnyConnectedUserAnyPermissionOnWorkspacein interfaceAccessController- Parameters:
workspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}rightId- The id of the right to check- Returns:
- true if any connected user has a permission on at least one object, directly or though groups, for a given right
-
hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace
public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
Description copied from interface:AccessControllerReturns true if any connected user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasAnyConnectedUserAnyReadAccessPermissionOnWorkspacein interfaceAccessController- Parameters:
workspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}- Returns:
- true if any connected user has a permission on at least one object, directly or though groups, for a given right
-
-