Package org.ametys.core.right
Class RightManager
java.lang.Object
org.ametys.runtime.plugin.component.AbstractLogEnabled
org.ametys.core.right.RightManager
- All Implemented Interfaces:
LogEnabled
,Initializable
,Component
,Configurable
,Contextualizable
,Serviceable
,ThreadSafe
public class RightManager
extends AbstractLogEnabled
implements Serviceable, Configurable, ThreadSafe, Component, Contextualizable, Initializable
Abstraction for testing a right associated with a resource and a user from a single source.
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic enum
Enumeration of all possible values returned by hasRight(user, right, context) -
Field Summary
Modifier and TypeFieldDescriptionprotected static final UserIdentity
The instance of ObjectUserIdentity for anonymousprotected static final UserIdentity
The instance of ObjectUserIdentity for any connected userprotected AccessControllerExtensionPoint
The extension point for Access Controllersprotected AbstractCacheManager
Cache Managerprotected CurrentUserProvider
The current user providerprotected GroupDirectoryDAO
The DAO for group directoriesprotected GroupManager
The group managerprotected ServiceManager
Avalon ServiceManagerprotected RightProfilesDAO
The rights DAOprotected SourceResolver
Avalon SourceResolverprotected RightContextConvertorExtensionPoint
The extension point for the Right Context Convertorsprotected RightsExtensionPoint
The rights' list containerprotected UserManager
The user managerprotected UserPopulationDAO
The DAO for user populationsstatic final String
The id of the READER profilestatic final String
For avalon service manager -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected RightProfilesDAO
Returns the DAO for profilesvoid
clear all caches related to RightManager and AccesControllersvoid
configure
(Configuration configuration) void
contextualize
(Context context) boolean
currentUserHasReadAccess
(Object object) Returns true if the current user has READ access on the given objectcurrentUserHasRight
(String rightId, Object object) Checks a permission for the current logged user, on a given object (or context).
If null, it checks if there is at least one object with this permissiongetAllowedUsers
(String rightId, Object object) Get the list of users that have a particular right in a particular context.getReadAccessAllowedUsers
(Object object) Get the users with a READ access on given objectgetUserRights
(UserIdentity userIdentity, Object object) Get the list of rights a user is allowed, on a particular object.boolean
hasAnonymousReadAccess
(Object object) Returns true if the object is not restricted, i.e.hasAnonymousRight
(String rightId, Object object) Gets the right result for anonymous with given right on given object contextboolean
hasAnyConnectedUserReadAccess
(Object object) Returns true if any connected user has READ access allowed on the objecthasAnyConnectedUserRight
(String rightId, Object object) Gets the right result for any connected user with given profile on given object contextboolean
hasReadAccess
(UserIdentity userIdentity, Object object) Returns true if the given user has READ access on the given objecthasRight
(UserIdentity userIdentity, String rightId, Object object) Checks a permission for a user, on a given object (or context).
If null, it checks if there is at least one object with this permissionvoid
void
service
(ServiceManager manager) Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled
getLogger, setLogger
-
Field Details
-
ROLE
For avalon service manager -
READER_PROFILE_ID
The id of the READER profile- See Also:
-
__ANONYMOUS_USER_IDENTITY
The instance of ObjectUserIdentity for anonymous -
__ANY_CONNECTED_USER_IDENTITY
The instance of ObjectUserIdentity for any connected user -
_manager
Avalon ServiceManager -
_resolver
Avalon SourceResolver -
_rightsEP
The rights' list container -
_rightContextConvertorEP
The extension point for the Right Context Convertors -
_accessControllerEP
The extension point for Access Controllers -
_userManager
The user manager -
_groupManager
The group manager -
_userPopulationDAO
The DAO for user populations -
_groupDirectoryDAO
The DAO for group directories -
_currentUserProvider
The current user provider -
_profilesDAO
The rights DAO -
_cacheManager
Cache Manager
-
-
Constructor Details
-
RightManager
public RightManager()
-
-
Method Details
-
contextualize
- Specified by:
contextualize
in interfaceContextualizable
- Throws:
ContextException
-
service
- Specified by:
service
in interfaceServiceable
- Throws:
ServiceException
-
initialize
- Specified by:
initialize
in interfaceInitializable
- Throws:
Exception
-
_getProfileDAO
Returns the DAO for profiles- Returns:
- The DAO
-
configure
- Specified by:
configure
in interfaceConfigurable
- Throws:
ConfigurationException
-
currentUserHasRight
public RightManager.RightResult currentUserHasRight(String rightId, Object object) throws RightsException Checks a permission for the current logged user, on a given object (or context).
If null, it checks if there is at least one object with this permission- Parameters:
rightId
- The name of the right to check. Cannot be null.object
- The object to check the right. Can be null to search on any object.- Returns:
RightManager.RightResult.RIGHT_ALLOW
,RightManager.RightResult.RIGHT_DENY
orRightManager.RightResult.RIGHT_UNKNOWN
- Throws:
RightsException
- if an error occurs.
-
hasRight
public RightManager.RightResult hasRight(UserIdentity userIdentity, String rightId, Object object) throws RightsException Checks a permission for a user, on a given object (or context).
If null, it checks if there is at least one object with this permission- Parameters:
userIdentity
- The user identity. Can be null for anonymousrightId
- The name of the right to check. Cannot be null.object
- The object to check the right. Can be null to search on any object.- Returns:
RightManager.RightResult.RIGHT_ALLOW
,RightManager.RightResult.RIGHT_DENY
orRightManager.RightResult.RIGHT_UNKNOWN
- Throws:
RightsException
- if an error occurs.
-
hasAnonymousRight
Gets the right result for anonymous with given right on given object context- Parameters:
rightId
- The id of the rightobject
- The object to check- Returns:
- the right result for anonymous with given profile on given object context
-
hasAnyConnectedUserRight
Gets the right result for any connected user with given profile on given object context- Parameters:
rightId
- The right id to testobject
- The object to check- Returns:
- the right result for any connected user with given profile on given object context
-
currentUserHasReadAccess
Returns true if the current user has READ access on the given object- Parameters:
object
- The object to check the right. Can be null to search on any object.- Returns:
- true if the given user has READ access on the given object
-
hasReadAccess
Returns true if the given user has READ access on the given object- Parameters:
userIdentity
- The user identity. Cannot be null.object
- The object to check the right. Can be null to search on any object.- Returns:
- true if the given user has READ access on the given object
-
hasAnonymousReadAccess
Returns true if the object is not restricted, i.e. an anonymous user has READ access (is allowed) on the object- Parameters:
object
- The object to check. Cannot be null- Returns:
- true if the object is restricted, i.e. an anonymous user has READ access (is allowed) on the object
-
hasAnyConnectedUserReadAccess
Returns true if any connected user has READ access allowed on the object- Parameters:
object
- The object to check. Cannot be null- Returns:
- true if any connected user has READ access allowed on the object
-
getAllowedUsers
Get the list of users that have a particular right in a particular context.- Parameters:
rightId
- The name of the right to check. Cannot be null.object
- The object to check the right. Cannot be null.- Returns:
- The list of users allowed with that right as a Set of String (user identities).
- Throws:
RightsException
- if an error occurs.
-
getReadAccessAllowedUsers
Get the users with a READ access on given object- Parameters:
object
- The object- Returns:
- The representation of allowed users
-
getUserRights
Get the list of rights a user is allowed, on a particular object.- Parameters:
userIdentity
- the user identity. Cannot be null.object
- The object to check the right. Cannot be null.- Returns:
- The list of rights as a Set of String (id).
- Throws:
RightsException
- if an error occurs.
-
clearCaches
clear all caches related to RightManager and AccesControllers
-