Class ThesaurusAccessController
java.lang.Object
org.ametys.runtime.plugin.component.AbstractLogEnabled
org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
org.ametys.plugins.thesaurus.right.ThesaurusAccessController
- All Implemented Interfaces:
AccessController,LogEnabled,Initializable,Component,Contextualizable,Serviceable
public class ThesaurusAccessController
extends AbstractProfileStorageBasedAccessController
implements Contextualizable
AccessController for a thesaurus objects. The rights are checked on '/cms' context.
Read access is allowed to any connected user.-
Nested Class Summary
Nested classes/interfaces inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
AbstractProfileStorageBasedAccessController.CacheKindNested classes/interfaces inherited from interface org.ametys.core.right.AccessController
AccessController.AccessResult -
Field Summary
Fields inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
__ANONYMOUS_USER_IDENTITY, __ANY_CONTECTED_USER_IDENTITY, _cacheManager, _profileAssignmentStorageEP, _rightProfileDAO -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected Object_convertContext(Object initialContext) For methods getXXXXPermissionYYY allow to have a modification of the context before transfering it to the profile assignment storage extension point The default implemenation keep the context as it isprotected String_convertRightId(String rightId) Convert the asked right id to the real right to check_convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts) Get the current workspaces contexts and turn it into root contexts in order to allow methods hasXXXAnyPermissionOnWorkspace to workvoidcontextualize(Context context) getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) Gets the kind of access a user has on an object for a given rightgetPermissionByGroup(String rightId, Object object) Gets the permission by group only on an object for the given right.getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Gets the kind of access a user has on an object for all rightsgetPermissionByUser(String rightId, Object object) Gets the permission by user only on an object for the given right.getPermissionForAnonymous(String rightId, Object object) Gets the permission for Anonymous only on an object for a given rightgetPermissionForAnyConnectedUser(String rightId, Object object) Gets the permission for any connected user only on an object for a given rightgetReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Gets the kind of access a user has on an object for thye read accessgetReadAccessPermissionByGroup(Object object) Gets the read access permission by group only on an object.getReadAccessPermissionByUser(Object object) Gets the read access permission by user only on an object.Gets the read access permission for Anonymous only on an objectGets the read access permission for any connected user only on an objectbooleanisSupported(Object object) Returns true if this access controller supports the given objectvoidservice(ServiceManager manager) Methods inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
_getPermission, _getPermissionByGroup, _getPermissionByUser, _getPermissionForAnonymous, _getPermissionForAnyConnectedUser, _hasRightResultInFirstCache, _hasRightResultInSecondCache, _putInFirstCache, _putInSecondCache, hasAnonymousAnyPermissionOnWorkspace, hasAnonymousAnyReadAccessPermissionOnWorkspace, hasAnyConnectedUserAnyPermissionOnWorkspace, hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace, hasUserAnyPermissionOnWorkspace, hasUserAnyReadAccessPermissionOnWorkspace, initializeMethods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled
getLogger, setLogger
-
Constructor Details
-
ThesaurusAccessController
public ThesaurusAccessController()
-
-
Method Details
-
contextualize
- Specified by:
contextualizein interfaceContextualizable- Throws:
ContextException
-
service
- Specified by:
servicein interfaceServiceable- Overrides:
servicein classAbstractProfileStorageBasedAccessController- Throws:
ServiceException
-
isSupported
Description copied from interface:AccessControllerReturns true if this access controller supports the given object- Specified by:
isSupportedin interfaceAccessController- Parameters:
object- The object to test- Returns:
- true if this access controller supports the given object
-
_convertContext
Description copied from class:AbstractProfileStorageBasedAccessControllerFor methods getXXXXPermissionYYY allow to have a modification of the context before transfering it to the profile assignment storage extension point The default implemenation keep the context as it is- Overrides:
_convertContextin classAbstractProfileStorageBasedAccessController- Parameters:
initialContext- The right context that is supported- Returns:
- the context modified
-
_convertRightId
Convert the asked right id to the real right to check- Parameters:
rightId- The asked right id- Returns:
- the right to check
-
getPermission
public AccessController.AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) Description copied from interface:AccessControllerGets the kind of access a user has on an object for a given right- Specified by:
getPermissionin interfaceAccessController- Overrides:
getPermissionin classAbstractProfileStorageBasedAccessController- Parameters:
user- The user. Cannot be null.userGroups- The groups the user belongs torightId- The id of the right of the userobject- The context object to check the access- Returns:
- the kind of access a user has on an object for a right
-
getReadAccessPermission
public AccessController.AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Description copied from interface:AccessControllerGets the kind of access a user has on an object for thye read access- Specified by:
getReadAccessPermissionin interfaceAccessController- Overrides:
getReadAccessPermissionin classAbstractProfileStorageBasedAccessController- Parameters:
user- The user. Cannot be null.userGroups- The groups the user belongs toobject- The context object to check the access- Returns:
- the kind of access a user has on an object for the read access
-
getPermissionByRight
public Map<String,AccessController.AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Description copied from interface:AccessControllerGets the kind of access a user has on an object for all rights- Specified by:
getPermissionByRightin interfaceAccessController- Overrides:
getPermissionByRightin classAbstractProfileStorageBasedAccessController- Parameters:
user- The user. Cannot be null.userGroups- The groups the user belongs toobject- The context object to check the access- Returns:
- the kind of access a user has on an object for all rights
-
getPermissionForAnonymous
Description copied from interface:AccessControllerGets the permission for Anonymous only on an object for a given right- Specified by:
getPermissionForAnonymousin interfaceAccessController- Overrides:
getPermissionForAnonymousin classAbstractProfileStorageBasedAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission for Anonymous only on an object for a given right
-
getReadAccessPermissionForAnonymous
Description copied from interface:AccessControllerGets the read access permission for Anonymous only on an object- Specified by:
getReadAccessPermissionForAnonymousin interfaceAccessController- Overrides:
getReadAccessPermissionForAnonymousin classAbstractProfileStorageBasedAccessController- Parameters:
object- The object- Returns:
- the read access permission for Anonymous only on an object
-
getPermissionForAnyConnectedUser
public AccessController.AccessResult getPermissionForAnyConnectedUser(String rightId, Object object) Description copied from interface:AccessControllerGets the permission for any connected user only on an object for a given right- Specified by:
getPermissionForAnyConnectedUserin interfaceAccessController- Overrides:
getPermissionForAnyConnectedUserin classAbstractProfileStorageBasedAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission for any connected user only on an object for a given right
-
getReadAccessPermissionForAnyConnectedUser
Description copied from interface:AccessControllerGets the read access permission for any connected user only on an object- Specified by:
getReadAccessPermissionForAnyConnectedUserin interfaceAccessController- Overrides:
getReadAccessPermissionForAnyConnectedUserin classAbstractProfileStorageBasedAccessController- Parameters:
object- The object- Returns:
- the read access permission for any connected user only on an object
-
getPermissionByUser
public Map<UserIdentity,AccessController.AccessResult> getPermissionByUser(String rightId, Object object) Description copied from interface:AccessControllerGets the permission by user only on an object for the given right. It does not take account of the groups of the user, etc.- Specified by:
getPermissionByUserin interfaceAccessController- Overrides:
getPermissionByUserin classAbstractProfileStorageBasedAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission by user only on an object for the given right
-
getReadAccessPermissionByGroup
public Map<GroupIdentity,AccessController.AccessResult> getReadAccessPermissionByGroup(Object object) Description copied from interface:AccessControllerGets the read access permission by group only on an object.- Specified by:
getReadAccessPermissionByGroupin interfaceAccessController- Overrides:
getReadAccessPermissionByGroupin classAbstractProfileStorageBasedAccessController- Parameters:
object- The object- Returns:
- the read access permission by group only on an object
-
getReadAccessPermissionByUser
Description copied from interface:AccessControllerGets the read access permission by user only on an object. It does not take account of the groups of the user, etc.- Specified by:
getReadAccessPermissionByUserin interfaceAccessController- Overrides:
getReadAccessPermissionByUserin classAbstractProfileStorageBasedAccessController- Parameters:
object- The object- Returns:
- the read access permission by user only on an object
-
getPermissionByGroup
public Map<GroupIdentity,AccessController.AccessResult> getPermissionByGroup(String rightId, Object object) Description copied from interface:AccessControllerGets the permission by group only on an object for the given right.- Specified by:
getPermissionByGroupin interfaceAccessController- Overrides:
getPermissionByGroupin classAbstractProfileStorageBasedAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission by group only on an object for the given right
-
_convertWorkspaceToRootRightContexts
protected Set<? extends Object> _convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts) Description copied from class:AbstractProfileStorageBasedAccessControllerGet the current workspaces contexts and turn it into root contexts in order to allow methods hasXXXAnyPermissionOnWorkspace to work- Specified by:
_convertWorkspaceToRootRightContextsin classAbstractProfileStorageBasedAccessController- Parameters:
workspacesContexts- The workspace contexts. Such as '/${WorkspaceName}', '/admin'- Returns:
- A null or empty set if the current AccessController does not apply to any workspace context, or the root object where ProfileAssignmentStorageExtension should start looking at to find any permission
-