Class ApplicationAccessController
java.lang.Object
org.ametys.runtime.plugin.component.AbstractLogEnabled
org.ametys.plugins.core.impl.right.AbstractRightBasedAccessController
org.ametys.plugins.joboffer.right.ApplicationAccessController
- All Implemented Interfaces:
AccessController
,LogEnabled
,PluginAware
,Component
,Contextualizable
,Serviceable
public class ApplicationAccessController
extends AbstractRightBasedAccessController
implements Serviceable
AccessController
so responsible of a job offer can access and handle the applications-
Nested Class Summary
Nested classes/interfaces inherited from interface org.ametys.core.right.AccessController
AccessController.AccessResult, AccessController.ExplanationObject, AccessController.Permission
-
Field Summary
Modifier and TypeFieldDescriptionprotected ContentTypesHelper
ContentTypes Helperprotected AmetysObjectResolver
the ametys object resolverFields inherited from class org.ametys.plugins.core.impl.right.AbstractRightBasedAccessController
_context, _id, _pluginName
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionGet the rights for person in charge of a application contentgetHandledObjects
(UserIdentity identity, Set<GroupIdentity> groups) Get object contexts handled by this controller, ie.protected Collection<String>
getHandledRights
(UserIdentity identity, Set<GroupIdentity> groups, Object object) Get the list of rights that a user is susceptible to have on a context.getObjectCategory
(Object object) Get a label classifying the object handled by this access controllergetObjectLabel
(Object object) Get a label describing the object handled by this access controllergetPermission
(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) Gets the kind of access a user has on an object for a given rightgetPermissionByGroup
(String rightId, Object object) Gets the permission by group only on an object for the given right.getPermissionByRight
(UserIdentity user, Set<GroupIdentity> userGroups, Object object) If creator, access to a list of rightsgetPermissionByUser
(String rightId, Object object) If right requested is in the list, the creator is added the list of USER_ALLOWEDgetPermissionForAnonymous
(String rightId, Object object) Gets the permission for Anonymous only on an object for a given rightgetPermissionForAnyConnectedUser
(String rightId, Object object) Gets the permission for any connected user only on an object for a given rightprotected UserIdentity[]
getPersonInCharge
(Content content) Get the persons in charge of a applicationgetReadAccessPermission
(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Gets the kind of access a user has on an object for thye read accessgetReadAccessPermissionByGroup
(Object object) Gets the read access permission by group only on an object.getReadAccessPermissionByUser
(Object object) Gets the read access permission by user only on an object.Gets the read access permission for Anonymous only on an objectGets the read access permission for any connected user only on an objectgetStandardAccessExplanation
(AccessController.AccessResult permission, Object object) Get a standard explanation based on the access resultboolean
hasAnonymousAnyPermissionOnWorkspace
(Set<Object> workspacesContexts, String rightId) Returns true if anonymous has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.boolean
hasAnonymousAnyReadAccessPermissionOnWorkspace
(Set<Object> workspacesContexts) Returns true if anonymous has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.boolean
hasAnyConnectedUserAnyPermissionOnWorkspace
(Set<Object> workspacesContexts, String rightId) Returns true if any connected user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.boolean
hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace
(Set<Object> workspacesContexts) Returns true if any connected user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.boolean
hasUserAnyPermissionOnWorkspace
(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId) Returns true if the user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.boolean
hasUserAnyReadAccessPermissionOnWorkspace
(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups) Returns true if the user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.protected boolean
isInCharge
(UserIdentity user, Content content) Determines if the current user is in charge of the current applicationboolean
isSupported
(Object object) Returns true if this access controller supports the given objectvoid
service
(ServiceManager smanager) Methods inherited from class org.ametys.plugins.core.impl.right.AbstractRightBasedAccessController
contextualize, explainAllPermissions, getId, setPluginInfo
Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled
getLogger, setLogger
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.ametys.core.right.AccessController
explainPermission, explainPermissionForAnonymous, explainPermissionForAnyConnectedUser, explainReadAccessPermission, explainReadAccessPermissionForAnonymous, explainReadAccessPermissionForAnyConnectedUser, getExplanationObject, getObjectPriority
-
Field Details
-
_cTypeHelper
ContentTypes Helper -
_resolver
the ametys object resolver
-
-
Constructor Details
-
ApplicationAccessController
public ApplicationAccessController()
-
-
Method Details
-
service
- Specified by:
service
in interfaceServiceable
- Throws:
ServiceException
-
getApplicationRights
Get the rights for person in charge of a application content- Returns:
- the list of allowed rights
-
isInCharge
Determines if the current user is in charge of the current application- Parameters:
user
- the usercontent
- the application content- Returns:
- true if the current user is in charge
-
getPersonInCharge
Get the persons in charge of a application- Parameters:
content
- the application content- Returns:
- the persons in charge or null if not found or empty
-
isSupported
Description copied from interface:AccessController
Returns true if this access controller supports the given object- Specified by:
isSupported
in interfaceAccessController
- Parameters:
object
- The object to test- Returns:
- true if this access controller supports the given object
-
getPermission
public AccessController.AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) Description copied from interface:AccessController
Gets the kind of access a user has on an object for a given right- Specified by:
getPermission
in interfaceAccessController
- Parameters:
user
- The user. Cannot be null.userGroups
- The groups the user belongs torightId
- The id of the right of the userobject
- The context object to check the access- Returns:
- the kind of access a user has on an object for a right
-
getReadAccessPermission
public AccessController.AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Description copied from interface:AccessController
Gets the kind of access a user has on an object for thye read access- Specified by:
getReadAccessPermission
in interfaceAccessController
- Parameters:
user
- The user. Cannot be null.userGroups
- The groups the user belongs toobject
- The context object to check the access- Returns:
- the kind of access a user has on an object for the read access
-
getPermissionByRight
public Map<String,AccessController.AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object) If creator, access to a list of rights- Specified by:
getPermissionByRight
in interfaceAccessController
- Parameters:
user
- The user. Cannot be null.userGroups
- The groups the user belongs toobject
- The context object to check the access- Returns:
- the kind of access a user has on an object for all rights
-
getPermissionForAnonymous
Description copied from interface:AccessController
Gets the permission for Anonymous only on an object for a given right- Specified by:
getPermissionForAnonymous
in interfaceAccessController
- Parameters:
rightId
- The id of the right to checkobject
- The object- Returns:
- the permission for Anonymous only on an object for a given right
-
getReadAccessPermissionForAnonymous
Description copied from interface:AccessController
Gets the read access permission for Anonymous only on an object- Specified by:
getReadAccessPermissionForAnonymous
in interfaceAccessController
- Parameters:
object
- The object- Returns:
- the read access permission for Anonymous only on an object
-
getPermissionForAnyConnectedUser
public AccessController.AccessResult getPermissionForAnyConnectedUser(String rightId, Object object) Description copied from interface:AccessController
Gets the permission for any connected user only on an object for a given right- Specified by:
getPermissionForAnyConnectedUser
in interfaceAccessController
- Parameters:
rightId
- The id of the right to checkobject
- The object- Returns:
- the permission for any connected user only on an object for a given right
-
getReadAccessPermissionForAnyConnectedUser
Description copied from interface:AccessController
Gets the read access permission for any connected user only on an object- Specified by:
getReadAccessPermissionForAnyConnectedUser
in interfaceAccessController
- Parameters:
object
- The object- Returns:
- the read access permission for any connected user only on an object
-
getPermissionByUser
public Map<UserIdentity,AccessController.AccessResult> getPermissionByUser(String rightId, Object object) If right requested is in the list, the creator is added the list of USER_ALLOWED- Specified by:
getPermissionByUser
in interfaceAccessController
- Parameters:
rightId
- The id of the right to checkobject
- The object- Returns:
- the permission by user only on an object for the given right
-
getReadAccessPermissionByUser
Description copied from interface:AccessController
Gets the read access permission by user only on an object. It does not take account of the groups of the user, etc.- Specified by:
getReadAccessPermissionByUser
in interfaceAccessController
- Parameters:
object
- The object- Returns:
- the read access permission by user only on an object
-
getPermissionByGroup
public Map<GroupIdentity,AccessController.AccessResult> getPermissionByGroup(String rightId, Object object) Description copied from interface:AccessController
Gets the permission by group only on an object for the given right.- Specified by:
getPermissionByGroup
in interfaceAccessController
- Parameters:
rightId
- The id of the right to checkobject
- The object- Returns:
- the permission by group only on an object for the given right
-
getReadAccessPermissionByGroup
public Map<GroupIdentity,AccessController.AccessResult> getReadAccessPermissionByGroup(Object object) Description copied from interface:AccessController
Gets the read access permission by group only on an object.- Specified by:
getReadAccessPermissionByGroup
in interfaceAccessController
- Parameters:
object
- The object- Returns:
- the read access permission by group only on an object
-
hasUserAnyPermissionOnWorkspace
public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId) Description copied from interface:AccessController
Returns true if the user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasUserAnyPermissionOnWorkspace
in interfaceAccessController
- Parameters:
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}user
- The useruserGroups
- The groupsrightId
- The id of the right to check- Returns:
- true if the user has a permission on at least one object, directly or though groups, for a given right
-
hasUserAnyReadAccessPermissionOnWorkspace
public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups) Description copied from interface:AccessController
Returns true if the user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasUserAnyReadAccessPermissionOnWorkspace
in interfaceAccessController
- Parameters:
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}user
- The useruserGroups
- The groups- Returns:
- true if the user has a permission on at least one object, directly or though groups, for a given right
-
hasAnonymousAnyPermissionOnWorkspace
Description copied from interface:AccessController
Returns true if anonymous has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasAnonymousAnyPermissionOnWorkspace
in interfaceAccessController
- Parameters:
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}rightId
- The id of the right to check- Returns:
- true if anonymous has a permission on at least one object, directly or though groups, for a given right
-
hasAnonymousAnyReadAccessPermissionOnWorkspace
Description copied from interface:AccessController
Returns true if anonymous has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasAnonymousAnyReadAccessPermissionOnWorkspace
in interfaceAccessController
- Parameters:
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}- Returns:
- true if anonymous has a permission on at least one object, directly or though groups, for a given right
-
hasAnyConnectedUserAnyPermissionOnWorkspace
public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) Description copied from interface:AccessController
Returns true if any connected user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasAnyConnectedUserAnyPermissionOnWorkspace
in interfaceAccessController
- Parameters:
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}rightId
- The id of the right to check- Returns:
- true if any connected user has a permission on at least one object, directly or though groups, for a given right
-
hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace
public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) Description copied from interface:AccessController
Returns true if any connected user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace
in interfaceAccessController
- Parameters:
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}- Returns:
- true if any connected user has a permission on at least one object, directly or though groups, for a given right
-
getStandardAccessExplanation
public AccessExplanation getStandardAccessExplanation(AccessController.AccessResult permission, Object object) Description copied from interface:AccessController
Get a standard explanation based on the access result- Specified by:
getStandardAccessExplanation
in interfaceAccessController
- Parameters:
permission
- the access resultobject
- the inspected context- Returns:
- the explanation
-
getHandledObjects
protected Iterable<? extends Object> getHandledObjects(UserIdentity identity, Set<GroupIdentity> groups) Description copied from class:AbstractRightBasedAccessController
Get object contexts handled by this controller, ie. the objects for which this controller is able to grant permissions for the user- Specified by:
getHandledObjects
in classAbstractRightBasedAccessController
- Parameters:
identity
- the user identitygroups
- the user groups- Returns:
- the contexts
-
getHandledRights
protected Collection<String> getHandledRights(UserIdentity identity, Set<GroupIdentity> groups, Object object) Description copied from class:AbstractRightBasedAccessController
Get the list of rights that a user is susceptible to have on a context.- Overrides:
getHandledRights
in classAbstractRightBasedAccessController
- Parameters:
identity
- the user identitygroups
- the user groupsobject
- the context- Returns:
- all the rights' identifiers that can be granted by this controller
-
getObjectCategory
Description copied from interface:AccessController
Get a label classifying the object handled by this access controller- Specified by:
getObjectCategory
in interfaceAccessController
- Parameters:
object
- the object- Returns:
- the label
-
getObjectLabel
Description copied from interface:AccessController
Get a label describing the object handled by this access controller- Specified by:
getObjectLabel
in interfaceAccessController
- Parameters:
object
- the object- Returns:
- the label
-