Class ThesaurusAccessController
java.lang.Object
org.ametys.runtime.plugin.component.AbstractLogEnabled
org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
org.ametys.plugins.thesaurus.right.ThesaurusAccessController
- All Implemented Interfaces:
AccessController
,LogEnabled
,PluginAware
,Initializable
,Contextualizable
,Serviceable
public class ThesaurusAccessController
extends AbstractProfileStorageBasedAccessController
implements Contextualizable
AccessController
for a thesaurus objects. The rights are checked on '/cms' context.
Read access is allowed to any connected user.-
Nested Class Summary
Nested classes/interfaces inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
AbstractProfileStorageBasedAccessController.CacheKind, AbstractProfileStorageBasedAccessController.PermissionDetails
Nested classes/interfaces inherited from interface org.ametys.core.right.AccessController
AccessController.AccessResult, AccessController.ExplanationObject, AccessController.Permission
-
Field Summary
Fields inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
__ANONYMOUS_USER_IDENTITY, __ANY_CONTECTED_USER_IDENTITY, _cacheManager, _groupManager, _profileAssignmentStorageEP, _rightProfileDAO
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected Object
_convertContext
(Object initialContext) For methods getXXXXPermissionYYY allow to have a modification of the context before transferring it to the profile assignment storage extension point The default implemenation keep the context as it isprotected String
_convertRightId
(String rightId) Convert the asked right id to the real right to check_convertWorkspaceToRootRightContexts
(Set<Object> workspacesContexts) Get the current workspaces contexts and turn it into root contexts in order to allow methods hasXXXAnyPermissionOnWorkspace to workprotected Map<String,
I18nizableTextParameter> Get the i18n parameters for the explanation labelprotected I18nizableText
Get the i18n text for the explanation based on the provided detailsprotected boolean
_isSupportedStoredContext
(Object storedObject) Determine if a stored context is handled by this controller.void
contextualize
(Context context) explainAllPermissions
(UserIdentity identity, Set<GroupIdentity> groups) GetAccessExplanation
for each permission given to the user by this access controller.explainPermission
(UserIdentity user, Set<GroupIdentity> groups, String rightId, Object object) Explain the permission for a user on the given object.explainPermissionForAnonymous
(String rightId, Object object) Explain the permission for anonymous on the given object.explainPermissionForAnyConnectedUser
(String rightId, Object object) Explain the permission for any connected user on the given object.explainReadAccessPermission
(UserIdentity user, Set<GroupIdentity> groups, Object object) Explain the read access permission for a user on the given object.Explain the read access permission for anonymous on the given object.Explain the read access permission for any connected user on the given object.getObjectCategory
(Object object) Get a label classifying the object handled by this access controllergetObjectLabel
(Object object) Get a label describing the object handled by this access controllerprotected I18nizableText
getObjectLabelForExplanation
(Object object) Get the label describing the object in the explanation sentence.int
getObjectPriority
(Object object) Get the priority of the object to order it in its categorygetPermission
(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) Gets the kind of access a user has on an object for a given rightgetPermissionByGroup
(String rightId, Object object) Gets the permission by group only on an object for the given right.getPermissionByRight
(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Gets the kind of access a user has on an object for all rightsgetPermissionByUser
(String rightId, Object object) Gets the permission by user only on an object for the given right.getPermissionForAnonymous
(String rightId, Object object) Gets the permission for Anonymous only on an object for a given rightgetPermissionForAnyConnectedUser
(String rightId, Object object) Gets the permission for any connected user only on an object for a given rightgetReadAccessPermission
(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Gets the kind of access a user has on an object for thye read accessgetReadAccessPermissionByGroup
(Object object) Gets the read access permission by group only on an object.getReadAccessPermissionByUser
(Object object) Gets the read access permission by user only on an object.Gets the read access permission for Anonymous only on an objectGets the read access permission for any connected user only on an objectboolean
isSupported
(Object object) Returns true if this access controller supports the given objectvoid
service
(ServiceManager manager) Methods inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
_buildExplanation, _explainPermission, _explainPermissionForAnonymous, _explainPermissionForAnyConnectedUser, _getAccessExplanationI18nKey, _getPermission, _getPermissionByGroup, _getPermissionByUser, _getPermissionDetails, _getPermissionDetailsForAnonymous, _getPermissionDetailsForAnyConnectedUser, _getPermissionForAnonymous, _getPermissionForAnyConnectedUser, _hasRightResultInFirstCache, _hasRightResultInSecondCache, _putInFirstCache, _putInSecondCache, _unconvertContext, getId, hasAnonymousAnyPermissionOnWorkspace, hasAnonymousAnyReadAccessPermissionOnWorkspace, hasAnyConnectedUserAnyPermissionOnWorkspace, hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace, hasUserAnyPermissionOnWorkspace, hasUserAnyReadAccessPermissionOnWorkspace, initialize, setPluginInfo
Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled
getLogger, setLogger
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.ametys.core.right.AccessController
getExplanationObject, getStandardAccessExplanation
-
Field Details
-
_rightEP
The right extension point
-
-
Constructor Details
-
ThesaurusAccessController
public ThesaurusAccessController()
-
-
Method Details
-
service
- Specified by:
service
in interfaceServiceable
- Overrides:
service
in classAbstractProfileStorageBasedAccessController
- Throws:
ServiceException
-
contextualize
- Specified by:
contextualize
in interfaceContextualizable
- Throws:
ContextException
-
isSupported
Description copied from interface:AccessController
Returns true if this access controller supports the given object- Specified by:
isSupported
in interfaceAccessController
- Parameters:
object
- The object to test- Returns:
- true if this access controller supports the given object
-
_convertContext
Description copied from class:AbstractProfileStorageBasedAccessController
For methods getXXXXPermissionYYY allow to have a modification of the context before transferring it to the profile assignment storage extension point The default implemenation keep the context as it is- Overrides:
_convertContext
in classAbstractProfileStorageBasedAccessController
- Parameters:
initialContext
- The right context that is supported- Returns:
- the context modified
-
_convertRightId
Convert the asked right id to the real right to check- Parameters:
rightId
- The asked right id- Returns:
- the right to check
-
getPermission
public AccessController.AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) Description copied from interface:AccessController
Gets the kind of access a user has on an object for a given right- Specified by:
getPermission
in interfaceAccessController
- Overrides:
getPermission
in classAbstractProfileStorageBasedAccessController
- Parameters:
user
- The user. Cannot be null.userGroups
- The groups the user belongs torightId
- The id of the right of the userobject
- The context object to check the access- Returns:
- the kind of access a user has on an object for a right
-
explainPermission
public AccessExplanation explainPermission(UserIdentity user, Set<GroupIdentity> groups, String rightId, Object object) Description copied from interface:AccessController
Explain the permission for a user on the given object. The access result in the explanation MUST be the same value as the one returned byAccessController.getPermission(UserIdentity, Set, String, Object)
. And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened- Specified by:
explainPermission
in interfaceAccessController
- Overrides:
explainPermission
in classAbstractProfileStorageBasedAccessController
- Parameters:
user
- the user to testgroups
- the groups of the userrightId
- the right to testobject
- the object to test- Returns:
- an explanation of the access
-
_getExplanationI18nText
protected I18nizableText _getExplanationI18nText(AbstractProfileStorageBasedAccessController.PermissionDetails details) Description copied from class:AbstractProfileStorageBasedAccessController
Get the i18n text for the explanation based on the provided details- Overrides:
_getExplanationI18nText
in classAbstractProfileStorageBasedAccessController
- Parameters:
details
- the permission details- Returns:
- the explanation
-
_getExplanationI18nParams
protected Map<String,I18nizableTextParameter> _getExplanationI18nParams(AbstractProfileStorageBasedAccessController.PermissionDetails details) Description copied from class:AbstractProfileStorageBasedAccessController
Get the i18n parameters for the explanation label- Overrides:
_getExplanationI18nParams
in classAbstractProfileStorageBasedAccessController
- Parameters:
details
- the permission details- Returns:
- the map of parameters
-
getObjectLabelForExplanation
Description copied from class:AbstractProfileStorageBasedAccessController
Get the label describing the object in the explanation sentence.- Overrides:
getObjectLabelForExplanation
in classAbstractProfileStorageBasedAccessController
- Parameters:
object
- the object that granted the right- Returns:
- the label
- Throws:
RightsException
- when the object is not supported by the controller
-
getReadAccessPermission
public AccessController.AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Description copied from interface:AccessController
Gets the kind of access a user has on an object for thye read access- Specified by:
getReadAccessPermission
in interfaceAccessController
- Overrides:
getReadAccessPermission
in classAbstractProfileStorageBasedAccessController
- Parameters:
user
- The user. Cannot be null.userGroups
- The groups the user belongs toobject
- The context object to check the access- Returns:
- the kind of access a user has on an object for the read access
-
explainReadAccessPermission
public AccessExplanation explainReadAccessPermission(UserIdentity user, Set<GroupIdentity> groups, Object object) Description copied from interface:AccessController
Explain the read access permission for a user on the given object. The access result in the explanation MUST be the same value as the one returned byAccessController.getReadAccessPermission(UserIdentity, Set, Object)
. And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened- Specified by:
explainReadAccessPermission
in interfaceAccessController
- Overrides:
explainReadAccessPermission
in classAbstractProfileStorageBasedAccessController
- Parameters:
user
- the user to testgroups
- the groups of the userobject
- the object to test- Returns:
- an explanation of the access
-
getPermissionByRight
public Map<String,AccessController.AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Description copied from interface:AccessController
Gets the kind of access a user has on an object for all rights- Specified by:
getPermissionByRight
in interfaceAccessController
- Overrides:
getPermissionByRight
in classAbstractProfileStorageBasedAccessController
- Parameters:
user
- The user. Cannot be null.userGroups
- The groups the user belongs toobject
- The context object to check the access- Returns:
- the kind of access a user has on an object for all rights
-
getPermissionForAnonymous
Description copied from interface:AccessController
Gets the permission for Anonymous only on an object for a given right- Specified by:
getPermissionForAnonymous
in interfaceAccessController
- Overrides:
getPermissionForAnonymous
in classAbstractProfileStorageBasedAccessController
- Parameters:
rightId
- The id of the right to checkobject
- The object- Returns:
- the permission for Anonymous only on an object for a given right
-
explainPermissionForAnonymous
Description copied from interface:AccessController
Explain the permission for anonymous on the given object. The access result in the explanation MUST be the same value as the one returned byAccessController.getPermissionForAnonymous(String, Object)
. And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened- Specified by:
explainPermissionForAnonymous
in interfaceAccessController
- Overrides:
explainPermissionForAnonymous
in classAbstractProfileStorageBasedAccessController
- Parameters:
rightId
- the right to testobject
- the object to test- Returns:
- an explanation of the access
-
getReadAccessPermissionForAnonymous
Description copied from interface:AccessController
Gets the read access permission for Anonymous only on an object- Specified by:
getReadAccessPermissionForAnonymous
in interfaceAccessController
- Overrides:
getReadAccessPermissionForAnonymous
in classAbstractProfileStorageBasedAccessController
- Parameters:
object
- The object- Returns:
- the read access permission for Anonymous only on an object
-
explainReadAccessPermissionForAnonymous
Description copied from interface:AccessController
Explain the read access permission for anonymous on the given object. The access result in the explanation MUST be the same value as the one returned byAccessController.getReadAccessPermissionForAnonymous(Object)
. And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened- Specified by:
explainReadAccessPermissionForAnonymous
in interfaceAccessController
- Overrides:
explainReadAccessPermissionForAnonymous
in classAbstractProfileStorageBasedAccessController
- Parameters:
object
- the object to test- Returns:
- an explanation of the access
-
getPermissionForAnyConnectedUser
public AccessController.AccessResult getPermissionForAnyConnectedUser(String rightId, Object object) Description copied from interface:AccessController
Gets the permission for any connected user only on an object for a given right- Specified by:
getPermissionForAnyConnectedUser
in interfaceAccessController
- Overrides:
getPermissionForAnyConnectedUser
in classAbstractProfileStorageBasedAccessController
- Parameters:
rightId
- The id of the right to checkobject
- The object- Returns:
- the permission for any connected user only on an object for a given right
-
explainPermissionForAnyConnectedUser
Description copied from interface:AccessController
Explain the permission for any connected user on the given object. The access result in the explanation MUST be the same value as the one returned byAccessController.getPermissionForAnyConnectedUser(String, Object)
. And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened- Specified by:
explainPermissionForAnyConnectedUser
in interfaceAccessController
- Overrides:
explainPermissionForAnyConnectedUser
in classAbstractProfileStorageBasedAccessController
- Parameters:
rightId
- the right to testobject
- the object to test- Returns:
- an explanation of the access
-
getReadAccessPermissionForAnyConnectedUser
Description copied from interface:AccessController
Gets the read access permission for any connected user only on an object- Specified by:
getReadAccessPermissionForAnyConnectedUser
in interfaceAccessController
- Overrides:
getReadAccessPermissionForAnyConnectedUser
in classAbstractProfileStorageBasedAccessController
- Parameters:
object
- The object- Returns:
- the read access permission for any connected user only on an object
-
explainReadAccessPermissionForAnyConnectedUser
Description copied from interface:AccessController
Explain the read access permission for any connected user on the given object. The access result in the explanation MUST be the same value as the one returned byAccessController.getReadAccessPermissionForAnyConnectedUser(Object)
. And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened- Specified by:
explainReadAccessPermissionForAnyConnectedUser
in interfaceAccessController
- Overrides:
explainReadAccessPermissionForAnyConnectedUser
in classAbstractProfileStorageBasedAccessController
- Parameters:
object
- the object to test- Returns:
- an explanation of the access
-
getPermissionByUser
public Map<UserIdentity,AccessController.AccessResult> getPermissionByUser(String rightId, Object object) Description copied from interface:AccessController
Gets the permission by user only on an object for the given right. It does not take account of the groups of the user, etc.- Specified by:
getPermissionByUser
in interfaceAccessController
- Overrides:
getPermissionByUser
in classAbstractProfileStorageBasedAccessController
- Parameters:
rightId
- The id of the right to checkobject
- The object- Returns:
- the permission by user only on an object for the given right
-
getReadAccessPermissionByGroup
public Map<GroupIdentity,AccessController.AccessResult> getReadAccessPermissionByGroup(Object object) Description copied from interface:AccessController
Gets the read access permission by group only on an object.- Specified by:
getReadAccessPermissionByGroup
in interfaceAccessController
- Overrides:
getReadAccessPermissionByGroup
in classAbstractProfileStorageBasedAccessController
- Parameters:
object
- The object- Returns:
- the read access permission by group only on an object
-
getReadAccessPermissionByUser
Description copied from interface:AccessController
Gets the read access permission by user only on an object. It does not take account of the groups of the user, etc.- Specified by:
getReadAccessPermissionByUser
in interfaceAccessController
- Overrides:
getReadAccessPermissionByUser
in classAbstractProfileStorageBasedAccessController
- Parameters:
object
- The object- Returns:
- the read access permission by user only on an object
-
getPermissionByGroup
public Map<GroupIdentity,AccessController.AccessResult> getPermissionByGroup(String rightId, Object object) Description copied from interface:AccessController
Gets the permission by group only on an object for the given right.- Specified by:
getPermissionByGroup
in interfaceAccessController
- Overrides:
getPermissionByGroup
in classAbstractProfileStorageBasedAccessController
- Parameters:
rightId
- The id of the right to checkobject
- The object- Returns:
- the permission by group only on an object for the given right
-
_convertWorkspaceToRootRightContexts
protected Set<? extends Object> _convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts) Description copied from class:AbstractProfileStorageBasedAccessController
Get the current workspaces contexts and turn it into root contexts in order to allow methods hasXXXAnyPermissionOnWorkspace to work- Specified by:
_convertWorkspaceToRootRightContexts
in classAbstractProfileStorageBasedAccessController
- Parameters:
workspacesContexts
- The workspace contexts. Such as '/${WorkspaceName}', '/admin'- Returns:
- A null or empty set if the current AccessController does not apply to any workspace context, or the root object where ProfileAssignmentStorageExtension should start looking at to find any permission
-
explainAllPermissions
public Map<AccessController.ExplanationObject,Map<AccessController.Permission, explainAllPermissionsAccessExplanation>> (UserIdentity identity, Set<GroupIdentity> groups) Description copied from interface:AccessController
GetAccessExplanation
for each permission given to the user by this access controller. Returns a pair of permission/access explanation for each object with a granted or denied permission to this user by this access controller. Each explanation should be equivalent to calling theAccessController.explainPermission(UserIdentity, Set, String, Object)
orAccessController.explainReadAccessPermission(UserIdentity, Set, Object)
for the user, on the object with the corresponding right- Specified by:
explainAllPermissions
in interfaceAccessController
- Overrides:
explainAllPermissions
in classAbstractProfileStorageBasedAccessController
- Parameters:
identity
- the user identitygroups
- the groups the user belongs to.- Returns:
- all the user's permissions handled by this controller
-
_isSupportedStoredContext
Description copied from class:AbstractProfileStorageBasedAccessController
Determine if a stored context is handled by this controller. Default implementation returns the result ofAccessController.isSupported(Object)
as no conversion is done by default on object context before storage (seeAbstractProfileStorageBasedAccessController._convertContext(Object)
)- Overrides:
_isSupportedStoredContext
in classAbstractProfileStorageBasedAccessController
- Parameters:
storedObject
- a stored object- Returns:
- true if the context is supported
-
getObjectLabel
Description copied from interface:AccessController
Get a label describing the object handled by this access controller- Specified by:
getObjectLabel
in interfaceAccessController
- Parameters:
object
- the object- Returns:
- the label
- Throws:
RightsException
-
getObjectCategory
Description copied from interface:AccessController
Get a label classifying the object handled by this access controller- Specified by:
getObjectCategory
in interfaceAccessController
- Parameters:
object
- the object- Returns:
- the label
-
getObjectPriority
Description copied from interface:AccessController
Get the priority of the object to order it in its category- Specified by:
getObjectPriority
in interfaceAccessController
- Parameters:
object
- the object- Returns:
- the priority
-