Package org.ametys.core.right

Interface AccessController

All Known Implementing Classes:
AbstractHierarchicalAccessController, AbstractProfileStorageBasedAccessController, AdminAccessController, ApplicationAccessController, BackOfficeAccessController, CartAccessController, CartAuthorAccessController, CatalogNewsAccessController, ContentAccessController, ContentsCreatorAccessController, ContentTypeAccessController, EditionFOAccessController, LinkDirectoryAccessController, ModuleAccessController, ODFContentHierarchicalAccessController, ODFOrphanContentAccessController, PageAccessController, ProjectAccessController, QueryAccessController, QueryAuthorAccessController, ReferenceTableAccessController, RemoteCDMFrSCCAccessController, ReportsPageAccessController, ResourceAccessController, StringHierarchicalAccessController, SurveyAccessController, SynchronizedContentAccessController, ThesaurusAccessController, UGCCreatorContentAccessController, UGCCreatorPageAccessController, UserDirectoryContentAccessController, WebContentAccessController, WebContentTypeAccessController, WebWorkspaceAccessController, WorkspaceAccessController, WorkspaceAccessController, WorkspaceSwitchedAccessController
public interface AccessController
This interface is for computing the rights a user has.

  • Method Details

    • getPermission

      AccessController.AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
      Gets the kind of access a user has on an object for a given right
      Parameters:
      user - The user. Cannot be null.
      userGroups - The groups the user belongs to
      rightId - The id of the right of the user
      object - The context object to check the access
      Returns:
      the kind of access a user has on an object for a right

    • getReadAccessPermission

      AccessController.AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
      Gets the kind of access a user has on an object for thye read access
      Parameters:
      user - The user. Cannot be null.
      userGroups - The groups the user belongs to
      object - The context object to check the access
      Returns:
      the kind of access a user has on an object for the read access

    • getPermissionByRight

      Map<String,AccessController.AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
      Gets the kind of access a user has on an object for all rights
      Parameters:
      user - The user. Cannot be null.
      userGroups - The groups the user belongs to
      object - The context object to check the access
      Returns:
      the kind of access a user has on an object for all rights

    • getPermissionForAnonymous

      AccessController.AccessResult getPermissionForAnonymous(String rightId, Object object)
      Gets the permission for Anonymous only on an object for a given right
      Parameters:
      rightId - The id of the right to check
      object - The object
      Returns:
      the permission for Anonymous only on an object for a given right

    • getReadAccessPermissionForAnonymous

      AccessController.AccessResult getReadAccessPermissionForAnonymous(Object object)
      Gets the read access permission for Anonymous only on an object
      Parameters:
      object - The object
      Returns:
      the read access permission for Anonymous only on an object

    • getPermissionForAnyConnectedUser

      AccessController.AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
      Gets the permission for any connected user only on an object for a given right
      Parameters:
      rightId - The id of the right to check
      object - The object
      Returns:
      the permission for any connected user only on an object for a given right

    • getReadAccessPermissionForAnyConnectedUser

      AccessController.AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
      Gets the read access permission for any connected user only on an object
      Parameters:
      object - The object
      Returns:
      the read access permission for any connected user only on an object

    • getPermissionByUser

      Map<UserIdentity,AccessController.AccessResult> getPermissionByUser(String rightId, Object object)
      Gets the permission by user only on an object for the given right. It does not take account of the groups of the user, etc.
      Parameters:
      rightId - The id of the right to check
      object - The object
      Returns:
      the permission by user only on an object for the given right

    • getReadAccessPermissionByUser

      Map<UserIdentity,AccessController.AccessResult> getReadAccessPermissionByUser(Object object)
      Gets the read access permission by user only on an object. It does not take account of the groups of the user, etc.
      Parameters:
      object - The object
      Returns:
      the read access permission by user only on an object

    • getPermissionByGroup

      Map<GroupIdentity,AccessController.AccessResult> getPermissionByGroup(String rightId, Object object)
      Gets the permission by group only on an object for the given right.
      Parameters:
      rightId - The id of the right to check
      object - The object
      Returns:
      the permission by group only on an object for the given right

    • getReadAccessPermissionByGroup

      Map<GroupIdentity,AccessController.AccessResult> getReadAccessPermissionByGroup(Object object)
      Gets the read access permission by group only on an object.
      Parameters:
      object - The object
      Returns:
      the read access permission by group only on an object

    • hasUserAnyPermissionOnWorkspace

      boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId)
      Returns true if the user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
      Parameters:
      workspacesContexts - The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}
      user - The user
      userGroups - The groups
      rightId - The id of the right to check
      Returns:
      true if the user has a permission on at least one object, directly or though groups, for a given right

    • hasUserAnyReadAccessPermissionOnWorkspace

      boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups)
      Returns true if the user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
      Parameters:
      workspacesContexts - The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}
      user - The user
      userGroups - The groups
      Returns:
      true if the user has a permission on at least one object, directly or though groups, for a given right

    • hasAnonymousAnyPermissionOnWorkspace

      boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
      Returns true if anonymous has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
      Parameters:
      workspacesContexts - The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}
      rightId - The id of the right to check
      Returns:
      true if anonymous has a permission on at least one object, directly or though groups, for a given right

    • hasAnonymousAnyReadAccessPermissionOnWorkspace

      boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
      Returns true if anonymous has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
      Parameters:
      workspacesContexts - The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}
      Returns:
      true if anonymous has a permission on at least one object, directly or though groups, for a given right

    • hasAnyConnectedUserAnyPermissionOnWorkspace

      boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
      Returns true if any connected user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
      Parameters:
      workspacesContexts - The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}
      rightId - The id of the right to check
      Returns:
      true if any connected user has a permission on at least one object, directly or though groups, for a given right

    • hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace

      boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
      Returns true if any connected user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
      Parameters:
      workspacesContexts - The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}
      Returns:
      true if any connected user has a permission on at least one object, directly or though groups, for a given right

    • isSupported

      boolean isSupported(Object object)
      Returns true if this access controller supports the given object
      Parameters:
      object - The object to test
      Returns:
      true if this access controller supports the given object