Package org.ametys.core.right

Interface AccessController

All Known Implementing Classes:
AbstractHierarchicalAccessController, AbstractHierarchicalWithPermissionContextAccessController, AbstractODFRoleAccessController, AbstractProfileStorageBasedAccessController, AbstractRightBasedAccessController, AdminAccessController, ApplicationAccessController, BackOfficeAccessController, CartAccessController, CartAuthorAccessController, CatalogNewsAccessController, ContentAccessController, ContentsCreatorAccessController, ContentTypeAccessController, EditionFOAccessController, ExtractionAccessController, ExtractionAuthorAccessController, FormAccessController, FormAuthorAccessController, LinkDirectoryAccessController, ModuleAccessController, ModuleResourceAccessController, ODFContentHierarchicalAccessController, ODFContributorAccessController, ODFManagerAccessController, ODFMCCManagerAccessController, ODFOrphanContentAccessController, OdfRefTableDataSynchronizationAccessController, PageAccessController, ProjectAccessController, QueryAccessController, QueryAuthorAccessController, ReferenceTableAccessController, RemoteCDMFrSCCAccessController, ReportsPageAccessController, ResourceAccessController, SiteWorkspaceAccessController, StringHierarchicalAccessController, SurveyAccessController, SynchronizedContentAccessController, ThematicAccessController, ThesaurusAccessController, UGCCreatorContentAccessController, UGCCreatorPageAccessController, UserDirectoryContentAccessController, WebContentAccessController, WebContentTypeAccessController, WebWorkspaceAccessController, WorkspaceAccessController, WorkspaceAccessController, WorkspaceSwitchedAccessController
public interface AccessController
This interface is for computing the rights a user has.

  • Method Details

    • getId

      String getId()
      Get the id of this controller
      Returns:
      the id of this controller

    • getPermission

      AccessController.AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)
      Gets the kind of access a user has on an object for a given right
      Parameters:
      user - The user. Cannot be null.
      userGroups - The groups the user belongs to
      rightId - The id of the right of the user
      object - The context object to check the access
      Returns:
      the kind of access a user has on an object for a right

    • getReadAccessPermission

      AccessController.AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
      Gets the kind of access a user has on an object for thye read access
      Parameters:
      user - The user. Cannot be null.
      userGroups - The groups the user belongs to
      object - The context object to check the access
      Returns:
      the kind of access a user has on an object for the read access

    • getPermissionByRight

      Map<String,AccessController.AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
      Gets the kind of access a user has on an object for all rights
      Parameters:
      user - The user. Cannot be null.
      userGroups - The groups the user belongs to
      object - The context object to check the access
      Returns:
      the kind of access a user has on an object for all rights

    • getPermissionForAnonymous

      AccessController.AccessResult getPermissionForAnonymous(String rightId, Object object)
      Gets the permission for Anonymous only on an object for a given right
      Parameters:
      rightId - The id of the right to check
      object - The object
      Returns:
      the permission for Anonymous only on an object for a given right

    • getReadAccessPermissionForAnonymous

      AccessController.AccessResult getReadAccessPermissionForAnonymous(Object object)
      Gets the read access permission for Anonymous only on an object
      Parameters:
      object - The object
      Returns:
      the read access permission for Anonymous only on an object

    • getPermissionForAnyConnectedUser

      AccessController.AccessResult getPermissionForAnyConnectedUser(String rightId, Object object)
      Gets the permission for any connected user only on an object for a given right
      Parameters:
      rightId - The id of the right to check
      object - The object
      Returns:
      the permission for any connected user only on an object for a given right

    • getReadAccessPermissionForAnyConnectedUser

      AccessController.AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)
      Gets the read access permission for any connected user only on an object
      Parameters:
      object - The object
      Returns:
      the read access permission for any connected user only on an object

    • getPermissionByUser

      Map<UserIdentity,AccessController.AccessResult> getPermissionByUser(String rightId, Object object)
      Gets the permission by user only on an object for the given right. It does not take account of the groups of the user, etc.
      Parameters:
      rightId - The id of the right to check
      object - The object
      Returns:
      the permission by user only on an object for the given right

    • getReadAccessPermissionByUser

      Map<UserIdentity,AccessController.AccessResult> getReadAccessPermissionByUser(Object object)
      Gets the read access permission by user only on an object. It does not take account of the groups of the user, etc.
      Parameters:
      object - The object
      Returns:
      the read access permission by user only on an object

    • getPermissionByGroup

      Map<GroupIdentity,AccessController.AccessResult> getPermissionByGroup(String rightId, Object object)
      Gets the permission by group only on an object for the given right.
      Parameters:
      rightId - The id of the right to check
      object - The object
      Returns:
      the permission by group only on an object for the given right

    • getReadAccessPermissionByGroup

      Map<GroupIdentity,AccessController.AccessResult> getReadAccessPermissionByGroup(Object object)
      Gets the read access permission by group only on an object.
      Parameters:
      object - The object
      Returns:
      the read access permission by group only on an object

    • hasUserAnyPermissionOnWorkspace

      boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId)
      Returns true if the user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
      Parameters:
      workspacesContexts - The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}
      user - The user
      userGroups - The groups
      rightId - The id of the right to check
      Returns:
      true if the user has a permission on at least one object, directly or though groups, for a given right

    • hasUserAnyReadAccessPermissionOnWorkspace

      boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups)
      Returns true if the user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
      Parameters:
      workspacesContexts - The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}
      user - The user
      userGroups - The groups
      Returns:
      true if the user has a permission on at least one object, directly or though groups, for a given right

    • hasAnonymousAnyPermissionOnWorkspace

      boolean hasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
      Returns true if anonymous has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
      Parameters:
      workspacesContexts - The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}
      rightId - The id of the right to check
      Returns:
      true if anonymous has a permission on at least one object, directly or though groups, for a given right

    • hasAnonymousAnyReadAccessPermissionOnWorkspace

      boolean hasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
      Returns true if anonymous has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
      Parameters:
      workspacesContexts - The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}
      Returns:
      true if anonymous has a permission on at least one object, directly or though groups, for a given right

    • hasAnyConnectedUserAnyPermissionOnWorkspace

      boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId)
      Returns true if any connected user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
      Parameters:
      workspacesContexts - The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}
      rightId - The id of the right to check
      Returns:
      true if any connected user has a permission on at least one object, directly or though groups, for a given right

    • hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace

      boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts)
      Returns true if any connected user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
      Parameters:
      workspacesContexts - The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}
      Returns:
      true if any connected user has a permission on at least one object, directly or though groups, for a given right

    • isSupported

      boolean isSupported(Object object)
      Returns true if this access controller supports the given object
      Parameters:
      object - The object to test
      Returns:
      true if this access controller supports the given object

    • explainReadAccessPermissionForAnonymous

      default AccessExplanation explainReadAccessPermissionForAnonymous(Object object)
      Explain the read access permission for anonymous on the given object. The access result in the explanation MUST be the same value as the one returned by getReadAccessPermissionForAnonymous(Object). And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened
      Parameters:
      object - the object to test
      Returns:
      an explanation of the access

    • explainPermissionForAnonymous

      default AccessExplanation explainPermissionForAnonymous(String rightId, Object object)
      Explain the permission for anonymous on the given object. The access result in the explanation MUST be the same value as the one returned by getPermissionForAnonymous(String, Object). And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened
      Parameters:
      rightId - the right to test
      object - the object to test
      Returns:
      an explanation of the access

    • explainReadAccessPermissionForAnyConnectedUser

      default AccessExplanation explainReadAccessPermissionForAnyConnectedUser(Object object)
      Explain the read access permission for any connected user on the given object. The access result in the explanation MUST be the same value as the one returned by getReadAccessPermissionForAnyConnectedUser(Object). And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened
      Parameters:
      object - the object to test
      Returns:
      an explanation of the access

    • explainPermissionForAnyConnectedUser

      default AccessExplanation explainPermissionForAnyConnectedUser(String rightId, Object object)
      Explain the permission for any connected user on the given object. The access result in the explanation MUST be the same value as the one returned by getPermissionForAnyConnectedUser(String, Object). And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened
      Parameters:
      rightId - the right to test
      object - the object to test
      Returns:
      an explanation of the access

    • explainReadAccessPermission

      default AccessExplanation explainReadAccessPermission(UserIdentity user, Set<GroupIdentity> groups, Object object)
      Explain the read access permission for a user on the given object. The access result in the explanation MUST be the same value as the one returned by getReadAccessPermission(UserIdentity, Set, Object). And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened
      Parameters:
      user - the user to test
      groups - the groups of the user
      object - the object to test
      Returns:
      an explanation of the access

    • explainPermission

      default AccessExplanation explainPermission(UserIdentity user, Set<GroupIdentity> groups, String rightId, Object object)
      Explain the permission for a user on the given object. The access result in the explanation MUST be the same value as the one returned by getPermission(UserIdentity, Set, String, Object). And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened
      Parameters:
      user - the user to test
      groups - the groups of the user
      rightId - the right to test
      object - the object to test
      Returns:
      an explanation of the access

    • getStandardAccessExplanation

      default AccessExplanation getStandardAccessExplanation(AccessController.AccessResult accessResult, Object object)
      Get a standard explanation based on the access result
      Parameters:
      accessResult - the access result
      object - the inspected context
      Returns:
      the explanation

    • getDefaultAccessExplanation

      static AccessExplanation getDefaultAccessExplanation(String controllerId, AccessController.AccessResult result)
      Build a default explanation for an access result provided by a controller. This method should be used as a fallback. AccessController should provide their own explanation with more details
      Parameters:
      controllerId - the access controller id
      result - the access result
      Returns:
      an label describing the result

    • explainAllPermissions

      Map<AccessController.ExplanationObject,Map<AccessController.Permission,AccessExplanation>> explainAllPermissions(UserIdentity identity, Set<GroupIdentity> groups)
      Get AccessExplanation for each permission given to the user by this access controller. Returns a pair of permission/access explanation for each object with a granted or denied permission to this user by this access controller. Each explanation should be equivalent to calling the explainPermission(UserIdentity, Set, String, Object) or explainReadAccessPermission(UserIdentity, Set, Object) for the user, on the object with the corresponding right
      Parameters:
      identity - the user identity
      groups - the groups the user belongs to.
      Returns:
      all the user's permissions handled by this controller

    • getExplanationObject

      default AccessController.ExplanationObject getExplanationObject(Object object)
      Get the explanation object representing the object
      Parameters:
      object - the object
      Returns:
      the explanation object

    • getObjectLabel

      I18nizableText getObjectLabel(Object object)
      Get a label describing the object handled by this access controller
      Parameters:
      object - the object
      Returns:
      the label

    • getObjectCategory

      I18nizableText getObjectCategory(Object object)
      Get a label classifying the object handled by this access controller
      Parameters:
      object - the object
      Returns:
      the label

    • getObjectPriority

      default int getObjectPriority(Object object)
      Get the priority of the object to order it in its category
      Parameters:
      object - the object
      Returns:
      the priority