Interface ProfileAssignmentStorage

All Superinterfaces:
Prioritizable
All Known Subinterfaces:
ModifiableProfileAssignmentStorage
All Known Implementing Classes:
ACLAmetysObjectProfileAssignmentStorage, JdbcProfileAssignmentStorage, ModifiableACLAmetysObjectProfileAssignmentStorage

public interface ProfileAssignmentStorage extends Prioritizable
This interface is for read-only profile assignments storage
  • Field Details

  • Method Details

    • hasAnonymousAnyAllowedProfile

      Set<String> hasAnonymousAnyAllowedProfile(Set<? extends Object> rootContexts, Set<String> profileIds)
      Returns some profiles that are matching if anonymous user has the allowed profile for any given root context (or any sub context), given some profiles.
      Only supported objects are transmitted
      Parameters:
      rootContexts - The root contexts to search rights for
      profileIds - The ids of the profiles
      Returns:
      If the Set is empty, it means anonymous has no matching profile.
      If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for anonymous AND it can contains some other profiles that were not in the given profiles
    • hasAnyConnectedAnyAllowedProfile

      Set<String> hasAnyConnectedAnyAllowedProfile(Set<? extends Object> rootContexts, Set<String> profileIds)
      Returns some profiles that are matching if any connected user has the allowed profile for any given root context (or any sub context), given some profiles.
      Only supported objects are transmitted
      Parameters:
      rootContexts - The root contexts to search rights for
      profileIds - The ids of the profiles
      Returns:
      If the Set is empty, it means the user has no matching profile.
      If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for the user AND it can contains some other profiles that were not in the given profiles
    • hasUserAnyAllowedProfile

      Set<String> hasUserAnyAllowedProfile(Set<? extends Object> rootContexts, UserIdentity user, Set<String> profileIds)
      Returns some profiles that are matching if user has the allowed profile for any given root context (or any sub context), given some profiles.
      Only supported objects are transmitted
      Parameters:
      rootContexts - The root contexts to search rights for
      user - The user to test
      profileIds - The ids of the profiles
      Returns:
      If the Set is empty, it means any connected user has no matching profile.
      If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for anyconnected user AND it can contains some other profiles that were not in the given profiles
    • hasGroupAnyAllowedProfile

      Set<String> hasGroupAnyAllowedProfile(Set<? extends Object> rootContexts, Set<GroupIdentity> groups, Set<String> profileIds)
      Returns some profiles that are matching if group has the allowed profile for any given root context (or any sub context), given some profiles.
      Only supported objects are transmitted
      Parameters:
      rootContexts - The root contexts to search rights for
      groups - The groups to test (a single group needs to match)
      profileIds - The ids of the profiles
      Returns:
      If the Set is empty, it means the group has no matching profile.
      If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for the group AND it can contains some other profiles that were not in the given profiles
    • getAllProfilesForAnonymousAndAnyConnectedUser

      Gets all contexts with stored profiles (allowed or denied) for anonymous or any connected user and for each, a description of the permissions.
      Returns:
      a map associating a context object to the stored profiles for each permission
    • getAllProfilesForUser

      Gets all contexts with stored profiles (allowed or denied) for the user and for each, a description of the permissions.
      Parameters:
      user - The user to get profiles for.
      Returns:
      The map of context with their assigned allowed/denied profiles
    • getAllProfilesForGroups

      Gets all contexts with stored profiles (allowed or denied) for the groups and for each, a description of the permissions. The permissions are grouped by group identity to be able to discriminate which group give what permissions.
      Parameters:
      groups - The group to get profiles for.
      Returns:
      The map of context with their assigned allowed/denied profiles grouped by group identity
    • getProfilesForAnonymousAndAnyConnectedUser

      Gets the allowed profiles any connected user has on the given object
      Parameters:
      object - The object
      Returns:
      a map containing allowed/denied profiles that anonymous and any connected user has on the given object
    • getProfilesForUsers

      Gets the users that have allowed profiles assigned on the given object
      Parameters:
      object - The object to test
      user - The user to get profiles for. Can be null to get profiles for all users that have rights
      Returns:
      The map of allowed users with their assigned allowed/denied profiles
    • getProfilesForGroups

      Gets the groups that have allowed profiles assigned on the given object
      Parameters:
      object - The object to test
      groups - The group to get profiles for. Can be null to get profiles for all groups that have rights
      Returns:
      The map of allowed/denied groups with their assigned profiles
    • isSupported

      boolean isSupported(Object object)
      Returns true if this profile storage supports the given object, i.e. if it is able to retrieve the allowed users/groups on that object
      Parameters:
      object - The object to test
      Returns:
      true if this profile storage supports the given object
    • isRootContextSupported

      boolean isRootContextSupported(Object rootContext)
      Returns true if this profile storage supports the given object as a root context i.e. it can seek any permission under this object
      Parameters:
      rootContext - The object to start searching
      Returns:
      true if this profile storage support this a as root context to search in
    • isInheritanceDisallowed

      Returns true if the inheritance of permissions is disallowed on the given object
      Parameters:
      object - The object to test
      Returns:
      true if the inheritance of permissions is disallowed on the given object