Package org.ametys.core.right

Class ProfileAssignmentStorageExtensionPoint

java.lang.Object
org.ametys.runtime.plugin.component.AbstractLogEnabled
org.ametys.runtime.plugin.component.AbstractThreadSafeComponentExtensionPoint<T>
org.ametys.runtime.plugin.component.AbstractThreadSafeComponentPrioritizableExtensionPoint<ProfileAssignmentStorage>
org.ametys.core.right.ProfileAssignmentStorageExtensionPoint
All Implemented Interfaces:
LogEnabled, ExtensionPoint<ProfileAssignmentStorage>, Disposable, Initializable, Component, Contextualizable, Serviceable, ThreadSafe
public class ProfileAssignmentStorageExtensionPoint extends AbstractThreadSafeComponentPrioritizableExtensionPoint<ProfileAssignmentStorage>
ExtensionPoint handling ProfileAssignmentStorages.

  • Field Details

    • ROLE

      public static final String ROLE
      Avalon Role

  • Constructor Details

  • Method Details

    • service

      public void service(ServiceManager manager) throws ServiceException
      Specified by:
      service in interface Serviceable
      Overrides:
      service in class AbstractThreadSafeComponentExtensionPoint<ProfileAssignmentStorage>
      Throws:
      ServiceException

    • initialize

      public void initialize() throws Exception
      Specified by:
      initialize in interface Initializable
      Overrides:
      initialize in class AbstractThreadSafeComponentExtensionPoint<ProfileAssignmentStorage>
      Throws:
      Exception

    • getPermissions

      public Map<String,AccessController.AccessResult> getPermissions(UserIdentity user, Set<GroupIdentity> userGroups, Set<String> profileIds, Object object)
      Gets the permissions a user has, given some groups and profiles, on an object.
      Parameters:
      user - The user
      userGroups - The groups
      profileIds - The ids of the profiles
      object - The object
      Returns:
      the permissions a user has, given some groups and profiles on an object.

    • getAllPermissions

      public Map<Object,Map<ProfileAssignmentStorageExtensionPoint.AccessResultInfo,Set<String>>> getAllPermissions(UserIdentity user, Set<GroupIdentity> userGroups)
      Get all permissions for a given user, including permission given by anonymous, any connected user, user's groups and user itself. I.e assignment targeting anonymous, any connected user, one of the provided group, or the user themselves
      Parameters:
      user - the user
      userGroups - the groups of the user
      Returns:
      a map associating each context with stored permission to the profile and permission assigned

    • hasUserAnyPermission

      public Set<String> hasUserAnyPermission(Set<? extends Object> rootContexts, UserIdentity user, Set<GroupIdentity> userGroups, Set<String> profileIds)
      Returns some profiles that are matching if the user has a permission on at least one object, given some groups and profiles
      Parameters:
      rootContexts - The root contexts object where to seek
      user - The user
      userGroups - The groups
      profileIds - The ids of the profiles
      Returns:
      If the Set is empty, it means any connected user has no matching profile.
      If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for anyconnected user AND it can contains some other profiles that were not in the given profiles

    • hasAnonymousAnyPermission

      public Set<String> hasAnonymousAnyPermission(Set<? extends Object> rootContexts, Set<String> profileIds)
      Returns some profiles that are matching if anybody has a permission on at least one object, given some profiles
      Parameters:
      rootContexts - The root contexts object where to seek
      profileIds - The ids of the profiles
      Returns:
      If the Set is empty, it means anonymous has no matching profile.
      If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for anonymous AND it can contains some other profiles that were not in the given profiles

    • hasAnyConnectedUserAnyPermission

      public Set<String> hasAnyConnectedUserAnyPermission(Set<? extends Object> rootContexts, Set<String> profileIds)
      Returns some profiles that are matching if any connected user has a permission on at least one object, given some profiles
      Parameters:
      rootContexts - The root contexts object where to seek
      profileIds - The ids of the profiles
      Returns:
      If the Set is empty, it means the user has no matching profile.
      If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for the user AND it can contains some other profiles that were not in the given profiles

    • getPermissionsByProfile

      public Map<String,AccessController.AccessResult> getPermissionsByProfile(UserIdentity user, Set<GroupIdentity> userGroups, Object object)
      Gets the permissions a user has on an object, for every profile in the application.
      Parameters:
      user - The user
      userGroups - The groups
      object - The object
      Returns:
      the permissions a user has on an object, for every profile in the application.

    • getPermissionForAnonymous

      public AccessController.AccessResult getPermissionForAnonymous(Set<String> profileIds, Object object)
      Gets the permissions for Anonymous for the given profiles
      Parameters:
      profileIds - The profiles to get permissions on
      object - The object
      Returns:
      the access result for each profile

    • getPermissionForAnyConnectedUser

      public AccessController.AccessResult getPermissionForAnyConnectedUser(Set<String> profileIds, Object object)
      Gets the permissions for Anonymous for the given profiles
      Parameters:
      profileIds - The profiles to get permissions on
      object - The object
      Returns:
      the access result for each profile

    • getPermissionsByUser

      public Map<UserIdentity,AccessController.AccessResult> getPermissionsByUser(Set<String> profileIds, Object object)
      Gets the permission by user only on an object, according to the given profiles. It does not take account of the groups of the user, etc.
      Parameters:
      profileIds - The ids of the profiles
      object - The object
      Returns:
      the permission by user only on an object, according to the given profiles

    • getPermissionsByGroup

      public Map<GroupIdentity,AccessController.AccessResult> getPermissionsByGroup(Set<String> profileIds, Object object)
      Gets the permission by group only on an object, according to the given profiles.
      Parameters:
      profileIds - The ids of the profiles
      object - The object
      Returns:
      the permission by group only on an object, according to the given profiles

    • getProfilesForAnonymousAndAnyConnectedUser

      public Map<ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys,Set<String>> getProfilesForAnonymousAndAnyConnectedUser(Object context)
      Gets the allowed profiles any connected user has on the given object
      Parameters:
      context - The object
      Returns:
      a map containing allowed/denied profiles that anonymous and any connected user has on the given object

    • getProfilesForUsers

      public Map<UserIdentity,Map<ProfileAssignmentStorage.UserOrGroup,Set<String>>> getProfilesForUsers(Object context, UserIdentity user)
      Gets the users that have allowed profiles assigned on the given object
      Parameters:
      context - The object to test
      user - The user to get profiles for. Can be null to get profiles for all users that have rights
      Returns:
      The map of allowed users with their assigned allowed/denied profiles

    • getProfilesForGroups

      public Map<GroupIdentity,Map<ProfileAssignmentStorage.UserOrGroup,Set<String>>> getProfilesForGroups(Object context, Set<GroupIdentity> groups)
      Gets the groups that have allowed profiles assigned on the given object
      Parameters:
      context - The object to test
      groups - The group to get profiles for. Can be null to get profiles for all groups that have rights
      Returns:
      The map of allowed/denied groups with their assigned profiles

    • allowProfileToAnyConnectedUser

      public void allowProfileToAnyConnectedUser(String profileId, Object context)
      Adds allowed profile any connected user has on the given object
      Parameters:
      context - The object context
      profileId - The profile to add

    • denyProfileToAnyConnectedUser

      public void denyProfileToAnyConnectedUser(String profileId, Object context)
      Adds denied profile any connected user has on the given object
      Parameters:
      profileId - The profile to add
      context - The object context

    • removeAllowedProfileFromAnyConnectedUser

      public void removeAllowedProfileFromAnyConnectedUser(String profileId, Object context)
      Removes allowed profile any connected user has on the given object
      Parameters:
      profileId - The profile to remove
      context - The object context

    • removeDeniedProfileFromAnyConnectedUser

      public void removeDeniedProfileFromAnyConnectedUser(String profileId, Object context)
      Removes denied profile any connected user has on the given object
      Parameters:
      context - The object context
      profileId - The profile to remove

    • allowProfileToAnonymous

      public void allowProfileToAnonymous(String profileId, Object context)
      Adds allowed profile an anonymous user has on the given object
      Parameters:
      profileId - The profile to add
      context - The object context

    • denyProfileToAnonymous

      public void denyProfileToAnonymous(String profileId, Object context)
      Adds denied profile an anonymous user has on the given object
      Parameters:
      profileId - The profile to add
      context - The object context

    • removeAllowedProfileFromAnonymous

      public void removeAllowedProfileFromAnonymous(String profileId, Object context)
      Removes allowed profile an anonymous user has on the given object
      Parameters:
      profileId - The profile to remove
      context - The object context

    • removeDeniedProfileFromAnonymous

      public void removeDeniedProfileFromAnonymous(String profileId, Object context)
      Removes denied profile an anonymous user has on the given object
      Parameters:
      context - The object context
      profileId - The profile to remove

    • allowProfileToUser

      public void allowProfileToUser(UserIdentity user, String profileId, Object context)
      Allows a user to a profile on a given object
      Parameters:
      user - The user to add
      profileId - The id of the profile
      context - The object context

    • denyProfileToUser

      public void denyProfileToUser(UserIdentity user, String profileId, Object context)
      Denies a user to a profile on a given object
      Parameters:
      user - The user to add
      profileId - The id of the profile
      context - The object context

    • removeAllowedProfileFromUser

      public void removeAllowedProfileFromUser(UserIdentity user, String profileId, Object context)
      Removes the association between a user and an allowed profile on a given object
      Parameters:
      user - The user to remove
      context - The object context
      profileId - The id of the profile

    • removeDeniedProfileFromUser

      public void removeDeniedProfileFromUser(UserIdentity user, String profileId, Object context)
      Removes the association between a user and a denied profile on a given object
      Parameters:
      user - The user to remove
      profileId - The id of the profile
      context - The object context

    • allowProfileToGroup

      public void allowProfileToGroup(GroupIdentity group, String profileId, Object context)
      Allows a group to a profile on a given object
      Parameters:
      group - The group to add
      profileId - The id of the profile
      context - The object context

    • denyProfileToGroup

      public void denyProfileToGroup(GroupIdentity group, String profileId, Object context)
      Denies a group to a profile on a given object
      Parameters:
      group - The group to add
      profileId - The id of the profile
      context - The object context

    • removeAllowedProfileFromGroup

      public void removeAllowedProfileFromGroup(GroupIdentity group, String profileId, Object context)
      Removes the association between a group and an allowed profile on a given object
      Parameters:
      group - The group to remove
      profileId - The id of the profile
      context - The object context

    • removeDeniedProfileFromGroup

      public void removeDeniedProfileFromGroup(GroupIdentity group, String profileId, Object context)
      Removes the association between a group and a denied profile on a given object
      Parameters:
      group - The group to remove
      profileId - The id of the profile
      context - The object context

    • isInheritanceDisallowed

      public boolean isInheritanceDisallowed(Object context)
      Determines if the inheritance of permissions is disallowed on a given context
      Parameters:
      context - The object context
      Returns:
      true if the inheritance is disallowed

    • disallowInheritance

      public void disallowInheritance(Object context, boolean disallow)
      Allow or disallow the inheritance of permissions on a given context
      Parameters:
      context - The object context
      disallow - true to disallow the inheritance