Package org.ametys.core.right

Class RightManager

java.lang.Object

org.ametys.runtime.plugin.component.AbstractLogEnabled

org.ametys.core.right.RightManager

All Implemented Interfaces:

LogEnabled, Initializable, Component, Configurable, Contextualizable, Serviceable, ThreadSafe

public class RightManager
extends AbstractLogEnabled
implements Serviceable, Configurable, ThreadSafe, Component, Contextualizable, Initializable

Abstraction for testing a right associated with a resource and a user from a single source.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	RightManager.RightResult	Enumeration of all possible values returned by hasRight(user, right, context)

Field Summary

Fields

Modifier and Type	Field	Description
protected static final UserIdentity	__ANONYMOUS_USER_IDENTITY	The instance of ObjectUserIdentity for anonymous
protected static final UserIdentity	__ANY_CONNECTED_USER_IDENTITY	The instance of ObjectUserIdentity for any connected user
protected AccessControllerExtensionPoint	_accessControllerEP	The extension point for Access Controllers
protected AbstractCacheManager	_cacheManager	Cache Manager
protected CurrentUserProvider	_currentUserProvider	The current user provider
protected GroupDirectoryDAO	_groupDirectoryDAO	The DAO for group directories
protected GroupManager	_groupManager	The group manager
protected ServiceManager	_manager	Avalon ServiceManager
protected RightProfilesDAO	_profilesDAO	The rights DAO
protected SourceResolver	_resolver	Avalon SourceResolver
protected RightContextConvertorExtensionPoint	_rightContextConvertorEP	The extension point for the Right Context Convertors
protected RightsExtensionPoint	_rightsEP	The rights' list container
protected UserManager	_userManager	The user manager
protected UserPopulationDAO	_userPopulationDAO	The DAO for user populations
static final String	READER_PROFILE_ID	The id of the READER profile
static final String	ROLE	For avalon service manager

Constructor Summary

Constructors

Constructor	Description
RightManager()

Method Summary

Modifier and Type	Method	Description
protected RightProfilesDAO	_getProfileDAO()	Returns the DAO for profiles
void	addExternalRight(String id, String label, String description, String category)	Add a right to the right EP
void	clearCaches()	clear all caches related to RightManager and AccesControllers
void	configure(Configuration configuration)
void	contextualize(Context context)
boolean	currentUserHasReadAccess(Object object)	Returns true if the current user has READ access on the given object
RightManager.RightResult	currentUserHasRight(String rightId, Object object)	Checks a permission for the current logged user, on a given object (or context). If null, it checks if there is at least one object with this permission
List<AccessExplanation>	explain(UserIdentity userIdentity, String rightId, Object object)	Explain why a given user has a right on a context.
AllowedUsers	getAllowedUsers(String rightId, Object object)	Get the list of users that have a particular right in a particular context.
Map<AccessController.ExplanationObject,Map<AccessController.Permission,List<AccessExplanation>>>	getAllPermissions(UserIdentity userIdentity)	Get all the permissions that concern a given user.
List<String>	getExternalRightIds()	Getter for external rights ids
AllowedUsers	getReadAccessAllowedUsers(Object object)	Get the users with a READ access on given object
Set<String>	getUserRights(UserIdentity userIdentity, Object object)	Get the list of rights a user is allowed, on a particular object.
boolean	hasAnonymousReadAccess(Object object)	Returns true if the object is not restricted, i.e.
RightManager.RightResult	hasAnonymousRight(String rightId, Object object)	Gets the right result for anonymous with given right on given object context
boolean	hasAnyConnectedUserReadAccess(Object object)	Returns true if any connected user has READ access allowed on the object
RightManager.RightResult	hasAnyConnectedUserRight(String rightId, Object object)	Gets the right result for any connected user with given profile on given object context
boolean	hasReadAccess(UserIdentity userIdentity, Object object)	Returns true if the given user has READ access on the given object
RightManager.RightResult	hasRight(UserIdentity userIdentity, String rightId, Object object)	Checks a permission for a user, on a given object (or context). If null, it checks if there is at least one object with this permission
void	initialize()
void	removeExternalRight(String id)	Remove the right from the rightEP
void	service(ServiceManager manager)

Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled

getLogger, setLogger

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

ROLE

public static final String ROLE

For avalon service manager

READER_PROFILE_ID

public static final String READER_PROFILE_ID

The id of the READER profile

See Also:

• Constant Field Values

__ANONYMOUS_USER_IDENTITY

protected static final UserIdentity __ANONYMOUS_USER_IDENTITY

The instance of ObjectUserIdentity for anonymous

__ANY_CONNECTED_USER_IDENTITY

protected static final UserIdentity __ANY_CONNECTED_USER_IDENTITY

The instance of ObjectUserIdentity for any connected user

_manager

protected ServiceManager _manager

Avalon ServiceManager

_resolver

protected SourceResolver _resolver

Avalon SourceResolver

_rightsEP

protected RightsExtensionPoint _rightsEP

The rights' list container

_rightContextConvertorEP

protected RightContextConvertorExtensionPoint _rightContextConvertorEP

The extension point for the Right Context Convertors

_accessControllerEP

protected AccessControllerExtensionPoint _accessControllerEP

The extension point for Access Controllers

_userManager

protected UserManager _userManager

The user manager

_groupManager

protected GroupManager _groupManager

The group manager

_userPopulationDAO

protected UserPopulationDAO _userPopulationDAO

The DAO for user populations

_groupDirectoryDAO

protected GroupDirectoryDAO _groupDirectoryDAO

The DAO for group directories

_currentUserProvider

protected CurrentUserProvider _currentUserProvider

The current user provider

_profilesDAO

protected RightProfilesDAO _profilesDAO

The rights DAO

_cacheManager

protected AbstractCacheManager _cacheManager

Cache Manager

Constructor Details

RightManager

public RightManager()

Method Details

contextualize

public void contextualize(Context context)
                   throws ContextException

Specified by:

contextualize in interface Contextualizable

Throws:

ContextException

service

public void service(ServiceManager manager)
             throws ServiceException

Specified by:

service in interface Serviceable

Throws:

ServiceException

initialize

public void initialize()
                throws Exception

Specified by:

initialize in interface Initializable

Throws:

Exception

_getProfileDAO

protected RightProfilesDAO _getProfileDAO()

Returns the DAO for profiles

Returns:

The DAO

configure

public void configure(Configuration configuration)
               throws ConfigurationException

Specified by:

configure in interface Configurable

Throws:

ConfigurationException

getExternalRightIds

public List<String> getExternalRightIds()

Getter for external rights ids

Returns:

a list of all the rights' ids from rights.xml file

addExternalRight

public void addExternalRight(String id,
 String label,
 String description,
 String category)

Add a right to the right EP

Parameters:

id - the id for the new right

label - the label for the new right

description - the description for the new right

category - the category for the new right

removeExternalRight

public void removeExternalRight(String id)

Remove the right from the rightEP

Parameters:

id - the right to delete's id

currentUserHasRight

public RightManager.RightResult currentUserHasRight(String rightId,
 Object object)
                                             throws RightsException

Checks a permission for the current logged user, on a given object (or context).
If null, it checks if there is at least one object with this permission

Parameters:

rightId - The name of the right to check. Cannot be null.

object - The object to check the right. Can be null to search on any object.

Returns:

RightManager.RightResult.RIGHT_ALLOW, RightManager.RightResult.RIGHT_DENY or RightManager.RightResult.RIGHT_UNKNOWN

Throws:

RightsException - if an error occurs.

hasRight

public RightManager.RightResult hasRight(UserIdentity userIdentity,
 String rightId,
 Object object)
                                  throws RightsException

Checks a permission for a user, on a given object (or context).
If null, it checks if there is at least one object with this permission

Parameters:

userIdentity - The user identity. Can be null for anonymous

rightId - The name of the right to check. Cannot be null.

object - The object to check the right. Can be null to search on any object.

Returns:

RightManager.RightResult.RIGHT_ALLOW, RightManager.RightResult.RIGHT_DENY or RightManager.RightResult.RIGHT_UNKNOWN

Throws:

RightsException - if an error occurs.

hasAnonymousRight

public RightManager.RightResult hasAnonymousRight(String rightId,
 Object object)

Gets the right result for anonymous with given right on given object context

Parameters:

rightId - The id of the right

object - The object to check

Returns:

the right result for anonymous with given profile on given object context

hasAnyConnectedUserRight

public RightManager.RightResult hasAnyConnectedUserRight(String rightId,
 Object object)

Gets the right result for any connected user with given profile on given object context

Parameters:

rightId - The right id to test

object - The object to check

Returns:

the right result for any connected user with given profile on given object context

currentUserHasReadAccess

public boolean currentUserHasReadAccess(Object object)

Returns true if the current user has READ access on the given object

Parameters:

object - The object to check the right. Can be null to search on any object.

Returns:

true if the given user has READ access on the given object

hasReadAccess

public boolean hasReadAccess(UserIdentity userIdentity,
 Object object)

Returns true if the given user has READ access on the given object

Parameters:

userIdentity - The user identity. Cannot be null.

object - The object to check the right. Can be null to search on any object.

Returns:

true if the given user has READ access on the given object

hasAnonymousReadAccess

public boolean hasAnonymousReadAccess(Object object)

Returns true if the object is not restricted, i.e. an anonymous user has READ access (is allowed) on the object

Parameters:

object - The object to check. Cannot be null

Returns:

true if the object is restricted, i.e. an anonymous user has READ access (is allowed) on the object

hasAnyConnectedUserReadAccess

public boolean hasAnyConnectedUserReadAccess(Object object)

Returns true if any connected user has READ access allowed on the object

Parameters:

object - The object to check. Cannot be null

Returns:

true if any connected user has READ access allowed on the object

getAllowedUsers

public AllowedUsers getAllowedUsers(String rightId,
 Object object)

Get the list of users that have a particular right in a particular context.

Parameters:

rightId - The name of the right to check. Cannot be null.

object - The object to check the right. Cannot be null.

Returns:

The list of users allowed with that right as a Set of String (user identities).

Throws:

RightsException - if an error occurs.

getReadAccessAllowedUsers

public AllowedUsers getReadAccessAllowedUsers(Object object)

Get the users with a READ access on given object

Parameters:

object - The object

Returns:

The representation of allowed users

getUserRights

public Set<String> getUserRights(UserIdentity userIdentity,
 Object object)
                          throws RightsException

Get the list of rights a user is allowed, on a particular object.

Parameters:

userIdentity - the user identity. Cannot be null.

object - The object to check the right. Cannot be null.

Returns:

The list of rights as a Set of String (id).

Throws:

RightsException - if an error occurs.

clearCaches

public void clearCaches()

clear all caches related to RightManager and AccesControllers

explain

public List<AccessExplanation> explain(UserIdentity userIdentity,
 String rightId,
 Object object)

Explain why a given user has a right on a context. This method will return the explanations provided by every supporting access controller. Merging the access result of every explanation will return the same result as the _hasRight(UserIdentity, String, Object) method.

Parameters:

userIdentity - the user identity or null for anonymous

rightId - the right to explain or null for read right.

object - the object to check right on. Can't be null.

Returns:

the list of explanation.

getAllPermissions

public Map<AccessController.ExplanationObject,Map<AccessController.Permission,List<AccessExplanation>>> getAllPermissions(UserIdentity userIdentity)

Get all the permissions that concern a given user. The permissions are organized by object context and are paired with a list of explanation returned by the AccessController that granted the permission.

Parameters:

userIdentity - the user identity

Returns:

all the permissions of a user.