Class AbstractProfileStorageBasedAccessController
java.lang.Object
org.ametys.runtime.plugin.component.AbstractLogEnabled
org.ametys.plugins.core.impl.right.AbstractAccessController
org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
- All Implemented Interfaces:
AccessController
,LogEnabled
,PluginAware
,Initializable
,Component
,Serviceable
- Direct Known Subclasses:
AbstractHierarchicalWithPermissionContextAccessController
,LinkDirectoryAccessController
,ThesaurusAccessController
public abstract class AbstractProfileStorageBasedAccessController
extends AbstractAccessController
implements Serviceable, Initializable
This class delegates all it can to the profile assignment storage extension point
-
Nested Class Summary
Modifier and TypeClassDescriptionprotected static enum
The kind of cache to get/setprotected static class
Value class storing information describing how a permission was determinedNested classes/interfaces inherited from interface org.ametys.core.right.AccessController
AccessController.AccessResult
-
Field Summary
Modifier and TypeFieldDescriptionprotected static final UserIdentity
The instance of ObjectUserIdentity for anonymousprotected static final UserIdentity
The instance of ObjectUserIdentity for any connected userprotected AbstractCacheManager
Cache Managerprotected GroupManager
The group managerprotected ProfileAssignmentStorageExtensionPoint
The extension point for the profile assignment storagesprotected RightProfilesDAO
The right profile DAOFields inherited from class org.ametys.plugins.core.impl.right.AbstractAccessController
_id, _pluginName
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected AccessExplanation
Transform the permission details in an access explanationprotected Object
_convertContext
(Object initialContext) For methods getXXXXPermissionYYY allow to have a modification of the context before transfering it to the profile assignment storage extension point The default implemenation keep the context as it is_convertWorkspaceToRootRightContexts
(Set<Object> workspacesContexts) Get the current workspaces contexts and turn it into root contexts in order to allow methods hasXXXAnyPermissionOnWorkspace to workprotected AccessExplanation
_explainPermission
(UserIdentity user, Set<GroupIdentity> userGroups, Set<String> profilesIds, Object object, Object convertedObject) Works for explainPermission or explainReadAccessPermissionprotected AccessExplanation
_explainPermissionForAnonymous
(Set<String> profilesIds, Object object, Object convertedObject) protected AccessExplanation
_explainPermissionForAnyConnectedUser
(Set<String> profilesIds, Object object, Object convertedObject) protected abstract I18nizableText
_getObjectLabel
(Object object) Get the label describing the object that granted the right in the explanation.protected AccessController.AccessResult
_getPermission
(UserIdentity user, Set<GroupIdentity> userGroups, Set<String> profilesIds, Object object, Object convertedObject) Works for getPermission or getReadAccessPermissionprotected Map<GroupIdentity,
AccessController.AccessResult> _getPermissionByGroup
(Set<String> profilesIds, Object object, Object convertedObject) Works for getPermissionByGroup and getReadAccessPermissionByGroupprotected Map<UserIdentity,
AccessController.AccessResult> _getPermissionByUser
(Set<String> profilesIds, Object object, Object convertedObject) Works for getPermissionByUser and getReadAccessPermissionByUser_getPermissionDetails
(UserIdentity user, Set<GroupIdentity> groups, Set<String> profilesIds, Object object, Object convertedObject) Get the details of how a permission is granted or denied._getPermissionDetailsForAnonymous
(Set<String> profilesIds, Object object, Object convertedObject) Get the details of how a permission is granted or denied._getPermissionDetailsForAnyConnectedUser
(Set<String> profilesIds, Object object, Object convertedObject) Get the details of how a permission is granted or denied.protected AccessController.AccessResult
_getPermissionForAnonymous
(Set<String> profilesIds, Object object, Object convertedObject) Works for getPermissionForAnonymous and getReadAccessPermissionForAnonymousprotected AccessController.AccessResult
_getPermissionForAnyConnectedUser
(Set<String> profilesIds, Object object, Object convertedObject) Works for getPermissionForAnyConnectedUser and getReadAccessPermissionForAnyConnectedUserprotected Boolean
_hasRightResultInFirstCache
(UserIdentity userIdentity, Set<String> profilesIds, Object object) Seek in cacheprotected Object
_hasRightResultInSecondCache
(Object object, Set<String> profilesIds, AbstractProfileStorageBasedAccessController.CacheKind key) Seek in cacheprotected void
_putInFirstCache
(UserIdentity userIdentity, Set<String> profilesIds, Object object, boolean rightResult) Add to cacheprotected void
_putInSecondCache
(Set<String> profilesIds, Object object, Object result, AbstractProfileStorageBasedAccessController.CacheKind key) Add to cacheexplainPermission
(UserIdentity user, Set<GroupIdentity> groups, String rightId, Object object) Explain the permission for a user on the given right context.explainPermissionForAnonymous
(String rightId, Object object) Explain the permission for anonymous on the given right context.explainPermissionForAnyConnectedUser
(String rightId, Object object) Explain the permission for any connected user on the given right context.explainReadAccessPermission
(UserIdentity user, Set<GroupIdentity> groups, Object object) Explain the read access permission for a user on the given right context.Explain the read access permission for anonymous on the given right context.Explain the read access permission for any connected user on the given right context.getPermission
(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) Gets the kind of access a user has on an object for a given rightgetPermissionByGroup
(String rightId, Object object) Gets the permission by group only on an object for the given right.getPermissionByRight
(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Gets the kind of access a user has on an object for all rightsgetPermissionByUser
(String rightId, Object object) Gets the permission by user only on an object for the given right.getPermissionForAnonymous
(String rightId, Object object) Gets the permission for Anonymous only on an object for a given rightgetPermissionForAnyConnectedUser
(String rightId, Object object) Gets the permission for any connected user only on an object for a given rightgetReadAccessPermission
(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Gets the kind of access a user has on an object for thye read accessgetReadAccessPermissionByGroup
(Object object) Gets the read access permission by group only on an object.getReadAccessPermissionByUser
(Object object) Gets the read access permission by user only on an object.Gets the read access permission for Anonymous only on an objectGets the read access permission for any connected user only on an objectboolean
hasAnonymousAnyPermissionOnWorkspace
(Set<Object> workspacesContexts, String rightId) Returns true if anonymous has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.boolean
hasAnonymousAnyReadAccessPermissionOnWorkspace
(Set<Object> workspacesContexts) Returns true if anonymous has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.boolean
hasAnyConnectedUserAnyPermissionOnWorkspace
(Set<Object> workspacesContexts, String rightId) Returns true if any connected user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.boolean
hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace
(Set<Object> workspacesContexts) Returns true if any connected user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.boolean
hasUserAnyPermissionOnWorkspace
(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId) Returns true if the user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.boolean
hasUserAnyReadAccessPermissionOnWorkspace
(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups) Returns true if the user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.void
void
service
(ServiceManager manager) Methods inherited from class org.ametys.plugins.core.impl.right.AbstractAccessController
getId, getStandardAccessExplanation, setPluginInfo
Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled
getLogger, setLogger
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.ametys.core.right.AccessController
isSupported
-
Field Details
-
__ANONYMOUS_USER_IDENTITY
The instance of ObjectUserIdentity for anonymous -
__ANY_CONTECTED_USER_IDENTITY
The instance of ObjectUserIdentity for any connected user -
_profileAssignmentStorageEP
The extension point for the profile assignment storages -
_rightProfileDAO
The right profile DAO -
_cacheManager
Cache Manager -
_groupManager
The group manager
-
-
Constructor Details
-
AbstractProfileStorageBasedAccessController
-
-
Method Details
-
service
- Specified by:
service
in interfaceServiceable
- Throws:
ServiceException
-
initialize
- Specified by:
initialize
in interfaceInitializable
- Throws:
Exception
-
getPermissionByRight
public Map<String,AccessController.AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Description copied from interface:AccessController
Gets the kind of access a user has on an object for all rights- Specified by:
getPermissionByRight
in interfaceAccessController
- Parameters:
user
- The user. Cannot be null.userGroups
- The groups the user belongs toobject
- The context object to check the access- Returns:
- the kind of access a user has on an object for all rights
-
getPermission
public AccessController.AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) Description copied from interface:AccessController
Gets the kind of access a user has on an object for a given right- Specified by:
getPermission
in interfaceAccessController
- Parameters:
user
- The user. Cannot be null.userGroups
- The groups the user belongs torightId
- The id of the right of the userobject
- The context object to check the access- Returns:
- the kind of access a user has on an object for a right
-
getReadAccessPermission
public AccessController.AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Description copied from interface:AccessController
Gets the kind of access a user has on an object for thye read access- Specified by:
getReadAccessPermission
in interfaceAccessController
- Parameters:
user
- The user. Cannot be null.userGroups
- The groups the user belongs toobject
- The context object to check the access- Returns:
- the kind of access a user has on an object for the read access
-
_getPermission
protected AccessController.AccessResult _getPermission(UserIdentity user, Set<GroupIdentity> userGroups, Set<String> profilesIds, Object object, Object convertedObject) Works for getPermission or getReadAccessPermission- Parameters:
user
- The useuserGroups
- The groupsprofilesIds
- The profilesobject
- The original contextconvertedObject
- The converted context- Returns:
- the computed result
-
getPermissionForAnonymous
Description copied from interface:AccessController
Gets the permission for Anonymous only on an object for a given right- Specified by:
getPermissionForAnonymous
in interfaceAccessController
- Parameters:
rightId
- The id of the right to checkobject
- The object- Returns:
- the permission for Anonymous only on an object for a given right
-
getReadAccessPermissionForAnonymous
Description copied from interface:AccessController
Gets the read access permission for Anonymous only on an object- Specified by:
getReadAccessPermissionForAnonymous
in interfaceAccessController
- Parameters:
object
- The object- Returns:
- the read access permission for Anonymous only on an object
-
_getPermissionForAnonymous
protected AccessController.AccessResult _getPermissionForAnonymous(Set<String> profilesIds, Object object, Object convertedObject) Works for getPermissionForAnonymous and getReadAccessPermissionForAnonymous- Parameters:
profilesIds
- The profiles idsobject
- The contextconvertedObject
- The converted context- Returns:
- The access result
-
getPermissionForAnyConnectedUser
public AccessController.AccessResult getPermissionForAnyConnectedUser(String rightId, Object object) Description copied from interface:AccessController
Gets the permission for any connected user only on an object for a given right- Specified by:
getPermissionForAnyConnectedUser
in interfaceAccessController
- Parameters:
rightId
- The id of the right to checkobject
- The object- Returns:
- the permission for any connected user only on an object for a given right
-
getReadAccessPermissionForAnyConnectedUser
Description copied from interface:AccessController
Gets the read access permission for any connected user only on an object- Specified by:
getReadAccessPermissionForAnyConnectedUser
in interfaceAccessController
- Parameters:
object
- The object- Returns:
- the read access permission for any connected user only on an object
-
_getPermissionForAnyConnectedUser
protected AccessController.AccessResult _getPermissionForAnyConnectedUser(Set<String> profilesIds, Object object, Object convertedObject) Works for getPermissionForAnyConnectedUser and getReadAccessPermissionForAnyConnectedUser- Parameters:
profilesIds
- The profiles idsobject
- The contextconvertedObject
- The converted context- Returns:
- the access result
-
getPermissionByUser
public Map<UserIdentity,AccessController.AccessResult> getPermissionByUser(String rightId, Object object) Description copied from interface:AccessController
Gets the permission by user only on an object for the given right. It does not take account of the groups of the user, etc.- Specified by:
getPermissionByUser
in interfaceAccessController
- Parameters:
rightId
- The id of the right to checkobject
- The object- Returns:
- the permission by user only on an object for the given right
-
getReadAccessPermissionByUser
Description copied from interface:AccessController
Gets the read access permission by user only on an object. It does not take account of the groups of the user, etc.- Specified by:
getReadAccessPermissionByUser
in interfaceAccessController
- Parameters:
object
- The object- Returns:
- the read access permission by user only on an object
-
_getPermissionByUser
protected Map<UserIdentity,AccessController.AccessResult> _getPermissionByUser(Set<String> profilesIds, Object object, Object convertedObject) Works for getPermissionByUser and getReadAccessPermissionByUser- Parameters:
profilesIds
- The profiles idsobject
- The contextconvertedObject
- The converted context- Returns:
- The users and their access results
-
getPermissionByGroup
public Map<GroupIdentity,AccessController.AccessResult> getPermissionByGroup(String rightId, Object object) Description copied from interface:AccessController
Gets the permission by group only on an object for the given right.- Specified by:
getPermissionByGroup
in interfaceAccessController
- Parameters:
rightId
- The id of the right to checkobject
- The object- Returns:
- the permission by group only on an object for the given right
-
getReadAccessPermissionByGroup
public Map<GroupIdentity,AccessController.AccessResult> getReadAccessPermissionByGroup(Object object) Description copied from interface:AccessController
Gets the read access permission by group only on an object.- Specified by:
getReadAccessPermissionByGroup
in interfaceAccessController
- Parameters:
object
- The object- Returns:
- the read access permission by group only on an object
-
_getPermissionByGroup
protected Map<GroupIdentity,AccessController.AccessResult> _getPermissionByGroup(Set<String> profilesIds, Object object, Object convertedObject) Works for getPermissionByGroup and getReadAccessPermissionByGroup- Parameters:
profilesIds
- The profiles idsobject
- The contextconvertedObject
- The converted context- Returns:
- The users and their access results
-
_convertContext
For methods getXXXXPermissionYYY allow to have a modification of the context before transfering it to the profile assignment storage extension point The default implemenation keep the context as it is- Parameters:
initialContext
- The right context that is supported- Returns:
- the context modified
-
hasAnonymousAnyReadAccessPermissionOnWorkspace
Description copied from interface:AccessController
Returns true if anonymous has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasAnonymousAnyReadAccessPermissionOnWorkspace
in interfaceAccessController
- Parameters:
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}- Returns:
- true if anonymous has a permission on at least one object, directly or though groups, for a given right
-
hasAnonymousAnyPermissionOnWorkspace
Description copied from interface:AccessController
Returns true if anonymous has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasAnonymousAnyPermissionOnWorkspace
in interfaceAccessController
- Parameters:
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}rightId
- The id of the right to check- Returns:
- true if anonymous has a permission on at least one object, directly or though groups, for a given right
-
hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace
public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) Description copied from interface:AccessController
Returns true if any connected user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace
in interfaceAccessController
- Parameters:
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}- Returns:
- true if any connected user has a permission on at least one object, directly or though groups, for a given right
-
hasAnyConnectedUserAnyPermissionOnWorkspace
public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) Description copied from interface:AccessController
Returns true if any connected user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasAnyConnectedUserAnyPermissionOnWorkspace
in interfaceAccessController
- Parameters:
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}rightId
- The id of the right to check- Returns:
- true if any connected user has a permission on at least one object, directly or though groups, for a given right
-
hasUserAnyReadAccessPermissionOnWorkspace
public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups) Description copied from interface:AccessController
Returns true if the user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasUserAnyReadAccessPermissionOnWorkspace
in interfaceAccessController
- Parameters:
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}user
- The useruserGroups
- The groups- Returns:
- true if the user has a permission on at least one object, directly or though groups, for a given right
-
hasUserAnyPermissionOnWorkspace
public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId) Description copied from interface:AccessController
Returns true if the user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasUserAnyPermissionOnWorkspace
in interfaceAccessController
- Parameters:
workspacesContexts
- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}user
- The useruserGroups
- The groupsrightId
- The id of the right to check- Returns:
- true if the user has a permission on at least one object, directly or though groups, for a given right
-
_convertWorkspaceToRootRightContexts
protected abstract Set<? extends Object> _convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts) Get the current workspaces contexts and turn it into root contexts in order to allow methods hasXXXAnyPermissionOnWorkspace to work- Parameters:
workspacesContexts
- The workspace contexts. Such as '/${WorkspaceName}', '/admin'- Returns:
- A null or empty set if the current AccessController does not apply to any workspace context, or the root object where ProfileAssignmentStorageExtension should start looking at to find any permission
-
_hasRightResultInFirstCache
protected Boolean _hasRightResultInFirstCache(UserIdentity userIdentity, Set<String> profilesIds, Object object) Seek in cache- Parameters:
userIdentity
- The user identity or AbstractProfileStorageBasedAccessController.__ANONYMOUS_USER_IDENTITY or AbstractProfileStorageBasedAccessController.__ANY_CONTECTED_USER_IDENTITYprofilesIds
- The profiles identifiersobject
- The context- Returns:
- true or false if in cache. null otherwise
-
_putInFirstCache
protected void _putInFirstCache(UserIdentity userIdentity, Set<String> profilesIds, Object object, boolean rightResult) Add to cache- Parameters:
userIdentity
- The user identity or AbstractProfileStorageBasedAccessController.__ANONYMOUS_USER_IDENTITY or AbstractProfileStorageBasedAccessController.__ANY_CONTECTED_USER_IDENTITYprofilesIds
- The profiles identifiersobject
- The contextrightResult
- The cache value. true if hasXXX or false otherwise.
-
_hasRightResultInSecondCache
protected Object _hasRightResultInSecondCache(Object object, Set<String> profilesIds, AbstractProfileStorageBasedAccessController.CacheKind key) Seek in cache- Parameters:
object
- The contextprofilesIds
- The set of profile ids to considerkey
- The kind of cache to use- Returns:
- The cached result per group. null otherwise
-
_putInSecondCache
protected void _putInSecondCache(Set<String> profilesIds, Object object, Object result, AbstractProfileStorageBasedAccessController.CacheKind key) Add to cache- Parameters:
profilesIds
- The profiles ids to considerobject
- The contextresult
- The resultkey
- The kind of cache to use
-
explainReadAccessPermission
public AccessExplanation explainReadAccessPermission(UserIdentity user, Set<GroupIdentity> groups, Object object) Description copied from interface:AccessController
Explain the read access permission for a user on the given right context. The access result in the explanation MUST be the same value as the one returned byAccessController.getReadAccessPermission(UserIdentity, Set, Object)
. And the explanation should described the actual context that granted the right to allow final user to see if any context conversion happened- Specified by:
explainReadAccessPermission
in interfaceAccessController
- Overrides:
explainReadAccessPermission
in classAbstractAccessController
- Parameters:
user
- the user to testgroups
- the groups of the userobject
- the right context to test- Returns:
- an explanation of the access
-
explainPermission
public AccessExplanation explainPermission(UserIdentity user, Set<GroupIdentity> groups, String rightId, Object object) Description copied from interface:AccessController
Explain the permission for a user on the given right context. The access result in the explanation MUST be the same value as the one returned byAccessController.getPermission(UserIdentity, Set, String, Object)
. And the explanation should described the actual context that granted the right to allow final user to see if any context conversion happened- Specified by:
explainPermission
in interfaceAccessController
- Overrides:
explainPermission
in classAbstractAccessController
- Parameters:
user
- the user to testgroups
- the groups of the userrightId
- the right to testobject
- the right context to test- Returns:
- an explanation of the access
-
_explainPermission
protected AccessExplanation _explainPermission(UserIdentity user, Set<GroupIdentity> userGroups, Set<String> profilesIds, Object object, Object convertedObject) Works for explainPermission or explainReadAccessPermission- Parameters:
user
- The useuserGroups
- The groupsprofilesIds
- The profilesobject
- The original contextconvertedObject
- The converted context- Returns:
- the computed result
-
_getPermissionDetails
protected AbstractProfileStorageBasedAccessController.PermissionDetails _getPermissionDetails(UserIdentity user, Set<GroupIdentity> groups, Set<String> profilesIds, Object object, Object convertedObject) Get the details of how a permission is granted or denied.- Parameters:
user
- the user we want to determine permissiongroups
- the groups the groups the user belong to.profilesIds
- the profile we want to checkobject
- the object we are inspectingconvertedObject
- the converted context- Returns:
- the access result details
-
_buildExplanation
protected AccessExplanation _buildExplanation(AbstractProfileStorageBasedAccessController.PermissionDetails details) Transform the permission details in an access explanation- Parameters:
details
- the permission details- Returns:
- the computed access explanation
-
_getObjectLabel
Get the label describing the object that granted the right in the explanation.- Parameters:
object
- the object that granted the right- Returns:
- the label
- Throws:
RightsException
- when the object is not supported by the controller
-
explainReadAccessPermissionForAnyConnectedUser
Description copied from interface:AccessController
Explain the read access permission for any connected user on the given right context. The access result in the explanation MUST be the same value as the one returned byAccessController.getReadAccessPermissionForAnyConnectedUser(Object)
. And the explanation should described the actual context that granted the right to allow final user to see if any context conversion happened- Specified by:
explainReadAccessPermissionForAnyConnectedUser
in interfaceAccessController
- Overrides:
explainReadAccessPermissionForAnyConnectedUser
in classAbstractAccessController
- Parameters:
object
- the right context to test- Returns:
- an explanation of the access
-
explainPermissionForAnyConnectedUser
Description copied from interface:AccessController
Explain the permission for any connected user on the given right context. The access result in the explanation MUST be the same value as the one returned byAccessController.getPermissionForAnyConnectedUser(String, Object)
. And the explanation should described the actual context that granted the right to allow final user to see if any context conversion happened- Specified by:
explainPermissionForAnyConnectedUser
in interfaceAccessController
- Overrides:
explainPermissionForAnyConnectedUser
in classAbstractAccessController
- Parameters:
rightId
- the right to testobject
- the right context to test- Returns:
- an explanation of the access
-
_explainPermissionForAnyConnectedUser
protected AccessExplanation _explainPermissionForAnyConnectedUser(Set<String> profilesIds, Object object, Object convertedObject) Works forexplainPermissionForAnyConnectedUser(String, Object)
orexplainReadAccessPermissionForAnyConnectedUser(Object)
- Parameters:
profilesIds
- The profilesobject
- The original contextconvertedObject
- The converted context- Returns:
- the computed result
-
_getPermissionDetailsForAnyConnectedUser
protected AbstractProfileStorageBasedAccessController.PermissionDetails _getPermissionDetailsForAnyConnectedUser(Set<String> profilesIds, Object object, Object convertedObject) Get the details of how a permission is granted or denied.- Parameters:
profilesIds
- the profile we want to checkobject
- the object we are inspectingconvertedObject
- the converted context- Returns:
- the access result details
-
explainReadAccessPermissionForAnonymous
Description copied from interface:AccessController
Explain the read access permission for anonymous on the given right context. The access result in the explanation MUST be the same value as the one returned byAccessController.getReadAccessPermissionForAnonymous(Object)
. And the explanation should described the actual context that granted the right to allow final user to see if any context conversion happened- Specified by:
explainReadAccessPermissionForAnonymous
in interfaceAccessController
- Overrides:
explainReadAccessPermissionForAnonymous
in classAbstractAccessController
- Parameters:
object
- the right context to test- Returns:
- an explanation of the access
-
explainPermissionForAnonymous
Description copied from interface:AccessController
Explain the permission for anonymous on the given right context. The access result in the explanation MUST be the same value as the one returned byAccessController.getPermissionForAnonymous(String, Object)
. And the explanation should described the actual context that granted the right to allow final user to see if any context conversion happened- Specified by:
explainPermissionForAnonymous
in interfaceAccessController
- Overrides:
explainPermissionForAnonymous
in classAbstractAccessController
- Parameters:
rightId
- the right to testobject
- the right context to test- Returns:
- an explanation of the access
-
_explainPermissionForAnonymous
protected AccessExplanation _explainPermissionForAnonymous(Set<String> profilesIds, Object object, Object convertedObject) Works forexplainReadAccessPermissionForAnonymous(Object)
or_explainPermissionForAnonymous(Set, Object, Object)
- Parameters:
profilesIds
- The profilesobject
- The original contextconvertedObject
- The converted context- Returns:
- the computed result
-
_getPermissionDetailsForAnonymous
protected AbstractProfileStorageBasedAccessController.PermissionDetails _getPermissionDetailsForAnonymous(Set<String> profilesIds, Object object, Object convertedObject) Get the details of how a permission is granted or denied.- Parameters:
profilesIds
- the profile we want to checkobject
- the object we are inspectingconvertedObject
- the converted context- Returns:
- the access result details
-