Class ThesaurusAccessController
java.lang.Object
org.ametys.runtime.plugin.component.AbstractLogEnabled
org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
org.ametys.plugins.thesaurus.right.ThesaurusAccessController
- All Implemented Interfaces:
AccessController,LogEnabled,PluginAware,Initializable,Contextualizable,Serviceable
public class ThesaurusAccessController
extends AbstractProfileStorageBasedAccessController
implements Contextualizable
AccessController for a thesaurus objects. The rights are checked on '/cms' context.
Read access is allowed to any connected user.-
Nested Class Summary
Nested classes/interfaces inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
AbstractProfileStorageBasedAccessController.CacheKind, AbstractProfileStorageBasedAccessController.PermissionDetailsNested classes/interfaces inherited from interface org.ametys.core.right.AccessController
AccessController.AccessResult, AccessController.ExplanationObject, AccessController.Permission -
Field Summary
FieldsFields inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
__ANONYMOUS_USER_IDENTITY, __ANY_CONTECTED_USER_IDENTITY, _cacheManager, _groupManager, _profileAssignmentStorageEP, _rightProfileDAO -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected Object_convertContext(Object initialContext) For methods getXXXXPermissionYYY allow to have a modification of the context before transferring it to the profile assignment storage extension point The default implemenation keep the context as it isprotected String_convertRightId(String rightId) Convert the asked right id to the real right to check_convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts) Get the current workspaces contexts and turn it into root contexts in order to allow methods hasXXXAnyPermissionOnWorkspace to workprotected Map<String,I18nizableTextParameter> Get the i18n parameters for the explanation labelprotected I18nizableTextGet the i18n text for the explanation based on the provided detailsprotected boolean_isSupportedStoredContext(Object storedObject) Determine if a stored context is handled by this controller.voidcontextualize(Context context) explainAllPermissions(UserIdentity identity, Set<GroupIdentity> groups) GetAccessExplanationfor each permission given to the user by this access controller.explainPermission(UserIdentity user, Set<GroupIdentity> groups, String rightId, Object object) Explain the permission for a user on the given object.explainPermissionForAnonymous(String rightId, Object object) Explain the permission for anonymous on the given object.explainPermissionForAnyConnectedUser(String rightId, Object object) Explain the permission for any connected user on the given object.explainReadAccessPermission(UserIdentity user, Set<GroupIdentity> groups, Object object) Explain the read access permission for a user on the given object.Explain the read access permission for anonymous on the given object.Explain the read access permission for any connected user on the given object.getObjectCategory(Object object) Get a label classifying the object handled by this access controllergetObjectLabel(Object object) Get a label describing the object handled by this access controllerprotected I18nizableTextgetObjectLabelForExplanation(Object object) Get the label describing the object in the explanation sentence.intgetObjectPriority(Object object) Get the priority of the object to order it in its categorygetPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) Gets the kind of access a user has on an object for a given rightgetPermissionByGroup(String rightId, Object object) Gets the permission by group only on an object for the given right.getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Gets the kind of access a user has on an object for all rightsgetPermissionByUser(String rightId, Object object) Gets the permission by user only on an object for the given right.getPermissionForAnonymous(String rightId, Object object) Gets the permission for Anonymous only on an object for a given rightgetPermissionForAnyConnectedUser(String rightId, Object object) Gets the permission for any connected user only on an object for a given rightgetReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Gets the kind of access a user has on an object for thye read accessgetReadAccessPermissionByGroup(Object object) Gets the read access permission by group only on an object.getReadAccessPermissionByUser(Object object) Gets the read access permission by user only on an object.Gets the read access permission for Anonymous only on an objectGets the read access permission for any connected user only on an objectbooleanisSupported(Object object) Returns true if this access controller supports the given objectvoidservice(ServiceManager manager) Methods inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController
_buildExplanation, _explainPermission, _explainPermissionForAnonymous, _explainPermissionForAnyConnectedUser, _getAccessExplanationI18nKey, _getPermission, _getPermissionByGroup, _getPermissionByUser, _getPermissionDetails, _getPermissionDetailsForAnonymous, _getPermissionDetailsForAnyConnectedUser, _getPermissionForAnonymous, _getPermissionForAnyConnectedUser, _hasRightResultInFirstCache, _hasRightResultInSecondCache, _putInFirstCache, _putInSecondCache, _unconvertContext, getId, hasAnonymousAnyPermissionOnWorkspace, hasAnonymousAnyReadAccessPermissionOnWorkspace, hasAnyConnectedUserAnyPermissionOnWorkspace, hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace, hasUserAnyPermissionOnWorkspace, hasUserAnyReadAccessPermissionOnWorkspace, initialize, setPluginInfoMethods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled
getLogger, setLoggerMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.ametys.core.right.AccessController
getExplanationObject, getStandardAccessExplanation
-
Field Details
-
_rightEP
The right extension point
-
-
Constructor Details
-
ThesaurusAccessController
public ThesaurusAccessController()
-
-
Method Details
-
service
- Specified by:
servicein interfaceServiceable- Overrides:
servicein classAbstractProfileStorageBasedAccessController- Throws:
ServiceException
-
contextualize
- Specified by:
contextualizein interfaceContextualizable- Throws:
ContextException
-
isSupported
Description copied from interface:AccessControllerReturns true if this access controller supports the given object- Specified by:
isSupportedin interfaceAccessController- Parameters:
object- The object to test- Returns:
- true if this access controller supports the given object
-
_convertContext
Description copied from class:AbstractProfileStorageBasedAccessControllerFor methods getXXXXPermissionYYY allow to have a modification of the context before transferring it to the profile assignment storage extension point The default implemenation keep the context as it is- Overrides:
_convertContextin classAbstractProfileStorageBasedAccessController- Parameters:
initialContext- The right context that is supported- Returns:
- the context modified
-
_convertRightId
Convert the asked right id to the real right to check- Parameters:
rightId- The asked right id- Returns:
- the right to check
-
getPermission
public AccessController.AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) Description copied from interface:AccessControllerGets the kind of access a user has on an object for a given right- Specified by:
getPermissionin interfaceAccessController- Overrides:
getPermissionin classAbstractProfileStorageBasedAccessController- Parameters:
user- The user. Cannot be null.userGroups- The groups the user belongs torightId- The id of the right of the userobject- The context object to check the access- Returns:
- the kind of access a user has on an object for a right
-
explainPermission
public AccessExplanation explainPermission(UserIdentity user, Set<GroupIdentity> groups, String rightId, Object object) Description copied from interface:AccessControllerExplain the permission for a user on the given object. The access result in the explanation MUST be the same value as the one returned byAccessController.getPermission(UserIdentity, Set, String, Object). And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened- Specified by:
explainPermissionin interfaceAccessController- Overrides:
explainPermissionin classAbstractProfileStorageBasedAccessController- Parameters:
user- the user to testgroups- the groups of the userrightId- the right to testobject- the object to test- Returns:
- an explanation of the access
-
_getExplanationI18nText
protected I18nizableText _getExplanationI18nText(AbstractProfileStorageBasedAccessController.PermissionDetails details) Description copied from class:AbstractProfileStorageBasedAccessControllerGet the i18n text for the explanation based on the provided details- Overrides:
_getExplanationI18nTextin classAbstractProfileStorageBasedAccessController- Parameters:
details- the permission details- Returns:
- the explanation
-
_getExplanationI18nParams
protected Map<String,I18nizableTextParameter> _getExplanationI18nParams(AbstractProfileStorageBasedAccessController.PermissionDetails details) Description copied from class:AbstractProfileStorageBasedAccessControllerGet the i18n parameters for the explanation label- Overrides:
_getExplanationI18nParamsin classAbstractProfileStorageBasedAccessController- Parameters:
details- the permission details- Returns:
- the map of parameters
-
getObjectLabelForExplanation
Description copied from class:AbstractProfileStorageBasedAccessControllerGet the label describing the object in the explanation sentence.- Overrides:
getObjectLabelForExplanationin classAbstractProfileStorageBasedAccessController- Parameters:
object- the object that granted the right- Returns:
- the label
- Throws:
RightsException- when the object is not supported by the controller
-
getReadAccessPermission
public AccessController.AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Description copied from interface:AccessControllerGets the kind of access a user has on an object for thye read access- Specified by:
getReadAccessPermissionin interfaceAccessController- Overrides:
getReadAccessPermissionin classAbstractProfileStorageBasedAccessController- Parameters:
user- The user. Cannot be null.userGroups- The groups the user belongs toobject- The context object to check the access- Returns:
- the kind of access a user has on an object for the read access
-
explainReadAccessPermission
public AccessExplanation explainReadAccessPermission(UserIdentity user, Set<GroupIdentity> groups, Object object) Description copied from interface:AccessControllerExplain the read access permission for a user on the given object. The access result in the explanation MUST be the same value as the one returned byAccessController.getReadAccessPermission(UserIdentity, Set, Object). And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened- Specified by:
explainReadAccessPermissionin interfaceAccessController- Overrides:
explainReadAccessPermissionin classAbstractProfileStorageBasedAccessController- Parameters:
user- the user to testgroups- the groups of the userobject- the object to test- Returns:
- an explanation of the access
-
getPermissionByRight
public Map<String,AccessController.AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Description copied from interface:AccessControllerGets the kind of access a user has on an object for all rights- Specified by:
getPermissionByRightin interfaceAccessController- Overrides:
getPermissionByRightin classAbstractProfileStorageBasedAccessController- Parameters:
user- The user. Cannot be null.userGroups- The groups the user belongs toobject- The context object to check the access- Returns:
- the kind of access a user has on an object for all rights
-
getPermissionForAnonymous
Description copied from interface:AccessControllerGets the permission for Anonymous only on an object for a given right- Specified by:
getPermissionForAnonymousin interfaceAccessController- Overrides:
getPermissionForAnonymousin classAbstractProfileStorageBasedAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission for Anonymous only on an object for a given right
-
explainPermissionForAnonymous
Description copied from interface:AccessControllerExplain the permission for anonymous on the given object. The access result in the explanation MUST be the same value as the one returned byAccessController.getPermissionForAnonymous(String, Object). And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened- Specified by:
explainPermissionForAnonymousin interfaceAccessController- Overrides:
explainPermissionForAnonymousin classAbstractProfileStorageBasedAccessController- Parameters:
rightId- the right to testobject- the object to test- Returns:
- an explanation of the access
-
getReadAccessPermissionForAnonymous
Description copied from interface:AccessControllerGets the read access permission for Anonymous only on an object- Specified by:
getReadAccessPermissionForAnonymousin interfaceAccessController- Overrides:
getReadAccessPermissionForAnonymousin classAbstractProfileStorageBasedAccessController- Parameters:
object- The object- Returns:
- the read access permission for Anonymous only on an object
-
explainReadAccessPermissionForAnonymous
Description copied from interface:AccessControllerExplain the read access permission for anonymous on the given object. The access result in the explanation MUST be the same value as the one returned byAccessController.getReadAccessPermissionForAnonymous(Object). And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened- Specified by:
explainReadAccessPermissionForAnonymousin interfaceAccessController- Overrides:
explainReadAccessPermissionForAnonymousin classAbstractProfileStorageBasedAccessController- Parameters:
object- the object to test- Returns:
- an explanation of the access
-
getPermissionForAnyConnectedUser
public AccessController.AccessResult getPermissionForAnyConnectedUser(String rightId, Object object) Description copied from interface:AccessControllerGets the permission for any connected user only on an object for a given right- Specified by:
getPermissionForAnyConnectedUserin interfaceAccessController- Overrides:
getPermissionForAnyConnectedUserin classAbstractProfileStorageBasedAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission for any connected user only on an object for a given right
-
explainPermissionForAnyConnectedUser
Description copied from interface:AccessControllerExplain the permission for any connected user on the given object. The access result in the explanation MUST be the same value as the one returned byAccessController.getPermissionForAnyConnectedUser(String, Object). And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened- Specified by:
explainPermissionForAnyConnectedUserin interfaceAccessController- Overrides:
explainPermissionForAnyConnectedUserin classAbstractProfileStorageBasedAccessController- Parameters:
rightId- the right to testobject- the object to test- Returns:
- an explanation of the access
-
getReadAccessPermissionForAnyConnectedUser
Description copied from interface:AccessControllerGets the read access permission for any connected user only on an object- Specified by:
getReadAccessPermissionForAnyConnectedUserin interfaceAccessController- Overrides:
getReadAccessPermissionForAnyConnectedUserin classAbstractProfileStorageBasedAccessController- Parameters:
object- The object- Returns:
- the read access permission for any connected user only on an object
-
explainReadAccessPermissionForAnyConnectedUser
Description copied from interface:AccessControllerExplain the read access permission for any connected user on the given object. The access result in the explanation MUST be the same value as the one returned byAccessController.getReadAccessPermissionForAnyConnectedUser(Object). And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened- Specified by:
explainReadAccessPermissionForAnyConnectedUserin interfaceAccessController- Overrides:
explainReadAccessPermissionForAnyConnectedUserin classAbstractProfileStorageBasedAccessController- Parameters:
object- the object to test- Returns:
- an explanation of the access
-
getPermissionByUser
public Map<UserIdentity,AccessController.AccessResult> getPermissionByUser(String rightId, Object object) Description copied from interface:AccessControllerGets the permission by user only on an object for the given right. It does not take account of the groups of the user, etc.- Specified by:
getPermissionByUserin interfaceAccessController- Overrides:
getPermissionByUserin classAbstractProfileStorageBasedAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission by user only on an object for the given right
-
getReadAccessPermissionByGroup
public Map<GroupIdentity,AccessController.AccessResult> getReadAccessPermissionByGroup(Object object) Description copied from interface:AccessControllerGets the read access permission by group only on an object.- Specified by:
getReadAccessPermissionByGroupin interfaceAccessController- Overrides:
getReadAccessPermissionByGroupin classAbstractProfileStorageBasedAccessController- Parameters:
object- The object- Returns:
- the read access permission by group only on an object
-
getReadAccessPermissionByUser
Description copied from interface:AccessControllerGets the read access permission by user only on an object. It does not take account of the groups of the user, etc.- Specified by:
getReadAccessPermissionByUserin interfaceAccessController- Overrides:
getReadAccessPermissionByUserin classAbstractProfileStorageBasedAccessController- Parameters:
object- The object- Returns:
- the read access permission by user only on an object
-
getPermissionByGroup
public Map<GroupIdentity,AccessController.AccessResult> getPermissionByGroup(String rightId, Object object) Description copied from interface:AccessControllerGets the permission by group only on an object for the given right.- Specified by:
getPermissionByGroupin interfaceAccessController- Overrides:
getPermissionByGroupin classAbstractProfileStorageBasedAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission by group only on an object for the given right
-
_convertWorkspaceToRootRightContexts
protected Set<? extends Object> _convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts) Description copied from class:AbstractProfileStorageBasedAccessControllerGet the current workspaces contexts and turn it into root contexts in order to allow methods hasXXXAnyPermissionOnWorkspace to work- Specified by:
_convertWorkspaceToRootRightContextsin classAbstractProfileStorageBasedAccessController- Parameters:
workspacesContexts- The workspace contexts. Such as '/${WorkspaceName}', '/admin'- Returns:
- A null or empty set if the current AccessController does not apply to any workspace context, or the root object where ProfileAssignmentStorageExtension should start looking at to find any permission
-
explainAllPermissions
public Map<AccessController.ExplanationObject,Map<AccessController.Permission, explainAllPermissionsAccessExplanation>> (UserIdentity identity, Set<GroupIdentity> groups) Description copied from interface:AccessControllerGetAccessExplanationfor each permission given to the user by this access controller. Returns a pair of permission/access explanation for each object with a granted or denied permission to this user by this access controller. Each explanation should be equivalent to calling theAccessController.explainPermission(UserIdentity, Set, String, Object)orAccessController.explainReadAccessPermission(UserIdentity, Set, Object)for the user, on the object with the corresponding right- Specified by:
explainAllPermissionsin interfaceAccessController- Overrides:
explainAllPermissionsin classAbstractProfileStorageBasedAccessController- Parameters:
identity- the user identitygroups- the groups the user belongs to.- Returns:
- all the user's permissions handled by this controller
-
_isSupportedStoredContext
Description copied from class:AbstractProfileStorageBasedAccessControllerDetermine if a stored context is handled by this controller. Default implementation returns the result ofAccessController.isSupported(Object)as no conversion is done by default on object context before storage (seeAbstractProfileStorageBasedAccessController._convertContext(Object))- Overrides:
_isSupportedStoredContextin classAbstractProfileStorageBasedAccessController- Parameters:
storedObject- a stored object- Returns:
- true if the context is supported
-
getObjectLabel
Description copied from interface:AccessControllerGet a label describing the object handled by this access controller- Specified by:
getObjectLabelin interfaceAccessController- Parameters:
object- the object- Returns:
- the label
- Throws:
RightsException
-
getObjectCategory
Description copied from interface:AccessControllerGet a label classifying the object handled by this access controller- Specified by:
getObjectCategoryin interfaceAccessController- Parameters:
object- the object- Returns:
- the label
-
getObjectPriority
Description copied from interface:AccessControllerGet the priority of the object to order it in its category- Specified by:
getObjectPriorityin interfaceAccessController- Parameters:
object- the object- Returns:
- the priority
-