Package org.ametys.core.right

Interface ProfileAssignmentStorage

All Superinterfaces:
Prioritizable, Supporter<Object>
All Known Subinterfaces:
ModifiableProfileAssignmentStorage
All Known Implementing Classes:
ACLAmetysObjectProfileAssignmentStorage, JdbcProfileAssignmentStorage, ModifiableACLAmetysObjectProfileAssignmentStorage
public interface ProfileAssignmentStorage extends Prioritizable, Supporter<Object>
This interface is for read-only profile assignments storage

  • Field Details

  • Method Details

    • hasAnonymousAnyAllowedProfile

      Set<String> hasAnonymousAnyAllowedProfile(Set<? extends Object> rootContexts, Set<String> profileIds)
      Returns some profiles that are matching if anonymous user has the allowed profile for any given root context (or any sub context), given some profiles.
      Only supported objects are transmitted
      Parameters:
      rootContexts - The root contexts to search rights for
      profileIds - The ids of the profiles
      Returns:
      If the Set is empty, it means anonymous has no matching profile.
      If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for anonymous AND it can contains some other profiles that were not in the given profiles

    • hasAnyConnectedAnyAllowedProfile

      Set<String> hasAnyConnectedAnyAllowedProfile(Set<? extends Object> rootContexts, Set<String> profileIds)
      Returns some profiles that are matching if any connected user has the allowed profile for any given root context (or any sub context), given some profiles.
      Only supported objects are transmitted
      Parameters:
      rootContexts - The root contexts to search rights for
      profileIds - The ids of the profiles
      Returns:
      If the Set is empty, it means the user has no matching profile.
      If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for the user AND it can contains some other profiles that were not in the given profiles

    • hasUserAnyAllowedProfile

      Set<String> hasUserAnyAllowedProfile(Set<? extends Object> rootContexts, UserIdentity user, Set<String> profileIds)
      Returns some profiles that are matching if user has the allowed profile for any given root context (or any sub context), given some profiles.
      Only supported objects are transmitted
      Parameters:
      rootContexts - The root contexts to search rights for
      user - The user to test
      profileIds - The ids of the profiles
      Returns:
      If the Set is empty, it means any connected user has no matching profile.
      If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for anyconnected user AND it can contains some other profiles that were not in the given profiles

    • hasGroupAnyAllowedProfile

      Set<String> hasGroupAnyAllowedProfile(Set<? extends Object> rootContexts, Set<GroupIdentity> groups, Set<String> profileIds)
      Returns some profiles that are matching if group has the allowed profile for any given root context (or any sub context), given some profiles.
      Only supported objects are transmitted
      Parameters:
      rootContexts - The root contexts to search rights for
      groups - The groups to test (a single group needs to match)
      profileIds - The ids of the profiles
      Returns:
      If the Set is empty, it means the group has no matching profile.
      If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for the group AND it can contains some other profiles that were not in the given profiles

    • getAllProfilesForAnonymousAndAnyConnectedUser

      Map<Object,Map<ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys,Set<String>>> getAllProfilesForAnonymousAndAnyConnectedUser(Set<? extends Object> rootContexts)
      Gets all contexts with stored profiles (allowed or denied) for anonymous or any connected user and for each, a description of the permissions.
      Parameters:
      rootContexts - The root contexts to search rights for
      Returns:
      a map associating a context object to the stored profiles for each permission

    • getAllProfilesForUser

      Map<Object,Map<ProfileAssignmentStorage.UserOrGroup,Set<String>>> getAllProfilesForUser(Set<? extends Object> rootContexts, UserIdentity user)
      Gets all contexts with stored profiles (allowed or denied) for the user and for each, a description of the permissions.
      Parameters:
      rootContexts - The root contexts to search rights for
      user - The user to get profiles for.
      Returns:
      The map of context with their assigned allowed/denied profiles

    • getAllProfilesForGroups

      Map<Object,Map<GroupIdentity,Map<ProfileAssignmentStorage.UserOrGroup,Set<String>>>> getAllProfilesForGroups(Set<? extends Object> rootContexts, Set<GroupIdentity> groups)
      Gets all contexts with stored profiles (allowed or denied) for the groups and for each, a description of the permissions. The permissions are grouped by group identity to be able to discriminate which group give what permissions.
      Parameters:
      rootContexts - The root contexts to search rights for
      groups - The group to get profiles for.
      Returns:
      The map of context with their assigned allowed/denied profiles grouped by group identity

    • getAllAssignmentsForAnonymousAndAnyConnectedUser

      Map<Object,Set<ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys>> getAllAssignmentsForAnonymousAndAnyConnectedUser(Set<? extends Object> rootContexts, String profileId)
      Get all contexts with a permission for the profile for anonymous AND any connected user
      Parameters:
      rootContexts - The root contexts to search rights for
      profileId - the profile id
      Returns:
      a map of the permissions for each context

    • getAllAssignmentsForGroups

      Map<Object,Map<GroupIdentity,Set<ProfileAssignmentStorage.UserOrGroup>>> getAllAssignmentsForGroups(Set<? extends Object> rootContexts, String profileId)
      Get all contexts with a permission for the profile for a group
      Parameters:
      rootContexts - The root contexts to search rights for
      profileId - the profile id
      Returns:
      a map of the group's permission for each context

    • getAllAssignmentsForUsers

      Map<Object,Map<UserIdentity,Set<ProfileAssignmentStorage.UserOrGroup>>> getAllAssignmentsForUsers(Set<? extends Object> rootContexts, String profileId)
      Get all contexts with a permission for the profile for a user
      Parameters:
      rootContexts - The root contexts to search rights for
      profileId - the profile id
      Returns:
      a map of the user's permission for each context

    • getProfilesForAnonymousAndAnyConnectedUser

      Map<ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys,Set<String>> getProfilesForAnonymousAndAnyConnectedUser(Object object)
      Gets the allowed profiles any connected user has on the given object
      Parameters:
      object - The object
      Returns:
      a map containing allowed/denied profiles that anonymous and any connected user has on the given object

    • getProfilesForUsers

      Map<UserIdentity,Map<ProfileAssignmentStorage.UserOrGroup,Set<String>>> getProfilesForUsers(Object object, UserIdentity user)
      Gets the users that have allowed profiles assigned on the given object
      Parameters:
      object - The object to test
      user - The user to get profiles for. Can be null to get profiles for all users that have rights
      Returns:
      The map of allowed users with their assigned allowed/denied profiles

    • getProfilesForGroups

      Map<GroupIdentity,Map<ProfileAssignmentStorage.UserOrGroup,Set<String>>> getProfilesForGroups(Object object, Set<GroupIdentity> groups)
      Gets the groups that have allowed profiles assigned on the given object
      Parameters:
      object - The object to test
      groups - The group to get profiles for. Can be null to get profiles for all groups that have rights
      Returns:
      The map of allowed/denied groups with their assigned profiles

    • isRootContextSupported

      boolean isRootContextSupported(Object rootContext)
      Returns true if this profile storage supports the given object as a root context i.e. it can seek any permission under this object
      Parameters:
      rootContext - The object to start searching
      Returns:
      true if this profile storage support this a as root context to search in

    • isInheritanceDisallowed

      boolean isInheritanceDisallowed(Object object)
      Returns true if the inheritance of permissions is disallowed on the given object
      Parameters:
      object - The object to test
      Returns:
      true if the inheritance of permissions is disallowed on the given object