Class BackOfficeAccessController
java.lang.Object
org.ametys.plugins.workspaces.project.rights.accesscontroller.BackOfficeAccessController
- All Implemented Interfaces:
AccessController,ProfileBasedAccessController,PluginAware,Supporter<Object>,Initializable,Contextualizable,Serviceable
public class BackOfficeAccessController
extends Object
implements ProfileBasedAccessController, Serviceable, Contextualizable, PluginAware, Initializable
Automatically grand access to CMS on site related to a project where the user is manager
AND has "Plugins_Workspaces_Rights_Project_BOAccess" right on general site context of catalog site.
Grants the right on general context and sitemap context with the default admin profile
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.ametys.core.right.AccessController
AccessController.AccessResult, AccessController.ExplanationObject, AccessController.Permission -
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidcontextualize(Context context) explainAllPermissions(UserIdentity identity, Set<GroupIdentity> groups, Set<Object> workspacesContexts) GetAccessExplanationfor each permission given to the user by this access controller.explainAllPermissionsByGroup(Object object) Get all the permissions granted to groups on the object.explainAllPermissionsByUser(Object object) Get all the permissions granted to users on the object.Get all the permissions granted to an anonymous user on the object.Get all the permissions granted to any connected user on the object.explainAllProfileUsesForAnonymousOnWorkspaces(String profileId, Set<Object> workspacesContexts) Get an access explanation for every context handled by this controller where the given profile is used to grant a permission to an anonymous userexplainAllProfileUsesForAnyConnectedOnWorkspaces(String profileId, Set<Object> workspacesContexts) Get an access explanation for every context handled by this controller where the given profile is used to grant a permission to any connected userexplainAllProfileUsesOnWorkspacesByGroups(String profileId, Set<Object> workspacesContexts) Get an access explanation for every context handled by this controller where the given profile is used to grant a permission to a groupexplainAllProfileUsesOnWorkspacesByUser(String profileId, Set<Object> workspacesContexts) Get an access explanation for every context handled by this controller where the given profile is used to grant a permission to a userexplainPermission(UserIdentity user, Set<GroupIdentity> groups, String rightId, Object object) Explain the permission for a user on the given object.explainReadAccessPermission(UserIdentity user, Set<GroupIdentity> groups, Object object) Explain the read access permission for a user on the given object.getId()Get the id of this controllergetObjectCategory(Object object) Get a label classifying the object handled by this access controllergetObjectLabel(Object object) Get a label describing the object handled by this access controllerintgetObjectPriority(Object object) Get the priority of the object to order it in its categorygetPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) Gets the kind of access a user has on an object for a given rightgetPermissionByGroup(String rightId, Object object) Gets the permission by group only on an object for the given right.getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Gets the kind of access a user has on an object for all rightsgetPermissionByUser(String rightId, Object object) Gets the permission by user only on an object for the given right.getPermissionForAnonymous(String rightId, Object object) Gets the permission for Anonymous only on an object for a given rightgetPermissionForAnyConnectedUser(String rightId, Object object) Gets the permission for any connected user only on an object for a given rightgetReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Gets the kind of access a user has on an object for thye read accessgetReadAccessPermissionByGroup(Object object) Gets the read access permission by group only on an object.getReadAccessPermissionByUser(Object object) Gets the read access permission by user only on an object.Gets the read access permission for Anonymous only on an objectGets the read access permission for any connected user only on an objectbooleanhasAnonymousAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) Returns true if anonymous has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.booleanhasAnonymousAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) Returns true if anonymous has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.booleanhasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) Returns true if any connected user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.booleanhasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) Returns true if any connected user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.booleanhasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId) Returns true if the user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.booleanhasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups) Returns true if the user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.voidvoidservice(ServiceManager manager) voidsetPluginInfo(String pluginName, String featureName, String id) Sets the plugin info relative to the current component.
Note : The feature name may be null if the targeted component in declared at plugin level.booleanCheck if an element is supportedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.ametys.core.right.AccessController
explainPermissionForAnonymous, explainPermissionForAnyConnectedUser, explainReadAccessPermissionForAnonymous, explainReadAccessPermissionForAnyConnectedUser, getExplanationObject
-
Field Details
-
_rightsEP
The rights extension point
-
-
Constructor Details
-
BackOfficeAccessController
public BackOfficeAccessController()
-
-
Method Details
-
service
- Specified by:
servicein interfaceServiceable- Throws:
ServiceException
-
initialize
- Specified by:
initializein interfaceInitializable- Throws:
Exception
-
contextualize
- Specified by:
contextualizein interfaceContextualizable- Throws:
ContextException
-
setPluginInfo
Description copied from interface:PluginAwareSets the plugin info relative to the current component.
Note : The feature name may be null if the targeted component in declared at plugin level.- Specified by:
setPluginInfoin interfacePluginAware- Parameters:
pluginName- Unique identifier for the plugin hosting the extensionfeatureName- Unique feature identifier (unique for a given pluginName)id- Unique identifier of this component
-
supports
Description copied from interface:SupporterCheck if an element is supported -
getPermission
public AccessController.AccessResult getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object) Description copied from interface:AccessControllerGets the kind of access a user has on an object for a given right- Specified by:
getPermissionin interfaceAccessController- Parameters:
user- The user. Cannot be null.userGroups- The groups the user belongs torightId- The id of the right of the userobject- The context object to check the access- Returns:
- the kind of access a user has on an object for a right
-
getReadAccessPermission
public AccessController.AccessResult getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Description copied from interface:AccessControllerGets the kind of access a user has on an object for thye read access- Specified by:
getReadAccessPermissionin interfaceAccessController- Parameters:
user- The user. Cannot be null.userGroups- The groups the user belongs toobject- The context object to check the access- Returns:
- the kind of access a user has on an object for the read access
-
getPermissionByRight
public Map<String,AccessController.AccessResult> getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object) Description copied from interface:AccessControllerGets the kind of access a user has on an object for all rights- Specified by:
getPermissionByRightin interfaceAccessController- Parameters:
user- The user. Cannot be null.userGroups- The groups the user belongs toobject- The context object to check the access- Returns:
- the kind of access a user has on an object for all rights
-
getPermissionForAnonymous
Description copied from interface:AccessControllerGets the permission for Anonymous only on an object for a given right- Specified by:
getPermissionForAnonymousin interfaceAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission for Anonymous only on an object for a given right
-
getReadAccessPermissionForAnonymous
Description copied from interface:AccessControllerGets the read access permission for Anonymous only on an object- Specified by:
getReadAccessPermissionForAnonymousin interfaceAccessController- Parameters:
object- The object- Returns:
- the read access permission for Anonymous only on an object
-
getPermissionForAnyConnectedUser
public AccessController.AccessResult getPermissionForAnyConnectedUser(String rightId, Object object) Description copied from interface:AccessControllerGets the permission for any connected user only on an object for a given right- Specified by:
getPermissionForAnyConnectedUserin interfaceAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission for any connected user only on an object for a given right
-
getReadAccessPermissionForAnyConnectedUser
Description copied from interface:AccessControllerGets the read access permission for any connected user only on an object- Specified by:
getReadAccessPermissionForAnyConnectedUserin interfaceAccessController- Parameters:
object- The object- Returns:
- the read access permission for any connected user only on an object
-
getPermissionByUser
public Map<UserIdentity,AccessController.AccessResult> getPermissionByUser(String rightId, Object object) Description copied from interface:AccessControllerGets the permission by user only on an object for the given right. It does not take account of the groups of the user, etc.- Specified by:
getPermissionByUserin interfaceAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission by user only on an object for the given right
-
getReadAccessPermissionByUser
Description copied from interface:AccessControllerGets the read access permission by user only on an object. It does not take account of the groups of the user, etc.- Specified by:
getReadAccessPermissionByUserin interfaceAccessController- Parameters:
object- The object- Returns:
- the read access permission by user only on an object
-
getPermissionByGroup
public Map<GroupIdentity,AccessController.AccessResult> getPermissionByGroup(String rightId, Object object) Description copied from interface:AccessControllerGets the permission by group only on an object for the given right.- Specified by:
getPermissionByGroupin interfaceAccessController- Parameters:
rightId- The id of the right to checkobject- The object- Returns:
- the permission by group only on an object for the given right
-
getReadAccessPermissionByGroup
public Map<GroupIdentity,AccessController.AccessResult> getReadAccessPermissionByGroup(Object object) Description copied from interface:AccessControllerGets the read access permission by group only on an object.- Specified by:
getReadAccessPermissionByGroupin interfaceAccessController- Parameters:
object- The object- Returns:
- the read access permission by group only on an object
-
hasUserAnyPermissionOnWorkspace
public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId) Description copied from interface:AccessControllerReturns true if the user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasUserAnyPermissionOnWorkspacein interfaceAccessController- Parameters:
workspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}user- The useruserGroups- The groupsrightId- The id of the right to check- Returns:
- true if the user has a permission on at least one object, directly or though groups, for a given right
-
hasUserAnyReadAccessPermissionOnWorkspace
public boolean hasUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups) Description copied from interface:AccessControllerReturns true if the user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasUserAnyReadAccessPermissionOnWorkspacein interfaceAccessController- Parameters:
workspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}user- The useruserGroups- The groups- Returns:
- true if the user has a permission on at least one object, directly or though groups, for a given right
-
hasAnonymousAnyPermissionOnWorkspace
Description copied from interface:AccessControllerReturns true if anonymous has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasAnonymousAnyPermissionOnWorkspacein interfaceAccessController- Parameters:
workspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}rightId- The id of the right to check- Returns:
- true if anonymous has a permission on at least one object, directly or though groups, for a given right
-
hasAnonymousAnyReadAccessPermissionOnWorkspace
Description copied from interface:AccessControllerReturns true if anonymous has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasAnonymousAnyReadAccessPermissionOnWorkspacein interfaceAccessController- Parameters:
workspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}- Returns:
- true if anonymous has a permission on at least one object, directly or though groups, for a given right
-
hasAnyConnectedUserAnyPermissionOnWorkspace
public boolean hasAnyConnectedUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, String rightId) Description copied from interface:AccessControllerReturns true if any connected user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasAnyConnectedUserAnyPermissionOnWorkspacein interfaceAccessController- Parameters:
workspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}rightId- The id of the right to check- Returns:
- true if any connected user has a permission on at least one object, directly or though groups, for a given right
-
hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace
public boolean hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace(Set<Object> workspacesContexts) Description copied from interface:AccessControllerReturns true if any connected user has a read access permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.- Specified by:
hasAnyConnectedUserAnyReadAccessPermissionOnWorkspacein interfaceAccessController- Parameters:
workspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}- Returns:
- true if any connected user has a permission on at least one object, directly or though groups, for a given right
-
explainReadAccessPermission
public AccessExplanation explainReadAccessPermission(UserIdentity user, Set<GroupIdentity> groups, Object object) Description copied from interface:AccessControllerExplain the read access permission for a user on the given object. The access result in the explanation MUST be the same value as the one returned byAccessController.getReadAccessPermission(UserIdentity, Set, Object). And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened- Specified by:
explainReadAccessPermissionin interfaceAccessController- Parameters:
user- the user to testgroups- the groups of the userobject- the object to test- Returns:
- an explanation of the access
-
explainPermission
public AccessExplanation explainPermission(UserIdentity user, Set<GroupIdentity> groups, String rightId, Object object) Description copied from interface:AccessControllerExplain the permission for a user on the given object. The access result in the explanation MUST be the same value as the one returned byAccessController.getPermission(UserIdentity, Set, String, Object). And the explanation should described the actual object that granted the right to allow final user to see if any context conversion happened- Specified by:
explainPermissionin interfaceAccessController- Parameters:
user- the user to testgroups- the groups of the userrightId- the right to testobject- the object to test- Returns:
- an explanation of the access
-
getObjectLabel
Description copied from interface:AccessControllerGet a label describing the object handled by this access controller- Specified by:
getObjectLabelin interfaceAccessController- Parameters:
object- the object- Returns:
- the label
-
explainAllPermissions
public Map<AccessController.ExplanationObject,Map<AccessController.Permission, explainAllPermissionsAccessExplanation>> (UserIdentity identity, Set<GroupIdentity> groups, Set<Object> workspacesContexts) Description copied from interface:AccessControllerGetAccessExplanationfor each permission given to the user by this access controller. Returns a pair of permission/access explanation for each object with a granted or denied permission to this user by this access controller. Each explanation should be equivalent to calling theAccessController.explainPermission(UserIdentity, Set, String, Object)orAccessController.explainReadAccessPermission(UserIdentity, Set, Object)for the user, on the object with the corresponding right- Specified by:
explainAllPermissionsin interfaceAccessController- Parameters:
identity- the user identitygroups- the groups the user belongs to.workspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}- Returns:
- all the user's permissions handled by this controller
-
explainAllPermissionsForAnonymous
public Map<AccessController.Permission,AccessExplanation> explainAllPermissionsForAnonymous(Object object) Description copied from interface:AccessControllerGet all the permissions granted to an anonymous user on the object.- Specified by:
explainAllPermissionsForAnonymousin interfaceAccessController- Parameters:
object- the right context to check. it must be supported by the controller (seeSupporter.supports(T)- Returns:
- the permissions with their associated explanation
-
explainAllPermissionsForAnyConnected
public Map<AccessController.Permission,AccessExplanation> explainAllPermissionsForAnyConnected(Object object) Description copied from interface:AccessControllerGet all the permissions granted to any connected user on the object. The result must only include permissions specific to any connected user- Specified by:
explainAllPermissionsForAnyConnectedin interfaceAccessController- Parameters:
object- the right context to check. it must be supported by the controller (seeSupporter.supports(T)- Returns:
- the permissions with their associated explanation
-
explainAllPermissionsByUser
public Map<UserIdentity,Map<AccessController.Permission, explainAllPermissionsByUserAccessExplanation>> (Object object) Description copied from interface:AccessControllerGet all the permissions granted to users on the object. The result must only include permissions specific to a user- Specified by:
explainAllPermissionsByUserin interfaceAccessController- Parameters:
object- the right context to check. it must be supported by the controller (seeSupporter.supports(T)- Returns:
- the permissions with their associated explanation for each user
-
explainAllPermissionsByGroup
public Map<GroupIdentity,Map<AccessController.Permission, explainAllPermissionsByGroupAccessExplanation>> (Object object) Description copied from interface:AccessControllerGet all the permissions granted to groups on the object. The result must only include permissions specific to a group- Specified by:
explainAllPermissionsByGroupin interfaceAccessController- Parameters:
object- the right context to check. it must be supported by the controller (seeSupporter.supports(T)- Returns:
- the permissions with their associated explanation for each group
-
getObjectCategory
Description copied from interface:AccessControllerGet a label classifying the object handled by this access controller- Specified by:
getObjectCategoryin interfaceAccessController- Parameters:
object- the object- Returns:
- the label
-
getObjectPriority
Description copied from interface:AccessControllerGet the priority of the object to order it in its category- Specified by:
getObjectPriorityin interfaceAccessController- Parameters:
object- the object- Returns:
- the priority
-
getId
Description copied from interface:AccessControllerGet the id of this controller- Specified by:
getIdin interfaceAccessController- Returns:
- the id of this controller
-
explainAllProfileUsesForAnonymousOnWorkspaces
public Map<AccessController.ExplanationObject,AccessExplanation> explainAllProfileUsesForAnonymousOnWorkspaces(String profileId, Set<Object> workspacesContexts) Description copied from interface:ProfileBasedAccessControllerGet an access explanation for every context handled by this controller where the given profile is used to grant a permission to an anonymous user- Specified by:
explainAllProfileUsesForAnonymousOnWorkspacesin interfaceProfileBasedAccessController- Parameters:
profileId- the profile idworkspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}- Returns:
- a map of the objects with its explanation
-
explainAllProfileUsesForAnyConnectedOnWorkspaces
public Map<AccessController.ExplanationObject,AccessExplanation> explainAllProfileUsesForAnyConnectedOnWorkspaces(String profileId, Set<Object> workspacesContexts) Description copied from interface:ProfileBasedAccessControllerGet an access explanation for every context handled by this controller where the given profile is used to grant a permission to any connected user- Specified by:
explainAllProfileUsesForAnyConnectedOnWorkspacesin interfaceProfileBasedAccessController- Parameters:
profileId- the profile idworkspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}- Returns:
- a map of the object with its explanation
-
explainAllProfileUsesOnWorkspacesByGroups
public Map<AccessController.ExplanationObject,Map<GroupIdentity, explainAllProfileUsesOnWorkspacesByGroupsAccessExplanation>> (String profileId, Set<Object> workspacesContexts) Description copied from interface:ProfileBasedAccessControllerGet an access explanation for every context handled by this controller where the given profile is used to grant a permission to a group- Specified by:
explainAllProfileUsesOnWorkspacesByGroupsin interfaceProfileBasedAccessController- Parameters:
profileId- the profile idworkspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}- Returns:
- a map of the object with its explanation for each group
-
explainAllProfileUsesOnWorkspacesByUser
public Map<AccessController.ExplanationObject,Map<UserIdentity, explainAllProfileUsesOnWorkspacesByUserAccessExplanation>> (String profileId, Set<Object> workspacesContexts) Description copied from interface:ProfileBasedAccessControllerGet an access explanation for every context handled by this controller where the given profile is used to grant a permission to a user- Specified by:
explainAllProfileUsesOnWorkspacesByUserin interfaceProfileBasedAccessController- Parameters:
profileId- the profile idworkspacesContexts- The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}- Returns:
- a map of the object with its explanation for each user
-