Package org.ametys.plugins.workspaces.project.rights

Class ProjectAccessController

java.lang.Object

org.ametys.runtime.plugin.component.AbstractLogEnabled

org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController

org.ametys.plugins.workspaces.project.rights.ProjectAccessController

All Implemented Interfaces:

AccessController, LogEnabled, Component, Contextualizable, Serviceable

public class ProjectAccessController
extends AbstractProfileStorageBasedAccessController
implements Contextualizable

AccessController for a Project The projects' managers have all rights on their projects

Nested Class Summary

Nested classes/interfaces inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController

AbstractProfileStorageBasedAccessController.CacheKind

Nested classes/interfaces inherited from interface org.ametys.core.right.AccessController

AccessController.AccessResult

Field Summary

Fields

Modifier and Type	Field	Description
private static String	__RIGHT_PROJECT_FO_EDIT
protected Context	_context	The avalon context
protected ProjectManager	_projectManager	The project manager
protected SiteManager	_siteManager	The web site manager

Fields inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController

__ANONYMOUS_USER_IDENTITY, __ANY_CONTECTED_USER_IDENTITY, _profileAssignmentStorageEP, _rightManager, _rightProfileDAO

Constructor Summary

Constructors

Constructor	Description
ProjectAccessController()

Method Summary

Modifier and Type	Method	Description
protected Set<? extends Object>	_convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts)	Get the current workspaces contexts and turn it into root contexts in order to allow methods hasXXXAnyPermissionOnWorkspace to work
void	contextualize(Context context)
AccessController.AccessResult	getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)	Gets the kind of access a user has on an object for a given right
Map<String,AccessController.AccessResult>	getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)	Gets the kind of access a user has on an object for all rights
Map<UserIdentity,AccessController.AccessResult>	getPermissionByUser(String rightId, Object object)	Gets the permission by user only on an object for the given right.
boolean	hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts, UserIdentity user, Set<GroupIdentity> userGroups, String rightId)	Returns true if the user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.
boolean	isSupported(Object object)	Returns true if this access controller supports the given object
void	service(ServiceManager manager)

Methods inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController

_convertContext, _getPermission, _getPermissionByGroup, _getPermissionByUser, _getPermissionForAnonymous, _getPermissionForAnyConnectedUser, _hasRightResultInFirstCache, _hasRightResultInSecondCache, _putInFirstCache, _putInSecondCache, getPermissionByGroup, getPermissionForAnonymous, getPermissionForAnyConnectedUser, getReadAccessPermission, getReadAccessPermissionByGroup, getReadAccessPermissionByUser, getReadAccessPermissionForAnonymous, getReadAccessPermissionForAnyConnectedUser, hasAnonymousAnyPermissionOnWorkspace, hasAnonymousAnyReadAccessPermissionOnWorkspace, hasAnyConnectedUserAnyPermissionOnWorkspace, hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace, hasUserAnyReadAccessPermissionOnWorkspace

Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled

getLogger, setLogger

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

__RIGHT_PROJECT_FO_EDIT

private static final String __RIGHT_PROJECT_FO_EDIT

See Also:

Constant Field Values

_context

protected Context _context

The avalon context

_siteManager

protected SiteManager _siteManager

The web site manager

_projectManager

protected ProjectManager _projectManager

The project manager

Constructor Detail

ProjectAccessController

public ProjectAccessController()

Method Detail

contextualize

public void contextualize(Context context)
                   throws ContextException

Specified by:

contextualize in interface Contextualizable

Throws:

ContextException

service

public void service(ServiceManager manager)
             throws ServiceException

Specified by:

service in interface Serviceable

Overrides:

service in class AbstractProfileStorageBasedAccessController

Throws:

ServiceException

isSupported

public boolean isSupported(Object object)

Description copied from interface: AccessController

Returns true if this access controller supports the given object

Specified by:

isSupported in interface AccessController

Parameters:

object - The object to test

Returns:

true if this access controller supports the given object

_convertWorkspaceToRootRightContexts

protected Set<? extends Object> _convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts)

Description copied from class: AbstractProfileStorageBasedAccessController

Get the current workspaces contexts and turn it into root contexts in order to allow methods hasXXXAnyPermissionOnWorkspace to work

Specified by:

_convertWorkspaceToRootRightContexts in class AbstractProfileStorageBasedAccessController

Parameters:

workspacesContexts - The workspace contexts. Such as '/${WorkspaceName}', '/admin'

Returns:

A null or empty set if the current AccessController does not apply to any workspace context, or the root object where ProfileAssignmentStorageExtension should start looking at to find any permission

getPermission

public AccessController.AccessResult getPermission(UserIdentity user,
                                                   Set<GroupIdentity> userGroups,
                                                   String rightId,
                                                   Object object)

Description copied from interface: AccessController

Gets the kind of access a user has on an object for a given right

Specified by:

getPermission in interface AccessController

Overrides:

getPermission in class AbstractProfileStorageBasedAccessController

Parameters:

user - The user. Cannot be null.

userGroups - The groups the user belongs to

rightId - The id of the right of the user

object - The context object to check the access

Returns:

the kind of access a user has on an object for a right

getPermissionByRight

public Map<String,AccessController.AccessResult> getPermissionByRight(UserIdentity user,
                                                                            Set<GroupIdentity> userGroups,
                                                                            Object object)

Description copied from interface: AccessController

Gets the kind of access a user has on an object for all rights

Specified by:

getPermissionByRight in interface AccessController

Overrides:

getPermissionByRight in class AbstractProfileStorageBasedAccessController

Parameters:

user - The user. Cannot be null.

userGroups - The groups the user belongs to

object - The context object to check the access

Returns:

the kind of access a user has on an object for all rights

getPermissionByUser

public Map<UserIdentity,AccessController.AccessResult> getPermissionByUser(String rightId,
                                                                                 Object object)

Description copied from interface: AccessController

Gets the permission by user only on an object for the given right. It does not take account of the groups of the user, etc.

Specified by:

getPermissionByUser in interface AccessController

Overrides:

getPermissionByUser in class AbstractProfileStorageBasedAccessController

Parameters:

rightId - The id of the right to check

object - The object

Returns:

the permission by user only on an object for the given right

hasUserAnyPermissionOnWorkspace

public boolean hasUserAnyPermissionOnWorkspace(Set<Object> workspacesContexts,
                                               UserIdentity user,
                                               Set<GroupIdentity> userGroups,
                                               String rightId)

Description copied from interface: AccessController

Returns true if the user has a permission on at least one object, directly or though groups, for a given rights and if the object is attached to the given context that is /${WorkspaceName} and its conversions.

Specified by:

hasUserAnyPermissionOnWorkspace in interface AccessController

Overrides:

hasUserAnyPermissionOnWorkspace in class AbstractProfileStorageBasedAccessController

Parameters:

workspacesContexts - The contexts to tests such as {"/${WorkspaceName}", "/repository", "/admin"}

user - The user

userGroups - The groups

rightId - The id of the right to check

Returns:

true if the user has a permission on at least one object, directly or though groups, for a given right