Package org.ametys.core.right

Class ProfileAssignmentStorageExtensionPoint

    • Field Detail

      • ROLE

        public static final String ROLE
        Avalon Role

    • Method Detail

      • hasUserAnyPermission

        public Set<StringhasUserAnyPermission​(Set<? extends Object> rootContexts,
                                        UserIdentity user,
                                        Set<GroupIdentity> userGroups,
                                        Set<String> profileIds)
        Returns some profiles that are matching if the user has a permission on at least one object, given some groups and profiles
        Parameters:
        rootContexts - The root contexts object where to seek
        user - The user
        userGroups - The groups
        profileIds - The ids of the profiles
        Returns:
        If the Set is empty, it means any connected user has no matching profile.
        If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for anyconnected user AND it can contains some other profiles that were not in the given profiles

      • hasAnonymousAnyPermission

        public Set<StringhasAnonymousAnyPermission​(Set<? extends Object> rootContexts,
                                             Set<String> profileIds)
        Returns some profiles that are matching if anybody has a permission on at least one object, given some profiles
        Parameters:
        rootContexts - The root contexts object where to seek
        profileIds - The ids of the profiles
        Returns:
        If the Set is empty, it means anonymous has no matching profile.
        If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for anonymous AND it can contains some other profiles that were not in the given profiles

      • hasAnyConnectedUserAnyPermission

        public Set<StringhasAnyConnectedUserAnyPermission​(Set<? extends Object> rootContexts,
                                                    Set<String> profileIds)
        Returns some profiles that are matching if any connected user has a permission on at least one object, given some profiles
        Parameters:
        rootContexts - The root contexts object where to seek
        profileIds - The ids of the profiles
        Returns:
        If the Set is empty, it means the user has no matching profile.
        If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for the user AND it can contains some other profiles that were not in the given profiles

      • getPermissionsByUser

        public Map<UserIdentity,​AccessController.AccessResultgetPermissionsByUser​(Set<String> profileIds,
                                                                                  Object object)
        Gets the permission by user only on an object, according to the given profiles. It does not take account of the groups of the user, etc.
        Parameters:
        profileIds - The ids of the profiles
        object - The object
        Returns:
        the permission by user only on an object, according to the given profiles

      • allowProfileToAnyConnectedUser

        public void allowProfileToAnyConnectedUser​(String profileId,
                                           Object context)
        Adds allowed profile any connected user has on the given object
        Parameters:
        context - The object context
        profileId - The profile to add

      • denyProfileToAnyConnectedUser

        public void denyProfileToAnyConnectedUser​(String profileId,
                                          Object context)
        Adds denied profile any connected user has on the given object
        Parameters:
        profileId - The profile to add
        context - The object context

      • removeAllowedProfileFromAnyConnectedUser

        public void removeAllowedProfileFromAnyConnectedUser​(String profileId,
                                                     Object context)
        Removes allowed profile any connected user has on the given object
        Parameters:
        profileId - The profile to remove
        context - The object context

      • removeDeniedProfileFromAnyConnectedUser

        public void removeDeniedProfileFromAnyConnectedUser​(String profileId,
                                                    Object context)
        Removes denied profile any connected user has on the given object
        Parameters:
        context - The object context
        profileId - The profile to remove

      • allowProfileToAnonymous

        public void allowProfileToAnonymous​(String profileId,
                                    Object context)
        Adds allowed profile an anonymous user has on the given object
        Parameters:
        profileId - The profile to add
        context - The object context

      • denyProfileToAnonymous

        public void denyProfileToAnonymous​(String profileId,
                                   Object context)
        Adds denied profile an anonymous user has on the given object
        Parameters:
        profileId - The profile to add
        context - The object context

      • removeAllowedProfileFromAnonymous

        public void removeAllowedProfileFromAnonymous​(String profileId,
                                              Object context)
        Removes allowed profile an anonymous user has on the given object
        Parameters:
        profileId - The profile to remove
        context - The object context

      • removeDeniedProfileFromAnonymous

        public void removeDeniedProfileFromAnonymous​(String profileId,
                                             Object context)
        Removes denied profile an anonymous user has on the given object
        Parameters:
        context - The object context
        profileId - The profile to remove

      • allowProfileToUser

        public void allowProfileToUser​(UserIdentity user,
                               String profileId,
                               Object context)
        Allows a user to a profile on a given object
        Parameters:
        user - The user to add
        profileId - The id of the profile
        context - The object context

      • denyProfileToUser

        public void denyProfileToUser​(UserIdentity user,
                              String profileId,
                              Object context)
        Denies a user to a profile on a given object
        Parameters:
        user - The user to add
        profileId - The id of the profile
        context - The object context

      • removeAllowedProfileFromUser

        public void removeAllowedProfileFromUser​(UserIdentity user,
                                         String profileId,
                                         Object context)
        Removes the association between a user and an allowed profile on a given object
        Parameters:
        user - The user to remove
        context - The object context
        profileId - The id of the profile

      • removeDeniedProfileFromUser

        public void removeDeniedProfileFromUser​(UserIdentity user,
                                        String profileId,
                                        Object context)
        Removes the association between a user and a denied profile on a given object
        Parameters:
        user - The user to remove
        profileId - The id of the profile
        context - The object context

      • allowProfileToGroup

        public void allowProfileToGroup​(GroupIdentity group,
                                String profileId,
                                Object context)
        Allows a group to a profile on a given object
        Parameters:
        group - The group to add
        profileId - The id of the profile
        context - The object context

      • denyProfileToGroup

        public void denyProfileToGroup​(GroupIdentity group,
                               String profileId,
                               Object context)
        Denies a group to a profile on a given object
        Parameters:
        group - The group to add
        profileId - The id of the profile
        context - The object context

      • removeAllowedProfileFromGroup

        public void removeAllowedProfileFromGroup​(GroupIdentity group,
                                          String profileId,
                                          Object context)
        Removes the association between a group and an allowed profile on a given object
        Parameters:
        group - The group to remove
        profileId - The id of the profile
        context - The object context

      • removeDeniedProfileFromGroup

        public void removeDeniedProfileFromGroup​(GroupIdentity group,
                                         String profileId,
                                         Object context)
        Removes the association between a group and a denied profile on a given object
        Parameters:
        group - The group to remove
        profileId - The id of the profile
        context - The object context

      • isInheritanceDisallowed

        public boolean isInheritanceDisallowed​(Object context)
        Determines if the inheritance of permissions is disallowed on a given context
        Parameters:
        context - The object context
        Returns:
        true if the inheritance is disallowed

      • disallowInheritance

        public void disallowInheritance​(Object context,
                                boolean disallow)
        Allow or disallow the inheritance of permissions on a given context
        Parameters:
        context - The object context
        disallow - true to disallow the inheritance