Package org.ametys.plugins.thesaurus.right

Class ThesaurusAccessController

java.lang.Object

org.ametys.runtime.plugin.component.AbstractLogEnabled

org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController

org.ametys.plugins.thesaurus.right.ThesaurusAccessController

All Implemented Interfaces:

AccessController, LogEnabled, Initializable, Component, Contextualizable, Serviceable

public class ThesaurusAccessController
extends AbstractProfileStorageBasedAccessController
implements Contextualizable

AccessController for a thesaurus objects. The rights are checked on '/cms' context. Read access is allowed to any connected user.

Nested Class Summary

Nested classes/interfaces inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController

AbstractProfileStorageBasedAccessController.CacheKind

Nested classes/interfaces inherited from interface org.ametys.core.right.AccessController

AccessController.AccessResult

Field Summary

Fields inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController

__ANONYMOUS_USER_IDENTITY, __ANY_CONTECTED_USER_IDENTITY, _cacheManager, _profileAssignmentStorageEP, _rightProfileDAO

Constructor Summary

Constructors

Constructor	Description
ThesaurusAccessController()

Method Summary

Modifier and Type	Method	Description
protected Object	_convertContext(Object initialContext)	For methods getXXXXPermissionYYY allow to have a modification of the context before transfering it to the profile assignment storage extension point The default implemenation keep the context as it is
protected String	_convertRightId(String rightId)	Convert the asked right id to the real right to check
protected Set<? extends Object>	_convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts)	Get the current workspaces contexts and turn it into root contexts in order to allow methods hasXXXAnyPermissionOnWorkspace to work
void	contextualize(Context context)
AccessController.AccessResult	getPermission(UserIdentity user, Set<GroupIdentity> userGroups, String rightId, Object object)	Gets the kind of access a user has on an object for a given right
Map<GroupIdentity,AccessController.AccessResult>	getPermissionByGroup(String rightId, Object object)	Gets the permission by group only on an object for the given right.
Map<String,AccessController.AccessResult>	getPermissionByRight(UserIdentity user, Set<GroupIdentity> userGroups, Object object)	Gets the kind of access a user has on an object for all rights
Map<UserIdentity,AccessController.AccessResult>	getPermissionByUser(String rightId, Object object)	Gets the permission by user only on an object for the given right.
AccessController.AccessResult	getPermissionForAnonymous(String rightId, Object object)	Gets the permission for Anonymous only on an object for a given right
AccessController.AccessResult	getPermissionForAnyConnectedUser(String rightId, Object object)	Gets the permission for any connected user only on an object for a given right
AccessController.AccessResult	getReadAccessPermission(UserIdentity user, Set<GroupIdentity> userGroups, Object object)	Gets the kind of access a user has on an object for thye read access
Map<GroupIdentity,AccessController.AccessResult>	getReadAccessPermissionByGroup(Object object)	Gets the read access permission by group only on an object.
Map<UserIdentity,AccessController.AccessResult>	getReadAccessPermissionByUser(Object object)	Gets the read access permission by user only on an object.
AccessController.AccessResult	getReadAccessPermissionForAnonymous(Object object)	Gets the read access permission for Anonymous only on an object
AccessController.AccessResult	getReadAccessPermissionForAnyConnectedUser(Object object)	Gets the read access permission for any connected user only on an object
boolean	isSupported(Object object)	Returns true if this access controller supports the given object
void	service(ServiceManager manager)

Methods inherited from class org.ametys.plugins.core.impl.right.AbstractProfileStorageBasedAccessController

_getPermission, _getPermissionByGroup, _getPermissionByUser, _getPermissionForAnonymous, _getPermissionForAnyConnectedUser, _hasRightResultInFirstCache, _hasRightResultInSecondCache, _putInFirstCache, _putInSecondCache, hasAnonymousAnyPermissionOnWorkspace, hasAnonymousAnyReadAccessPermissionOnWorkspace, hasAnyConnectedUserAnyPermissionOnWorkspace, hasAnyConnectedUserAnyReadAccessPermissionOnWorkspace, hasUserAnyPermissionOnWorkspace, hasUserAnyReadAccessPermissionOnWorkspace, initialize

Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled

getLogger, setLogger

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ThesaurusAccessController

public ThesaurusAccessController()

Method Detail

contextualize

public void contextualize(Context context)
                   throws ContextException

Specified by:

contextualize in interface Contextualizable

Throws:

ContextException

service

public void service(ServiceManager manager)
             throws ServiceException

Specified by:

service in interface Serviceable

Overrides:

service in class AbstractProfileStorageBasedAccessController

Throws:

ServiceException

isSupported

public boolean isSupported(Object object)

Description copied from interface: AccessController

Returns true if this access controller supports the given object

Specified by:

isSupported in interface AccessController

Parameters:

object - The object to test

Returns:

true if this access controller supports the given object

_convertContext

protected Object _convertContext(Object initialContext)

Description copied from class: AbstractProfileStorageBasedAccessController

For methods getXXXXPermissionYYY allow to have a modification of the context before transfering it to the profile assignment storage extension point The default implemenation keep the context as it is

Overrides:

_convertContext in class AbstractProfileStorageBasedAccessController

Parameters:

initialContext - The right context that is supported

Returns:

the context modified

_convertRightId

protected String _convertRightId(String rightId)

Convert the asked right id to the real right to check

Parameters:

rightId - The asked right id

Returns:

the right to check

getPermission

public AccessController.AccessResult getPermission(UserIdentity user,
                                                   Set<GroupIdentity> userGroups,
                                                   String rightId,
                                                   Object object)

Description copied from interface: AccessController

Gets the kind of access a user has on an object for a given right

Specified by:

getPermission in interface AccessController

Overrides:

getPermission in class AbstractProfileStorageBasedAccessController

Parameters:

user - The user. Cannot be null.

userGroups - The groups the user belongs to

rightId - The id of the right of the user

object - The context object to check the access

Returns:

the kind of access a user has on an object for a right

getReadAccessPermission

public AccessController.AccessResult getReadAccessPermission(UserIdentity user,
                                                             Set<GroupIdentity> userGroups,
                                                             Object object)

Description copied from interface: AccessController

Gets the kind of access a user has on an object for thye read access

Specified by:

getReadAccessPermission in interface AccessController

Overrides:

getReadAccessPermission in class AbstractProfileStorageBasedAccessController

Parameters:

user - The user. Cannot be null.

userGroups - The groups the user belongs to

object - The context object to check the access

Returns:

the kind of access a user has on an object for the read access

getPermissionByRight

public Map<String,AccessController.AccessResult> getPermissionByRight(UserIdentity user,
                                                                            Set<GroupIdentity> userGroups,
                                                                            Object object)

Description copied from interface: AccessController

Gets the kind of access a user has on an object for all rights

Specified by:

getPermissionByRight in interface AccessController

Overrides:

getPermissionByRight in class AbstractProfileStorageBasedAccessController

Parameters:

user - The user. Cannot be null.

userGroups - The groups the user belongs to

object - The context object to check the access

Returns:

the kind of access a user has on an object for all rights

getPermissionForAnonymous

public AccessController.AccessResult getPermissionForAnonymous(String rightId,
                                                               Object object)

Description copied from interface: AccessController

Gets the permission for Anonymous only on an object for a given right

Specified by:

getPermissionForAnonymous in interface AccessController

Overrides:

getPermissionForAnonymous in class AbstractProfileStorageBasedAccessController

Parameters:

rightId - The id of the right to check

object - The object

Returns:

the permission for Anonymous only on an object for a given right

getReadAccessPermissionForAnonymous

public AccessController.AccessResult getReadAccessPermissionForAnonymous(Object object)

Description copied from interface: AccessController

Gets the read access permission for Anonymous only on an object

Specified by:

getReadAccessPermissionForAnonymous in interface AccessController

Overrides:

getReadAccessPermissionForAnonymous in class AbstractProfileStorageBasedAccessController

Parameters:

object - The object

Returns:

the read access permission for Anonymous only on an object

getPermissionForAnyConnectedUser

public AccessController.AccessResult getPermissionForAnyConnectedUser(String rightId,
                                                                      Object object)

Description copied from interface: AccessController

Gets the permission for any connected user only on an object for a given right

Specified by:

getPermissionForAnyConnectedUser in interface AccessController

Overrides:

getPermissionForAnyConnectedUser in class AbstractProfileStorageBasedAccessController

Parameters:

rightId - The id of the right to check

object - The object

Returns:

the permission for any connected user only on an object for a given right

getReadAccessPermissionForAnyConnectedUser

public AccessController.AccessResult getReadAccessPermissionForAnyConnectedUser(Object object)

Description copied from interface: AccessController

Gets the read access permission for any connected user only on an object

Specified by:

getReadAccessPermissionForAnyConnectedUser in interface AccessController

Overrides:

getReadAccessPermissionForAnyConnectedUser in class AbstractProfileStorageBasedAccessController

Parameters:

object - The object

Returns:

the read access permission for any connected user only on an object

getPermissionByUser

public Map<UserIdentity,AccessController.AccessResult> getPermissionByUser(String rightId,
                                                                                 Object object)

Description copied from interface: AccessController

Gets the permission by user only on an object for the given right. It does not take account of the groups of the user, etc.

Specified by:

getPermissionByUser in interface AccessController

Overrides:

getPermissionByUser in class AbstractProfileStorageBasedAccessController

Parameters:

rightId - The id of the right to check

object - The object

Returns:

the permission by user only on an object for the given right

getReadAccessPermissionByGroup

public Map<GroupIdentity,AccessController.AccessResult> getReadAccessPermissionByGroup(Object object)

Description copied from interface: AccessController

Gets the read access permission by group only on an object.

Specified by:

getReadAccessPermissionByGroup in interface AccessController

Overrides:

getReadAccessPermissionByGroup in class AbstractProfileStorageBasedAccessController

Parameters:

object - The object

Returns:

the read access permission by group only on an object

getReadAccessPermissionByUser

public Map<UserIdentity,AccessController.AccessResult> getReadAccessPermissionByUser(Object object)

Description copied from interface: AccessController

Gets the read access permission by user only on an object. It does not take account of the groups of the user, etc.

Specified by:

getReadAccessPermissionByUser in interface AccessController

Overrides:

getReadAccessPermissionByUser in class AbstractProfileStorageBasedAccessController

Parameters:

object - The object

Returns:

the read access permission by user only on an object

getPermissionByGroup

public Map<GroupIdentity,AccessController.AccessResult> getPermissionByGroup(String rightId,
                                                                                   Object object)

Description copied from interface: AccessController

Gets the permission by group only on an object for the given right.

Specified by:

getPermissionByGroup in interface AccessController

Overrides:

getPermissionByGroup in class AbstractProfileStorageBasedAccessController

Parameters:

rightId - The id of the right to check

object - The object

Returns:

the permission by group only on an object for the given right

_convertWorkspaceToRootRightContexts

protected Set<? extends Object> _convertWorkspaceToRootRightContexts(Set<Object> workspacesContexts)

Description copied from class: AbstractProfileStorageBasedAccessController

Get the current workspaces contexts and turn it into root contexts in order to allow methods hasXXXAnyPermissionOnWorkspace to work

Specified by:

_convertWorkspaceToRootRightContexts in class AbstractProfileStorageBasedAccessController

Parameters:

workspacesContexts - The workspace contexts. Such as '/${WorkspaceName}', '/admin'

Returns:

A null or empty set if the current AccessController does not apply to any workspace context, or the root object where ProfileAssignmentStorageExtension should start looking at to find any permission