AttributeDefAdapter

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.grouper.privs
Interface AttributeDefAdapter

All Known Implementing Classes:: BaseAttrDefAdapter, GrouperAttributeDefAdapter, GrouperNonDbAttrDefAdapter

public interface AttributeDefAdapter

Grouper AttributeDef Privilege interface.

Unless you are implementing a new implementation of this interface, you should not need to directly use these methods as they are all wrapped by methods in the AttributeDef class.

If you are implementing your own attribute def adapter, you should probably extend BaseAccessAdapter

Version:: $Id: AttributeDefAdapter.java,v 1.1 2009-09-21 06:14:26 mchyzer Exp $
Author:: blair christensen.

Method Summary
`java.util.Set<AttributeDef>`	`getAttributeDefsWhereSubjectDoesntHavePrivilege(GrouperSession grouperSession, java.lang.String stemId, Stem.Scope scope, edu.internet2.middleware.subject.Subject subject, Privilege privilege, boolean considerAllSubject, java.lang.String sqlLikeString)` find the attributeDefs which do not have a certain privilege
`java.util.Set<AttributeDef>`	`getAttributeDefsWhereSubjectHasPriv(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subj, Privilege priv)` Get all attribute defs where this subject has this privilege.
`java.util.Set<AttributeDefPrivilege>`	`getPrivs(GrouperSession grouperSession, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)` Get all privileges held by this subject on this attribute definition.
`java.util.Set<edu.internet2.middleware.subject.Subject>`	`getSubjectsWithPriv(GrouperSession s, AttributeDef attributeDef, Privilege priv)` Get all subjects with this privilege on this attribute definition.
`void`	`grantPriv(GrouperSession grouperSession, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj, Privilege priv, java.lang.String uuid)` Grant the privilege to the subject on this attrDef.
`boolean`	`hasPriv(GrouperSession grouperSession, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj, Privilege priv)` Check whether the subject has this privilege on this attrDef.
`boolean`	`hqlFilterAttrDefsWhereClause(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, java.lang.StringBuilder hqlTables, java.lang.StringBuilder hqlWhereClause, java.lang.String attrDefColumn, java.util.Set<Privilege> privInSet)` for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttrDefs instead if you like).
`boolean`	`hqlFilterAttributeDefsNotWithPrivWhereClause(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, java.lang.StringBuilder hql, java.lang.String attributeDefColumn, Privilege privilege, boolean considerAllSubject)` for an attributeDef query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterAttributeDefs instead if you like).
`java.util.Set<AttributeAssign>`	`postHqlFilterAttributeAssigns(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject, java.util.Set<AttributeAssign> attributeAssigns)` filter attribute assignments for things the subject can see, assume underlying assignments are ok to view
`java.util.Set<AttributeDef>`	`postHqlFilterAttributeDefs(GrouperSession grouperSession, java.util.Set<AttributeDef> attributeDefs, edu.internet2.middleware.subject.Subject subject, java.util.Set<Privilege> privInSet)` after HQL is run, filter attributeDefs.
`java.util.Set<PermissionEntry>`	`postHqlFilterPermissions(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject, java.util.Set<PermissionEntry> permissionEntries)` filter permissionEntries for things the subject can see, assume underlying assignments are ok to view
`java.util.Set<PITAttributeAssign>`	`postHqlFilterPITAttributeAssigns(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject, java.util.Set<PITAttributeAssign> pitAttributeAssigns)` filter pit attribute assignments for things the subject can see, assume underlying assignments are ok to view
`void`	`privilegeCopy(GrouperSession grouperSession, AttributeDef attributeDef1, AttributeDef attributeDef2, Privilege priv)` Copies privileges for subjects that have the specified privilege on g1 to g2.
`void`	`privilegeCopy(GrouperSession s, edu.internet2.middleware.subject.Subject subj1, edu.internet2.middleware.subject.Subject subj2, Privilege priv)` Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.
`java.util.Set<PrivilegeSubjectContainer>`	`retrievePrivileges(GrouperSession grouperSession, AttributeDef attributeDef, java.util.Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, java.util.Set<Member> additionalMembers)` get a list of privilege subjects, there are no results with the same subject/privilege combination
`void`	`revokeAllPrivilegesForSubject(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject)` Revoke all access privileges that this subject has.
`void`	`revokePriv(GrouperSession grouperSession, AttributeDef attributeDef, Privilege priv)` Revoke this privilege from everyone on this attrDef.
`void`	`revokePriv(GrouperSession grouperSession, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj, Privilege priv)` Revoke the privilege from the subject on this attrDef.

Method Detail

getSubjectsWithPriv

java.util.Set<edu.internet2.middleware.subject.Subject> getSubjectsWithPriv(GrouperSession s,
                                                                            AttributeDef attributeDef,
                                                                            Privilege priv)
                                                                            throws SchemaException

Get all subjects with this privilege on this attribute definition.

 Set admins = ap.getSubjectsWithPriv(s, attrDef, AccessPrivilege.ADMIN);

Parameters:: s - Get privileges within this session context.; attributeDef - Get privileges on this attribute definition.; priv - Get this privilege.
Returns:: Set of Subject objects.
Throws:: SchemaException

getAttributeDefsWhereSubjectHasPriv

java.util.Set<AttributeDef> getAttributeDefsWhereSubjectHasPriv(GrouperSession grouperSession,
                                                                edu.internet2.middleware.subject.Subject subj,
                                                                Privilege priv)
                                                                throws SchemaException

Get all attribute defs where this subject has this privilege.

 try {
   Set isAdmin = ap.getAttributeDefsWhereSubjectHasPriv(
     s, subj, AccessPrivilege.ADMIN
   );
 }
 catch (SchemaException eS) {
   // Invalid priv
 }

Parameters:: grouperSession - Get privileges within this session context.; subj - Get privileges for this subject.; priv - Get this privilege.
Returns:: Set of AttributeDef objects.
Throws:: SchemaException

getPrivs

java.util.Set<AttributeDefPrivilege> getPrivs(GrouperSession grouperSession,
                                              AttributeDef attributeDef,
                                              edu.internet2.middleware.subject.Subject subj)

Get all privileges held by this subject on this attribute definition.

 Set privs = ap.getPrivs(s, g, subj);

Parameters:: grouperSession - Get privileges within this session context.; attributeDef - Get privileges on this attrDef.; subj - Get privileges for this member.
Returns:: Set of privileges.

grantPriv

void grantPriv(GrouperSession grouperSession,
               AttributeDef attributeDef,
               edu.internet2.middleware.subject.Subject subj,
               Privilege priv,
               java.lang.String uuid)
               throws GrantPrivilegeException,
                      InsufficientPrivilegeException,
                      SchemaException

Grant the privilege to the subject on this attrDef.

 try {
   ap.grantPriv(s, g, subj, AccessPrivilege.ADMIN);
 }
 catch (GrantPrivilegeException e0) {
   // Unable to grant the privilege
 }
 catch (InsufficientPrivilegeException e1) {
   // Not privileged to grant the privilege
 }
 catch (SchemaException e2) {
   // Invalid privilege
 }

Parameters:: grouperSession - Grant privilege in this session context.; attributeDef - Grant privilege on this attrDef.; subj - Grant privilege to this subject.; priv - Grant this privilege.; uuid - is uuid or null if assign one
Throws:: GrantPrivilegeException; InsufficientPrivilegeException; SchemaException

hasPriv

boolean hasPriv(GrouperSession grouperSession,
                AttributeDef attributeDef,
                edu.internet2.middleware.subject.Subject subj,
                Privilege priv)
                throws SchemaException

Check whether the subject has this privilege on this attrDef.

 try {
   ap.hasPriv(s, g, subject, AccessPrivilege.ADMIN);
 }
 catch (SchemaException e) {
   // Invalid privilege
 }

Parameters:: grouperSession - Check privilege in this session context.; attributeDef - Check privilege on this attrDef.; subj - Check privilege for this subject.; priv - Check this privilege.
Returns:: if has priv
Throws:: SchemaException

revokePriv

void revokePriv(GrouperSession grouperSession,
                AttributeDef attributeDef,
                Privilege priv)
                throws InsufficientPrivilegeException,
                       RevokePrivilegeException,
                       SchemaException

Revoke this privilege from everyone on this attrDef.

 try {
   ap.revokePriv(s, g, AccessPrivilege.ADMIN);
 }
 catch (InsufficientPrivilegeException eIP) {
   // Not privileged to revoke the privilege
 }
 catch (RevokePrivilegeException eRP) {
   // Unable to revoke the privilege
 }

Parameters:: grouperSession - Revoke privilege in this session context.; attributeDef - Revoke privilege on this group.; priv - Revoke this privilege.
Throws:: InsufficientPrivilegeException; RevokePrivilegeException; SchemaException

revokePriv

void revokePriv(GrouperSession grouperSession,
                AttributeDef attributeDef,
                edu.internet2.middleware.subject.Subject subj,
                Privilege priv)
                throws InsufficientPrivilegeException,
                       RevokePrivilegeException,
                       SchemaException

Revoke the privilege from the subject on this attrDef.

 try {
   ap.revokePriv(s, g, subj, AccessPrivilege.ADMIN);
 }
 catch (InsufficientPrivilegeException eIP) {
   // Not privileged to revoke the privilege
 }
 catch (RevokePrivilegeException eRP) {
   // Unable to revoke the privilege
 }

Parameters:: grouperSession - Revoke privilege in this session context.; attributeDef - Revoke privilege on this attrDef.; subj - Revoke privilege from this subject.; priv - Revoke this privilege.
Throws:: InsufficientPrivilegeException; RevokePrivilegeException; SchemaException

privilegeCopy

void privilegeCopy(GrouperSession grouperSession,
                   AttributeDef attributeDef1,
                   AttributeDef attributeDef2,
                   Privilege priv)
                   throws InsufficientPrivilegeException,
                          GrantPrivilegeException,
                          SchemaException

Copies privileges for subjects that have the specified privilege on g1 to g2.

Parameters:: grouperSession -; attributeDef1 -; attributeDef2 -; priv -
Throws:: InsufficientPrivilegeException; GrantPrivilegeException; SchemaException

privilegeCopy

void privilegeCopy(GrouperSession s,
                   edu.internet2.middleware.subject.Subject subj1,
                   edu.internet2.middleware.subject.Subject subj2,
                   Privilege priv)
                   throws InsufficientPrivilegeException,
                          GrantPrivilegeException,
                          SchemaException

Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. For instance, if subj1 has ADMIN privilege to AttributeDef x, this method will result with subj2 having ADMIN privilege to AttributeDef x.

Parameters:: s -; subj1 -; subj2 -; priv -
Throws:: InsufficientPrivilegeException; GrantPrivilegeException; SchemaException

postHqlFilterAttributeDefs

java.util.Set<AttributeDef> postHqlFilterAttributeDefs(GrouperSession grouperSession,
                                                       java.util.Set<AttributeDef> attributeDefs,
                                                       edu.internet2.middleware.subject.Subject subject,
                                                       java.util.Set<Privilege> privInSet)

after HQL is run, filter attributeDefs. If you are filtering in HQL, then dont filter here

Parameters:: grouperSession -; attributeDefs -; subject - which needs view access to the groups; privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter
Returns:: the set of filtered groups

hqlFilterAttrDefsWhereClause

boolean hqlFilterAttrDefsWhereClause(GrouperSession grouperSession,
                                     edu.internet2.middleware.subject.Subject subject,
                                     HqlQuery hqlQuery,
                                     java.lang.StringBuilder hqlTables,
                                     java.lang.StringBuilder hqlWhereClause,
                                     java.lang.String attrDefColumn,
                                     java.util.Set<Privilege> privInSet)

for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttrDefs instead if you like). Note, this joins to tables, so the queries should probably be "distinct"

Parameters:: grouperSession -; subject - which needs view access to the attrDefs; hqlTables - is the select and part part (hql prefix); hqlWhereClause - is there where clause part of the query; hqlQuery -; attrDefColumn - is the name of the attrDef column to join to; privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessPrivilege
Returns:: if the query was changed

postHqlFilterAttributeAssigns

java.util.Set<AttributeAssign> postHqlFilterAttributeAssigns(GrouperSession grouperSession,
                                                             edu.internet2.middleware.subject.Subject subject,
                                                             java.util.Set<AttributeAssign> attributeAssigns)

filter attribute assignments for things the subject can see, assume underlying assignments are ok to view

Parameters:: grouperSession -; attributeAssigns -; subject -
Returns:: the memberships

postHqlFilterPITAttributeAssigns

java.util.Set<PITAttributeAssign> postHqlFilterPITAttributeAssigns(GrouperSession grouperSession,
                                                                   edu.internet2.middleware.subject.Subject subject,
                                                                   java.util.Set<PITAttributeAssign> pitAttributeAssigns)

filter pit attribute assignments for things the subject can see, assume underlying assignments are ok to view

Parameters:: grouperSession -; pitAttributeAssigns -; subject -
Returns:: the pit attribute assignments

revokeAllPrivilegesForSubject

void revokeAllPrivilegesForSubject(GrouperSession grouperSession,
                                   edu.internet2.middleware.subject.Subject subject)

Revoke all access privileges that this subject has.

Parameters:: grouperSession -; subject -

postHqlFilterPermissions

java.util.Set<PermissionEntry> postHqlFilterPermissions(GrouperSession grouperSession,
                                                        edu.internet2.middleware.subject.Subject subject,
                                                        java.util.Set<PermissionEntry> permissionEntries)

filter permissionEntries for things the subject can see, assume underlying assignments are ok to view

Parameters:: grouperSession -; permissionEntries -; subject -
Returns:: the memberships

getAttributeDefsWhereSubjectDoesntHavePrivilege

java.util.Set<AttributeDef> getAttributeDefsWhereSubjectDoesntHavePrivilege(GrouperSession grouperSession,
                                                                            java.lang.String stemId,
                                                                            Stem.Scope scope,
                                                                            edu.internet2.middleware.subject.Subject subject,
                                                                            Privilege privilege,
                                                                            boolean considerAllSubject,
                                                                            java.lang.String sqlLikeString)

find the attributeDefs which do not have a certain privilege

Parameters:: grouperSession -; stemId -; scope -; subject -; privilege -; considerAllSubject -; sqlLikeString -
Returns:: the attributeDefs

hqlFilterAttributeDefsNotWithPrivWhereClause

boolean hqlFilterAttributeDefsNotWithPrivWhereClause(GrouperSession grouperSession,
                                                     edu.internet2.middleware.subject.Subject subject,
                                                     HqlQuery hqlQuery,
                                                     java.lang.StringBuilder hql,
                                                     java.lang.String attributeDefColumn,
                                                     Privilege privilege,
                                                     boolean considerAllSubject)

for an attributeDef query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterAttributeDefs instead if you like).

Parameters:: grouperSession -; subject - which needs view access to the groups; hql - is the select and part part (hql prefix); hqlQuery -; attributeDefColumn - is the name of the attributeDef column to join to; privilege - find a privilege which is in this set (e.g. attributeDef privs).; considerAllSubject - if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider
Returns:: if the query was changed

retrievePrivileges

java.util.Set<PrivilegeSubjectContainer> retrievePrivileges(GrouperSession grouperSession,
                                                            AttributeDef attributeDef,
                                                            java.util.Set<Privilege> privileges,
                                                            MembershipType membershipType,
                                                            QueryPaging queryPaging,
                                                            java.util.Set<Member> additionalMembers)

get a list of privilege subjects, there are no results with the same subject/privilege combination

Parameters:: grouperSession - grouper session; attributeDef - to search on; privileges - if blank, get all; membershipType - if immediate, effective, or blank for all; queryPaging - if a certain page should be returned based on subject; additionalMembers - additional members to query that the user is finding or adding
Returns:: the privilege subject combinations

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.grouper.privs Interface AttributeDefAdapter

getSubjectsWithPriv

getAttributeDefsWhereSubjectHasPriv

getPrivs

grantPriv

hasPriv

revokePriv

revokePriv

privilegeCopy

privilegeCopy

postHqlFilterAttributeDefs

hqlFilterAttrDefsWhereClause

postHqlFilterAttributeAssigns

postHqlFilterPITAttributeAssigns

revokeAllPrivilegesForSubject

postHqlFilterPermissions

getAttributeDefsWhereSubjectDoesntHavePrivilege

hqlFilterAttributeDefsNotWithPrivWhereClause

retrievePrivileges

edu.internet2.middleware.grouper.privs
Interface AttributeDefAdapter