Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.grouper.privs
Interface AttributeDefResolver

All Known Implementing Classes:
AttributeDefResolverDecorator, AttributeDefWrapper, CachingAttrDefResolver, GrouperAllAttrDefResolver, GrouperSystemAttrDefResolver, ValidatingAttrDefResolver, WheelAttrDefResolver
public interface AttributeDefResolver

Facade for the AttributeDefAdapter interface.

Since:
1.2.1
Version:
$Id: AttributeDefResolver.java,v 1.1 2009-09-21 06:14:26 mchyzer Exp $
Author:
blair christensen.

Method Summary
 void flushCache()
          flush cache if caching resolver
 java.util.Set<AttributeDef> getAttributeDefsWhereSubjectDoesntHavePrivilege(java.lang.String stemId, Stem.Scope scope, edu.internet2.middleware.subject.Subject subject, Privilege privilege, boolean considerAllSubject, java.lang.String sqlLikeString)
          find the attributeDefs which do not have a certain privilege
 java.util.Set<AttributeDef> getAttributeDefsWhereSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          Get all attributedefs where subject has privilege.
 GrouperSession getGrouperSession()
          get a reference to the session
 java.util.Set<AttributeDefPrivilege> getPrivileges(AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subject)
          Get all privileges subject has on attributeDef.
 java.util.Set<edu.internet2.middleware.subject.Subject> getSubjectsWithPrivilege(AttributeDef attributeDef, Privilege privilege)
          Get all subjects with privilege on attributeDef.
 void grantPrivilege(AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subject, Privilege privilege, java.lang.String uuid)
          Grant privilege to subject on attributeDef.
 boolean hasPrivilege(AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          Check whether subject has privilege on attributeDef.
 boolean hqlFilterAttrDefsWhereClause(edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, java.lang.StringBuilder hqlTables, java.lang.StringBuilder hqlWhereClause, java.lang.String attributeDefColumn, java.util.Set<Privilege> privInSet)
          for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttDefs instead if you like)
 boolean hqlFilterAttributeDefsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, java.lang.StringBuilder hql, java.lang.String attributeDefColumn, Privilege privilege, boolean considerAllSubject)
          for an attribute def query, check to make sure the subject cant see the records
 java.util.Set<AttributeDef> postHqlFilterAttrDefs(java.util.Set<AttributeDef> attributeDefs, edu.internet2.middleware.subject.Subject subject, java.util.Set<Privilege> privInSet)
          after HQL is run, filter attributeDefs.
 java.util.Set<AttributeAssign> postHqlFilterAttributeAssigns(edu.internet2.middleware.subject.Subject subject, java.util.Set<AttributeAssign> attributeAssigns)
          filter attributeDefs for things the subject can see
 java.util.Set<PermissionEntry> postHqlFilterPermissions(edu.internet2.middleware.subject.Subject subject, java.util.Set<PermissionEntry> permissionsEntries)
          filter permissions for things the subject can see
 java.util.Set<PITAttributeAssign> postHqlFilterPITAttributeAssigns(edu.internet2.middleware.subject.Subject subject, java.util.Set<PITAttributeAssign> pitAttributeAssigns)
          filter pit attribute assignments for things the subject can see
 void privilegeCopy(AttributeDef attributeDef1, AttributeDef attributeDef2, Privilege priv)
          Copies privileges for subjects that have the specified privilege on g1 to g2.
 void privilegeCopy(edu.internet2.middleware.subject.Subject subj1, edu.internet2.middleware.subject.Subject subj2, Privilege priv)
          Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.
 java.util.Set<PrivilegeSubjectContainer> retrievePrivileges(AttributeDef attributeDef, java.util.Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, java.util.Set<Member> additionalMembers)
          get a list of privilege subjects, there are no results with the same subject
 void revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject subject)
          Revoke all attrDef privileges that this subject has.
 void revokePrivilege(AttributeDef attributeDef, Privilege privilege)
          Revoke privilege from all subjects on attributeDef.
 void revokePrivilege(AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          Revoke privilege from subject on attributeDef.
 void stop()
          clean up resources, session is stopped
 

Method Detail

stop

void stop()
clean up resources, session is stopped

getGrouperSession

GrouperSession getGrouperSession()
get a reference to the session

Returns:
the session

flushCache

void flushCache()
flush cache if caching resolver

getAttributeDefsWhereSubjectHasPrivilege

java.util.Set<AttributeDef> getAttributeDefsWhereSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject,
                                                                     Privilege privilege)
                                                                     throws java.lang.IllegalArgumentException
Get all attributedefs where subject has privilege.

Parameters:
subject -
privilege -
Returns:
the set
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
Since:
1.2.1
See Also:
AttributeDefAdapter.getAttributeDefsWhereSubjectHasPriv(GrouperSession, Subject, Privilege)

getPrivileges

java.util.Set<AttributeDefPrivilege> getPrivileges(AttributeDef attributeDef,
                                                   edu.internet2.middleware.subject.Subject subject)
                                                   throws java.lang.IllegalArgumentException
Get all privileges subject has on attributeDef.

Parameters:
attributeDef -
subject -
Returns:
the set
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
Since:
1.2.1
See Also:
AttributeDefAdapter.getPrivs(GrouperSession, AttributeDef, Subject)

getSubjectsWithPrivilege

java.util.Set<edu.internet2.middleware.subject.Subject> getSubjectsWithPrivilege(AttributeDef attributeDef,
                                                                                 Privilege privilege)
                                                                                 throws java.lang.IllegalArgumentException
Get all subjects with privilege on attributeDef.

Parameters:
attributeDef -
privilege -
Returns:
the set
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
Since:
1.2.1
See Also:
AttributeDefAdapter.getSubjectsWithPriv(GrouperSession, AttributeDef, Privilege)

grantPrivilege

void grantPrivilege(AttributeDef attributeDef,
                    edu.internet2.middleware.subject.Subject subject,
                    Privilege privilege,
                    java.lang.String uuid)
                    throws java.lang.IllegalArgumentException,
                           UnableToPerformException
Grant privilege to subject on attributeDef.

Parameters:
attributeDef -
subject -
privilege -
uuid - is uuid or null for assigned
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
UnableToPerformException - if the privilege could not be granted.
Since:
1.2.1
See Also:
AttributeDefAdapter.grantPriv(GrouperSession, AttributeDef, Subject, Privilege, String)

hasPrivilege

boolean hasPrivilege(AttributeDef attributeDef,
                     edu.internet2.middleware.subject.Subject subject,
                     Privilege privilege)
                     throws java.lang.IllegalArgumentException
Check whether subject has privilege on attributeDef.

Parameters:
attributeDef -
subject -
privilege -
Returns:
boolean
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
Since:
1.2.1
See Also:
AttributeDefAdapter.hasPriv(GrouperSession, AttributeDef, Subject, Privilege)

revokePrivilege

void revokePrivilege(AttributeDef attributeDef,
                     Privilege privilege)
                     throws java.lang.IllegalArgumentException,
                            UnableToPerformException
Revoke privilege from all subjects on attributeDef.

Parameters:
attributeDef -
privilege -
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
UnableToPerformException - if the privilege could not be revoked.
Since:
1.2.1
See Also:
AttributeDefAdapter.revokePriv(GrouperSession, AttributeDef, Privilege)

revokePrivilege

void revokePrivilege(AttributeDef attributeDef,
                     edu.internet2.middleware.subject.Subject subject,
                     Privilege privilege)
                     throws java.lang.IllegalArgumentException,
                            UnableToPerformException
Revoke privilege from subject on attributeDef.

Parameters:
attributeDef -
subject -
privilege -
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
UnableToPerformException - if the privilege could not be revoked.
Since:
1.2.1
See Also:
AttributeDefAdapter.revokePriv(GrouperSession, AttributeDef, Subject, Privilege)

privilegeCopy

void privilegeCopy(AttributeDef attributeDef1,
                   AttributeDef attributeDef2,
                   Privilege priv)
                   throws java.lang.IllegalArgumentException,
                          UnableToPerformException
Copies privileges for subjects that have the specified privilege on g1 to g2.

Parameters:
attributeDef1 -
attributeDef2 -
priv -
Throws:
java.lang.IllegalArgumentException
UnableToPerformException

privilegeCopy

void privilegeCopy(edu.internet2.middleware.subject.Subject subj1,
                   edu.internet2.middleware.subject.Subject subj2,
                   Privilege priv)
                   throws java.lang.IllegalArgumentException,
                          UnableToPerformException
Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. For instance, if subj1 has ATTR_ADMIN privilege to AttributeDef x, this method will result with subj2 having ATTR_ADMIN privilege to AttributeDef x.

Parameters:
subj1 -
subj2 -
priv -
Throws:
java.lang.IllegalArgumentException
UnableToPerformException

postHqlFilterAttrDefs

java.util.Set<AttributeDef> postHqlFilterAttrDefs(java.util.Set<AttributeDef> attributeDefs,
                                                  edu.internet2.middleware.subject.Subject subject,
                                                  java.util.Set<Privilege> privInSet)
after HQL is run, filter attributeDefs. If you are filtering in HQL, then dont filter here

Parameters:
attributeDefs -
subject - which needs view access to the attribute defs
privInSet - find a privilege which is in this set (e.g. for view, send all attrDef privs). There are pre-canned sets in AttributeDefAdapter
Returns:
the set of filtered attrDefs

hqlFilterAttrDefsWhereClause

boolean hqlFilterAttrDefsWhereClause(edu.internet2.middleware.subject.Subject subject,
                                     HqlQuery hqlQuery,
                                     java.lang.StringBuilder hqlTables,
                                     java.lang.StringBuilder hqlWhereClause,
                                     java.lang.String attributeDefColumn,
                                     java.util.Set<Privilege> privInSet)
for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttDefs instead if you like)

Parameters:
subject - which needs view access to the attrDefs
hqlQuery -
hqlTables - the select and current from part
hqlWhereClause - is there where clause part of the query
attributeDefColumn - is the name of the attributeDef column to join to
privInSet - find a privilege which is in this set (e.g. for view, send all attrDef privs)
Returns:
if the statement was changed

postHqlFilterAttributeAssigns

java.util.Set<AttributeAssign> postHqlFilterAttributeAssigns(edu.internet2.middleware.subject.Subject subject,
                                                             java.util.Set<AttributeAssign> attributeAssigns)
filter attributeDefs for things the subject can see

Parameters:
attributeAssigns -
subject -
Returns:
the memberships

postHqlFilterPITAttributeAssigns

java.util.Set<PITAttributeAssign> postHqlFilterPITAttributeAssigns(edu.internet2.middleware.subject.Subject subject,
                                                                   java.util.Set<PITAttributeAssign> pitAttributeAssigns)
filter pit attribute assignments for things the subject can see

Parameters:
pitAttributeAssigns -
subject -
Returns:
the pit attribute assignments

postHqlFilterPermissions

java.util.Set<PermissionEntry> postHqlFilterPermissions(edu.internet2.middleware.subject.Subject subject,
                                                        java.util.Set<PermissionEntry> permissionsEntries)
filter permissions for things the subject can see

Parameters:
permissionsEntries -
subject -
Returns:
the memberships

revokeAllPrivilegesForSubject

void revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject subject)
Revoke all attrDef privileges that this subject has.

Parameters:
subject -

getAttributeDefsWhereSubjectDoesntHavePrivilege

java.util.Set<AttributeDef> getAttributeDefsWhereSubjectDoesntHavePrivilege(java.lang.String stemId,
                                                                            Stem.Scope scope,
                                                                            edu.internet2.middleware.subject.Subject subject,
                                                                            Privilege privilege,
                                                                            boolean considerAllSubject,
                                                                            java.lang.String sqlLikeString)
find the attributeDefs which do not have a certain privilege

Parameters:
stemId -
scope -
subject -
privilege -
considerAllSubject -
sqlLikeString -
Returns:
the attributeDefs

hqlFilterAttributeDefsNotWithPrivWhereClause

boolean hqlFilterAttributeDefsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject subject,
                                                     HqlQuery hqlQuery,
                                                     java.lang.StringBuilder hql,
                                                     java.lang.String attributeDefColumn,
                                                     Privilege privilege,
                                                     boolean considerAllSubject)
for an attribute def query, check to make sure the subject cant see the records

Parameters:
subject - which needs view access to the groups
hqlQuery -
hql - the select and current from part
attributeDefColumn - is the name of the attributeDef column to join to
privilege - find a privilege which is in this set (e.g. for view, attr view)
considerAllSubject - if true, then consider GrouperAll when seeign if subject has priv, else do not
Returns:
if the statement was changed

retrievePrivileges

java.util.Set<PrivilegeSubjectContainer> retrievePrivileges(AttributeDef attributeDef,
                                                            java.util.Set<Privilege> privileges,
                                                            MembershipType membershipType,
                                                            QueryPaging queryPaging,
                                                            java.util.Set<Member> additionalMembers)
get a list of privilege subjects, there are no results with the same subject

Parameters:
attributeDef - to search on
privileges - if blank, get all
membershipType - if immediate, effective, or blank for all
queryPaging - if a certain page should be returned, based on subject
additionalMembers - additional members to query that the user is finding or adding
Returns:
the privilege subject combinations
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD