Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.grouper.privs
Interface NamingAdapter

All Known Implementing Classes:
BaseNamingAdapter, GrouperNamingAdapter, GrouperNonDbNamingAdapter
public interface NamingAdapter

Grouper Naming Privilege interface.

Unless you are implementing a new implementation of this interface, you should not need to directly use these methods as they are all wrapped by methods in the Stem class.

Version:
$Id: NamingAdapter.java,v 1.7 2009-08-29 15:57:59 shilen Exp $
Author:
blair christensen.

Method Summary
 java.util.Set<NamingPrivilege> getPrivs(GrouperSession s, Stem ns, edu.internet2.middleware.subject.Subject subj)
          Get all privileges held by this subject on this stem.
 java.util.Set<Stem> getStemsWhereSubjectDoesntHavePrivilege(GrouperSession grouperSession, java.lang.String stemId, Stem.Scope scope, edu.internet2.middleware.subject.Subject subject, Privilege privilege, boolean considerAllSubject, java.lang.String sqlLikeString)
          find the stems which do not have a certain privilege
 java.util.Set getStemsWhereSubjectHasPriv(GrouperSession s, edu.internet2.middleware.subject.Subject subj, Privilege priv)
          Get all stems where this subject has this privilege.
 java.util.Set getSubjectsWithPriv(GrouperSession s, Stem ns, Privilege priv)
          Get all subjects with this privilege on this stem.
 void grantPriv(GrouperSession s, Stem ns, edu.internet2.middleware.subject.Subject subj, Privilege priv, java.lang.String uuid)
          Grant the privilege to the subject on this stem.
 boolean hasPriv(GrouperSession s, Stem ns, edu.internet2.middleware.subject.Subject subj, Privilege priv)
          Check whether the subject has this privilege on this stem.
 boolean hqlFilterStemsNotWithPrivWhereClause(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, java.lang.StringBuilder hql, java.lang.String stemColumn, Privilege privilege, boolean considerAllSubject)
          for a stem query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterStems instead if you like).
 boolean hqlFilterStemsWhereClause(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, java.lang.StringBuilder hql, java.lang.String stemColumn, java.util.Set<Privilege> privInSet)
          for a stem query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).
 java.util.Set<Stem> postHqlFilterStems(GrouperSession grouperSession, java.util.Set<Stem> stems, edu.internet2.middleware.subject.Subject subject, java.util.Set<Privilege> privInSet)
          after HQL is run, filter stems.
 void privilegeCopy(GrouperSession s, Stem stem1, Stem stem2, Privilege priv)
          Copies privileges for subjects that have the specified privilege on stem1 to stem2.
 void privilegeCopy(GrouperSession s, edu.internet2.middleware.subject.Subject subj1, edu.internet2.middleware.subject.Subject subj2, Privilege priv)
          Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.
 void revokeAllPrivilegesForSubject(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject)
          Revoke all naming privileges that this subject has.
 void revokePriv(GrouperSession s, Stem ns, Privilege priv)
          Revoke this privilege from everyone on this stem.
 void revokePriv(GrouperSession s, Stem ns, edu.internet2.middleware.subject.Subject subj, Privilege priv)
          Revoke the privilege from the subject on this stem.
 

Method Detail

getStemsWhereSubjectDoesntHavePrivilege

java.util.Set<Stem> getStemsWhereSubjectDoesntHavePrivilege(GrouperSession grouperSession,
                                                            java.lang.String stemId,
                                                            Stem.Scope scope,
                                                            edu.internet2.middleware.subject.Subject subject,
                                                            Privilege privilege,
                                                            boolean considerAllSubject,
                                                            java.lang.String sqlLikeString)
find the stems which do not have a certain privilege

Parameters:
grouperSession -
stemId -
scope -
subject -
privilege -
considerAllSubject -
sqlLikeString -
Returns:
the stems

getSubjectsWithPriv

java.util.Set getSubjectsWithPriv(GrouperSession s,
                                  Stem ns,
                                  Privilege priv)
                                  throws SchemaException
Get all subjects with this privilege on this stem. 
 Set stemmers = np.getSubjectsWithPriv(s, ns, NamingPrivilege.STEM_ADMIN);

Parameters:
s - Get privileges within this session context.
ns - Get privileges on this stem.
priv - Get this privilege.
Returns:
Set of Subject objects.
Throws:
SchemaException

getStemsWhereSubjectHasPriv

java.util.Set getStemsWhereSubjectHasPriv(GrouperSession s,
                                          edu.internet2.middleware.subject.Subject subj,
                                          Privilege priv)
                                          throws SchemaException
Get all stems where this subject has this privilege. 
 try {
   Set isStemmer = np.getStemsWhereSubjectHasPriv(
     s, subj, NamingPrivilege.STEM_ADMIN
   );
 }
 catch (SchemaException eS) {
   // Invalid priv
 }

Parameters:
s - Get privileges within this session context.
subj - Get privileges for this subject.
priv - Get this privilege.
Returns:
Set of Stem objects.
Throws:
SchemaException

getPrivs

java.util.Set<NamingPrivilege> getPrivs(GrouperSession s,
                                        Stem ns,
                                        edu.internet2.middleware.subject.Subject subj)
Get all privileges held by this subject on this stem. 
 Set privs = np.getPrivs(s, ns, subj);

Parameters:
s - Get privileges within this session context.
ns - Get privileges on this stem.
subj - Get privileges for this subject.
Returns:
Set of NamingPrivilege objects.

grantPriv

void grantPriv(GrouperSession s,
               Stem ns,
               edu.internet2.middleware.subject.Subject subj,
               Privilege priv,
               java.lang.String uuid)
               throws GrantPrivilegeException,
                      InsufficientPrivilegeException,
                      SchemaException
Grant the privilege to the subject on this stem. 
 try {
   np.grantPriv(s, ns, subj, NamingPrivilege.STEM_ADMIN);
 }
 catch (GrantPrivilegeException e0) {
   // Unable to grant the privilege
 }
 catch (InsufficientPrivilegeException e1) {
   // Not privileged to grant the privilege
 }

Parameters:
s - Grant privilege in this session context.
ns - Grant privilege on this stem.
subj - Grant privilege to this subject.
priv - Grant this privilege.
uuid - is uuid if known or null if assign one
Throws:
GrantPrivilegeException
InsufficientPrivilegeException
SchemaException

hasPriv

boolean hasPriv(GrouperSession s,
                Stem ns,
                edu.internet2.middleware.subject.Subject subj,
                Privilege priv)
                throws SchemaException
Check whether the subject has this privilege on this stem. 
 try {
   np.hasPriv(s, ns, subj, NamingPrivilege.STEM_ADMIN);
 }
 catch (SchemaException e) {
   // Invalid privilege
 }

Parameters:
s - Check privilege in this session context.
ns - Check privilege on this stem.
subj - Check privilege for this subject.
priv - Check this privilege.
Returns:
if has priv
Throws:
SchemaException

revokePriv

void revokePriv(GrouperSession s,
                Stem ns,
                Privilege priv)
                throws InsufficientPrivilegeException,
                       RevokePrivilegeException,
                       SchemaException
Revoke this privilege from everyone on this stem. 
 try {
   np.revokePriv(s, ns, NamingPrivilege.STEM_ADMIN);
 }
 catch (InsufficientPrivilegeException eIP) {
   // Not privileged to revoke the privilege
 }
 catch (RevokePrivilegeException eRP) {
   // Unable to revoke the privilege
 }

Parameters:
s - Revoke privilege in this session context.
ns - Revoke privilege on this stem.
priv - Revoke this privilege.
Throws:
InsufficientPrivilegeException
RevokePrivilegeException
SchemaException

revokePriv

void revokePriv(GrouperSession s,
                Stem ns,
                edu.internet2.middleware.subject.Subject subj,
                Privilege priv)
                throws InsufficientPrivilegeException,
                       RevokePrivilegeException,
                       SchemaException
Revoke the privilege from the subject on this stem. 
 try {
   np.revokePriv(s, ns, subj, NamingPrivilege.STEM_ADMIN);
 }
 catch (InsufficientPrivilegeException eIP) {
   // Not privileged to grant the privilege
 }
 catch (RevokePrivilegeException eRP) {
   // Unable to revoke the privilege
 }

Parameters:
s - Revoke privilege in this session context.
ns - Revoke privilege on this stem.
subj - Revoke privilege from this subject.
priv - Revoke this privilege.
Throws:
InsufficientPrivilegeException
RevokePrivilegeException
SchemaException

privilegeCopy

void privilegeCopy(GrouperSession s,
                   Stem stem1,
                   Stem stem2,
                   Privilege priv)
                   throws InsufficientPrivilegeException,
                          GrantPrivilegeException,
                          SchemaException
Copies privileges for subjects that have the specified privilege on stem1 to stem2.

Parameters:
s -
stem1 -
stem2 -
priv -
Throws:
InsufficientPrivilegeException
GrantPrivilegeException
SchemaException

privilegeCopy

void privilegeCopy(GrouperSession s,
                   edu.internet2.middleware.subject.Subject subj1,
                   edu.internet2.middleware.subject.Subject subj2,
                   Privilege priv)
                   throws InsufficientPrivilegeException,
                          GrantPrivilegeException,
                          SchemaException
Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. For instance, if subj1 has STEM privilege to Stem x, this method will result with subj2 having STEM privilege to Stem x.

Parameters:
s -
subj1 -
subj2 -
priv -
Throws:
InsufficientPrivilegeException
GrantPrivilegeException
SchemaException

hqlFilterStemsWhereClause

boolean hqlFilterStemsWhereClause(GrouperSession grouperSession,
                                  edu.internet2.middleware.subject.Subject subject,
                                  HqlQuery hqlQuery,
                                  java.lang.StringBuilder hql,
                                  java.lang.String stemColumn,
                                  java.util.Set<Privilege> privInSet)
for a stem query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like). Note, this joins to tables, so the queries should probably be "distinct"

Parameters:
grouperSession -
subject - which needs view access to the groups
hql - is the select and part part (hql prefix)
hqlQuery -
stemColumn - is the name of the stem column to join to
privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter
Returns:
if the query was changed

postHqlFilterStems

java.util.Set<Stem> postHqlFilterStems(GrouperSession grouperSession,
                                       java.util.Set<Stem> stems,
                                       edu.internet2.middleware.subject.Subject subject,
                                       java.util.Set<Privilege> privInSet)
after HQL is run, filter stems. If you are filtering in HQL, then dont filter here

Parameters:
grouperSession -
stems -
subject - which needs view access to the groups
privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in NamingPrivilege
Returns:
the set of filtered groups

revokeAllPrivilegesForSubject

void revokeAllPrivilegesForSubject(GrouperSession grouperSession,
                                   edu.internet2.middleware.subject.Subject subject)
Revoke all naming privileges that this subject has.

Parameters:
grouperSession -
subject -

hqlFilterStemsNotWithPrivWhereClause

boolean hqlFilterStemsNotWithPrivWhereClause(GrouperSession grouperSession,
                                             edu.internet2.middleware.subject.Subject subject,
                                             HqlQuery hqlQuery,
                                             java.lang.StringBuilder hql,
                                             java.lang.String stemColumn,
                                             Privilege privilege,
                                             boolean considerAllSubject)
for a stem query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterStems instead if you like).

Parameters:
grouperSession -
subject - which needs view access to the groups
hql - is the select and part part (hql prefix)
hqlQuery -
stemColumn - is the name of the stem column to join to
privilege - find a privilege which is in this set (e.g. naming privs).
considerAllSubject - if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider
Returns:
if the query was changed
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD