PrivilegeHelper

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.grouper.privs
Class PrivilegeHelper

java.lang.Object
  edu.internet2.middleware.grouper.privs.PrivilegeHelper

public class PrivilegeHelper
extends java.lang.Object
extends java.lang.Object

Privilege helper class.

TODO 20070823 Relocate these methods once I figure out the best home for them.

Since:: 1.2.1
Version:: $Id: PrivilegeHelper.java,v 1.12 2009-09-28 05:06:46 mchyzer Exp $
Author:: blair christensen.

Constructor Summary
`PrivilegeHelper()`

Method Summary
`static boolean`	`canAdmin(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj)`
`static boolean`	`canAttrAdmin(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)`
`static boolean`	`canAttrDefAttrRead(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)`
`static boolean`	`canAttrDefAttrUpdate(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)`
`static boolean`	`canAttrOptin(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)`
`static boolean`	`canAttrOptout(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)`
`static boolean`	`canAttrRead(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)`
`static boolean`	`canAttrUpdate(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)`
`static boolean`	`canAttrView(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj)`
`static boolean`	`canCopyStems(edu.internet2.middleware.subject.Subject subject)` Is this user allowed to copy stems?
`static boolean`	`canCreate(GrouperSession s, Stem ns, edu.internet2.middleware.subject.Subject subj)` TODO 20070823 find a real home for this and/or add tests
`static boolean`	`canGroupAttrRead(GrouperSession s, Group group, edu.internet2.middleware.subject.Subject subj)`
`static boolean`	`canGroupAttrUpdate(GrouperSession s, Group group, edu.internet2.middleware.subject.Subject subj)`
`static boolean`	`canMoveStems(edu.internet2.middleware.subject.Subject subject)` Is this user allowed to move stems?
`static boolean`	`canOptin(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj)` TODO 20070823 find a real home for this and/or add tests
`static boolean`	`canOptout(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj)` TODO 20070823 find a real home for this and/or add tests
`static boolean`	`canRead(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj)` TODO 20070823 find a real home for this and/or add tests
`static boolean`	`canRenameStems(edu.internet2.middleware.subject.Subject subject)` Is this user allowed to rename stems?
`static boolean`	`canStem(GrouperSession s, Stem ns, edu.internet2.middleware.subject.Subject subj)` TODO 20070823 find a real home for this and/or add tests
`static boolean`	`canStem(Stem ns, edu.internet2.middleware.subject.Subject subj)` TODO 20070823 find a real home for this and/or add tests
`static boolean`	`canStemAdmin(GrouperSession s, Stem ns, edu.internet2.middleware.subject.Subject subj)`
`static boolean`	`canStemAdmin(Stem ns, edu.internet2.middleware.subject.Subject subj)`
`static boolean`	`canStemAttrRead(GrouperSession s, Stem stem, edu.internet2.middleware.subject.Subject subj)`
`static boolean`	`canStemAttrUpdate(GrouperSession s, Stem stem, edu.internet2.middleware.subject.Subject subj)`
`static boolean`	`canUpdate(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj)` TODO 20070823 find a real home for this and/or add tests
`static boolean`	`canView(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj)` TODO 20070823 find a real home for this and/or add tests
`static boolean`	`canViewAttributeAssign(GrouperSession grouperSession, AttributeAssign attributeAssign, boolean checkUnderlyingIfAssignmentOnAssignment)` see if the attribute assigns are viewable
`static java.util.Set<AttributeAssign>`	`canViewAttributeAssigns(GrouperSession grouperSession, java.util.Collection<AttributeAssign> inputAttributeAssigns, boolean checkUnderlyingIfAssignmentOnAssignment)` see if the attribute assigns are viewable
`static java.util.Set<AttributeDef>`	`canViewAttributeDefs(GrouperSession s, java.util.Collection<AttributeDef> inputAttributeDefs)` TODO 20070823 find a real home for this and/or add tests
`static java.util.Set`	`canViewGroups(GrouperSession s, java.util.Set candidates)` TODO 20070823 find a real home for this and/or add tests
`static boolean`	`canViewMembers(GrouperSession grouperSession, Group group, Field field)`
`static boolean`	`canViewMembership(GrouperSession grouperSession, Membership membership)`
`static java.util.Set<Membership>`	`canViewMemberships(GrouperSession grouperSession, java.util.Collection<Membership> inputMemberships)`
`static java.util.Set<PermissionEntry>`	`canViewPermissions(GrouperSession grouperSession, java.util.Collection<PermissionEntry> inputPermissionEntries)` see if the attribute assigns are viewable
`static java.util.Set<PITAttributeAssign>`	`canViewPITAttributeAssigns(GrouperSession grouperSession, java.util.Collection<PITAttributeAssign> inputPITAttributeAssigns, boolean checkUnderlyingIfAssignmentOnAssignment)` see if the pit attribute assigns are viewable
`static void`	`dispatch(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj, Privilege priv)` TODO 20070823 find a real home for this and/or add tests
`static void`	`dispatch(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj, Privilege priv)` TODO 20070823 find a real home for this and/or add tests
`static void`	`dispatch(GrouperSession s, Stem ns, edu.internet2.middleware.subject.Subject subj, Privilege priv)` TODO 20070823 find a real home for this and/or add tests
`static void`	`flushCache()` flush all privilege caches
`static Privilege[]`	`getAccessPrivileges(Privilege[] privileges)` TODO 20070824 add tests
`static Privilege[]`	`getAttributeDefPrivileges(Privilege[] privileges)` TODO 20070824 add tests
`static Privilege[]`	`getNamingPrivileges(Privilege[] privileges)` TODO 20070824 add tests
`static boolean`	`hasImmediatePrivilege(AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subject, Privilege privilege)` see if an attributeDef has an immediate privilege
`static boolean`	`hasImmediatePrivilege(Group group, edu.internet2.middleware.subject.Subject subject, Privilege privilege)` see if a group has an immediate privilege
`static boolean`	`hasImmediatePrivilege(Stem stem, edu.internet2.middleware.subject.Subject subject, Privilege privilege)` see if a stem has an immediate privilege
`static boolean`	`hasPrivilege(GrouperSession s, AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subj, java.util.Set<Privilege> privInSet)`
`static boolean`	`hasPrivilege(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj, java.util.Set<Privilege> privInSet)`
`static boolean`	`hasPrivilege(GrouperSession s, Stem stem, edu.internet2.middleware.subject.Subject subj, java.util.Set<Privilege> privInSet)`
`static boolean`	`isRoot(GrouperSession s)` TODO 20070823 find a real home for this and/or add tests
`static boolean`	`isSystemSubject(edu.internet2.middleware.subject.Subject subject)` see if system subject
`static boolean`	`isWheel(GrouperSession s)` TODO 20070823 find a real home for this and/or add tests
`static boolean`	`isWheelOrRoot(edu.internet2.middleware.subject.Subject subject)` see if a subject is wheel or root
`static void`	`resolveSubjects(java.util.Collection<GrouperPrivilege> grouperPrivileges, boolean resolveAllAlways)` resolve subjects in one batch

Methods inherited from class java.lang.Object
`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

PrivilegeHelper

public PrivilegeHelper()

Method Detail

hasImmediatePrivilege

public static boolean hasImmediatePrivilege(Group group,
                                            edu.internet2.middleware.subject.Subject subject,
                                            Privilege privilege)

see if a group has an immediate privilege

Parameters:: group -; subject -; privilege -
Returns:: true if has immediate privilege, false if not

flushCache

public static void flushCache()

flush all privilege caches

resolveSubjects

public static void resolveSubjects(java.util.Collection<GrouperPrivilege> grouperPrivileges,
                                   boolean resolveAllAlways)

resolve subjects in one batch

Parameters:: grouperPrivileges -; resolveAllAlways - true to always resolve all no matter how many, false if there are more than 2000 or however many (e.g. for UI)

canAdmin

public static boolean canAdmin(GrouperSession s,
                               Group g,
                               edu.internet2.middleware.subject.Subject subj)

Parameters:: s -; g -; subj -
Returns:: admin
Since:: 1.2.1

canAttrAdmin

public static boolean canAttrAdmin(GrouperSession s,
                                   AttributeDef attributeDef,
                                   edu.internet2.middleware.subject.Subject subj)

Parameters:: s -; attributeDef -; subj -
Returns:: admin

canAttrRead

public static boolean canAttrRead(GrouperSession s,
                                  AttributeDef attributeDef,
                                  edu.internet2.middleware.subject.Subject subj)

Parameters:: s -; attributeDef -; subj -
Returns:: admin

canAttrView

public static boolean canAttrView(GrouperSession s,
                                  AttributeDef attributeDef,
                                  edu.internet2.middleware.subject.Subject subj)

Parameters:: s -; attributeDef -; subj -
Returns:: admin

canGroupAttrRead

public static boolean canGroupAttrRead(GrouperSession s,
                                       Group group,
                                       edu.internet2.middleware.subject.Subject subj)

Parameters:: s -; group -; subj -
Returns:: true if allowed

canGroupAttrUpdate

public static boolean canGroupAttrUpdate(GrouperSession s,
                                         Group group,
                                         edu.internet2.middleware.subject.Subject subj)

Parameters:: s -; group -; subj -
Returns:: true if allowed

canAttrDefAttrRead

public static boolean canAttrDefAttrRead(GrouperSession s,
                                         AttributeDef attributeDef,
                                         edu.internet2.middleware.subject.Subject subj)

Parameters:: s -; attributeDef -; subj -
Returns:: true if allowed

canAttrDefAttrUpdate

public static boolean canAttrDefAttrUpdate(GrouperSession s,
                                           AttributeDef attributeDef,
                                           edu.internet2.middleware.subject.Subject subj)

Parameters:: s -; attributeDef -; subj -
Returns:: true if allowed

canStemAttrRead

public static boolean canStemAttrRead(GrouperSession s,
                                      Stem stem,
                                      edu.internet2.middleware.subject.Subject subj)

Parameters:: s -; stem -; subj -
Returns:: true if allowed

canStemAttrUpdate

public static boolean canStemAttrUpdate(GrouperSession s,
                                        Stem stem,
                                        edu.internet2.middleware.subject.Subject subj)

Parameters:: s -; stem -; subj -
Returns:: true if allowed

canAttrUpdate

public static boolean canAttrUpdate(GrouperSession s,
                                    AttributeDef attributeDef,
                                    edu.internet2.middleware.subject.Subject subj)

Parameters:: s -; attributeDef -; subj -
Returns:: admin

canAttrOptin

public static boolean canAttrOptin(GrouperSession s,
                                   AttributeDef attributeDef,
                                   edu.internet2.middleware.subject.Subject subj)

Parameters:: s -; attributeDef -; subj -
Returns:: admin

canAttrOptout

public static boolean canAttrOptout(GrouperSession s,
                                    AttributeDef attributeDef,
                                    edu.internet2.middleware.subject.Subject subj)

Parameters:: s -; attributeDef -; subj -
Returns:: admin

canCreate

public static boolean canCreate(GrouperSession s,
                                Stem ns,
                                edu.internet2.middleware.subject.Subject subj)

TODO 20070823 find a real home for this and/or add tests

Parameters:: s -; ns -; subj -
Returns:: can create
Since:: 1.2.1

canOptin

public static boolean canOptin(GrouperSession s,
                               Group g,
                               edu.internet2.middleware.subject.Subject subj)

TODO 20070823 find a real home for this and/or add tests

Parameters:: s -; g -; subj -
Returns:: can
Since:: 1.2.1

hasPrivilege

public static boolean hasPrivilege(GrouperSession s,
                                   Stem stem,
                                   edu.internet2.middleware.subject.Subject subj,
                                   java.util.Set<Privilege> privInSet)

Parameters:: s -; stem -; subj -; privInSet -
Returns:: if has privilege

hasPrivilege

public static boolean hasPrivilege(GrouperSession s,
                                   Group g,
                                   edu.internet2.middleware.subject.Subject subj,
                                   java.util.Set<Privilege> privInSet)

Parameters:: s -; g -; subj -; privInSet -
Returns:: if has privilege

canOptout

public static boolean canOptout(GrouperSession s,
                                Group g,
                                edu.internet2.middleware.subject.Subject subj)

TODO 20070823 find a real home for this and/or add tests

Parameters:: s -; g -; subj -
Returns:: can optout
Since:: 1.2.1

canRead

public static boolean canRead(GrouperSession s,
                              Group g,
                              edu.internet2.middleware.subject.Subject subj)

TODO 20070823 find a real home for this and/or add tests

Parameters:: s -; g -; subj -
Returns:: can read
Since:: 1.2.1

canStem

public static boolean canStem(Stem ns,
                              edu.internet2.middleware.subject.Subject subj)

TODO 20070823 find a real home for this and/or add tests

Parameters:: ns -; subj -
Returns:: can stem
Since:: 1.2.1

canStemAdmin

public static boolean canStemAdmin(Stem ns,
                                   edu.internet2.middleware.subject.Subject subj)

Parameters:: ns -; subj -
Returns:: can stem admin

canStem

public static boolean canStem(GrouperSession s,
                              Stem ns,
                              edu.internet2.middleware.subject.Subject subj)

TODO 20070823 find a real home for this and/or add tests

Parameters:: s -; ns -; subj -
Returns:: can stem
Since:: 1.2.1

canStemAdmin

public static boolean canStemAdmin(GrouperSession s,
                                   Stem ns,
                                   edu.internet2.middleware.subject.Subject subj)

Parameters:: s -; ns -; subj -
Returns:: can stem admin

canUpdate

public static boolean canUpdate(GrouperSession s,
                                Group g,
                                edu.internet2.middleware.subject.Subject subj)

TODO 20070823 find a real home for this and/or add tests

Parameters:: s -; g -; subj -
Returns:: can update
Since:: 1.2.1

canView

public static boolean canView(GrouperSession s,
                              Group g,
                              edu.internet2.middleware.subject.Subject subj)

TODO 20070823 find a real home for this and/or add tests

Parameters:: s -; g -; subj -
Returns:: can view
Since:: 1.2.1

canViewGroups

public static java.util.Set canViewGroups(GrouperSession s,
                                          java.util.Set candidates)

TODO 20070823 find a real home for this and/or add tests

Parameters:: s -; candidates -
Returns:: can view
Since:: 1.2.1

canViewMembership

public static boolean canViewMembership(GrouperSession grouperSession,
                                        Membership membership)

Parameters:: grouperSession -; membership -
Returns:: true if ok, false if not

canViewMemberships

public static java.util.Set<Membership> canViewMemberships(GrouperSession grouperSession,
                                                           java.util.Collection<Membership> inputMemberships)

Parameters:: grouperSession -; inputMemberships -
Returns:: filtered memberships

canViewMembers

public static boolean canViewMembers(GrouperSession grouperSession,
                                     Group group,
                                     Field field)

Parameters:: grouperSession -; group -; field -
Returns:: true or false

dispatch

public static void dispatch(GrouperSession s,
                            Group g,
                            edu.internet2.middleware.subject.Subject subj,
                            Privilege priv)
                     throws InsufficientPrivilegeException,
                            SchemaException

TODO 20070823 find a real home for this and/or add tests

Parameters:: s -; g -; subj -; priv -
Throws:: InsufficientPrivilegeException; SchemaException

dispatch

public static void dispatch(GrouperSession s,
                            Stem ns,
                            edu.internet2.middleware.subject.Subject subj,
                            Privilege priv)
                     throws InsufficientPrivilegeException,
                            SchemaException

TODO 20070823 find a real home for this and/or add tests

Parameters:: s -; ns -; subj -; priv -
Throws:: InsufficientPrivilegeException; SchemaException

dispatch

public static void dispatch(GrouperSession s,
                            AttributeDef attributeDef,
                            edu.internet2.middleware.subject.Subject subj,
                            Privilege priv)
                     throws InsufficientPrivilegeException,
                            SchemaException

TODO 20070823 find a real home for this and/or add tests

Parameters:: s -; attributeDef -; subj -; priv -
Throws:: InsufficientPrivilegeException; SchemaException

getAccessPrivileges

public static Privilege[] getAccessPrivileges(Privilege[] privileges)

TODO 20070824 add tests

Parameters:: privileges -
Returns:: Given an array of privileges return an array of access privileges.
Since:: 1.2.1

getAttributeDefPrivileges

public static Privilege[] getAttributeDefPrivileges(Privilege[] privileges)

TODO 20070824 add tests

Parameters:: privileges -
Returns:: Given an array of privileges return an array of access privileges.
Since:: 1.2.1

getNamingPrivileges

public static Privilege[] getNamingPrivileges(Privilege[] privileges)

TODO 20070824 add tests

Parameters:: privileges -
Returns:: Given an array of privileges return an array of naming privileges.
Since:: 1.2.1

isRoot

public static boolean isRoot(GrouperSession s)

TODO 20070823 find a real home for this and/or add tests

Parameters:: s -
Returns:: is root

isSystemSubject

public static boolean isSystemSubject(edu.internet2.middleware.subject.Subject subject)

see if system subject

Parameters:: subject -
Returns:: true if grouper system

isWheel

public static boolean isWheel(GrouperSession s)

TODO 20070823 find a real home for this and/or add tests

Parameters:: s -
Returns:: is wheel

isWheelOrRoot

public static boolean isWheelOrRoot(edu.internet2.middleware.subject.Subject subject)

see if a subject is wheel or root

Parameters:: subject -
Returns:: true or false

canMoveStems

public static boolean canMoveStems(edu.internet2.middleware.subject.Subject subject)

Is this user allowed to move stems?

Parameters:: subject -
Returns:: boolean

canCopyStems

public static boolean canCopyStems(edu.internet2.middleware.subject.Subject subject)

Is this user allowed to copy stems?

Parameters:: subject -
Returns:: boolean

canRenameStems

public static boolean canRenameStems(edu.internet2.middleware.subject.Subject subject)

Is this user allowed to rename stems?

Parameters:: subject -
Returns:: boolean

hasPrivilege

public static boolean hasPrivilege(GrouperSession s,
                                   AttributeDef attributeDef,
                                   edu.internet2.middleware.subject.Subject subj,
                                   java.util.Set<Privilege> privInSet)

Parameters:: s -; attributeDef -; subj -; privInSet -
Returns:: if has privilege

canViewAttributeDefs

public static java.util.Set<AttributeDef> canViewAttributeDefs(GrouperSession s,
                                                               java.util.Collection<AttributeDef> inputAttributeDefs)

TODO 20070823 find a real home for this and/or add tests

Parameters:: s -; inputAttributeDefs -
Returns:: filtered attributeDefs

canViewAttributeAssign

public static boolean canViewAttributeAssign(GrouperSession grouperSession,
                                             AttributeAssign attributeAssign,
                                             boolean checkUnderlyingIfAssignmentOnAssignment)

see if the attribute assigns are viewable

Parameters:: grouperSession -; attributeAssign -; checkUnderlyingIfAssignmentOnAssignment - if deep security check should take place on underlying assignments
Returns:: filtered memberships

canViewAttributeAssigns

public static java.util.Set<AttributeAssign> canViewAttributeAssigns(GrouperSession grouperSession,
                                                                     java.util.Collection<AttributeAssign> inputAttributeAssigns,
                                                                     boolean checkUnderlyingIfAssignmentOnAssignment)

see if the attribute assigns are viewable

Parameters:: grouperSession -; inputAttributeAssigns -; checkUnderlyingIfAssignmentOnAssignment - if deep security check should take place on underlying assignments
Returns:: filtered memberships

canViewPermissions

public static java.util.Set<PermissionEntry> canViewPermissions(GrouperSession grouperSession,
                                                                java.util.Collection<PermissionEntry> inputPermissionEntries)

see if the attribute assigns are viewable

Parameters:: grouperSession -; inputPermissionEntries -
Returns:: filtered memberships

canViewPITAttributeAssigns

public static java.util.Set<PITAttributeAssign> canViewPITAttributeAssigns(GrouperSession grouperSession,
                                                                           java.util.Collection<PITAttributeAssign> inputPITAttributeAssigns,
                                                                           boolean checkUnderlyingIfAssignmentOnAssignment)

see if the pit attribute assigns are viewable

Parameters:: grouperSession -; inputPITAttributeAssigns -; checkUnderlyingIfAssignmentOnAssignment - if deep security check should take place on underlying assignments
Returns:: filtered pit attribute assignments

hasImmediatePrivilege

public static boolean hasImmediatePrivilege(Stem stem,
                                            edu.internet2.middleware.subject.Subject subject,
                                            Privilege privilege)

see if a stem has an immediate privilege

Parameters:: stem -; subject -; privilege -
Returns:: true if has immediate privilege, false if not

hasImmediatePrivilege

public static boolean hasImmediatePrivilege(AttributeDef attributeDef,
                                            edu.internet2.middleware.subject.Subject subject,
                                            Privilege privilege)

see if an attributeDef has an immediate privilege

Parameters:: attributeDef -; subject -; privilege -
Returns:: true if has immediate privilege, false if not

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.grouper.privs Class PrivilegeHelper

PrivilegeHelper

hasImmediatePrivilege

flushCache

resolveSubjects

canAdmin

canAttrAdmin

canAttrRead

canAttrView

canGroupAttrRead

canGroupAttrUpdate

canAttrDefAttrRead

canAttrDefAttrUpdate

canStemAttrRead

canStemAttrUpdate

canAttrUpdate

canAttrOptin

canAttrOptout

canCreate

canOptin

hasPrivilege

hasPrivilege

canOptout

canRead

canStem

canStemAdmin

canStem

canStemAdmin

canUpdate

canView

canViewGroups

canViewMembership

canViewMemberships

canViewMembers

dispatch

dispatch

dispatch

getAccessPrivileges

getAttributeDefPrivileges

getNamingPrivileges

isRoot

isSystemSubject

isWheel

isWheelOrRoot

canMoveStems

canCopyStems

canRenameStems

hasPrivilege

canViewAttributeDefs

canViewAttributeAssign

canViewAttributeAssigns

canViewPermissions

canViewPITAttributeAssigns

hasImmediatePrivilege

hasImmediatePrivilege

edu.internet2.middleware.grouper.privs
Class PrivilegeHelper