Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.grouper.privs
Class ValidatingAccessResolver

java.lang.Object
  extended by edu.internet2.middleware.grouper.privs.AccessResolverDecorator
      extended by edu.internet2.middleware.grouper.privs.ValidatingAccessResolver
All Implemented Interfaces:
AccessResolver
public class ValidatingAccessResolver
extends AccessResolverDecorator

Decorator that provides parameter validation for AccessResolver.

Since:
1.2.1
Version:
$Id: ValidatingAccessResolver.java,v 1.13 2009-09-21 06:14:26 mchyzer Exp $
Author:
blair christensen.

Constructor Summary
ValidatingAccessResolver(AccessResolver resolver)
           
 
Method Summary
 void flushCache()
          flush cache if caching resolver
 java.util.Set<Group> getGroupsWhereSubjectDoesntHavePrivilege(java.lang.String stemId, Stem.Scope scope, edu.internet2.middleware.subject.Subject subject, Privilege privilege, boolean considerAllSubject, java.lang.String sqlLikeString)
          find the groups which do not have a certain privilege
 java.util.Set<Group> getGroupsWhereSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          Get all groups where subject has privilege.
 java.util.Set<AccessPrivilege> getPrivileges(Group group, edu.internet2.middleware.subject.Subject subject)
          Get all privileges subject has on group.
 java.util.Set<Stem> getStemsWhereGroupThatSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          Get all stems which have groups where subject has privilege.
 java.util.Set<edu.internet2.middleware.subject.Subject> getSubjectsWithPrivilege(Group group, Privilege privilege)
          Get all subjects with privilege on group.
 void grantPrivilege(Group group, edu.internet2.middleware.subject.Subject subject, Privilege privilege, java.lang.String uuid)
          Grant privilege to subject on group.
 boolean hasPrivilege(Group group, edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          Check whether subject has privilege on group.
 boolean hqlFilterGroupsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, java.lang.StringBuilder hql, java.lang.String groupColumn, Privilege privilege, boolean considerAllSubject)
          for a group query, check to make sure the subject cant see the records
 boolean hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, java.lang.StringBuilder hql, java.lang.String groupColumn, java.util.Set<Privilege> privInSet)
          for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like)
 java.util.Set<Group> postHqlFilterGroups(java.util.Set<Group> groups, edu.internet2.middleware.subject.Subject subject, java.util.Set<Privilege> privInSet)
          after HQL is run, filter groups.
 java.util.Set<Membership> postHqlFilterMemberships(edu.internet2.middleware.subject.Subject subject, java.util.Set<Membership> memberships)
          filter memberships for things the subject can see
 java.util.Set<Stem> postHqlFilterStemsWithGroups(java.util.Set<Stem> stems, edu.internet2.middleware.subject.Subject subject, java.util.Set<Privilege> inPrivSet)
          after HQL is run, filter stems that have groups with privs.
 void privilegeCopy(Group g1, Group g2, Privilege priv)
          Copies privileges for subjects that have the specified privilege on g1 to g2.
 void privilegeCopy(edu.internet2.middleware.subject.Subject subj1, edu.internet2.middleware.subject.Subject subj2, Privilege priv)
          Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.
 java.util.Set<PrivilegeSubjectContainer> retrievePrivileges(Group group, java.util.Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, java.util.Set<Member> additionalMembers)
          get a list of privilege subjects, there are no results with the same subject
 void revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject subject)
          Revoke all access privileges that this subject has.
 void revokePrivilege(Group group, Privilege privilege)
          Revoke privilege from all subjects on group.
 void revokePrivilege(Group group, edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          Revoke privilege from subject on group.
 
Methods inherited from class edu.internet2.middleware.grouper.privs.AccessResolverDecorator
getDecoratedResolver, getGrouperSession, stop
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ValidatingAccessResolver

public ValidatingAccessResolver(AccessResolver resolver)
Parameters:
resolver -
Since:
1.2.1
Method Detail

flushCache

public void flushCache()
Description copied from interface: AccessResolver
flush cache if caching resolver

Specified by:
flushCache in interface AccessResolver
Overrides:
flushCache in class AccessResolverDecorator
See Also:
AccessResolver.flushCache()

getGroupsWhereSubjectHasPrivilege

public java.util.Set<Group> getGroupsWhereSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject,
                                                              Privilege privilege)
                                                       throws java.lang.IllegalArgumentException
Description copied from interface: AccessResolver
Get all groups where subject has privilege.

Specified by:
getGroupsWhereSubjectHasPrivilege in interface AccessResolver
Overrides:
getGroupsWhereSubjectHasPrivilege in class AccessResolverDecorator
Returns:
the set
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
Since:
1.2.1
See Also:
AccessResolver.getGroupsWhereSubjectHasPrivilege(Subject, Privilege)

getGroupsWhereSubjectDoesntHavePrivilege

public java.util.Set<Group> getGroupsWhereSubjectDoesntHavePrivilege(java.lang.String stemId,
                                                                     Stem.Scope scope,
                                                                     edu.internet2.middleware.subject.Subject subject,
                                                                     Privilege privilege,
                                                                     boolean considerAllSubject,
                                                                     java.lang.String sqlLikeString)
                                                              throws java.lang.IllegalArgumentException
Description copied from interface: AccessResolver
find the groups which do not have a certain privilege

Specified by:
getGroupsWhereSubjectDoesntHavePrivilege in interface AccessResolver
Overrides:
getGroupsWhereSubjectDoesntHavePrivilege in class AccessResolverDecorator
Returns:
the groups
Throws:
java.lang.IllegalArgumentException
See Also:
AccessResolver#getGroupsWhereSubjectDoesntHavePrivilege(String, Scope, Subject, Privilege, boolean, String)

getStemsWhereGroupThatSubjectHasPrivilege

public java.util.Set<Stem> getStemsWhereGroupThatSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject,
                                                                     Privilege privilege)
                                                              throws java.lang.IllegalArgumentException
Description copied from interface: AccessResolver
Get all stems which have groups where subject has privilege.

Specified by:
getStemsWhereGroupThatSubjectHasPrivilege in interface AccessResolver
Overrides:
getStemsWhereGroupThatSubjectHasPrivilege in class AccessResolverDecorator
Returns:
the set
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
See Also:
AccessResolverDecorator.getStemsWhereGroupThatSubjectHasPrivilege(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)

getPrivileges

public java.util.Set<AccessPrivilege> getPrivileges(Group group,
                                                    edu.internet2.middleware.subject.Subject subject)
                                             throws java.lang.IllegalArgumentException
Description copied from interface: AccessResolver
Get all privileges subject has on group.

Specified by:
getPrivileges in interface AccessResolver
Overrides:
getPrivileges in class AccessResolverDecorator
Returns:
the set
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
Since:
1.2.1
See Also:
AccessResolver.getPrivileges(Group, Subject)

getSubjectsWithPrivilege

public java.util.Set<edu.internet2.middleware.subject.Subject> getSubjectsWithPrivilege(Group group,
                                                                                        Privilege privilege)
                                                                                 throws java.lang.IllegalArgumentException
Description copied from interface: AccessResolver
Get all subjects with privilege on group.

Specified by:
getSubjectsWithPrivilege in interface AccessResolver
Overrides:
getSubjectsWithPrivilege in class AccessResolverDecorator
Returns:
the set
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
Since:
1.2.1
See Also:
AccessResolver.getSubjectsWithPrivilege(Group, Privilege)

grantPrivilege

public void grantPrivilege(Group group,
                           edu.internet2.middleware.subject.Subject subject,
                           Privilege privilege,
                           java.lang.String uuid)
                    throws java.lang.IllegalArgumentException,
                           UnableToPerformException
Description copied from interface: AccessResolver
Grant privilege to subject on group.

Specified by:
grantPrivilege in interface AccessResolver
Overrides:
grantPrivilege in class AccessResolverDecorator
uuid - send uuid if known, else null
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
UnableToPerformException - if the privilege could not be granted.
Since:
1.2.1
See Also:
AccessResolver.grantPrivilege(Group, Subject, Privilege, String)

hasPrivilege

public boolean hasPrivilege(Group group,
                            edu.internet2.middleware.subject.Subject subject,
                            Privilege privilege)
                     throws java.lang.IllegalArgumentException
Description copied from interface: AccessResolver
Check whether subject has privilege on group.

Specified by:
hasPrivilege in interface AccessResolver
Overrides:
hasPrivilege in class AccessResolverDecorator
Returns:
boolean
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
Since:
1.2.1
See Also:
AccessResolver.hasPrivilege(Group, Subject, Privilege)

revokePrivilege

public void revokePrivilege(Group group,
                            Privilege privilege)
                     throws java.lang.IllegalArgumentException,
                            UnableToPerformException
Description copied from interface: AccessResolver
Revoke privilege from all subjects on group.

Specified by:
revokePrivilege in interface AccessResolver
Overrides:
revokePrivilege in class AccessResolverDecorator
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
UnableToPerformException - if the privilege could not be revoked.
Since:
1.2.1
See Also:
AccessResolver.revokePrivilege(Group, Privilege)

postHqlFilterGroups

public java.util.Set<Group> postHqlFilterGroups(java.util.Set<Group> groups,
                                                edu.internet2.middleware.subject.Subject subject,
                                                java.util.Set<Privilege> privInSet)
Description copied from interface: AccessResolver
after HQL is run, filter groups. If you are filtering in HQL, then dont filter here

Specified by:
postHqlFilterGroups in interface AccessResolver
Overrides:
postHqlFilterGroups in class AccessResolverDecorator
subject - which needs view access to the groups
privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter
Returns:
the set of filtered groups
See Also:
AccessResolver.postHqlFilterGroups(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)

postHqlFilterStemsWithGroups

public java.util.Set<Stem> postHqlFilterStemsWithGroups(java.util.Set<Stem> stems,
                                                        edu.internet2.middleware.subject.Subject subject,
                                                        java.util.Set<Privilege> inPrivSet)
Description copied from interface: AccessResolver
after HQL is run, filter stems that have groups with privs. If you are filtering HQL, then dont filter here.

Specified by:
postHqlFilterStemsWithGroups in interface AccessResolver
Overrides:
postHqlFilterStemsWithGroups in class AccessResolverDecorator
Returns:
the set of filtered stems
See Also:
AccessResolver.postHqlFilterStemsWithGroups(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)

revokePrivilege

public void revokePrivilege(Group group,
                            edu.internet2.middleware.subject.Subject subject,
                            Privilege privilege)
                     throws java.lang.IllegalArgumentException,
                            UnableToPerformException
Description copied from interface: AccessResolver
Revoke privilege from subject on group.

Specified by:
revokePrivilege in interface AccessResolver
Overrides:
revokePrivilege in class AccessResolverDecorator
Throws:
java.lang.IllegalArgumentException - if any parameter is null.
UnableToPerformException - if the privilege could not be revoked.
Since:
1.2.1
See Also:
AccessResolver.revokePrivilege(Group, Subject, Privilege)

privilegeCopy

public void privilegeCopy(Group g1,
                          Group g2,
                          Privilege priv)
                   throws java.lang.IllegalArgumentException,
                          UnableToPerformException
Description copied from interface: AccessResolver
Copies privileges for subjects that have the specified privilege on g1 to g2.

Specified by:
privilegeCopy in interface AccessResolver
Overrides:
privilegeCopy in class AccessResolverDecorator
Throws:
java.lang.IllegalArgumentException
UnableToPerformException
See Also:
AccessResolver.privilegeCopy(edu.internet2.middleware.grouper.Group, edu.internet2.middleware.grouper.Group, edu.internet2.middleware.grouper.privs.Privilege)

privilegeCopy

public void privilegeCopy(edu.internet2.middleware.subject.Subject subj1,
                          edu.internet2.middleware.subject.Subject subj2,
                          Privilege priv)
                   throws java.lang.IllegalArgumentException,
                          UnableToPerformException
Description copied from interface: AccessResolver
Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. For instance, if subj1 has ADMIN privilege to Group x, this method will result with subj2 having ADMIN privilege to Group x.

Specified by:
privilegeCopy in interface AccessResolver
Overrides:
privilegeCopy in class AccessResolverDecorator
Throws:
java.lang.IllegalArgumentException
UnableToPerformException
See Also:
AccessResolver.privilegeCopy(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)

hqlFilterGroupsWhereClause

public boolean hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject subject,
                                          HqlQuery hqlQuery,
                                          java.lang.StringBuilder hql,
                                          java.lang.String groupColumn,
                                          java.util.Set<Privilege> privInSet)
Description copied from interface: AccessResolver
for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like)

Specified by:
hqlFilterGroupsWhereClause in interface AccessResolver
Overrides:
hqlFilterGroupsWhereClause in class AccessResolverDecorator
Parameters:
subject - which needs view access to the groups
hql - the select and current from part
groupColumn - is the name of the group column to join to
privInSet - find a privilege which is in this set (e.g. for view, send all access privs)
Returns:
if the statement was changed
See Also:
AccessResolver.hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, String, Set)

hqlFilterGroupsNotWithPrivWhereClause

public boolean hqlFilterGroupsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject subject,
                                                     HqlQuery hqlQuery,
                                                     java.lang.StringBuilder hql,
                                                     java.lang.String groupColumn,
                                                     Privilege privilege,
                                                     boolean considerAllSubject)
Description copied from interface: AccessResolver
for a group query, check to make sure the subject cant see the records

Specified by:
hqlFilterGroupsNotWithPrivWhereClause in interface AccessResolver
Overrides:
hqlFilterGroupsNotWithPrivWhereClause in class AccessResolverDecorator
Parameters:
subject - which needs view access to the groups
hql - the select and current from part
groupColumn - is the name of the group column to join to
privilege - find a privilege which is in this set (e.g. for view, send all access privs)
considerAllSubject - if true, then consider GrouperAll when seeign if subject has priv, else do not
Returns:
if the statement was changed
See Also:
edu.internet2.middleware.grouper.privs.AccessResolver#hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, String, Privilege, boolean)

postHqlFilterMemberships

public java.util.Set<Membership> postHqlFilterMemberships(edu.internet2.middleware.subject.Subject subject,
                                                          java.util.Set<Membership> memberships)
Description copied from interface: AccessResolver
filter memberships for things the subject can see

Specified by:
postHqlFilterMemberships in interface AccessResolver
Overrides:
postHqlFilterMemberships in class AccessResolverDecorator
Returns:
the memberships
See Also:
AccessResolver.postHqlFilterMemberships(edu.internet2.middleware.subject.Subject, java.util.Set)

revokeAllPrivilegesForSubject

public void revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject subject)
Description copied from interface: AccessResolver
Revoke all access privileges that this subject has.

Specified by:
revokeAllPrivilegesForSubject in interface AccessResolver
Overrides:
revokeAllPrivilegesForSubject in class AccessResolverDecorator
See Also:
AccessResolver.revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject)

retrievePrivileges

public java.util.Set<PrivilegeSubjectContainer> retrievePrivileges(Group group,
                                                                   java.util.Set<Privilege> privileges,
                                                                   MembershipType membershipType,
                                                                   QueryPaging queryPaging,
                                                                   java.util.Set<Member> additionalMembers)
Description copied from interface: AccessResolver
get a list of privilege subjects, there are no results with the same subject

Specified by:
retrievePrivileges in interface AccessResolver
Overrides:
retrievePrivileges in class AccessResolverDecorator
Parameters:
group - to search on
privileges - if blank, get all
membershipType - if immediate, effective, or blank for all
queryPaging - if a certain page should be returned, based on subject
additionalMembers - additional members to query that the user is finding or adding
Returns:
the privilege subject combinations
See Also:
AccessResolverDecorator.retrievePrivileges(Group, java.util.Set, edu.internet2.middleware.grouper.membership.MembershipType, edu.internet2.middleware.grouper.internal.dao.QueryPaging, java.util.Set)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD