Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.grouper.privs
Interface AccessAdapter

All Known Implementing Classes:
BaseAccessAdapter, GrouperAccessAdapter, GrouperNonDbAccessAdapter
public interface AccessAdapter

Grouper Access Privilege interface.

Unless you are implementing a new implementation of this interface, you should not need to directly use these methods as they are all wrapped by methods in the Group class.

If you are implementing your own access adapter, you should probably extend BaseAccessAdapter

Version:
$Id: AccessAdapter.java,v 1.6 2009-08-29 15:57:59 shilen Exp $
Author:
blair christensen.

Method Summary
 Set<Group> getGroupsWhereSubjectDoesntHavePrivilege(GrouperSession grouperSession, String stemId, Stem.Scope scope, edu.internet2.middleware.subject.Subject subject, Privilege privilege, boolean considerAllSubject, String sqlLikeString)
          find the groups which do not have a certain privilege
 Set<Group> getGroupsWhereSubjectHasPriv(GrouperSession s, edu.internet2.middleware.subject.Subject subj, Privilege priv)
          Get all groups where this subject has this privilege.
 Set<AccessPrivilege> getPrivs(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj)
          Get all privileges held by this subject on this group.
 Set<Stem> getStemsWhereGroupThatSubjectHasPrivilege(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          get stems where a group exists where the subject has privilege
 Set<edu.internet2.middleware.subject.Subject> getSubjectsWithPriv(GrouperSession s, Group g, Privilege priv)
          Get all subjects with this privilege on this group.
 void grantPriv(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj, Privilege priv, String uuid)
          Grant the privilege to the subject on this group.
 boolean hasPriv(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj, Privilege priv)
          Check whether the subject has this privilege on this group.
 boolean hqlFilterGroupsNotWithPrivWhereClause(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Privilege privilege, boolean considerAllSubject)
          for a group query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).
 boolean hqlFilterGroupsWhereClause(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet)
          for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).
 Set<Group> postHqlFilterGroups(GrouperSession grouperSession, Set<Group> groups, edu.internet2.middleware.subject.Subject subject, Set<Privilege> privInSet)
          after HQL is run, filter groups.
 Set<Membership> postHqlFilterMemberships(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject, Set<Membership> memberships)
          filter memberships for things the subject can see
 Set<Stem> postHqlFilterStemsWithGroups(GrouperSession grouperSession, Set<Stem> stems, edu.internet2.middleware.subject.Subject subject, Set<Privilege> inPrivSet)
          after HQL is run, filter stems with groups.
 void privilegeCopy(GrouperSession s, Group g1, Group g2, Privilege priv)
          Copies privileges for subjects that have the specified privilege on g1 to g2.
 void privilegeCopy(GrouperSession s, edu.internet2.middleware.subject.Subject subj1, edu.internet2.middleware.subject.Subject subj2, Privilege priv)
          Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.
 Set<PrivilegeSubjectContainer> retrievePrivileges(GrouperSession grouperSession, Group group, Set<Privilege> privileges, MembershipType membershipType, QueryPaging queryPaging, Set<Member> additionalMembers)
          get a list of privilege subjects, there are no results with the same subject/privilege combination
 void revokeAllPrivilegesForSubject(GrouperSession grouperSession, edu.internet2.middleware.subject.Subject subject)
          Revoke all access privileges that this subject has.
 void revokePriv(GrouperSession s, Group g, Privilege priv)
          Revoke this privilege from everyone on this group.
 void revokePriv(GrouperSession s, Group g, edu.internet2.middleware.subject.Subject subj, Privilege priv)
          Revoke the privilege from the subject on this group.
 

Method Detail

getSubjectsWithPriv

Set<edu.internet2.middleware.subject.Subject> getSubjectsWithPriv(GrouperSession s,
                                                                  Group g,
                                                                  Privilege priv)
                                                                  throws SchemaException
Get all subjects with this privilege on this group. 
 Set admins = ap.getSubjectsWithPriv(s, g, AccessPrivilege.ADMIN);

Parameters:
s - Get privileges within this session context.
g - Get privileges on this group.
priv - Get this privilege.
Returns:
Set of Subject objects.
Throws:
SchemaException

getGroupsWhereSubjectHasPriv

Set<Group> getGroupsWhereSubjectHasPriv(GrouperSession s,
                                        edu.internet2.middleware.subject.Subject subj,
                                        Privilege priv)
                                        throws SchemaException
Get all groups where this subject has this privilege. 
 try {
   Set isAdmin = ap.getGroupsWhereSubjectHasPriv(
     s, subj, AccessPrivilege.ADMIN
   );
 }
 catch (SchemaException eS) {
   // Invalid priv
 }

Parameters:
s - Get privileges within this session context.
subj - Get privileges for this subject.
priv - Get this privilege.
Returns:
Set of Group objects.
Throws:
SchemaException

getGroupsWhereSubjectDoesntHavePrivilege

Set<Group> getGroupsWhereSubjectDoesntHavePrivilege(GrouperSession grouperSession,
                                                    String stemId,
                                                    Stem.Scope scope,
                                                    edu.internet2.middleware.subject.Subject subject,
                                                    Privilege privilege,
                                                    boolean considerAllSubject,
                                                    String sqlLikeString)
find the groups which do not have a certain privilege

Parameters:
grouperSession -
stemId -
scope -
subject -
privilege -
considerAllSubject -
sqlLikeString -
Returns:
the groups

getStemsWhereGroupThatSubjectHasPrivilege

Set<Stem> getStemsWhereGroupThatSubjectHasPrivilege(GrouperSession grouperSession,
                                                    edu.internet2.middleware.subject.Subject subject,
                                                    Privilege privilege)
get stems where a group exists where the subject has privilege

Parameters:
grouperSession -
subject -
privilege -
Returns:
the stems

getPrivs

Set<AccessPrivilege> getPrivs(GrouperSession s,
                              Group g,
                              edu.internet2.middleware.subject.Subject subj)
Get all privileges held by this subject on this group. 
 Set privs = ap.getPrivs(s, g, subj);

Parameters:
s - Get privileges within this session context.
g - Get privileges on this group.
subj - Get privileges for this member.
Returns:
Set of privileges.

grantPriv

void grantPriv(GrouperSession s,
               Group g,
               edu.internet2.middleware.subject.Subject subj,
               Privilege priv,
               String uuid)
               throws GrantPrivilegeException,
                      InsufficientPrivilegeException,
                      SchemaException
Grant the privilege to the subject on this group. 
 try {
   ap.grantPriv(s, g, subj, AccessPrivilege.ADMIN);
 }
 catch (GrantPrivilegeException e0) {
   // Unable to grant the privilege
 }
 catch (InsufficientPrivilegeException e1) {
   // Not privileged to grant the privilege
 }
 catch (SchemaException e2) {
   // Invalid privilege
 }

Parameters:
s - Grant privilege in this session context.
g - Grant privilege on this group.
subj - Grant privilege to this subject.
priv - Grant this privilege.
uuid - is uuid or null if generated
Throws:
GrantPrivilegeException
InsufficientPrivilegeException
SchemaException

hasPriv

boolean hasPriv(GrouperSession s,
                Group g,
                edu.internet2.middleware.subject.Subject subj,
                Privilege priv)
                throws SchemaException
Check whether the subject has this privilege on this group. 
 try {
   ap.hasPriv(s, g, subject, AccessPrivilege.ADMIN);
 }
 catch (SchemaException e) {
   // Invalid privilege
 }

Parameters:
s - Check privilege in this session context.
g - Check privilege on this group.
subj - Check privilege for this subject.
priv - Check this privilege.
Returns:
if has priv
Throws:
SchemaException

revokePriv

void revokePriv(GrouperSession s,
                Group g,
                Privilege priv)
                throws InsufficientPrivilegeException,
                       RevokePrivilegeException,
                       SchemaException
Revoke this privilege from everyone on this group. 
 try {
   ap.revokePriv(s, g, AccessPrivilege.ADMIN);
 }
 catch (InsufficientPrivilegeException eIP) {
   // Not privileged to revoke the privilege
 }
 catch (RevokePrivilegeException eRP) {
   // Unable to revoke the privilege
 }

Parameters:
s - Revoke privilege in this session context.
g - Revoke privilege on this group.
priv - Revoke this privilege.
Throws:
InsufficientPrivilegeException
RevokePrivilegeException
SchemaException

revokePriv

void revokePriv(GrouperSession s,
                Group g,
                edu.internet2.middleware.subject.Subject subj,
                Privilege priv)
                throws InsufficientPrivilegeException,
                       RevokePrivilegeException,
                       SchemaException
Revoke the privilege from the subject on this group. 
 try {
   ap.revokePriv(s, g, subj, AccessPrivilege.ADMIN);
 }
 catch (InsufficientPrivilegeException eIP) {
   // Not privileged to revoke the privilege
 }
 catch (RevokePrivilegeException eRP) {
   // Unable to revoke the privilege
 }

Parameters:
s - Revoke privilege in this session context.
g - Revoke privilege on this group.
subj - Revoke privilege from this subject.
priv - Revoke this privilege.
Throws:
InsufficientPrivilegeException
RevokePrivilegeException
SchemaException

privilegeCopy

void privilegeCopy(GrouperSession s,
                   Group g1,
                   Group g2,
                   Privilege priv)
                   throws InsufficientPrivilegeException,
                          GrantPrivilegeException,
                          SchemaException
Copies privileges for subjects that have the specified privilege on g1 to g2.

Parameters:
s -
g1 -
g2 -
priv -
Throws:
InsufficientPrivilegeException
GrantPrivilegeException
SchemaException

privilegeCopy

void privilegeCopy(GrouperSession s,
                   edu.internet2.middleware.subject.Subject subj1,
                   edu.internet2.middleware.subject.Subject subj2,
                   Privilege priv)
                   throws InsufficientPrivilegeException,
                          GrantPrivilegeException,
                          SchemaException
Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. For instance, if subj1 has ADMIN privilege to Group x, this method will result with subj2 having ADMIN privilege to Group x.

Parameters:
s -
subj1 -
subj2 -
priv -
Throws:
InsufficientPrivilegeException
GrantPrivilegeException
SchemaException

postHqlFilterGroups

Set<Group> postHqlFilterGroups(GrouperSession grouperSession,
                               Set<Group> groups,
                               edu.internet2.middleware.subject.Subject subject,
                               Set<Privilege> privInSet)
after HQL is run, filter groups. If you are filtering in HQL, then dont filter here

Parameters:
grouperSession -
groups -
subject - which needs view access to the groups
privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter
Returns:
the set of filtered groups

postHqlFilterStemsWithGroups

Set<Stem> postHqlFilterStemsWithGroups(GrouperSession grouperSession,
                                       Set<Stem> stems,
                                       edu.internet2.middleware.subject.Subject subject,
                                       Set<Privilege> inPrivSet)
after HQL is run, filter stems with groups. If you are filtering in HQL, then dont filter here

Parameters:
grouperSession -
stems -
subject -
inPrivSet -
Returns:
the stems

hqlFilterGroupsWhereClause

boolean hqlFilterGroupsWhereClause(GrouperSession grouperSession,
                                   edu.internet2.middleware.subject.Subject subject,
                                   HqlQuery hqlQuery,
                                   StringBuilder hql,
                                   String groupColumn,
                                   Set<Privilege> privInSet)
for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like). Note, this joins to tables, so the queries should probably be "distinct"

Parameters:
grouperSession -
subject - which needs view access to the groups
hql - is the select and part part (hql prefix)
hqlQuery -
groupColumn - is the name of the group column to join to
privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessPrivilege
Returns:
if the query was changed

hqlFilterGroupsNotWithPrivWhereClause

boolean hqlFilterGroupsNotWithPrivWhereClause(GrouperSession grouperSession,
                                              edu.internet2.middleware.subject.Subject subject,
                                              HqlQuery hqlQuery,
                                              StringBuilder hql,
                                              String groupColumn,
                                              Privilege privilege,
                                              boolean considerAllSubject)
for a group query, check to make sure the subject cant see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like).

Parameters:
grouperSession -
subject - which needs view access to the groups
hql - is the select and part part (hql prefix)
hqlQuery -
groupColumn - is the name of the group column to join to
privilege - find a privilege which is in this set (e.g. for view, send view).
considerAllSubject - if true, then consider GrouperAll when seeing if doesnt have privilege, else do consider
Returns:
if the query was changed

postHqlFilterMemberships

Set<Membership> postHqlFilterMemberships(GrouperSession grouperSession,
                                         edu.internet2.middleware.subject.Subject subject,
                                         Set<Membership> memberships)
filter memberships for things the subject can see

Parameters:
grouperSession -
memberships -
subject -
Returns:
the memberships

revokeAllPrivilegesForSubject

void revokeAllPrivilegesForSubject(GrouperSession grouperSession,
                                   edu.internet2.middleware.subject.Subject subject)
Revoke all access privileges that this subject has.

Parameters:
grouperSession -
subject -

retrievePrivileges

Set<PrivilegeSubjectContainer> retrievePrivileges(GrouperSession grouperSession,
                                                  Group group,
                                                  Set<Privilege> privileges,
                                                  MembershipType membershipType,
                                                  QueryPaging queryPaging,
                                                  Set<Member> additionalMembers)
get a list of privilege subjects, there are no results with the same subject/privilege combination

Parameters:
grouperSession - grouper session
group - to search on
privileges - if blank, get all
membershipType - if immediate, effective, or blank for all
queryPaging - if a certain page should be returned based on subject
additionalMembers - additional members to query that the user is finding or adding
Returns:
the privilege subject combinations
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD