Package org.apache.fulcrum.security.model.turbine

Class TurbineAccessControlListImpl

    • Constructor Detail

      • TurbineAccessControlListImpl

        public TurbineAccessControlListImpl​(Set<? extends TurbineUserGroupRole> turbineUserGroupRoleSet,
                                    GroupManager groupManager,
                                    RoleManager roleManager,
                                    TurbineModelManager modelManager,
                                    org.apache.avalon.framework.logger.Logger logger)
                             throws FulcrumSecurityException
        Constructs a new AccessControlList. This class follows 'immutable' pattern - it's objects can't be modified once they are created. This means that the permissions the users have are in effect form the moment they log in to the moment they log out, and changes made to the security settings in that time are not reflected in the state of this object. If you need to reset an user's permissions you need to invalidate his session.
        Parameters:
        turbineUserGroupRoleSet - The set of user/group/role relations that this acl is built from
        groupManager - the Group manager
        roleManager - the Role manager
        modelManager - the model Manager
        logger -
        Throws:
        FulcrumSecurityException - if the global group cannot be retrieved

    • Method Detail

      • getRoles

        public RoleSet getRoles​(Group group)
        Retrieves a set of Roles an user is assigned in a Group.
        Specified by:
        getRoles in interface TurbineAccessControlList
        Parameters:
        group - the Group
        Returns:
        the set of Roles this user has within the Group.

      • getRoles

        public RoleSet getRoles()
        Retrieves a set of Roles an user is assigned in the global Group.
        Specified by:
        getRoles in interface TurbineAccessControlList
        Returns:
        the set of Roles this user has within the global Group or null.

      • hasRole

        public boolean hasRole​(Role role,
                       Group group)
        Checks if the user is assigned a specific Role in the Group.
        Specified by:
        hasRole in interface TurbineAccessControlList
        Parameters:
        role - the Role
        group - the Group
        Returns:
        true if the user is assigned the Role in the Group.

      • hasRole

        public boolean hasRole​(Role role,
                       GroupSet groupset)
        Checks if the user is assigned a specific Role in any of the given Groups
        Specified by:
        hasRole in interface TurbineAccessControlList
        Parameters:
        role - the Role
        groupset - a Groupset
        Returns:
        true if the user is assigned the Role in any of the given Groups.

      • hasRole

        public boolean hasRole​(String roleName,
                       String groupName)
        Checks if the user is assigned a specific Role in the Group.
        Specified by:
        hasRole in interface TurbineAccessControlList
        Parameters:
        roleName - the Role name
        groupName - the Group name
        Returns:
        true if the user is assigned the Role in the Group.

      • hasRole

        public boolean hasRole​(String rolename,
                       GroupSet groupset)
        Checks if the user is assigned a specific Role in any of the given Groups
        Specified by:
        hasRole in interface TurbineAccessControlList
        Parameters:
        rolename - the name of the Role
        groupset - a Groupset
        Returns:
        true if the user is assigned the Role in any of the given Groups.

      • hasRole

        public boolean hasRole​(Role role)
        Checks if the user is assigned a specific Role in the global Group.
        Specified by:
        hasRole in interface TurbineAccessControlList
        Parameters:
        role - the Role
        Returns:
        true if the user is assigned the Role in the global Group.

      • hasRole

        public boolean hasRole​(String role)
        Checks if the user is assigned a specific Role in the global Group.
        Specified by:
        hasRole in interface TurbineAccessControlList
        Parameters:
        role - the Role
        Returns:
        true if the user is assigned the Role in the global Group.

      • hasPermission

        public boolean hasPermission​(Permission permission,
                             Group group)
        Checks if the user is assigned a specific Permission in the Group.
        Specified by:
        hasPermission in interface TurbineAccessControlList
        Parameters:
        permission - the Permission
        group - the Group
        Returns:
        true if the user is assigned the Permission in the Group.

      • hasPermission

        public boolean hasPermission​(Permission permission,
                             GroupSet groupset)
        Checks if the user is assigned a specific Permission in any of the given Groups
        Specified by:
        hasPermission in interface TurbineAccessControlList
        Parameters:
        permission - the Permission
        groupset - a Groupset
        Returns:
        true if the user is assigned the Permission in any of the given Groups.

      • hasPermission

        public boolean hasPermission​(String permission,
                             String group)
        Checks if the user is assigned a specific Permission in the Group.
        Specified by:
        hasPermission in interface TurbineAccessControlList
        Parameters:
        permission - the Permission
        group - the Group
        Returns:
        true if the user is assigned the Permission in the Group.

      • hasPermission

        public boolean hasPermission​(String permission,
                             Group group)
        Checks if the user is assigned a specific Permission in the Group.
        Specified by:
        hasPermission in interface TurbineAccessControlList
        Parameters:
        permission - the Permission
        group - the Group
        Returns:
        true if the user is assigned the Permission in the Group.

      • hasPermission

        public boolean hasPermission​(String permissionName,
                             GroupSet groupset)
        Checks if the user is assigned a specific Permission in any of the given Groups
        Specified by:
        hasPermission in interface TurbineAccessControlList
        Parameters:
        permissionName - the name of the Permission
        groupset - a Groupset
        Returns:
        true if the user is assigned the Permission in any of the given Groups.

      • hasPermission

        public boolean hasPermission​(Permission permission)
        Checks if the user is assigned a specific Permission in the global Group.
        Specified by:
        hasPermission in interface TurbineAccessControlList
        Parameters:
        permission - the Permission
        Returns:
        true if the user is assigned the Permission in the global Group.

      • hasPermission

        public boolean hasPermission​(String permission)
        Checks if the user is assigned a specific Permission in the global Group.
        Specified by:
        hasPermission in interface TurbineAccessControlList
        Parameters:
        permission - the Permission
        Returns:
        true if the user is assigned the Permission in the global Group.

      • getAllGroups

        public Group[] getAllGroups()
        Returns all groups defined in the system. This is useful for debugging, when you want to display all roles and permissions an user is assigned. This method is needed because you can't call static methods of TurbineSecurity class from within WebMacro/Velocity template
        Specified by:
        getAllGroups in interface TurbineAccessControlList
        Returns:
        A Group [] of all groups in the system.