Class TurbineAccessControlListImpl
- java.lang.Object
-
- org.apache.fulcrum.security.model.turbine.TurbineAccessControlListImpl
-
- All Implemented Interfaces:
Serializable
,AccessControlList
,TurbineAccessControlList
public class TurbineAccessControlListImpl extends Object implements TurbineAccessControlList
This is a control class that makes it easy to find out if a particular User has a given Permission. It also determines if a User has a a particular Role.- Version:
- $Id: TurbineAccessControlList.java 1096130 2019-03-25 10:37:19Z painter $
- Author:
- John D. McNally, Brett McLaughlin, Greg Ritter, Rafal Krzewski, Henning P. Schmiedehausen, Marco Knüttel
- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description TurbineAccessControlListImpl(Set<? extends TurbineUserGroupRole> turbineUserGroupRoleSet, GroupManager groupManager, RoleManager roleManager, TurbineModelManager modelManager, org.apache.avalon.framework.logger.Logger logger)
Constructs a new AccessControlList.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Group[]
getAllGroups()
Returns all groups defined in the system.GroupSet
getGroupSet()
Retrieves a set of Groups an user is assigned to.PermissionSet
getPermissions()
Retrieves a set of Permissions an user is assigned in the global Group.PermissionSet
getPermissions(Group group)
Retrieves a set of Permissions an user is assigned in a Group.RoleSet
getRoles()
Retrieves a set of Roles an user is assigned in the global Group.RoleSet
getRoles(Group group)
Retrieves a set of Roles an user is assigned in a Group.boolean
hasPermission(String permission)
Checks if the user is assigned a specific Permission in the global Group.boolean
hasPermission(String permission, String group)
Checks if the user is assigned a specific Permission in the Group.boolean
hasPermission(String permission, Group group)
Checks if the user is assigned a specific Permission in the Group.boolean
hasPermission(String permissionName, GroupSet groupset)
Checks if the user is assigned a specific Permission in any of the given Groupsboolean
hasPermission(Permission permission)
Checks if the user is assigned a specific Permission in the global Group.boolean
hasPermission(Permission permission, Group group)
Checks if the user is assigned a specific Permission in the Group.boolean
hasPermission(Permission permission, GroupSet groupset)
Checks if the user is assigned a specific Permission in any of the given Groupsboolean
hasRole(String role)
Checks if the user is assigned a specific Role in the global Group.boolean
hasRole(String roleName, String groupName)
Checks if the user is assigned a specific Role in the Group.boolean
hasRole(String rolename, GroupSet groupset)
Checks if the user is assigned a specific Role in any of the given Groupsboolean
hasRole(Role role)
Checks if the user is assigned a specific Role in the global Group.boolean
hasRole(Role role, Group group)
Checks if the user is assigned a specific Role in the Group.boolean
hasRole(Role role, GroupSet groupset)
Checks if the user is assigned a specific Role in any of the given Groups
-
-
-
Constructor Detail
-
TurbineAccessControlListImpl
public TurbineAccessControlListImpl(Set<? extends TurbineUserGroupRole> turbineUserGroupRoleSet, GroupManager groupManager, RoleManager roleManager, TurbineModelManager modelManager, org.apache.avalon.framework.logger.Logger logger) throws FulcrumSecurityException
Constructs a new AccessControlList. This class follows 'immutable' pattern - it's objects can't be modified once they are created. This means that the permissions the users have are in effect form the moment they log in to the moment they log out, and changes made to the security settings in that time are not reflected in the state of this object. If you need to reset an user's permissions you need to invalidate his session.- Parameters:
turbineUserGroupRoleSet
- The set of user/group/role relations that this acl is built fromgroupManager
- the Group managerroleManager
- the Role managermodelManager
- the model Managerlogger
-- Throws:
FulcrumSecurityException
- if the global group cannot be retrieved
-
-
Method Detail
-
getRoles
public RoleSet getRoles(Group group)
Retrieves a set of Roles an user is assigned in a Group.- Specified by:
getRoles
in interfaceTurbineAccessControlList
- Parameters:
group
- the Group- Returns:
- the set of Roles this user has within the Group.
-
getRoles
public RoleSet getRoles()
Retrieves a set of Roles an user is assigned in the global Group.- Specified by:
getRoles
in interfaceTurbineAccessControlList
- Returns:
- the set of Roles this user has within the global Group or null.
-
getPermissions
public PermissionSet getPermissions(Group group)
Retrieves a set of Permissions an user is assigned in a Group.- Specified by:
getPermissions
in interfaceTurbineAccessControlList
- Parameters:
group
- the Group- Returns:
- the set of Permissions this user has within the Group.
-
getPermissions
public PermissionSet getPermissions()
Retrieves a set of Permissions an user is assigned in the global Group.- Specified by:
getPermissions
in interfaceTurbineAccessControlList
- Returns:
- the set of Permissions this user has within the global Group.
-
hasRole
public boolean hasRole(Role role, Group group)
Checks if the user is assigned a specific Role in the Group.- Specified by:
hasRole
in interfaceTurbineAccessControlList
- Parameters:
role
- the Rolegroup
- the Group- Returns:
true
if the user is assigned the Role in the Group.
-
hasRole
public boolean hasRole(Role role, GroupSet groupset)
Checks if the user is assigned a specific Role in any of the given Groups- Specified by:
hasRole
in interfaceTurbineAccessControlList
- Parameters:
role
- the Rolegroupset
- a Groupset- Returns:
true
if the user is assigned the Role in any of the given Groups.
-
hasRole
public boolean hasRole(String roleName, String groupName)
Checks if the user is assigned a specific Role in the Group.- Specified by:
hasRole
in interfaceTurbineAccessControlList
- Parameters:
roleName
- the Role namegroupName
- the Group name- Returns:
true
if the user is assigned the Role in the Group.
-
hasRole
public boolean hasRole(String rolename, GroupSet groupset)
Checks if the user is assigned a specific Role in any of the given Groups- Specified by:
hasRole
in interfaceTurbineAccessControlList
- Parameters:
rolename
- the name of the Rolegroupset
- a Groupset- Returns:
true
if the user is assigned the Role in any of the given Groups.
-
hasRole
public boolean hasRole(Role role)
Checks if the user is assigned a specific Role in the global Group.- Specified by:
hasRole
in interfaceTurbineAccessControlList
- Parameters:
role
- the Role- Returns:
true
if the user is assigned the Role in the global Group.
-
hasRole
public boolean hasRole(String role)
Checks if the user is assigned a specific Role in the global Group.- Specified by:
hasRole
in interfaceTurbineAccessControlList
- Parameters:
role
- the Role- Returns:
true
if the user is assigned the Role in the global Group.
-
hasPermission
public boolean hasPermission(Permission permission, Group group)
Checks if the user is assigned a specific Permission in the Group.- Specified by:
hasPermission
in interfaceTurbineAccessControlList
- Parameters:
permission
- the Permissiongroup
- the Group- Returns:
true
if the user is assigned the Permission in the Group.
-
hasPermission
public boolean hasPermission(Permission permission, GroupSet groupset)
Checks if the user is assigned a specific Permission in any of the given Groups- Specified by:
hasPermission
in interfaceTurbineAccessControlList
- Parameters:
permission
- the Permissiongroupset
- a Groupset- Returns:
true
if the user is assigned the Permission in any of the given Groups.
-
hasPermission
public boolean hasPermission(String permission, String group)
Checks if the user is assigned a specific Permission in the Group.- Specified by:
hasPermission
in interfaceTurbineAccessControlList
- Parameters:
permission
- the Permissiongroup
- the Group- Returns:
true
if the user is assigned the Permission in the Group.
-
hasPermission
public boolean hasPermission(String permission, Group group)
Checks if the user is assigned a specific Permission in the Group.- Specified by:
hasPermission
in interfaceTurbineAccessControlList
- Parameters:
permission
- the Permissiongroup
- the Group- Returns:
true
if the user is assigned the Permission in the Group.
-
hasPermission
public boolean hasPermission(String permissionName, GroupSet groupset)
Checks if the user is assigned a specific Permission in any of the given Groups- Specified by:
hasPermission
in interfaceTurbineAccessControlList
- Parameters:
permissionName
- the name of the Permissiongroupset
- a Groupset- Returns:
true
if the user is assigned the Permission in any of the given Groups.
-
hasPermission
public boolean hasPermission(Permission permission)
Checks if the user is assigned a specific Permission in the global Group.- Specified by:
hasPermission
in interfaceTurbineAccessControlList
- Parameters:
permission
- the Permission- Returns:
true
if the user is assigned the Permission in the global Group.
-
hasPermission
public boolean hasPermission(String permission)
Checks if the user is assigned a specific Permission in the global Group.- Specified by:
hasPermission
in interfaceTurbineAccessControlList
- Parameters:
permission
- the Permission- Returns:
true
if the user is assigned the Permission in the global Group.
-
getAllGroups
public Group[] getAllGroups()
Returns all groups defined in the system. This is useful for debugging, when you want to display all roles and permissions an user is assigned. This method is needed because you can't call static methods of TurbineSecurity class from within WebMacro/Velocity template- Specified by:
getAllGroups
in interfaceTurbineAccessControlList
- Returns:
- A Group [] of all groups in the system.
-
getGroupSet
public GroupSet getGroupSet()
Description copied from interface:TurbineAccessControlList
Retrieves a set of Groups an user is assigned to.- Specified by:
getGroupSet
in interfaceTurbineAccessControlList
- Returns:
- the set of Groups this user is assigned to.
-
-