OmeroBlitz API
Home Previous Up Next Index

omero::model::Permissions

Overview

[ "protected" ] class Permissions

Row-level permissions definition available on every OMERO.blitz type. Represents a similar logic to the Unix filesystem.

Used By

api::IAdmin::changePermissions
Details::getPermissions
Details::permissions
Details::setPermissions
sys::EventContext::groupPermissions
sys::Principal::umask

Operation Index

getPerm1
Do not use!
setPerm1
Do not use! Throws omero::ClientError if mutation not allowed.
isDisallow
The basis for the other canX() methods.
isRestricted
Returns true if the given argument is present in the extendedRestrictions set.
canAnnotate
Whether the current user has permissions for annotating this object.
canEdit
Whether the current user has the ""edit"" permissions for this object.
canLink
Whether the current user has the ""link"" permissions for this object.
canDelete
Whether the current user has the ""delete"" permissions for this object.
canChgrp
Whether the current user has the ""chgrp"" permissions for this object.
canChown
Whether the current user has the ""chown"" permissions for this object.
isUserRead
isUserAnnotate
isUserWrite
isGroupRead
isGroupAnnotate
isGroupWrite
isWorldRead
isWorldAnnotate
isWorldWrite
setUserRead
Throws omero::ClientError if mutation not allowed.
setUserAnnotate
Throws omero::ClientError if mutation not allowed.
setUserWrite
Throws omero::ClientError if mutation not allowed.
setGroupRead
Throws omero::ClientError if mutation not allowed.
setGroupAnnotate
Throws omero::ClientError if mutation not allowed.
setGroupWrite
Throws omero::ClientError if mutation not allowed.
setWorldRead
Throws omero::ClientError if mutation not allowed.
setWorldAnnotate
Throws omero::ClientError if mutation not allowed.
setWorldWrite
Throws omero::ClientError if mutation not allowed.

Data Member Index

restrictions
Restrictions placed on the current object for the current user.
extendedRestrictions
Further restrictions which are specified by services at runtime.
perm1
Internal representation.

Operations

long getPerm1()

Do not use!

void setPerm1(long value)

Do not use! Throws omero::ClientError if mutation not allowed.

bool isDisallow(int restriction)

The basis for the other canX() methods. If the restriction at the given offset in the restriction array is true, then this method returns true (otherwise false) and the canX() methods return the opposite, i.e. isDisallow(ANNOTATERESTRICTION) == ! canAnnotate()

bool isRestricted(string restriction)

Returns true if the given argument is present in the extendedRestrictions set. This implies that some service-specific behavior is disallowed.

bool canAnnotate()

Whether the current user has permissions for annotating this object. The fact that the user has this object in hand already identifies that it's readable.

bool canEdit()

Whether the current user has the ""edit"" permissions for this object. This includes changing the values of the object. The fact that the user has this object in hand already identifies that it's readable.

bool canLink()

Whether the current user has the ""link"" permissions for this object. This includes adding it to data graphs. The fact that the user has this object in hand already identifies that it's readable.

bool canDelete()

Whether the current user has the ""delete"" permissions for this object. The fact that the user has this object in hand already identifies that it's readable.

bool canChgrp()

Whether the current user has the ""chgrp"" permissions for this object. This allows them to move it to a different group. The fact that the user has this object in hand already identifies that it's readable.

bool canChown()

Whether the current user has the ""chown"" permissions for this object. This allows them to give it to a different user. The fact that the user has this object in hand already identifies that it's readable.

bool isUserRead()

bool isUserAnnotate()

bool isUserWrite()

bool isGroupRead()

bool isGroupAnnotate()

bool isGroupWrite()

bool isWorldRead()

bool isWorldAnnotate()

bool isWorldWrite()

void setUserRead(bool value)

Throws omero::ClientError if mutation not allowed.

void setUserAnnotate(bool value)

Throws omero::ClientError if mutation not allowed.

void setUserWrite(bool value)

Throws omero::ClientError if mutation not allowed.

void setGroupRead(bool value)

Throws omero::ClientError if mutation not allowed.

void setGroupAnnotate(bool value)

Throws omero::ClientError if mutation not allowed.

void setGroupWrite(bool value)

Throws omero::ClientError if mutation not allowed.

void setWorldRead(bool value)

Throws omero::ClientError if mutation not allowed.

void setWorldAnnotate(bool value)

Throws omero::ClientError if mutation not allowed.

void setWorldWrite(bool value)

Throws omero::ClientError if mutation not allowed.

Data Members

api::BoolArray restrictions;

Restrictions placed on the current object for the current user. Indexes into this array are based on constants in the {@code omero.constants.permissions} module. If a restriction index is not present, then it is safe to assume that there is no such restriction. If null, this should be assumed to have no restrictions.

api::StringSet extendedRestrictions;

Further restrictions which are specified by services at runtime. Individual service methods will specify which strings MAY NOT be present in this field for execution to be successful. For example, if an Image contains a ""DOWNLOAD"" restriction, then an attempt to call {@code omero.api.RawFileStore.read} will fail with an SecurityViolation.

long perm1;

Internal representation. May change! To make working with this object more straight-forward accessors are provided for the perm1 instance though it is protected, though NO GUARANTEES are made on the representation.


Home Previous Up Next Index