Package ome.security.basic

Class BasicACLVoter

  • All Implemented Interfaces:
    ACLVoter
    public class BasicACLVoter
extends java.lang.Object
implements ACLVoter
    Since:
    3.0-M3
    See Also:
    Token, SecuritySystem, Details, Permissions

    • Method Detail

      • allowChmod

        public boolean allowChmod​(ome.model.IObject iObject)
        Description copied from interface: ACLVoter
        test whether the given object can have its Permissions changed within the current security context.
        Specified by:
        allowChmod in interface ACLVoter
        Parameters:
        iObject - a model object
        Returns:
        if the object's permissions may be changed

      • allowLoad

        public boolean allowLoad​(org.hibernate.Session session,
                         java.lang.Class<? extends ome.model.IObject> klass,
                         ome.model.internal.Details d,
                         long id)
        delegates to SecurityFilter because that is where the logic is defined for the read filter Ignores the id for the moment. Though we pass in whether or not a share is active for completeness, a different ACLVoter implementation will almost certainly be active for share use.
        Specified by:
        allowLoad in interface ACLVoter
        Parameters:
        session - the Hibernate session to use for the query
        klass - a non-null class to test for loading
        d - the non-null trusted details (usually from the db) for this instance
        id - the id of the object which will be loaded. As opposed to the rest of the object, this must be known.
        Returns:
        true if loading of this object can proceed
        See Also:
        ACLEventListener.onPostLoad(org.hibernate.event.PostLoadEvent)

      • throwLoadViolation

        public void throwLoadViolation​(ome.model.IObject iObject)
                        throws ome.conditions.SecurityViolation
        Description copied from interface: ACLVoter
        throws a SecurityViolation based on the given IObject and the context of the current user.
        Specified by:
        throwLoadViolation in interface ACLVoter
        Parameters:
        iObject - Non-null object which caused this violation
        Throws:
        ome.conditions.SecurityViolation
        See Also:
        ACLEventListener.onPostLoad(org.hibernate.event.PostLoadEvent)

      • throwCreationViolation

        public void throwCreationViolation​(ome.model.IObject iObject)
                            throws ome.conditions.SecurityViolation
        Description copied from interface: ACLVoter
        throws a SecurityViolation based on the given IObject and the context of the current user.
        Specified by:
        throwCreationViolation in interface ACLVoter
        Parameters:
        iObject - Non-null object which caused this violation
        Throws:
        ome.conditions.SecurityViolation
        See Also:
        ACLEventListener.onPreInsert(org.hibernate.event.PreInsertEvent)

      • allowAnnotate

        public boolean allowAnnotate​(ome.model.IObject iObject,
                             ome.model.internal.Details trustedDetails)
        Description copied from interface: ACLVoter
        test whether the given object should be annotatable given the trusted details. The details will usually be retrieved from the current state array coming from the database.
        Specified by:
        allowAnnotate in interface ACLVoter
        Parameters:
        iObject - a non-null entity to test for update.
        trustedDetails - a Details instance that is known to be valid.
        Returns:
        true if annotation of this object can proceed

      • allowUpdate

        public boolean allowUpdate​(ome.model.IObject iObject,
                           ome.model.internal.Details trustedDetails)
        Description copied from interface: ACLVoter
        test whether the given object should be updateable given the trusted details. The details will usually be retrieved from the current state array coming from the database. The SecuritySystem implementors will usually call ACLVoter.throwUpdateViolation(IObject) if this method returns false.
        Specified by:
        allowUpdate in interface ACLVoter
        Parameters:
        iObject - a non-null entity to test for update.
        trustedDetails - a Details instance that is known to be valid.
        Returns:
        true if update of this object can proceed
        See Also:
        ACLEventListener.onPreUpdate(org.hibernate.event.PreUpdateEvent)

      • throwUpdateViolation

        public void throwUpdateViolation​(ome.model.IObject iObject)
                          throws ome.conditions.SecurityViolation
        Description copied from interface: ACLVoter
        throws a SecurityViolation based on the given IObject and the context of the current user.
        Specified by:
        throwUpdateViolation in interface ACLVoter
        Parameters:
        iObject - Non-null object which caused this violation
        Throws:
        ome.conditions.SecurityViolation
        See Also:
        ACLEventListener.onPreUpdate(org.hibernate.event.PreUpdateEvent)

      • allowDelete

        public boolean allowDelete​(ome.model.IObject iObject,
                           ome.model.internal.Details trustedDetails)
        Description copied from interface: ACLVoter
        test whether the given object should be deleteable given the trusted details. The details will usually be retrieved from the current state array coming from the database. The SecuritySystem implementors will usually call ACLVoter.throwDeleteViolation(IObject) if this method returns false.
        Specified by:
        allowDelete in interface ACLVoter
        Parameters:
        iObject - a non-null entity to test for deletion.
        trustedDetails - a Details instance that is known to be valid.
        Returns:
        true if deletion of this object can proceed
        See Also:
        ACLEventListener.onPreDelete(org.hibernate.event.PreDeleteEvent)

      • throwDeleteViolation

        public void throwDeleteViolation​(ome.model.IObject iObject)
                          throws ome.conditions.SecurityViolation
        Description copied from interface: ACLVoter
        throws a SecurityViolation based on the given IObject and the context of the current user.
        Specified by:
        throwDeleteViolation in interface ACLVoter
        Parameters:
        iObject - Non-null object which caused this violation
        Throws:
        ome.conditions.SecurityViolation
        See Also:
        ACLEventListener.onPreDelete(org.hibernate.event.PreDeleteEvent)

      • restrictions

        public java.util.Set<java.lang.String> restrictions​(ome.model.IObject object)
        Description copied from interface: ACLVoter
        Provide the active restrictions for this IObject. See PolicyService for further details.
        Specified by:
        restrictions in interface ACLVoter
        Parameters:
        object - a model object
        Returns:
        the restrictions applying for the object

      • setPermittedClasses

        public void setPermittedClasses​(java.util.Map<java.lang.Integer,​java.util.Set<java.lang.Class<? extends ome.model.IObject>>> objectClassesPermitted)
        Description copied from interface: ACLVoter
        Specify object classes based on restriction constants in Permissions that do not always have those restrictions. Previously set classes may not be cleared by subsequent calls to this method.
        Specified by:
        setPermittedClasses in interface ACLVoter
        Parameters:
        objectClassesPermitted - the map from restriction constants to object classes that may not have those restrictions

      • postProcess

        public void postProcess​(ome.model.IObject object)
        Description copied from interface: ACLVoter
        Gives the ACLVoter instance a chance to act on the IObject after the transaction but before finishing the AOP stack.
        Specified by:
        postProcess in interface ACLVoter
        Parameters:
        object - a model object