public class AllGroupsSecurityFilter extends AbstractSecurityFilter
FilterDefinitionFactoryBean
in order to construct our
security filter in code and not in XML. This allows us to make use of the
knowledge within Permissions
With the addition of shares in 4.0, it is necessary to remove the security
filter if a share is active and allow loading to throw the necessary
exceptions.Modifier and Type | Field and Description |
---|---|
static java.lang.String |
filterName |
static java.lang.String |
is_admin |
static java.lang.String |
leader_of_groups |
static java.lang.String |
member_of_groups |
log, roles
current_user, is_adminorpi, is_nonprivate, is_share
Constructor and Description |
---|
AllGroupsSecurityFilter(ome.util.SqlAction sql)
Default constructor which calls all the necessary setters for this
FactoryBean . |
AllGroupsSecurityFilter(ome.util.SqlAction sql,
ome.system.Roles roles) |
Modifier and Type | Method and Description |
---|---|
protected java.util.Collection<java.lang.Long> |
configGroup(ome.system.EventContext ec,
java.util.List<java.lang.Long> list) |
void |
enable(org.hibernate.Session sess,
ome.system.EventContext ec)
Since we assume that the group is "-1" for this method, we have to pass
in lists of all groups as we did before group permissions (~4.2).
|
java.lang.String |
getDefaultCondition()
Return the string to be used as the condition.
|
java.util.Map<java.lang.String,java.lang.String> |
getParameterTypes()
Return a mapping of the hibernate types for each of the parameters
that the condition takes.
|
protected static java.lang.String |
isGranted(ome.model.internal.Permissions.Role role,
ome.model.internal.Permissions.Right right) |
protected java.lang.String |
myFilterCondition() |
boolean |
passesFilter(org.hibernate.Session session,
ome.model.internal.Details d,
ome.system.EventContext c)
tests that the
Details argument passes the security test that
this filter defines. |
disable, disableBaseFilters, enableBaseFilters, getName, isAdminOrPi, isNonPrivate, isShare
public static final java.lang.String is_admin
public static final java.lang.String member_of_groups
public static final java.lang.String leader_of_groups
public static final java.lang.String filterName
public AllGroupsSecurityFilter(ome.util.SqlAction sql)
FactoryBean
. Also calls FilterDefinitionFactoryBean.setDefaultFilterCondition(String)
.
This query clause must be kept in sync with
passesFilter(Session, Details, EventContext)
.sql
- an SQL action instancepassesFilter(Session, Details, EventContext)
,
FilterDefinitionFactoryBean.setFilterName(String)
,
FilterDefinitionFactoryBean.setParameterTypes(java.util.Map)
,
FilterDefinitionFactoryBean.setDefaultFilterCondition(String)
public AllGroupsSecurityFilter(ome.util.SqlAction sql, ome.system.Roles roles)
protected java.lang.String myFilterCondition()
public java.lang.String getDefaultCondition()
SecurityFilter
public java.util.Map<java.lang.String,java.lang.String> getParameterTypes()
SecurityFilter
public boolean passesFilter(org.hibernate.Session session, ome.model.internal.Details d, ome.system.EventContext c)
Details
argument passes the security test that
this filter defines. The two must be kept in sync. This will be used
mostly by the
OmeroInterceptor.onLoad(Object, java.io.Serializable, Object[], String[], org.hibernate.type.Type[])
method.d
- Details instance. If null (or if its Permissions
are
null all rights
will be assumed.public void enable(org.hibernate.Session sess, ome.system.EventContext ec)
sess
- Non-null.ec
- Non-null.protected java.util.Collection<java.lang.Long> configGroup(ome.system.EventContext ec, java.util.List<java.lang.Long> list)
protected static java.lang.String isGranted(ome.model.internal.Permissions.Role role, ome.model.internal.Permissions.Right right)