ACLVoter (omero-server 5.6.12 API)

All Known Implementing Classes:

BasicACLVoter, CompositeACLVoter, SharingACLVoter
```
public interface ACLVoter
```
helper security interface for all decisions on access control

Since:

3.0-M3

See Also:

SecuritySystem, ACLEventListener

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`boolean`	`allowAnnotate(ome.model.IObject iObject, ome.model.internal.Details trustedDetails)` test whether the given object should be annotatable given the trusted `details`.
`boolean`	`allowChmod(ome.model.IObject iObject)` test whether the given object can have its `Permissions` changed within the current `security context`.
`boolean`	`allowCreation(ome.model.IObject iObject)` test whether the given object should be insertable into the DB.
`boolean`	`allowDelete(ome.model.IObject iObject, ome.model.internal.Details trustedDetails)` test whether the given object should be deleteable given the trusted `details`.
`boolean`	`allowLoad(org.hibernate.Session session, java.lang.Class<? extends ome.model.IObject> klass, ome.model.internal.Details trustedDetails, long id)` test whether the object of the given `Class` with the given `Details` should be loadable in the current security context.
`boolean`	`allowUpdate(ome.model.IObject iObject, ome.model.internal.Details trustedDetails)` test whether the given object should be updateable given the trusted `details`.
`void`	`postProcess(ome.model.IObject obj)` Gives the `ACLVoter` instance a chance to act on the `IObject` after the transaction but before finishing the AOP stack.
`java.util.Set<java.lang.String>`	`restrictions(ome.model.IObject object)` Provide the active restrictions for this `IObject`.
`void`	`setPermittedClasses(java.util.Map<java.lang.Integer,java.util.Set<java.lang.Class<? extends ome.model.IObject>>> objectClassesPermitted)` Specify object classes based on restriction constants in `Permissions` that do not always have those restrictions.
`void`	`throwCreationViolation(ome.model.IObject iObject)` throws a `SecurityViolation` based on the given `IObject` and the context of the current user.
`void`	`throwDeleteViolation(ome.model.IObject iObject)` throws a `SecurityViolation` based on the given `IObject` and the context of the current user.
`void`	`throwLoadViolation(ome.model.IObject iObject)` throws a `SecurityViolation` based on the given `IObject` and the context of the current user.
`void`	`throwUpdateViolation(ome.model.IObject iObject)` throws a `SecurityViolation` based on the given `IObject` and the context of the current user.

- Method Detail
  - allowChmod
```
boolean allowChmod(ome.model.IObject iObject)
```
    test whether the given object can have its Permissions changed within the current security context.
    
    Parameters:
    
    iObject - a model object
    
    Returns:
    
    if the object's permissions may be changed
  - allowLoad
```
boolean allowLoad(org.hibernate.Session session,
                  java.lang.Class<? extends ome.model.IObject> klass,
                  ome.model.internal.Details trustedDetails,
                  long id)
```
    test whether the object of the given Class with the given Details should be loadable in the current security context. This method does not take an actual object because that will not be generated until after loading is permitted. The SecuritySystem implementors will usually call throwLoadViolation(IObject) if this method returns false.
    
    Parameters:
    
    session - the Hibernate session to use for the query
    
    klass - a non-null class to test for loading
    
    trustedDetails - the non-null trusted details (usually from the db) for this instance
    
    id - the id of the object which will be loaded. As opposed to the rest of the object, this must be known.
    
    Returns:
    
    true if loading of this object can proceed
    
    See Also:
    
    ACLEventListener.onPostLoad(org.hibernate.event.PostLoadEvent)
  - allowCreation
```
boolean allowCreation(ome.model.IObject iObject)
```
    test whether the given object should be insertable into the DB. No trusted details is passed to this method, since for transient entities there are no trusted values. The SecuritySystem implementors will usually call throwCreationViolation(IObject) if this method returns false.
    
    Parameters:
    
    iObject - a non-null entity to test for creation.
    
    Returns:
    
    true if creation of this object can proceed
    
    See Also:
    
    ACLEventListener.onPreInsert(org.hibernate.event.PreInsertEvent)
  - allowAnnotate
```
boolean allowAnnotate(ome.model.IObject iObject,
                      ome.model.internal.Details trustedDetails)
```
    test whether the given object should be annotatable given the trusted details. The details will usually be retrieved from the current state array coming from the database.
    
    Parameters:
    
    iObject - a non-null entity to test for update.
    
    trustedDetails - a Details instance that is known to be valid.
    
    Returns:
    
    true if annotation of this object can proceed
  - allowUpdate
```
boolean allowUpdate(ome.model.IObject iObject,
                    ome.model.internal.Details trustedDetails)
```
    test whether the given object should be updateable given the trusted details. The details will usually be retrieved from the current state array coming from the database. The SecuritySystem implementors will usually call throwUpdateViolation(IObject) if this method returns false.
    
    Parameters:
    
    iObject - a non-null entity to test for update.
    
    trustedDetails - a Details instance that is known to be valid.
    
    Returns:
    
    true if update of this object can proceed
    
    See Also:
    
    ACLEventListener.onPreUpdate(org.hibernate.event.PreUpdateEvent)
  - allowDelete
```
boolean allowDelete(ome.model.IObject iObject,
                    ome.model.internal.Details trustedDetails)
```
    test whether the given object should be deleteable given the trusted details. The details will usually be retrieved from the current state array coming from the database. The SecuritySystem implementors will usually call throwDeleteViolation(IObject) if this method returns false.
    
    Parameters:
    
    iObject - a non-null entity to test for deletion.
    
    trustedDetails - a Details instance that is known to be valid.
    
    Returns:
    
    true if deletion of this object can proceed
    
    See Also:
    
    ACLEventListener.onPreDelete(org.hibernate.event.PreDeleteEvent)
  - throwLoadViolation
```
void throwLoadViolation(ome.model.IObject iObject)
                 throws ome.conditions.SecurityViolation
```
    throws a SecurityViolation based on the given IObject and the context of the current user.
    
    Parameters:
    
    iObject - Non-null object which caused this violation
    
    Throws:
    
    ome.conditions.SecurityViolation
    
    See Also:
    
    ACLEventListener.onPostLoad(org.hibernate.event.PostLoadEvent)
  - throwCreationViolation
```
void throwCreationViolation(ome.model.IObject iObject)
                     throws ome.conditions.SecurityViolation
```
    throws a SecurityViolation based on the given IObject and the context of the current user.
    
    Parameters:
    
    iObject - Non-null object which caused this violation
    
    Throws:
    
    ome.conditions.SecurityViolation
    
    See Also:
    
    ACLEventListener.onPreInsert(org.hibernate.event.PreInsertEvent)
  - throwUpdateViolation
```
void throwUpdateViolation(ome.model.IObject iObject)
                   throws ome.conditions.SecurityViolation
```
    throws a SecurityViolation based on the given IObject and the context of the current user.
    
    Parameters:
    
    iObject - Non-null object which caused this violation
    
    Throws:
    
    ome.conditions.SecurityViolation
    
    See Also:
    
    ACLEventListener.onPreUpdate(org.hibernate.event.PreUpdateEvent)
  - throwDeleteViolation
```
void throwDeleteViolation(ome.model.IObject iObject)
                   throws ome.conditions.SecurityViolation
```
    throws a SecurityViolation based on the given IObject and the context of the current user.
    
    Parameters:
    
    iObject - Non-null object which caused this violation
    
    Throws:
    
    ome.conditions.SecurityViolation
    
    See Also:
    
    ACLEventListener.onPreDelete(org.hibernate.event.PreDeleteEvent)
  - restrictions
```
java.util.Set<java.lang.String> restrictions(ome.model.IObject object)
```
    Provide the active restrictions for this IObject. See PolicyService for further details.
    
    Parameters:
    
    object - a model object
    
    Returns:
    
    the restrictions applying for the object
  - setPermittedClasses
```
void setPermittedClasses(java.util.Map<java.lang.Integer,java.util.Set<java.lang.Class<? extends ome.model.IObject>>> objectClassesPermitted)
```
    Specify object classes based on restriction constants in Permissions that do not always have those restrictions. Previously set classes may not be cleared by subsequent calls to this method.
    
    Parameters:
    
    objectClassesPermitted - the map from restriction constants to object classes that may not have those restrictions
  - postProcess
```
void postProcess(ome.model.IObject obj)
```
    Gives the ACLVoter instance a chance to act on the IObject after the transaction but before finishing the AOP stack.
    
    Parameters:
    
    obj - a model object

Interface ACLVoter

Method Summary

Method Detail

allowChmod

allowLoad

allowCreation

allowAnnotate

allowUpdate

allowDelete

throwLoadViolation

throwCreationViolation

throwUpdateViolation

throwDeleteViolation

restrictions

setPermittedClasses

postProcess