public interface PolicyService
Policy
instances.
Each Policy
is stored under a unique name, for which there may be
several other Policy
instances. Consumers can either check whether
such a policy restriction is active via
isRestricted(String, IObject)
or let an exception be thrown by the
Policy
itself via checkRestriction(String, IObject)
.
Further, the list of currently active restrictions can be provided in bulk to
clients via listActiveRestrictions(IObject)
so that restricted
operations need not be called only to have an exception thrown.Modifier and Type | Method and Description |
---|---|
void |
checkRestriction(java.lang.String name,
ome.model.IObject obj)
Give each configured
Policy instance the chance to throw a
SecurityViolation from its
Policy.checkRestriction(IObject) method. |
boolean |
isRestricted(java.lang.String name,
ome.model.IObject obj)
Ask each configured
Policy instance with the given name argument
if it considers the restriction active for the given IObject
argument. |
java.util.Set<java.lang.String> |
listActiveRestrictions(ome.model.IObject obj)
Return all identifier strings as would be passed as the first argument to
isRestricted(String, IObject) or
checkRestriction(String, IObject) which considers
itself active for the given argument. |
java.util.Set<java.lang.String> |
listAllRestrictions()
Return all configured identifier strings as would be passed as the first
argument to
isRestricted(String, IObject) or
checkRestriction(String, IObject) . |
boolean isRestricted(java.lang.String name, ome.model.IObject obj)
Policy
instance with the given name argument
if it considers the restriction active for the given IObject
argument. If any are active, return true.name
- non-null identifier of a class of Policy
instances.obj
- non-null "context" for this check.Policy
returns true from
Policy.isRestricted(IObject)
.void checkRestriction(java.lang.String name, ome.model.IObject obj) throws ome.conditions.SecurityViolation
Policy
instance the chance to throw a
SecurityViolation
from its
Policy.checkRestriction(IObject)
method.name
- non-null identifier of a class of Policy
instances.obj
- non-null "context" for this check.ome.conditions.SecurityViolation
java.util.Set<java.lang.String> listAllRestrictions()
isRestricted(String, IObject)
or
checkRestriction(String, IObject)
.java.util.Set<java.lang.String> listActiveRestrictions(ome.model.IObject obj)
isRestricted(String, IObject)
or
checkRestriction(String, IObject)
which considers
itself active for the given argument.obj
- non-null context passed to each Policy
instance.Permissions.copyExtendedRestrictions()
.