Package ome.security.basic

Class AllGroupsSecurityFilter

java.lang.Object

org.springframework.orm.hibernate3.FilterDefinitionFactoryBean

ome.security.basic.AbstractSecurityFilter

ome.security.basic.AllGroupsSecurityFilter

All Implemented Interfaces:

SecurityFilter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.FactoryBean<org.hibernate.engine.FilterDefinition>, org.springframework.beans.factory.InitializingBean

public class AllGroupsSecurityFilter
extends AbstractSecurityFilter

overrides FilterDefinitionFactoryBean in order to construct our security filter in code and not in XML. This allows us to make use of the knowledge within Permissions With the addition of shares in 4.0, it is necessary to remove the security filter if a share is active and allow loading to throw the necessary exceptions.

Since:

3.0

See Also:

ticket117, ticket1154

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	filterName
static java.lang.String	is_admin
static java.lang.String	leader_of_groups
static java.lang.String	member_of_groups

Fields inherited from class ome.security.basic.AbstractSecurityFilter

log, roles

Fields inherited from interface ome.security.SecurityFilter

current_user, is_adminorpi, is_nonprivate, is_share

Constructor Summary

Constructors

Constructor	Description
AllGroupsSecurityFilter(ome.util.SqlAction sql)	Default constructor which calls all the necessary setters for this FactoryBean.
AllGroupsSecurityFilter(ome.util.SqlAction sql, ome.system.Roles roles)

Method Summary

Modifier and Type	Method	Description
protected java.util.Collection<java.lang.Long>	configGroup(ome.system.EventContext ec, java.util.List<java.lang.Long> list)
void	enable(org.hibernate.Session sess, ome.system.EventContext ec)	Since we assume that the group is "-1" for this method, we have to pass in lists of all groups as we did before group permissions (~4.2).
java.lang.String	getDefaultCondition()	Return the string to be used as the condition.
java.util.Map<java.lang.String,java.lang.String>	getParameterTypes()	Return a mapping of the hibernate types for each of the parameters that the condition takes.
protected static java.lang.String	isGranted(ome.model.internal.Permissions.Role role, ome.model.internal.Permissions.Right right)
protected java.lang.String	myFilterCondition()
boolean	passesFilter(org.hibernate.Session session, ome.model.internal.Details d, ome.system.EventContext c)	tests that the Details argument passes the security test that this filter defines.

Methods inherited from class ome.security.basic.AbstractSecurityFilter

disable, disableBaseFilters, enableBaseFilters, getName, isAdminOrPi, isNonPrivate, isShare

Methods inherited from class org.springframework.orm.hibernate3.FilterDefinitionFactoryBean

afterPropertiesSet, getObject, getObjectType, isSingleton, setBeanName, setDefaultFilterCondition, setFilterName, setParameterTypes

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

is_admin

public static final java.lang.String is_admin

See Also:

Constant Field Values

member_of_groups

public static final java.lang.String member_of_groups

See Also:

Constant Field Values

leader_of_groups

public static final java.lang.String leader_of_groups

See Also:

Constant Field Values

filterName

public static final java.lang.String filterName

See Also:

Constant Field Values

Constructor Detail

AllGroupsSecurityFilter

public AllGroupsSecurityFilter(ome.util.SqlAction sql)

Default constructor which calls all the necessary setters for this FactoryBean. Also calls FilterDefinitionFactoryBean.setDefaultFilterCondition(String). This query clause must be kept in sync with passesFilter(Session, Details, EventContext).

Parameters:

sql - an SQL action instance

See Also:

passesFilter(Session, Details, EventContext), FilterDefinitionFactoryBean.setFilterName(String), FilterDefinitionFactoryBean.setParameterTypes(java.util.Map), FilterDefinitionFactoryBean.setDefaultFilterCondition(String)

AllGroupsSecurityFilter

public AllGroupsSecurityFilter(ome.util.SqlAction sql,
                               ome.system.Roles roles)

Method Detail

myFilterCondition

protected java.lang.String myFilterCondition()

getDefaultCondition

public java.lang.String getDefaultCondition()

Description copied from interface: SecurityFilter

Return the string to be used as the condition.

getParameterTypes

public java.util.Map<java.lang.String,java.lang.String> getParameterTypes()

Description copied from interface: SecurityFilter

Return a mapping of the hibernate types for each of the parameters that the condition takes.

passesFilter

public boolean passesFilter(org.hibernate.Session session,
                            ome.model.internal.Details d,
                            ome.system.EventContext c)

tests that the Details argument passes the security test that this filter defines. The two must be kept in sync. This will be used mostly by the OmeroInterceptor.onLoad(Object, java.io.Serializable, Object[], String[], org.hibernate.type.Type[]) method.

Parameters:

d - Details instance. If null (or if its Permissions are null all rights will be assumed.

Returns:

true if the object to which this

enable

public void enable(org.hibernate.Session sess,
                   ome.system.EventContext ec)

Since we assume that the group is "-1" for this method, we have to pass in lists of all groups as we did before group permissions (~4.2).

Parameters:

sess - Non-null.

ec - Non-null.

configGroup

protected java.util.Collection<java.lang.Long> configGroup(ome.system.EventContext ec,
                                                           java.util.List<java.lang.Long> list)

isGranted

protected static java.lang.String isGranted(ome.model.internal.Permissions.Role role,
                                            ome.model.internal.Permissions.Right right)