All Known Implementing Classes:: BasePolicy, BinaryAccessPolicy

public interface Policy

Strategy to permit the flexible restriction of certain actions throughout OMERO. Code which intends to allow such checks should create a new Policy class with a unique name and add checks within that code. For example:

    public class MyPolicy implements Policy {

        public final static string NAME = "MyPolicy";

        public String getName() {
            return NAME;
        }
    }

    public void someImportantMethod() {
        IObject objBeingAccessed = ...;
        policyService.checkRestriction(MyPolicy.NAME, objBeingAccessed);
        // Here an exception may be thrown
    }

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method	Description
`void`	`checkRestriction(ome.model.IObject obj)`	Like `isRestricted(IObject)` but throws an appropriate `SecurityViolation` subclass if the restriction is active.
`java.lang.String`	`getName()`	Unique name for a class of restrictions that this `Policy` will enforce.
`java.util.Set<java.lang.Class<ome.model.IObject>>`	`getTypes()`	Each `Policy` should tell the `PolicyService` which types of `IObject` instances it cares about.
`boolean`	`isRestricted(ome.model.IObject obj)`	Checks whether or not this instance would throw a `SecurityViolation` if the same instance were passed to `checkRestriction(IObject)`.

- Method Detail
  - getName
```
java.lang.String getName()
```
    Unique name for a class of restrictions that this Policy will enforce. This string will be sent to clients via Permissions.copyExtendedRestrictions() in order to prevent exceptions, and server-code will pass the same name to the check method to potentially have an exception thrown.
  - getTypes
```
java.util.Set<java.lang.Class<ome.model.IObject>> getTypes()
```
    Each Policy should tell the PolicyService which types of IObject instances it cares about. Only those which are of interest to some Policy need be considered.
  - isRestricted
```
boolean isRestricted(ome.model.IObject obj)
```
    Checks whether or not this instance would throw a SecurityViolation if the same instance were passed to checkRestriction(IObject). This is likely determined by first testing the type of the IObject and then that the current user context has access to the given context.
    
    Parameters:
    
    obj - a non-null IObject instance.
    
    Returns:
    
    true if this Policy decides that a restriction should be placed on the passed context.
  - checkRestriction
```
void checkRestriction(ome.model.IObject obj)
               throws ome.conditions.SecurityViolation
```
    Like isRestricted(IObject) but throws an appropriate SecurityViolation subclass if the restriction is active.
    
    Throws:
    
    ome.conditions.SecurityViolation

Interface Policy

Method Summary

Method Detail

getName

getTypes

isRestricted

checkRestriction