Package ome.security.sharing
Class SharingACLVoter
- java.lang.Object
-
- ome.security.sharing.SharingACLVoter
-
-
Constructor Summary
Constructors Constructor Description SharingACLVoter(CurrentDetails cd, SystemTypes sysTypes, ShareStore store, TokenHolder tokenHolder)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
allowAnnotate(ome.model.IObject iObject, ome.model.internal.Details trustedDetails)
test whether the given object should be annotatable given the trusteddetails
.boolean
allowChmod(ome.model.IObject iObject)
test whether the given object can have itsPermissions
changed within the currentsecurity context
.boolean
allowCreation(ome.model.IObject iObject)
test whether the given object should be insertable into the DB.boolean
allowDelete(ome.model.IObject iObject, ome.model.internal.Details trustedDetails)
test whether the given object should be deleteable given the trusteddetails
.boolean
allowLoad(org.hibernate.Session session, java.lang.Class<? extends ome.model.IObject> klass, ome.model.internal.Details d, long id)
test whether the object of the givenClass
with the givenDetails
should be loadable in the current security context.boolean
allowUpdate(ome.model.IObject iObject, ome.model.internal.Details trustedDetails)
test whether the given object should be updateable given the trusteddetails
.void
postProcess(ome.model.IObject object)
Gives theACLVoter
instance a chance to act on theIObject
after the transaction but before finishing the AOP stack.java.util.Set<java.lang.String>
restrictions(ome.model.IObject object)
Provide the active restrictions for thisIObject
.void
setPermittedClasses(java.util.Map<java.lang.Integer,java.util.Set<java.lang.Class<? extends ome.model.IObject>>> objectClassesPermitted)
Specify object classes based on restriction constants inPermissions
that do not always have those restrictions.void
throwCreationViolation(ome.model.IObject iObject)
throws aSecurityViolation
based on the givenIObject
and the context of the current user.void
throwDeleteViolation(ome.model.IObject iObject)
throws aSecurityViolation
based on the givenIObject
and the context of the current user.protected void
throwDisabled(java.lang.String action)
void
throwLoadViolation(ome.model.IObject iObject)
throws aSecurityViolation
based on the givenIObject
and the context of the current user.void
throwUpdateViolation(ome.model.IObject iObject)
throws aSecurityViolation
based on the givenIObject
and the context of the current user.
-
-
-
Constructor Detail
-
SharingACLVoter
public SharingACLVoter(CurrentDetails cd, SystemTypes sysTypes, ShareStore store, TokenHolder tokenHolder)
-
-
Method Detail
-
allowChmod
public boolean allowChmod(ome.model.IObject iObject)
Description copied from interface:ACLVoter
test whether the given object can have itsPermissions
changed within the currentsecurity context
.- Specified by:
allowChmod
in interfaceACLVoter
- Parameters:
iObject
- a model object- Returns:
- if the object's permissions may be changed
-
allowLoad
public boolean allowLoad(org.hibernate.Session session, java.lang.Class<? extends ome.model.IObject> klass, ome.model.internal.Details d, long id)
Description copied from interface:ACLVoter
test whether the object of the givenClass
with the givenDetails
should be loadable in the current security context. This method does not take an actual object because that will not be generated until after loading is permitted. TheSecuritySystem
implementors will usually callACLVoter.throwLoadViolation(IObject)
if this method returns false.- Specified by:
allowLoad
in interfaceACLVoter
- Parameters:
session
- the Hibernate session to use for the queryklass
- a non-null class to test for loadingd
- the non-null trusted details (usually from the db) for this instanceid
- the id of the object which will be loaded. As opposed to the rest of the object, this must be known.- Returns:
- true if loading of this object can proceed
- See Also:
ACLEventListener.onPostLoad(org.hibernate.event.PostLoadEvent)
-
throwLoadViolation
public void throwLoadViolation(ome.model.IObject iObject) throws ome.conditions.SecurityViolation
Description copied from interface:ACLVoter
throws aSecurityViolation
based on the givenIObject
and the context of the current user.- Specified by:
throwLoadViolation
in interfaceACLVoter
- Parameters:
iObject
- Non-null object which caused this violation- Throws:
ome.conditions.SecurityViolation
- See Also:
ACLEventListener.onPostLoad(org.hibernate.event.PostLoadEvent)
-
allowCreation
public boolean allowCreation(ome.model.IObject iObject)
Description copied from interface:ACLVoter
test whether the given object should be insertable into the DB. No trusteddetails
is passed to this method, since for transient entities there are no trusted values. TheSecuritySystem
implementors will usually callACLVoter.throwCreationViolation(IObject)
if this method returns false.- Specified by:
allowCreation
in interfaceACLVoter
- Parameters:
iObject
- a non-null entity to test for creation.- Returns:
- true if creation of this object can proceed
- See Also:
ACLEventListener.onPreInsert(org.hibernate.event.PreInsertEvent)
-
throwCreationViolation
public void throwCreationViolation(ome.model.IObject iObject) throws ome.conditions.SecurityViolation
Description copied from interface:ACLVoter
throws aSecurityViolation
based on the givenIObject
and the context of the current user.- Specified by:
throwCreationViolation
in interfaceACLVoter
- Parameters:
iObject
- Non-null object which caused this violation- Throws:
ome.conditions.SecurityViolation
- See Also:
ACLEventListener.onPreInsert(org.hibernate.event.PreInsertEvent)
-
allowAnnotate
public boolean allowAnnotate(ome.model.IObject iObject, ome.model.internal.Details trustedDetails)
Description copied from interface:ACLVoter
test whether the given object should be annotatable given the trusteddetails
. The details will usually be retrieved from the current state array coming from the database.- Specified by:
allowAnnotate
in interfaceACLVoter
- Parameters:
iObject
- a non-null entity to test for update.trustedDetails
- aDetails
instance that is known to be valid.- Returns:
- true if annotation of this object can proceed
-
allowUpdate
public boolean allowUpdate(ome.model.IObject iObject, ome.model.internal.Details trustedDetails)
Description copied from interface:ACLVoter
test whether the given object should be updateable given the trusteddetails
. The details will usually be retrieved from the current state array coming from the database. TheSecuritySystem
implementors will usually callACLVoter.throwUpdateViolation(IObject)
if this method returns false.- Specified by:
allowUpdate
in interfaceACLVoter
- Parameters:
iObject
- a non-null entity to test for update.trustedDetails
- aDetails
instance that is known to be valid.- Returns:
- true if update of this object can proceed
- See Also:
ACLEventListener.onPreUpdate(org.hibernate.event.PreUpdateEvent)
-
throwUpdateViolation
public void throwUpdateViolation(ome.model.IObject iObject) throws ome.conditions.SecurityViolation
Description copied from interface:ACLVoter
throws aSecurityViolation
based on the givenIObject
and the context of the current user.- Specified by:
throwUpdateViolation
in interfaceACLVoter
- Parameters:
iObject
- Non-null object which caused this violation- Throws:
ome.conditions.SecurityViolation
- See Also:
ACLEventListener.onPreUpdate(org.hibernate.event.PreUpdateEvent)
-
allowDelete
public boolean allowDelete(ome.model.IObject iObject, ome.model.internal.Details trustedDetails)
Description copied from interface:ACLVoter
test whether the given object should be deleteable given the trusteddetails
. The details will usually be retrieved from the current state array coming from the database. TheSecuritySystem
implementors will usually callACLVoter.throwDeleteViolation(IObject)
if this method returns false.- Specified by:
allowDelete
in interfaceACLVoter
- Parameters:
iObject
- a non-null entity to test for deletion.trustedDetails
- aDetails
instance that is known to be valid.- Returns:
- true if deletion of this object can proceed
- See Also:
ACLEventListener.onPreDelete(org.hibernate.event.PreDeleteEvent)
-
throwDeleteViolation
public void throwDeleteViolation(ome.model.IObject iObject) throws ome.conditions.SecurityViolation
Description copied from interface:ACLVoter
throws aSecurityViolation
based on the givenIObject
and the context of the current user.- Specified by:
throwDeleteViolation
in interfaceACLVoter
- Parameters:
iObject
- Non-null object which caused this violation- Throws:
ome.conditions.SecurityViolation
- See Also:
ACLEventListener.onPreDelete(org.hibernate.event.PreDeleteEvent)
-
restrictions
public java.util.Set<java.lang.String> restrictions(ome.model.IObject object)
Description copied from interface:ACLVoter
Provide the active restrictions for thisIObject
. SeePolicyService
for further details.- Specified by:
restrictions
in interfaceACLVoter
- Parameters:
object
- a model object- Returns:
- the restrictions applying for the object
-
setPermittedClasses
public void setPermittedClasses(java.util.Map<java.lang.Integer,java.util.Set<java.lang.Class<? extends ome.model.IObject>>> objectClassesPermitted)
Description copied from interface:ACLVoter
Specify object classes based on restriction constants inPermissions
that do not always have those restrictions. Previously set classes may not be cleared by subsequent calls to this method.- Specified by:
setPermittedClasses
in interfaceACLVoter
- Parameters:
objectClassesPermitted
- the map from restriction constants to object classes that may not have those restrictions
-
postProcess
public void postProcess(ome.model.IObject object)
Description copied from interface:ACLVoter
Gives theACLVoter
instance a chance to act on theIObject
after the transaction but before finishing the AOP stack.- Specified by:
postProcess
in interfaceACLVoter
- Parameters:
object
- a model object
-
throwDisabled
protected void throwDisabled(java.lang.String action)
-
-