Package de.hybris.platform.hmc.jalo
Class AccessManager
- java.lang.Object
-
- de.hybris.platform.hmc.jalo.AccessManager
-
public class AccessManager extends java.lang.Object
This class acts as a translator for thePlatform AccessManager
. TODO: This class is only for legacy reasons here. The callers should rather use the AccesssManager from jalo.security package directly. Before removing this class we have to make sure that everything can be covered by the AccessManager from jalo.- Since:
- 2.20
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
AccessManager.PrincipalComparator
This comparator is used to alphabetically sort a list of principals.
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
CHANGE
static java.lang.String
CHANGE_PERMISSIONS
static java.lang.String
CREATE
static java.lang.String
DENY
static java.lang.String
GRANT
static java.lang.String
NONE
static java.lang.String
READ
static java.lang.String
REMOVE
static SingletonCreator.Creator<AccessManager>
SINGLETON_CREATOR
static java.lang.String
SUPER_DENY
static java.lang.String
SUPER_GRANT
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
canChange(AttributeDescriptor descriptor)
boolean
canChange(ComposedType type)
boolean
canChangeInstance(Item item)
Returns true if the current user is allowed to change items of the given type and if all extensions which implements RightsProvider do allow this operation on this item.boolean
canChangeInstance(Item item, AttributeDescriptor att)
boolean
canChangePermissions(AttributeDescriptor descriptor)
boolean
canChangePermissions(ComposedType type)
boolean
canCreate(ComposedType type)
boolean
canCreateInstance(Item item)
Returns true if the current user is allowed to create items of the given type and if all extensions implementing RightsProvider allow editing this item.boolean
canCreateInstance(Item item, AttributeDescriptor att)
boolean
canRead(AttributeDescriptor descriptor)
boolean
canRead(ComposedType type)
boolean
canRemove(ComposedType type)
boolean
canRemoveInstance(Item item)
Returns true if the current user is allowed to remove items of the given type and if all extensions implementing RightsProvider allow editing this item.boolean
canRemoveInstance(Item item, AttributeDescriptor att)
Returns true if the current user is allowed to remove items of the given type and if all extensions implementing RightsProvider allow editing this item.java.util.ArrayList
checkLicence()
This Method returns a list withLicenceInfo
objects.static void
filterInvalidPrincipals(java.util.Set principals)
Filters invalid principals in the given set.java.util.List<UserRight>
getDescriptorUserRights()
Returns a map containing the three UserRight objects for the keys READ, CHANGE, and CHANGE_PERMISSIONS...static AccessManager
getInstance()
Returns an instance of AccessManager.java.util.Map
getPermissionMap(Principal principal)
Returns the permission map for the given Principal and all 5 userrights which the hmc uses on AttributeDescriptors.java.util.Map
getPermissionMap(AttributeDescriptor attributeDescriptor)
Returns the permission map for the given AttributeDescriptor (seeItem.getPermissionMap()
) and all 3 userrights which the hmc uses on AttributeDescriptors.java.util.Map
getPermissionMap(ComposedType type)
Returns the permission map for the given ComposedType.java.util.Set<Language>
getRestrictedLanguages(Item item)
int
getRightIndex(java.lang.String userRight)
For the given userright key this method returns the index of the appropriate UserRight within the userright list.java.util.List<UserRight>
getTypeUserRights()
Returns a map containing the five UserRight objects for the keys READ, CHANGE, CREATE, REMOVE and CHANGE_PERMISSIONS...boolean
hasRight(Principal principal, AttributeDescriptor descriptor, java.lang.String userRightKey)
Checks if the given Principal has the given right on the given AttributeDescriptor.boolean
hasRight(Principal principal, ComposedType type, java.lang.String userRightKey)
Checks if the given Principal has the given right on the given ComposedType.boolean
hasRight(AttributeDescriptor descriptor, java.lang.String userRightKey)
Checks if the current Principal has the given right on the given AttributeDescriptor.boolean
hasRight(ComposedType type, java.lang.String userRightKey)
Checks if the current Principal has the given right on the given ComposedType.boolean
isAdmin()
Returns true if the current jalosession user is in the admin group.boolean
isAdmin(Principal principal)
Returns true if the given principal is in the admin group.static void
resetUserRights()
void
setPermissionMap(Principal principal, java.util.Map permissionMap)
Sets the permission map for the given Principal and all 5 userrights which the hmc uses on items.void
setPermissionMap(AttributeDescriptor attributeDescriptor, java.util.Map permissionMap)
Sets the permission map for the given AttributeDescriptor (seeItem.setPermissionsByMap()
) and all 3 userrights which the hmc uses on AttributeDescriptors.void
setPermissionMap(ComposedType type, java.util.Map permissionMap)
Sets the permission map for the given ComposedType (seeItem.setPermissionsByMap()
) and all 5 userrights which the hmc uses on ComposedTypes.boolean
subTypesVisible(ComposedType type)
Returns true if the given type or at least one of its subtypes is visible and non-abstract.
-
-
-
Field Detail
-
READ
public static final java.lang.String READ
- See Also:
- Constant Field Values
-
CHANGE
public static final java.lang.String CHANGE
- See Also:
- Constant Field Values
-
CHANGE_PERMISSIONS
public static final java.lang.String CHANGE_PERMISSIONS
- See Also:
- Constant Field Values
-
CREATE
public static final java.lang.String CREATE
- See Also:
- Constant Field Values
-
REMOVE
public static final java.lang.String REMOVE
- See Also:
- Constant Field Values
-
GRANT
public static final java.lang.String GRANT
- See Also:
- Constant Field Values
-
SUPER_GRANT
public static final java.lang.String SUPER_GRANT
- See Also:
- Constant Field Values
-
DENY
public static final java.lang.String DENY
- See Also:
- Constant Field Values
-
SUPER_DENY
public static final java.lang.String SUPER_DENY
- See Also:
- Constant Field Values
-
NONE
public static final java.lang.String NONE
- See Also:
- Constant Field Values
-
SINGLETON_CREATOR
public static final SingletonCreator.Creator<AccessManager> SINGLETON_CREATOR
-
-
Method Detail
-
resetUserRights
public static final void resetUserRights()
-
getInstance
public static final AccessManager getInstance()
Returns an instance of AccessManager. It is ensured that there will always be only one instance per jalosession if you use this method.
-
getTypeUserRights
public java.util.List<UserRight> getTypeUserRights()
Returns a map containing the five UserRight objects for the keys READ, CHANGE, CREATE, REMOVE and CHANGE_PERMISSIONS...
-
getDescriptorUserRights
public java.util.List<UserRight> getDescriptorUserRights()
Returns a map containing the three UserRight objects for the keys READ, CHANGE, and CHANGE_PERMISSIONS...
-
getRightIndex
public int getRightIndex(java.lang.String userRight)
For the given userright key this method returns the index of the appropriate UserRight within the userright list.- Parameters:
userRight
- the user right key which must be one of READ, CHANGE, CREATE, REMOVE or CHANGE_PERMISSIONS
-
hasRight
public boolean hasRight(AttributeDescriptor descriptor, java.lang.String userRightKey)
Checks if the current Principal has the given right on the given AttributeDescriptor.- Parameters:
descriptor
- the AttributeDescriptor which is checkeduserRightKey
- the key for the userright which should be checked (one of READ, CHANGE, CREATE, REMOVE or CHANGE_PERMISSIONS)- Returns:
- true if the permission is granted (either directly on the itemtype or on one of its supertypes), false if the permission is denied (either by an explicit denial or because neither the attributedescriptor nor the enclosing type or its supertype's attributedescriptor has any permission set)
-
hasRight
public boolean hasRight(Principal principal, AttributeDescriptor descriptor, java.lang.String userRightKey)
Checks if the given Principal has the given right on the given AttributeDescriptor.- Parameters:
principal
- the Principal for which the permission is checkeddescriptor
- the AttributeDescriptor which is checkeduserRightKey
- the key for the userright which should be checked (one of READ, CHANGE, CREATE, REMOVE or CHANGE_PERMISSIONS)- Returns:
- true if the permission is granted (either directly on the itemtype or on one of its supertypes), false if the permission is denied (either by an explicit denial or because neither the attributedescriptor nor the enclosing type or its supertype's attributedescriptor has any permission set)
-
hasRight
public boolean hasRight(ComposedType type, java.lang.String userRightKey)
Checks if the current Principal has the given right on the given ComposedType.- Parameters:
type
- the ComposedType which is checkeduserRightKey
- the key for the userright which should be checked (one of READ, CHANGE, CREATE, REMOVE or CHANGE_PERMISSIONS)- Returns:
- true if the permission is granted (either directly on the itemtype or on one of its supertypes), false if the permission is denied (either by an explicit denial or because neither the type nor one of its supertypes has any permission set)
-
hasRight
public boolean hasRight(Principal principal, ComposedType type, java.lang.String userRightKey)
Checks if the given Principal has the given right on the given ComposedType.- Parameters:
principal
- the Principal for which the permission is checkedtype
- the ComposedType which is checkeduserRightKey
- the key for the userright which should be checked (one of READ, CHANGE, CREATE, REMOVE or CHANGE_PERMISSIONS)- Returns:
- true if the permission is granted (either directly on the itemtype or on one of its supertypes), false if the permission is denied (either by an explicit denial or because neither the type nor one of its supertypes has any permission set)
-
isAdmin
public boolean isAdmin()
Returns true if the current jalosession user is in the admin group.
-
isAdmin
public boolean isAdmin(Principal principal)
Returns true if the given principal is in the admin group.
-
canChangeInstance
public boolean canChangeInstance(Item item)
Returns true if the current user is allowed to change items of the given type and if all extensions which implements RightsProvider do allow this operation on this item.- Parameters:
item
- Item- Returns:
- true or false
-
canChangeInstance
public boolean canChangeInstance(Item item, AttributeDescriptor att)
-
canChange
public boolean canChange(ComposedType type)
- Returns:
- true if the current user is allowed to change items of the given type
-
canChange
public boolean canChange(AttributeDescriptor descriptor)
- Returns:
- true if the current user is allowed to change the contents of the given attributedescriptor
-
canRead
public boolean canRead(ComposedType type)
- Returns:
- true if the current user is allowed to read items of the given type
-
canRead
public boolean canRead(AttributeDescriptor descriptor)
- Returns:
- true if the current user is allowed to read the contents of the given attributedescriptor
-
canRemoveInstance
public boolean canRemoveInstance(Item item)
Returns true if the current user is allowed to remove items of the given type and if all extensions implementing RightsProvider allow editing this item.- Parameters:
item
- Item- Returns:
- true or false
-
canRemoveInstance
public boolean canRemoveInstance(Item item, AttributeDescriptor att)
Returns true if the current user is allowed to remove items of the given type and if all extensions implementing RightsProvider allow editing this item.- Parameters:
item
- the itematt
- the attribute descriptor- Returns:
- true if the current user is allowed
-
canRemove
public boolean canRemove(ComposedType type)
- Returns:
- true if the current user is allowed to remove items of the given type
-
canChangePermissions
public boolean canChangePermissions(ComposedType type)
- Returns:
- true if the current user is allowed to change permissions on the given type
-
canChangePermissions
public boolean canChangePermissions(AttributeDescriptor descriptor)
- Returns:
- true if the current user is allowed to change permissions of the given attributedescriptor
-
canCreateInstance
public boolean canCreateInstance(Item item)
Returns true if the current user is allowed to create items of the given type and if all extensions implementing RightsProvider allow editing this item.- Parameters:
item
- Item- Returns:
- true or false
-
canCreateInstance
public boolean canCreateInstance(Item item, AttributeDescriptor att)
-
canCreate
public boolean canCreate(ComposedType type)
- Returns:
- true if the current user is allowed to create an item of the given type
-
getPermissionMap
public java.util.Map getPermissionMap(ComposedType type)
Returns the permission map for the given ComposedType. (seeItem.getPermissionMap()
) and all 5 userrights which the hmc uses on ComposedTypes.
-
getPermissionMap
public java.util.Map getPermissionMap(AttributeDescriptor attributeDescriptor)
Returns the permission map for the given AttributeDescriptor (seeItem.getPermissionMap()
) and all 3 userrights which the hmc uses on AttributeDescriptors.
-
filterInvalidPrincipals
public static void filterInvalidPrincipals(java.util.Set principals)
Filters invalid principals in the given set. I.e. all objects in the set are checked and if they are null, not an instance of Principal or no longer alive, they are removed from the set.- Parameters:
principals
- the set which is to be checked- Since:
- 1.31
-
setPermissionMap
public void setPermissionMap(ComposedType type, java.util.Map permissionMap)
Sets the permission map for the given ComposedType (seeItem.setPermissionsByMap()
) and all 5 userrights which the hmc uses on ComposedTypes.
-
setPermissionMap
public void setPermissionMap(AttributeDescriptor attributeDescriptor, java.util.Map permissionMap)
Sets the permission map for the given AttributeDescriptor (seeItem.setPermissionsByMap()
) and all 3 userrights which the hmc uses on AttributeDescriptors.
-
getPermissionMap
public java.util.Map getPermissionMap(Principal principal)
Returns the permission map for the given Principal and all 5 userrights which the hmc uses on AttributeDescriptors.
-
setPermissionMap
public void setPermissionMap(Principal principal, java.util.Map permissionMap)
Sets the permission map for the given Principal and all 5 userrights which the hmc uses on items.
-
subTypesVisible
public boolean subTypesVisible(ComposedType type)
Returns true if the given type or at least one of its subtypes is visible and non-abstract.- Returns:
- true if the given type or at least one of its subtypes is visible and non-abstract.
- Since:
- 2.30 beta
-
checkLicence
public java.util.ArrayList checkLicence()
This Method returns a list withLicenceInfo
objects. The size of this list is equal to how many licence terms exists.- Since:
- 2.30 beta
- See Also:
AccessManager.checkLicence()
-
-