Package de.hybris.platform.jalo.security

Class Principal

java.lang.Object

de.hybris.platform.util.BridgeAbstraction

de.hybris.platform.jalo.Item

de.hybris.platform.jalo.ExtensibleItem

de.hybris.platform.jalo.c2l.LocalizableItem

de.hybris.platform.jalo.GenericItem

de.hybris.platform.jalo.security.GeneratedPrincipal

de.hybris.platform.jalo.security.Principal

All Implemented Interfaces:

Serializable, Comparable

Direct Known Subclasses:

GeneratedPrincipalGroup, GeneratedUser

public abstract class Principal
extends GeneratedPrincipal

This is the abstract base class of all hybris Platform users. Our security models allows to assign each principal a set of UserRights on one Item, which can be checked by the AccessManager.

See Also:

• Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from class de.hybris.platform.jalo.GenericItem

GenericItem.GenericItemImpl

Nested classes/interfaces inherited from class de.hybris.platform.jalo.c2l.LocalizableItem

LocalizableItem.LocalizableItemImpl

Nested classes/interfaces inherited from class de.hybris.platform.jalo.ExtensibleItem

ExtensibleItem.ExtensibleItemImpl

Nested classes/interfaces inherited from class de.hybris.platform.jalo.Item

Item.AttributeFilter, Item.AttributeMode, Item.CachedGetter, Item.CachedSetter, Item.ItemAttributeMap, Item.ItemConstraint, Item.ItemImpl, Item.JaloCachedComputationException

Field Summary

Fields

Modifier and Type	Field	Description
static final String	ALLGROUPS	Deprecated. since ages - Old Jalo attribute that is now dynamic.
static final String	ALLSEARCHRESTRICTIONS	Deprecated. since ages - it is a dynamic attribute now
static final String	DISPLAYNAME	Deprecated. since ages - it is a dynamic attribute now
static final String	PRINCIPAL_GROUP_RELATION_NAME	Deprecated. since ages - use instead CoreConstants.Relations.PRINCIPALGROUPRELATION

Fields inherited from class de.hybris.platform.jalo.security.GeneratedPrincipal

DEFAULT_INITIAL_ATTRIBUTES, DESCRIPTION, GROUPS, NAME, PRINCIPALGROUPRELATION_MARKMODIFIED, PRINCIPALGROUPRELATION_SRC_ORDERED, PRINCIPALGROUPRELATION_TGT_ORDERED, SEARCHRESTRICTIONS, SEARCHRESTRICTIONSHANDLER, UID

Fields inherited from class de.hybris.platform.jalo.c2l.LocalizableItem

LANGUAGE_FALLBACK_ENABLED

Fields inherited from class de.hybris.platform.jalo.Item

_CREATION_TIME_INTERNAL, _MODIFIED_TIME_INTERNAL, accessorLog, CREATION_TIME, DISABLE_ATTRIBUTE_CHECK, DISABLE_ITEMCHECK_BEFORE_REMOVABLE, EVEN, FEATURE_ACCESSMAP_QUALIFIER, HJMPTS, INITIAL_CREATION_FLAG, isJaloOnly, MODIFIED_TIME, NEGATIVE, NOT_FOUND, OWNER, PK, POSITIVE, SAVE_FROM_SERVICE_LAYER, staticTransientObjects, TYPE

Fields inherited from class de.hybris.platform.util.BridgeAbstraction

impl, tenant

Constructor Summary

Constructors

Constructor	Description
Principal()

Method Summary

Modifier and Type	Method	Description
void	addGlobalNegativePermission(UserRight permission)	Deprecated. since ages - use PermissionManagementService.addGlobalPermission(PermissionAssignment...)
void	addGlobalPermission(UserRight permission, boolean deny)	Deprecated. since ages - use PermissionManagementService.addGlobalPermission(PermissionAssignment...)
boolean	addGlobalPermissions(Collection<PermissionContainer> permissions)	Deprecated. since ages - use PermissionManagementService.addGlobalPermissions(Collection)
void	addGlobalPositivePermission(UserRight permission)	Deprecated. since ages - use PermissionManagementService.addGlobalPermission(PermissionAssignment...)
boolean	addToGroup(PrincipalGroup group)	Deprecated. since ages - useGeneratedPrincipal.addToGroups(SessionContext, PrincipalGroup) instead
protected void	checkConsistencyUid(String uid, String message, String composedTypeCode)
boolean	checkGlobalPermission(UserRight right)	Deprecated. since ages - use PermissionCheckingService.checkGlobalPermission(PrincipalModel, String)
int	checkOwnGlobalPermission(PK userRightPK)	Deprecated. since ages - use (PrincipalModel, String)
abstract void	checkSystemPrincipal()
void	clearGlobalPermission(UserRight permission)	Deprecated. since ages - use PermissionManagementService.removeGlobalPermission(PermissionAssignment...)
boolean	clearGlobalPermissions(Collection<PermissionContainer> permissions)	Deprecated. since ages - use PermissionManagementService.removeGlobalPermissions(Collection)
Map<Language,String>	getAllDisplayName()	Deprecated. since ages
abstract Map<Language,String>	getAllDisplayName(SessionContext ctx)	Deprecated. since ages
Collection	getAllGlobalNegativePermissions()	Gets all negative permissions of this principal including all negative permissions of groups the principal is member of.
Collection	getAllGlobalPositivePermissions()	Gets all positive permissions of this principal including all positive permissions of groups the principal is member of.
Set<PrincipalGroup>	getAllGroups()
Set<PrincipalGroup>	getAllGroups(SessionContext ctx)	Gets all groups this principal is member of ( transitive ! ).
Collection<SearchRestriction>	getAllSearchRestrictions()	Gets all search restrictions of this principal.
Collection<SearchRestriction>	getAllSearchRestrictions(SessionContext ctx)	Gets all search restrictions of this principal.
String	getDisplayName()	Deprecated. since ages - usePrincipalModel.getDisplayName() Old jalo generated method from GeneratedPrincipal - Getter of the Principal.displayName jalo localized attribute.
abstract String	getDisplayName(SessionContext ctx)	Deprecated. since ages - usePrincipalModel.getDisplayName() Old jalo generated method from GeneratedPrincipal - Getter of the Principal.displayName jalo localized attribute.
Set	getGlobalNegativePermissions()	Gets all negative permissions of this principal.
Set	getGlobalPermissions(boolean negative)	Deprecated. since ages - use PermissionManagementService.getGlobalPermissionsForPrincipal(PrincipalModel...)
Set	getGlobalPositivePermissions()	Gets all positive permissions of this principal.
Set<PrincipalGroup>	getGroups(SessionContext ctx)	Gets all groups which this user belongs to.
Map	getItemPermissionsMap(List userRights)	Returns all stored permissions for this principal and a given list of user rights.
String	getUid(SessionContext ctx)	Generated method - Getter of the Principal.uid attribute.
String	getUID()	Deprecated. since ages - useGeneratedPrincipal.getUid() instead
abstract boolean	isAdmin()	Checks whether the Principal is the admin user.
boolean	isMemberOf(PrincipalGroup g)	Deprecated. since ages - useUserService.isMemberOfGroup(UserModel, UserGroupModel, boolean)
boolean	isMemberOf(PrincipalGroup grp, boolean includingSupergroups)	Deprecated. since ages - useUserService.isMemberOfGroup(UserGroupModel, UserGroupModel, boolean)
void	remove(SessionContext ctx)	SLDSafe - previously there was an intentional bug that deleted all the addresses after User was deleted - even those that are duplicates with the original field set.
boolean	removeFromGroup(PrincipalGroup group)	Deprecated. since ages - useGeneratedPrincipal.removeFromGroups(SessionContext, PrincipalGroup) instead
void	setGroups(SessionContext ctx, Set groups)	Sets the users memberships in the given groups.
void	setItemPermissionsByMap(List userRights, Map permissionMap)	Changes all stored permissions for this principal and a given list of user rights at once.
void	setUID(String uid)	Deprecated. since ages - useGeneratedPrincipal.setUid(SessionContext, String) instead
String	toString()	Returns the String representation of this item.

Methods inherited from class de.hybris.platform.jalo.security.GeneratedPrincipal

addToGroups, addToGroups, getDefaultAttributeModes, getDescription, getDescription, getGroups, getGroupsCount, getGroupsCount, getName, getName, getSearchRestrictions, getSearchRestrictions, getUid, isMarkModifiedDisabled, removeFromGroups, removeFromGroups, setDescription, setDescription, setGroups, setName, setName, setUid, setUid

Methods inherited from class de.hybris.platform.jalo.GenericItem

createItem, getImplementation, getInitialProperties, getNonInitialAttributes, getRelatedItems, getRelatedItems, setRelatedItems

Methods inherited from class de.hybris.platform.jalo.c2l.LocalizableItem

getAllLocalizedProperties, getAllLocalizedProperties, getAllLocalizedProperties, getAllLocalizedProperties, getAllValuesSessionContext, getLocalizedProperty, getLocalizedProperty, getLocalizedPropertyInternal, getLocalizedPropertyNames, getLocalizedPropertyNames, hasLanguage, isEmptyValue, isFallbackEnabled, removeLocalizedProperty, removeLocalizedProperty, setAllLocalizedProperties, setAllLocalizedProperties, setLocalizedProperty, setLocalizedProperty

Methods inherited from class de.hybris.platform.jalo.ExtensibleItem

createNonClassAccessor, getAllProperties, getAllProperties, getProperty, getProperty, getPropertyNames, getPropertyNames, removeProperty, removeProperty, setAllProperties, setAllProperties, setProperty, setProperty

Methods inherited from class de.hybris.platform.jalo.Item

addLinkedItems, addLinkedItems, addLinkedItems, addLinkedItems, addLinkedItems, addLinkedItems, addLinkedItems, addLinkedItems, addLinkedItems, addNegativePermission, addPermission, addPositivePermission, assureExtensionsLoaded, changeTypeAfterCreation, checkConstraint, checkItemPermission, checkMandatoryAttribute, checkMandatoryAttribute, checkPermission, checkPermission, checkRemovable, clearPermission, compareTo, ctx, doAfterRemove, doBeforeRemove, equals, getAccessorFor, getAllAttributes, getAllAttributes, getAllAttributes, getAllAttributes, getAllAttributesInternal, getAllLinkedItems, getAndCheckCacheBoundItem, getAttribute, getAttribute, getCacheBoundItem, getComposedType, getComposedTypePK, getCreationTime, getCurrentlyRemovingCount, getLinkedItems, getLinkedItems, getLinkedItems, getLinkedItems, getLinkedItems, getLinkedItems, getLinkedItems, getLinkedItemsCount, getLinkedItemsCount, getLinkedItemsCount, getModificationTime, getNegativePermissions, getOwner, getPartOfRemovedSessionMarker, getPermissionMap, getPermissions, getPersistenceVersion, getPK, getPositivePermissions, getRestrictedPrincipals, getSession, getSyncObject, getTenant, getTransientObject, getTransientObjectMap, hashCode, hasRegisteredClassAccessorFor, internal_registerClassAccessorFor, internal_registerNonClassAccessorFor, invalidateLocalCaches, isAlive, isCacheBound, isCurrentlyRemoving, isCurrentlyRemoving, isEmptyRelationValue, isInCreate, isInstanceOf, isItemCheckBeforeRemoveableDisabled, isRelationLocalizationFallbackEnabled, newInstance, notifyExtensionsAfterItemCreation, notifyExtensionsBeforeItemCreation, notifyItemRemoval, notifyManagerAboutItemRemoval, readResolve, registerAccessFor, registerAccessFor, registerJaloInvalidationListeners, remove, removeItemCollection, removeItemCollection, removeLinkedItems, removeLinkedItems, removeLinkedItems, removeLinkedItems, removeLinks, removePartOfItems, removePartOfItems, setAllAttributes, setAllAttributes, setAllAttributesInternal, setAllLinkedItems, setAllLinkedItems, setAllLinkedItems, setAllLinkedItems, setAttribute, setAttribute, setAttributeFromString, setAttributeFromString, setCacheBound, setComposedType, setCreationTime, setImplementation, setLinkedItems, setLinkedItems, setLinkedItems, setLinkedItems, setLinkedItems, setLinkedItems, setLinkedItems, setLinkedItems, setModificationTime, setNonInitialAttributes, setOwner, setPermissionsByMap, setTransientObject, setUseTA, suppressRelation, useTA, writeReplace

Methods inherited from class de.hybris.platform.util.BridgeAbstraction

setTenant

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Details

DISPLAYNAME

@Deprecated(since="ages",
            forRemoval=false)
public static final String DISPLAYNAME

Deprecated.

since ages - it is a dynamic attribute now

Constant identifier for displayName attribute of User type.

See Also:

• Constant Field Values

ALLSEARCHRESTRICTIONS

@Deprecated(since="ages",
            forRemoval=false)
public static final String ALLSEARCHRESTRICTIONS

Deprecated.

since ages - it is a dynamic attribute now

Constant identifier for allSearchRestrictions attribute of User type.

See Also:

• Constant Field Values

PRINCIPAL_GROUP_RELATION_NAME

@Deprecated(since="ages",
            forRemoval=false)
public static final String PRINCIPAL_GROUP_RELATION_NAME

Deprecated.

since ages - use instead CoreConstants.Relations.PRINCIPALGROUPRELATION

Constant identifier for PrincipalGroupRelation type.

ALLGROUPS

@Deprecated(since="ages",
            forRemoval=false)
public static final String ALLGROUPS

Deprecated.

since ages - Old Jalo attribute that is now dynamic.

See Also:

• Constant Field Values

Constructor Details

Principal

public Principal()

Method Details

toString

public String toString()

Description copied from class: Item

Returns the String representation of this item. This is by default the representation of the primary key of this item.

Overrides:

toString in class Item

Returns:

the String representation of this item.

getUID

@Deprecated(since="ages",
            forRemoval=false)
public String getUID()

Deprecated.

since ages - useGeneratedPrincipal.getUid() instead

Gets the unique identifier of this principal.

checkConsistencyUid

protected void checkConsistencyUid(String uid,
 String message,
 String composedTypeCode)
                            throws ConsistencyCheckException

Throws:

ConsistencyCheckException

getUid

public String getUid(SessionContext ctx)

Description copied from class: GeneratedPrincipal

Generated method - Getter of the Principal.uid attribute.

Overrides:

getUid in class GeneratedPrincipal

Returns:

the uid

setUID

@Deprecated(since="ages",
            forRemoval=false)
public void setUID(String uid)
            throws ConsistencyCheckException

Deprecated.

since ages - useGeneratedPrincipal.setUid(SessionContext, String) instead

Sets the uid of this principal.

Throws:

ConsistencyCheckException - if there is already a principal with this id

checkSystemPrincipal

public abstract void checkSystemPrincipal()
                                   throws ConsistencyCheckException

Throws:

ConsistencyCheckException

getGroups

public Set<PrincipalGroup> getGroups(SessionContext ctx)

Gets all groups which this user belongs to.

Overrides:

getGroups in class GeneratedPrincipal

Returns:

a set of PrincipalGroups the user is member in

getAllGroups

public Set<PrincipalGroup> getAllGroups()

getAllGroups

public Set<PrincipalGroup> getAllGroups(SessionContext ctx)

Gets all groups this principal is member of ( transitive ! ).

Returns:

set of PrincipalGroups this principal is member of ( transitive ! )

isMemberOf

@Deprecated(since="ages",
            forRemoval=false)
public boolean isMemberOf(PrincipalGroup grp,
 boolean includingSupergroups)

Deprecated.

since ages - useUserService.isMemberOfGroup(UserGroupModel, UserGroupModel, boolean)

Checks whether the principal is member of the given group or any of its subgroups.

Parameters:

includingSupergroups - if true indirect membership through group-in-group is evaluated, otherwise only direct membership

grp - the group to check membership for

Returns:

true if this principal is member of the given group or any of its subgroups.

See Also:

• isMemberOf(PrincipalGroup)

setGroups

public void setGroups(SessionContext ctx,
 Set groups)

Sets the users memberships in the given groups.

Overrides:

setGroups in class GeneratedPrincipal

Parameters:

groups - - the groups the user should be member in

addToGroup

@Deprecated(since="ages",
            forRemoval=false)
public boolean addToGroup(PrincipalGroup group)

Deprecated.

since ages - useGeneratedPrincipal.addToGroups(SessionContext, PrincipalGroup) instead

Adds a group membership to this Principal.

Returns:

true if the principal is not already member of the group

removeFromGroup

@Deprecated(since="ages",
            forRemoval=false)
public boolean removeFromGroup(PrincipalGroup group)

Deprecated.

since ages - useGeneratedPrincipal.removeFromGroups(SessionContext, PrincipalGroup) instead

Removes a group membership from this Principal.

Returns:

true if the Principal was a member of this group

isMemberOf

@Deprecated(since="ages",
            forRemoval=false)
public boolean isMemberOf(PrincipalGroup g)

Deprecated.

since ages - useUserService.isMemberOfGroup(UserModel, UserGroupModel, boolean)

Checks whether this principal is direct member of the given group. supergroup membership is not evaluated.

Parameters:

g - the group to check membership for

Returns:

true if this principal is direct member of the given group. supergroup membership is not evaluated.

See Also:

• isMemberOf(PrincipalGroup, boolean)

getAllSearchRestrictions

public Collection<SearchRestriction> getAllSearchRestrictions()

Gets all search restrictions of this principal.

Returns:

all search restrictions of this principal

getAllSearchRestrictions

public Collection<SearchRestriction> getAllSearchRestrictions(SessionContext ctx)

Gets all search restrictions of this principal.

Returns:

all search restrictions of this principal

getItemPermissionsMap

public Map getItemPermissionsMap(List userRights)

Returns all stored permissions for this principal and a given list of user rights.

The result map contains all items which this principal owns stored permissions for as keys, and a list of Boolean objects ordered according to the given user rights list. These objects have the following meaning:

• Boolean.TRUE ... a negative permission is stored
• Boolean.FALSE ... a positive permission is stored
• null ... no permission is stored for the according user right

Please note that this method is considerably costly since it always requires querying the database. A alternative access to permission is provided via Item.getPermissionMap(List).

Since:

2.10

setItemPermissionsByMap

public void setItemPermissionsByMap(List userRights,
 Map permissionMap)

Changes all stored permissions for this principal and a given list of user rights at once.

The argument map must contain all items which this principal owns stored permissions for as keys, and a list of Boolean objects ordered according to the given user rights list. These objects have the following meaning:

• Boolean.TRUE ... a negative permission is stored
• Boolean.FALSE ... a positive permission is stored
• null ... no permission is stored for the according user right

Please note that this method is quite costly since it always requires querying the database. A alternative access to permissions is provided via Item.setPermissionsByMap(List, Map).

Since:

2.10

addGlobalPermission

@Deprecated(since="ages",
            forRemoval=false)
public void addGlobalPermission(UserRight permission,
 boolean deny)

Deprecated.

since ages - use PermissionManagementService.addGlobalPermission(PermissionAssignment...)

Adds a permission for this principal specifying if it is negative or positive.

addGlobalPermissions

@Deprecated(since="ages",
            forRemoval=false)
public boolean addGlobalPermissions(Collection<PermissionContainer> permissions)

Deprecated.

since ages - use PermissionManagementService.addGlobalPermissions(Collection)

addGlobalNegativePermission

@Deprecated(since="ages",
            forRemoval=false)
public void addGlobalNegativePermission(UserRight permission)

Deprecated.

since ages - use PermissionManagementService.addGlobalPermission(PermissionAssignment...)

Adds a negative permission for this principal.

addGlobalPositivePermission

@Deprecated(since="ages",
            forRemoval=false)
public void addGlobalPositivePermission(UserRight permission)

Deprecated.

since ages - use PermissionManagementService.addGlobalPermission(PermissionAssignment...)

Adds a positive permission for this principal.

clearGlobalPermission

@Deprecated(since="ages",
            forRemoval=false)
public void clearGlobalPermission(UserRight permission)

Deprecated.

since ages - use PermissionManagementService.removeGlobalPermission(PermissionAssignment...)

Removes given permission for this principal.

clearGlobalPermissions

@Deprecated(since="ages",
            forRemoval=false)
public boolean clearGlobalPermissions(Collection<PermissionContainer> permissions)

Deprecated.

since ages - use PermissionManagementService.removeGlobalPermissions(Collection)

getGlobalPermissions

@Deprecated(since="ages",
            forRemoval=false)
public Set getGlobalPermissions(boolean negative)

Deprecated.

since ages - use PermissionManagementService.getGlobalPermissionsForPrincipal(PrincipalModel...)

Gets all permissions of this principal specifying if they are all negative or positive.

getGlobalPositivePermissions

public Set getGlobalPositivePermissions()

Gets all positive permissions of this principal.

getGlobalNegativePermissions

public Set getGlobalNegativePermissions()

Gets all negative permissions of this principal.

getAllGlobalPositivePermissions

public Collection getAllGlobalPositivePermissions()

Gets all positive permissions of this principal including all positive permissions of groups the principal is member of.

getAllGlobalNegativePermissions

public Collection getAllGlobalNegativePermissions()

Gets all negative permissions of this principal including all negative permissions of groups the principal is member of.

isAdmin

public abstract boolean isAdmin()

Checks whether the Principal is the admin user.

checkOwnGlobalPermission

@Deprecated(since="ages",
            forRemoval=false)
public int checkOwnGlobalPermission(PK userRightPK)

Deprecated.

since ages - use (PrincipalModel, String)

checkGlobalPermission

@Deprecated(since="ages",
            forRemoval=false)
public boolean checkGlobalPermission(UserRight right)

Deprecated.

since ages - use PermissionCheckingService.checkGlobalPermission(PrincipalModel, String)

Checks whether the principal or a group the principal is member of has a postive permission for given right.

remove

public void remove(SessionContext ctx)
            throws ConsistencyCheckException

SLDSafe - previously there was an intentional bug that deleted all the addresses after User was deleted - even those that are duplicates with the original field set. Now addresses is a relation not an attribute and partOf takes care of deleting them.

Overrides:

remove in class Item

Parameters:

ctx - A SessionContext object

Throws:

ConsistencyCheckException

getDisplayName

@Deprecated(since="ages",
            forRemoval=false)
public abstract String getDisplayName(SessionContext ctx)

Deprecated.

since ages - usePrincipalModel.getDisplayName() Old jalo generated method from GeneratedPrincipal - Getter of the Principal.displayName jalo localized attribute.

Returns:

the displayName

getDisplayName

@Deprecated(since="ages",
            forRemoval=false)
public String getDisplayName()

Deprecated.

since ages - usePrincipalModel.getDisplayName() Old jalo generated method from GeneratedPrincipal - Getter of the Principal.displayName jalo localized attribute.

Returns:

the displayName

getAllDisplayName

@Deprecated(since="ages",
            forRemoval=false)
public abstract Map<Language,String> getAllDisplayName(SessionContext ctx)

Deprecated.

since ages

Old jalo generated method from GeneratedPrincipal - Getter of the Principal.displayName jalo localized attribute.

Returns:

the localized displayName

getAllDisplayName

@Deprecated(since="ages",
            forRemoval=false)
public Map<Language,String> getAllDisplayName()

Deprecated.

since ages

Old jalo generated method from GeneratedPrincipal - Getter of the Principal.displayName jalo localized attribute.

Returns:

the localized displayName