eu.ehri.project.acl

Class AclManager

java.lang.Object

eu.ehri.project.acl.AclManager

public final class AclManager
extends Object

Helper class for checking and asserting access and write permissions.

Constructor Summary

Constructors

Constructor and Description
AclManager(com.tinkerpop.frames.FramedGraph<?> graph) Constructor.
AclManager(com.tinkerpop.frames.FramedGraph<?> graph, PermissionScope scope) Scoped constructor.

Method Summary

Modifier and Type	Method and Description
static boolean	belongsToAdmin(Accessor accessor) Check if an accessor is admin or a member of Admin.
boolean	canAccess(Accessible entity, Accessor accessor) Determine if a user can access an entity.
static com.tinkerpop.pipes.PipeFunction<com.tinkerpop.blueprints.Vertex,Boolean>	getAclFilterFunction(Accessor accessor) Build a gremlin filter function that passes through items readable by a given accessor.
com.tinkerpop.pipes.PipeFunction<com.tinkerpop.blueprints.Vertex,Boolean>	getContentTypeFilterFunction() Build a gremlin filter function that passes through items that are bona fide content types.
GlobalPermissionSet	getGlobalPermissions(Accessor accessor) Recursive helper function to ascend an accessor's groups and populate their global permissions.
InheritedGlobalPermissionSet	getInheritedGlobalPermissions(Accessor accessor) Return a permission list for the given accessor and her inherited groups.
InheritedItemPermissionSet	getInheritedItemPermissions(Accessible entity, Accessor accessor) Get a list of permissions for a given accessor on a given entity, including inherited permissions.
PermissionScope	getScope() Get scope.
PermissionGrant	grantPermission(PermissionGrantTarget target, PermissionType permType, Accessor accessor) Grant a user permissions to a content type.
boolean	hasPermission(Accessible entity, PermissionType permissionType, Accessor accessor) Check if a user has permission to perform an action on the given item.
boolean	hasPermission(ContentTypes contentType, PermissionType permissionType, Accessor accessor) Check if a user has permission to perform an action on the given content type.
static boolean	isAnonymous(Accessor accessor) Check if an accessor is admin or a member of Admin.
void	removeAccessControl(Accessible entity, Accessor accessor) Revoke an accessor's access to an entity.
void	revokePermission(Accessible entity, PermissionType permType, Accessor accessor) Revoke a particular permission on the given entity.
void	revokePermissionGrant(PermissionGrant grant) Revoke a particular permission grant.
void	setAccessors(Accessible entity, Collection<Accessor> accessors) Set access control on an entity to several accessors.
void	setItemPermissions(Accessible item, Accessor accessor, Set<PermissionType> permissionSet) Set the permissions for a particular user on the given item.
void	setPermissionMatrix(Accessor accessor, GlobalPermissionSet globals) Set a matrix of global permissions for a given accessor.
AclManager	withScope(PermissionScope scope) Set scope.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AclManager

public AclManager(com.tinkerpop.frames.FramedGraph<?> graph,
                  PermissionScope scope)

Scoped constructor.

Parameters:

graph - The framed graph

scope - The ACL scope

AclManager

public AclManager(com.tinkerpop.frames.FramedGraph<?> graph)

Constructor.

Parameters:

graph - The framed graph

Method Detail

belongsToAdmin

public static boolean belongsToAdmin(Accessor accessor)

Check if an accessor is admin or a member of Admin.

Parameters:

accessor - The user/group

Returns:

User belongs to the admin group

isAnonymous

public static boolean isAnonymous(Accessor accessor)

Check if an accessor is admin or a member of Admin.

Parameters:

accessor - The user/group

Returns:

User is an anonymous accessor

canAccess

public boolean canAccess(Accessible entity,
                         Accessor accessor)

Determine if a user can access an entity.

Parameters:

entity - The item

accessor - The user/group

Returns:

Whether or not the given accessor can access the entity

removeAccessControl

public void removeAccessControl(Accessible entity,
                                Accessor accessor)

Revoke an accessor's access to an entity.

Parameters:

entity - The item

accessor - A user/group from whom to revoke access

setAccessors

public void setAccessors(Accessible entity,
                         Collection<Accessor> accessors)

Set access control on an entity to several accessors.

Parameters:

entity - The item

accessors - A set of users/groups who can access the item

getInheritedItemPermissions

public InheritedItemPermissionSet getInheritedItemPermissions(Accessible entity,
                                                              Accessor accessor)

Get a list of permissions for a given accessor on a given entity, including inherited permissions. Returns a map of accessor IDs against grant permissions.

Parameters:

accessor - The accessor

Returns:

An inherited item permission set.

setItemPermissions

public void setItemPermissions(Accessible item,
                               Accessor accessor,
                               Set<PermissionType> permissionSet)
                        throws PermissionDenied

Set the permissions for a particular user on the given item.

Parameters:

item - The item

accessor - The user/group

permissionSet - A set of permissions

Throws:

PermissionDenied

getInheritedGlobalPermissions

public InheritedGlobalPermissionSet getInheritedGlobalPermissions(Accessor accessor)

Return a permission list for the given accessor and her inherited groups.

Parameters:

accessor - The user/group

Returns:

List of permission maps for the given accessor and his group parents.

getGlobalPermissions

public GlobalPermissionSet getGlobalPermissions(Accessor accessor)

Recursive helper function to ascend an accessor's groups and populate their global permissions.

Parameters:

accessor - The user/group

Returns:

Permission map for the given accessor

setPermissionMatrix

public void setPermissionMatrix(Accessor accessor,
                                GlobalPermissionSet globals)
                         throws PermissionDenied

Set a matrix of global permissions for a given accessor.

Parameters:

accessor - The user/group

globals - global permission map

Throws:

PermissionDenied

grantPermission

public PermissionGrant grantPermission(PermissionGrantTarget target,
                                       PermissionType permType,
                                       Accessor accessor)

Grant a user permissions to a content type.

Parameters:

target - The grant target (content type or item)

permType - The permission type

accessor - The user/group

Returns:

The permission grant given for this accessor and target

revokePermission

public void revokePermission(Accessible entity,
                             PermissionType permType,
                             Accessor accessor)

Revoke a particular permission on the given entity.

Parameters:

entity - The item

permType - The permission type

accessor - The user/group

revokePermissionGrant

public void revokePermissionGrant(PermissionGrant grant)

Revoke a particular permission grant.

Parameters:

grant - The grant to revoke

getContentTypeFilterFunction

public com.tinkerpop.pipes.PipeFunction<com.tinkerpop.blueprints.Vertex,Boolean> getContentTypeFilterFunction()

Build a gremlin filter function that passes through items that are bona fide content types.

Returns:

A PipeFunction for filtering vertices that are content types.

getAclFilterFunction

public static com.tinkerpop.pipes.PipeFunction<com.tinkerpop.blueprints.Vertex,Boolean> getAclFilterFunction(Accessor accessor)

Build a gremlin filter function that passes through items readable by a given accessor.

Parameters:

accessor - The user/group

Returns:

A PipeFunction for filtering a set of vertices as the given user

hasPermission

public boolean hasPermission(ContentTypes contentType,
                             PermissionType permissionType,
                             Accessor accessor)

Check if a user has permission to perform an action on the given content type.

Parameters:

contentType - The content type

permissionType - The requested permission

accessor - The user

Returns:

If the user has permission on the given content type within the current scope

hasPermission

public boolean hasPermission(Accessible entity,
                             PermissionType permissionType,
                             Accessor accessor)

Check if a user has permission to perform an action on the given item.

Parameters:

entity - The item

permissionType - The requested permission

accessor - The user

Returns:

If the user has the permission on the given item

withScope

public AclManager withScope(PermissionScope scope)

Set scope.

Parameters:

scope - The new permission scope

Returns:

A new ACL Manager

getScope

public PermissionScope getScope()

Get scope.

Returns:

The permission scope.