Package org.mycore.access

Class MCRAccessManager

java.lang.Object
org.mycore.access.MCRAccessManager
public class MCRAccessManager extends Object
Version:
$Revision$ $Date$
Author:
Thomas Scheffler

  • Field Details

  • Constructor Details

    • MCRAccessManager

      public MCRAccessManager()

  • Method Details

    • getAccessImpl

      public static <T extends MCRAccessInterface> T getAccessImpl()

    • addRule

      public static void addRule(MCRObjectID id, String permission, Element rule, String description) throws MCRException
      adds an access rule for an MCRObjectID to an access system.
      Parameters:
      id - the MCRObjectID of the object
      permission - the access permission for the rule
      rule - the access rule
      description - description for the given access rule, e.g. "allows public access"
      Throws:
      MCRException - if an error was occurred
      See Also:

    • addRule

      public static void addRule(String id, String permission, Element rule, String description) throws MCRException
      adds an access rule for an ID to an access system.
      Parameters:
      id - the ID of the object as String
      permission - the access permission for the rule
      rule - the access rule
      description - description for the given access rule, e.g. "allows public access"
      Throws:
      MCRException - if an error was occurred
      See Also:

    • removeRule

      public static void removeRule(MCRObjectID id, String permission) throws MCRException
      removes the permission rule for the MCRObjectID.
      Parameters:
      id - the MCRObjectID of an object
      permission - the access permission for the rule
      Throws:
      MCRException - if an error was occurred
      See Also:

    • removeRule

      public static void removeRule(String id, String permission) throws MCRException
      removes the permission rule for the ID.
      Parameters:
      id - the ID of an object as String
      permission - the access permission for the rule
      Throws:
      MCRException - if an error was occurred
      See Also:

    • removeAllRules

      public static void removeAllRules(MCRObjectID id) throws MCRException
      removes all rules for the MCRObjectID.
      Parameters:
      id - the MCRObjectID of an object
      Throws:
      MCRException - if an error was occurred
      See Also:

    • updateRule

      public static void updateRule(MCRObjectID id, String permission, Element rule, String description) throws MCRException
      updates an access rule for an MCRObjectID.
      Parameters:
      id - the MCRObjectID of the object
      permission - the access permission for the rule
      rule - the access rule
      description - description for the given access rule, e.g. "allows public access"
      Throws:
      MCRException - if an error was occurred
      See Also:

    • updateRule

      public static void updateRule(String id, String permission, Element rule, String description) throws MCRException
      updates an access rule for an ID.
      Parameters:
      id - the ID of the object
      permission - the access permission for the rule
      rule - the access rule
      description - description for the given access rule, e.g. "allows public access"
      Throws:
      MCRException - if an error was occurred
      See Also:

    • checkPermission

      public static boolean checkPermission(MCRObjectID id, String permission)
      determines whether the current user has the permission to perform a certain action.
      Parameters:
      id - the MCRObjectID of the object
      permission - the access permission for the rule
      Returns:
      true if the access is allowed otherwise it return
      See Also:

    • checkDerivateMetadataPermission

      public static boolean checkDerivateMetadataPermission(MCRObjectID derId, String permission)
      checks if the current user has the permission to perform an action on the derivate metadata.
      Parameters:
      derId - the MCRObjectID of the derivate
      permission - the access permission for the rule
      Returns:
      true, if the access is allowed

    • checkDerivateContentPermission

      public static boolean checkDerivateContentPermission(MCRObjectID derId, String permission)
      checks if the current user has the permission to perform an action on the derivate content.
      Parameters:
      derId - the MCRObjectID of the derivate
      permission - the access permission for the rule
      Returns:
      true, if the access is allowed

    • checkDerivateDisplayPermission

      public static boolean checkDerivateDisplayPermission(String derId)
      checks if the current user has the permission to view the derivate content.
      Parameters:
      derId - the MCRObjectID of the derivate
      Returns:
      true, if the access is allowed

    • checkPermission

      public static boolean checkPermission(String id, String permission)
      determines whether the current user has the permission to perform a certain action.
      Parameters:
      id - the MCRObjectID of the object
      permission - the access permission for the rule
      Returns:
      true if the permission for the id is given

    • checkPermission

      public static boolean checkPermission(String permission)
      determines whether the current user has the permission to perform a certain action.
      Parameters:
      permission - the access permission for the rule
      Returns:
      true if the permission exist

    • invalidPermissionCache

      public static void invalidPermissionCache(String id, String permission)
      Invalidates the permission for current user on cache.
      Parameters:
      id - the MCRObjectID
      permission - the access permission

    • invalidPermissionCacheByID

      public static void invalidPermissionCacheByID(String... ids)
      Invalidates all permissions for a specific id for current user on cache
      Parameters:
      ids - id of the cache handle

    • invalidAllPermissionCachesById

      public static void invalidAllPermissionCachesById(String... ids)
      Invalidates all permissions for a specific id for all access caches in every session
      Parameters:
      ids - id of the cache handle

    • invalidPermissionCache

      public static void invalidPermissionCache(String permission)
      Invalidates the permission for current user on cache.
      Parameters:
      permission - the access permission

    • checkPermissionForReadingDerivate

      @Deprecated public static boolean checkPermissionForReadingDerivate(String derID)
      Deprecated.
      use checkDerivateContentPermission(MCRObjectID, String) or checkDerivateMetadataPermission(MCRObjectID, String) instead with Strategy that also checks for the object.
      checks whether the current user has the permission to read/see a derivate check is also against the mcrobject, the derivate belongs to both checks must return true
      it is needed in MCRFileNodeServlet and MCRZipServlet
      Parameters:
      derID - String ID of a MyCoRe-Derivate
      Returns:
      true if the access is allowed otherwise it return false

    • getPermissionsForID

      public static Collection<String> getPermissionsForID(String id)
      lists all permissions defined for the id.
      Parameters:
      id - the ID of the object as String
      Returns:
      a List of all for id defined permissions

    • getPermissionsForID

      public static Collection<String> getPermissionsForID(MCRObjectID id)
      lists all permissions defined for the id.
      Parameters:
      id - the MCRObjectID of the object
      Returns:
      a List of all for id defined permissions

    • getTrueRule

      public static Element getTrueRule()
      return a rule, that allows something for everybody
      Returns:
      a rule, that allows something for everybody

    • getFalseRule

      public static Element getFalseRule()
      return a rule, that forbids something for all, but superuser
      Returns:
      a rule, that forbids something for all, but superuser

    • hasRule

      public static boolean hasRule(String id, String permission)
      return true if a rule for the id exist
      Parameters:
      id - the MCRObjectID of the object
      permission - the access permission for the rule

    • checkPermission

      public static CompletableFuture<Boolean> checkPermission(MCRUserInformation user, Supplier<Boolean> checkSuplier)

    • checkPermission

      public static CompletableFuture<Boolean> checkPermission(MCRUserInformation user, Supplier<Boolean> checkSuplier, ExecutorService es)

    • requireRulesInterface

      public static MCRRuleAccessInterface requireRulesInterface()