Package org.mycore.access
Class MCRAccessManager
java.lang.Object
org.mycore.access.MCRAccessManager
- Version:
- $Revision$ $Date$
- Author:
- Thomas Scheffler
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic void
adds an access rule for an ID to an access system.static void
addRule
(MCRObjectID id, String permission, Element rule, String description) adds an access rule for an MCRObjectID to an access system.static boolean
checkDerivateContentPermission
(MCRObjectID derId, String permission) checks if the current user has the permission to perform an action on the derivate content.static boolean
checks if the current user has the permission to view the derivate content.static boolean
checkDerivateMetadataPermission
(MCRObjectID derId, String permission) checks if the current user has the permission to perform an action on the derivate metadata.static boolean
checkPermission
(String permission) determines whether the current user has the permission to perform a certain action.static boolean
checkPermission
(String id, String permission) determines whether the current user has the permission to perform a certain action.static CompletableFuture<Boolean>
checkPermission
(MCRUserInformation user, Supplier<Boolean> checkSuplier) static CompletableFuture<Boolean>
checkPermission
(MCRUserInformation user, Supplier<Boolean> checkSuplier, ExecutorService es) static boolean
checkPermission
(MCRObjectID id, String permission) determines whether the current user has the permission to perform a certain action.static boolean
Deprecated.static <T extends MCRAccessInterface>
Tstatic Element
return a rule, that forbids something for all, but superuserstatic Collection<String>
lists all permissions defined for theid
.static Collection<String>
lists all permissions defined for theid
.static Element
return a rule, that allows something for everybodystatic boolean
return true if a rule for the id existstatic void
invalidAllPermissionCachesById
(String... ids) Invalidates all permissions for a specific id for all access caches in every sessionstatic void
invalidPermissionCache
(String permission) Invalidates the permission for current user on cache.static void
invalidPermissionCache
(String id, String permission) Invalidates the permission for current user on cache.static void
invalidPermissionCacheByID
(String... ids) Invalidates all permissions for a specific id for current user on cachestatic void
removes all rules for the MCRObjectID.static void
removeRule
(String id, String permission) removes thepermission
rule for the ID.static void
removeRule
(MCRObjectID id, String permission) removes thepermission
rule for the MCRObjectID.static MCRRuleAccessInterface
static void
updateRule
(String id, String permission, Element rule, String description) updates an access rule for an ID.static void
updateRule
(MCRObjectID id, String permission, Element rule, String description) updates an access rule for an MCRObjectID.
-
Field Details
-
LOGGER
-
PERMISSION_READ
- See Also:
-
PERMISSION_WRITE
- See Also:
-
PERMISSION_DELETE
- See Also:
-
PERMISSION_PREVIEW
- See Also:
-
PERMISSION_VIEW
- See Also:
-
-
Constructor Details
-
MCRAccessManager
public MCRAccessManager()
-
-
Method Details
-
getAccessImpl
-
addRule
public static void addRule(MCRObjectID id, String permission, Element rule, String description) throws MCRException adds an access rule for an MCRObjectID to an access system.- Parameters:
id
- the MCRObjectID of the objectpermission
- the access permission for the rulerule
- the access ruledescription
- description for the given access rule, e.g. "allows public access"- Throws:
MCRException
- if an error was occurred- See Also:
-
addRule
public static void addRule(String id, String permission, Element rule, String description) throws MCRException adds an access rule for an ID to an access system.- Parameters:
id
- the ID of the object as Stringpermission
- the access permission for the rulerule
- the access ruledescription
- description for the given access rule, e.g. "allows public access"- Throws:
MCRException
- if an error was occurred- See Also:
-
removeRule
removes thepermission
rule for the MCRObjectID.- Parameters:
id
- the MCRObjectID of an objectpermission
- the access permission for the rule- Throws:
MCRException
- if an error was occurred- See Also:
-
removeRule
removes thepermission
rule for the ID.- Parameters:
id
- the ID of an object as Stringpermission
- the access permission for the rule- Throws:
MCRException
- if an error was occurred- See Also:
-
removeAllRules
removes all rules for the MCRObjectID.- Parameters:
id
- the MCRObjectID of an object- Throws:
MCRException
- if an error was occurred- See Also:
-
updateRule
public static void updateRule(MCRObjectID id, String permission, Element rule, String description) throws MCRException updates an access rule for an MCRObjectID.- Parameters:
id
- the MCRObjectID of the objectpermission
- the access permission for the rulerule
- the access ruledescription
- description for the given access rule, e.g. "allows public access"- Throws:
MCRException
- if an error was occurred- See Also:
-
updateRule
public static void updateRule(String id, String permission, Element rule, String description) throws MCRException updates an access rule for an ID.- Parameters:
id
- the ID of the objectpermission
- the access permission for the rulerule
- the access ruledescription
- description for the given access rule, e.g. "allows public access"- Throws:
MCRException
- if an error was occurred- See Also:
-
checkPermission
determines whether the current user has the permission to perform a certain action.- Parameters:
id
- the MCRObjectID of the objectpermission
- the access permission for the rule- Returns:
- true if the access is allowed otherwise it return
- See Also:
-
checkDerivateMetadataPermission
checks if the current user has the permission to perform an action on the derivate metadata.- Parameters:
derId
- the MCRObjectID of the derivatepermission
- the access permission for the rule- Returns:
- true, if the access is allowed
-
checkDerivateContentPermission
checks if the current user has the permission to perform an action on the derivate content.- Parameters:
derId
- the MCRObjectID of the derivatepermission
- the access permission for the rule- Returns:
- true, if the access is allowed
-
checkDerivateDisplayPermission
checks if the current user has the permission to view the derivate content.- Parameters:
derId
- the MCRObjectID of the derivate- Returns:
- true, if the access is allowed
-
checkPermission
determines whether the current user has the permission to perform a certain action.- Parameters:
id
- the MCRObjectID of the objectpermission
- the access permission for the rule- Returns:
- true if the permission for the id is given
-
checkPermission
determines whether the current user has the permission to perform a certain action.- Parameters:
permission
- the access permission for the rule- Returns:
- true if the permission exist
-
invalidPermissionCache
Invalidates the permission for current user on cache.- Parameters:
id
- theMCRObjectID
permission
- the access permission
-
invalidPermissionCacheByID
Invalidates all permissions for a specific id for current user on cache- Parameters:
ids
- id of the cache handle
-
invalidAllPermissionCachesById
Invalidates all permissions for a specific id for all access caches in every session- Parameters:
ids
- id of the cache handle
-
invalidPermissionCache
Invalidates the permission for current user on cache.- Parameters:
permission
- the access permission
-
checkPermissionForReadingDerivate
Deprecated.usecheckDerivateContentPermission(MCRObjectID, String)
orcheckDerivateMetadataPermission(MCRObjectID, String)
instead with Strategy that also checks for the object.checks whether the current user has the permission to read/see a derivate check is also against the mcrobject, the derivate belongs to both checks must return true
it is needed in MCRFileNodeServlet and MCRZipServlet- Parameters:
derID
- String ID of a MyCoRe-Derivate- Returns:
- true if the access is allowed otherwise it return false
-
getPermissionsForID
lists all permissions defined for theid
.- Parameters:
id
- the ID of the object as String- Returns:
- a
List
of all forid
defined permissions
-
getPermissionsForID
lists all permissions defined for theid
.- Parameters:
id
- the MCRObjectID of the object- Returns:
- a
List
of all forid
defined permissions
-
getTrueRule
return a rule, that allows something for everybody- Returns:
- a rule, that allows something for everybody
-
getFalseRule
return a rule, that forbids something for all, but superuser- Returns:
- a rule, that forbids something for all, but superuser
-
hasRule
return true if a rule for the id exist- Parameters:
id
- the MCRObjectID of the objectpermission
- the access permission for the rule
-
checkPermission
public static CompletableFuture<Boolean> checkPermission(MCRUserInformation user, Supplier<Boolean> checkSuplier) -
checkPermission
public static CompletableFuture<Boolean> checkPermission(MCRUserInformation user, Supplier<Boolean> checkSuplier, ExecutorService es) -
requireRulesInterface
-
checkDerivateContentPermission(MCRObjectID, String)
orcheckDerivateMetadataPermission(MCRObjectID, String)
instead with Strategy that also checks for the object.