Package org.mycore.access
Interface MCRRuleAccessInterface
- All Superinterfaces:
MCRAccessInterface
- All Known Implementing Classes:
MCRAccessBaseImpl
,MCRAccessControlSystem
This serves as an interface to an underlying access controll system.
- Since:
- 1.3
- Version:
- $Revision$ $Date$
- Author:
- Thomas Scheffler (yagee)
-
Method Summary
Modifier and TypeMethodDescriptionvoid
adds an access rule for an ID to an access system.void
adds an access rule for an "a priori-permission" like "create-document"boolean
checkPermission
(Element rule) determines whether the current user has the permission to perform a certain action.boolean
checkPermissionForUser
(String permission, String userID) Deprecated.void
createRule
(String rule, String creator, String description) create an access rule in the rulestore using an rule string in plain textvoid
createRule
(Element rule, String creator, String description) create an access rule in the rulestore using an rule string in plain textlist all object-related Access Permissions that are defined in configuration filesgetAccessRule
(String id, String permission) returns a MCRAccessRule which could be validated All information regarding the current user is capsulated by aMCRSession
instance which can be retrieved bylists all String IDs, a permission is assigned to.generate rule string from xmllists all a-priori permissions like "create-document".lists all permissions defined for theid
.exports a access rule for a "a priori permission" as JDOM element.exports a access rule as JDOM element.getRuleDescription
(String permission) returns the prosa description of a defined rule for a "a priori" permission like "create-document".getRuleDescription
(String id, String permission) returns the prosa description of a defined rule.boolean
checks wether a rule with theid
is defined.boolean
checks wether a rule with theid
andpermission
is defined.void
removeAllRules
(String id) removes all rules of theid
.void
removeRule
(String permission) removes a rule for an "a priori permission" like "create-document"void
removeRule
(String id, String permission) removes a rule.void
updateRule
(String id, String permission, Element rule, String description) updates an access rule for an ID to an access system.void
updateRule
(String permission, Element rule, String description) updates an access rule for an "a priori permission" of an access system like "create-document".Methods inherited from interface org.mycore.access.MCRAccessInterface
checkPermission, checkPermission, checkPermission, checkPermissionForUser
-
Method Details
-
createRule
create an access rule in the rulestore using an rule string in plain text- Parameters:
rule
- the rule string in plain textdescription
- a String description of the rule in prosa
-
createRule
create an access rule in the rulestore using an rule string in plain text- Parameters:
rule
- the rule string as xmldescription
- a String description of the rule in prosa
-
getNormalizedRuleString
generate rule string from xml- Returns:
- the normalized rule string
-
addRule
adds an access rule for an ID to an access system. The parameterid
serves as an identifier for the concrete underlying rule, e.g. a MCRObjectID.- Parameters:
id
- the ID-String of the objectpermission
- the access permission for the rulerule
- the access ruledescription
- a String description of the rule in prosa- Throws:
MCRException
- if an error occured
-
addRule
adds an access rule for an "a priori-permission" like "create-document"- Parameters:
permission
- the access permission for the rule (e.g. "create-document")rule
- the access ruledescription
- a String description of the rule in prosa- Throws:
MCRException
- if an error occured
-
removeRule
removes a rule. The parameterid
serves as an identifier for the concrete underlying rule, e.g. a MCRObjectID.- Parameters:
id
- the ID-String of the objectpermission
- the access permission for the rule- Throws:
MCRException
- if an error occured
-
removeRule
removes a rule for an "a priori permission" like "create-document"- Parameters:
permission
- the access permission for the rule- Throws:
MCRException
- if an error occured
-
removeAllRules
removes all rules of theid
. The parameterid
serves as an identifier for the concrete underlying rule, e.g. a MCRObjectID.- Parameters:
id
- the ID-String of the object- Throws:
MCRException
- if an errow was occured
-
updateRule
updates an access rule for an ID to an access system. The parameterid
serves as an identifier for the concrete underlying rule, e.g. a MCRObjectID.- Parameters:
id
- the ID-String of the objectpermission
- the access permission for the rulerule
- the access ruledescription
- a String description of the rule in prosa- Throws:
MCRException
- if an errow was occured
-
updateRule
updates an access rule for an "a priori permission" of an access system like "create-document".- Parameters:
permission
- the access permission for the rulerule
- the access ruledescription
- a String description of the rule in prosa- Throws:
MCRException
- if an errow was occured
-
getAccessRule
returns a MCRAccessRule which could be validated All information regarding the current user is capsulated by aMCRSession
instance which can be retrieved byMCRSession currentSession = MCRSessionMgr.getCurrentSession();
The parameterid
serves as an identifier for the concrete underlying rule, e.g. a MCRObjectID.- Parameters:
id
- the ID-String of the objectpermission
- the permission/action to be granted, e.g. "read"- Returns:
- MCRAccessRule instance or null if no rule is defined;
- See Also:
-
checkPermissionForUser
Deprecated.determines whether a given user has the permission to perform a certain action. no session data will be checked here. This method is used for checking "a priori permissions" like "create-document" where a String ID does not exist yet- Parameters:
permission
- the permission/action to be granted, e.g. "create-document"userID
- the MCRUser, whose permissions are checked- Returns:
- true if the permission is granted, else false
- See Also:
-
checkPermission
determines whether the current user has the permission to perform a certain action. All information regarding the current user is capsulated by aMCRSession
instance which can be retrieved byMCRSession currentSession = MCRSessionMgr.getCurrentSession();
- Parameters:
rule
- the jdom-representation of a mycore access rule- Returns:
- true if the permission is granted, else false
- See Also:
-
getRule
exports a access rule as JDOM element.- Parameters:
id
- the ID-String of the objectpermission
- the access permission for the rule- Returns:
- the rule as jdom element, or
null
if no rule is defined
-
getRule
exports a access rule for a "a priori permission" as JDOM element.- Parameters:
permission
- the access permission for the rule- Returns:
- the rule as jdom element, or
null
if no rule is defined
-
getRuleDescription
returns the prosa description of a defined rule for a "a priori" permission like "create-document".- Parameters:
permission
- the access permission for the rule- Returns:
- the String of the description
-
getRuleDescription
returns the prosa description of a defined rule.- Parameters:
id
- the ID-String of the objectpermission
- the access permission for the rule- Returns:
- the String of the description
-
getPermissionsForID
lists all permissions defined for theid
. The parameterid
serves as an identifier for the concrete underlying rule, e.g. a MCRObjectID.- Returns:
- a
List
of all forid
defined permission
-
getPermissions
Collection<String> getPermissions()lists all a-priori permissions like "create-document".- Returns:
- a
List
of all defined permissions
-
getAccessPermissionsFromConfiguration
Collection<String> getAccessPermissionsFromConfiguration()list all object-related Access Permissions that are defined in configuration files- Returns:
- a List of permissiond from the configuration
-
getAllControlledIDs
Collection<String> getAllControlledIDs()lists all String IDs, a permission is assigned to. The parameterid
serves as an identifier for the concrete underlying rule, e.g. a MCRObjectID.- Returns:
- a sorted and distinct
List
of allString
IDs
-
hasRule
checks wether a rule with theid
andpermission
is defined.- Parameters:
id
- the ID-String of the objectpermission
- the access permission for the rule- Returns:
- false, if getRule(id, permission) would return null, else true
-
hasRule
checks wether a rule with theid
is defined.- Parameters:
id
- the ID-String of the object- Returns:
- false, if getPermissionsForID(id) would return an empty list, else true
-