Package org.mycore.access
Class MCRAccessBaseImpl
java.lang.Object
org.mycore.access.MCRAccessBaseImpl
- All Implemented Interfaces:
MCRAccessInterface
,MCRRuleAccessInterface
- Direct Known Subclasses:
MCRAccessControlSystem
This class is a base implementation of the
MCRAccessInterface
.
It will simply allow everything and will do nothing on persistent operations.
Feel free to extend this class if your implementation can only support parts
of the Interface definition.- Author:
- Jens Kupferschmidt
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
adds an access rule for an ID to an access system.void
adds an access rule for an "a priori-permission" like "create-document"boolean
checkPermission
(String permission) determines whether the current user has the permission to perform a certain action.boolean
checkPermission
(String id, String permission) determines whether the current user has the permission to perform a certain action.boolean
checkPermission
(String id, String permission, MCRUserInformation userInfo) determines whether a given user has the permission to perform a certain action. no session data will be checked here.boolean
checkPermission
(Element rule) determines whether the current user has the permission to perform a certain action.boolean
checkPermissionForUser
(String permission, String userID) Deprecated.boolean
checkPermissionForUser
(String permission, MCRUserInformation userInfo) determines whether a given user has the permission to perform a certain action. no session data will be checked here.void
createRule
(String rule, String creator, String description) create an access rule in the rulestore using an rule string in plain textvoid
createRule
(Element rule, String creator, String description) create an access rule in the rulestore using an rule string in plain textjust returns the String of Access Permissions configured in property "MCR.AccessPermissions"getAccessRule
(String id, String permission) returns a MCRAccessRule which could be validated All information regarding the current user is capsulated by aMCRSession
instance which can be retrieved bylists all String IDs, a permission is assigned to.generate rule string from xmllists all a-priori permissions like "create-document".getPermissionsForID
(String objid) lists all permissions defined for theid
.exports a access rule for a "a priori permission" as JDOM element.exports a access rule as JDOM element.getRuleDescription
(String permission) returns the prosa description of a defined rule for a "a priori" permission like "create-document".getRuleDescription
(String id, String permission) returns the prosa description of a defined rule.boolean
checks wether a rule with the id is defined.boolean
checks wether a rule with the id and permission is defined.void
removeAllRules
(String id) removes all rules of theid
.void
removeRule
(String permission) removes a rule for an "a priori permission" like "create-document"void
removeRule
(String id, String permission) removes a rule.void
updateRule
(String id, String permission, Element rule, String description) updates an access rule for an ID to an access system.void
updateRule
(String permission, Element rule, String description) updates an access rule for an "a priori permission" of an access system like "create-document".
-
Field Details
-
ACCESS_PERMISSIONS
-
-
Constructor Details
-
MCRAccessBaseImpl
public MCRAccessBaseImpl()
-
-
Method Details
-
addRule
public void addRule(String id, String permission, Element rule, String description) throws MCRException Description copied from interface:MCRRuleAccessInterface
adds an access rule for an ID to an access system. The parameterid
serves as an identifier for the concrete underlying rule, e.g. a MCRObjectID.- Specified by:
addRule
in interfaceMCRRuleAccessInterface
- Parameters:
id
- the ID-String of the objectpermission
- the access permission for the rulerule
- the access ruledescription
- a String description of the rule in prosa- Throws:
MCRException
- if an error occured
-
addRule
Description copied from interface:MCRRuleAccessInterface
adds an access rule for an "a priori-permission" like "create-document"- Specified by:
addRule
in interfaceMCRRuleAccessInterface
- Parameters:
permission
- the access permission for the rule (e.g. "create-document")rule
- the access ruledescription
- a String description of the rule in prosa- Throws:
MCRException
- if an error occured
-
removeRule
Description copied from interface:MCRRuleAccessInterface
removes a rule. The parameterid
serves as an identifier for the concrete underlying rule, e.g. a MCRObjectID.- Specified by:
removeRule
in interfaceMCRRuleAccessInterface
- Parameters:
id
- the ID-String of the objectpermission
- the access permission for the rule- Throws:
MCRException
- if an error occured
-
removeRule
Description copied from interface:MCRRuleAccessInterface
removes a rule for an "a priori permission" like "create-document"- Specified by:
removeRule
in interfaceMCRRuleAccessInterface
- Parameters:
permission
- the access permission for the rule- Throws:
MCRException
- if an error occured
-
removeAllRules
Description copied from interface:MCRRuleAccessInterface
removes all rules of theid
. The parameterid
serves as an identifier for the concrete underlying rule, e.g. a MCRObjectID.- Specified by:
removeAllRules
in interfaceMCRRuleAccessInterface
- Parameters:
id
- the ID-String of the object- Throws:
MCRException
- if an errow was occured
-
updateRule
public void updateRule(String id, String permission, Element rule, String description) throws MCRException Description copied from interface:MCRRuleAccessInterface
updates an access rule for an ID to an access system. The parameterid
serves as an identifier for the concrete underlying rule, e.g. a MCRObjectID.- Specified by:
updateRule
in interfaceMCRRuleAccessInterface
- Parameters:
id
- the ID-String of the objectpermission
- the access permission for the rulerule
- the access ruledescription
- a String description of the rule in prosa- Throws:
MCRException
- if an errow was occured
-
updateRule
Description copied from interface:MCRRuleAccessInterface
updates an access rule for an "a priori permission" of an access system like "create-document".- Specified by:
updateRule
in interfaceMCRRuleAccessInterface
- Parameters:
permission
- the access permission for the rulerule
- the access ruledescription
- a String description of the rule in prosa- Throws:
MCRException
- if an errow was occured
-
checkPermission
Description copied from interface:MCRAccessInterface
determines whether the current user has the permission to perform a certain action.- Specified by:
checkPermission
in interfaceMCRAccessInterface
-
checkPermission
Description copied from interface:MCRAccessInterface
determines whether a given user has the permission to perform a certain action. no session data will be checked here. The parameterid
serves as an identifier for the concrete underlying rule, e.g. a MCRObjectID.- Specified by:
checkPermission
in interfaceMCRAccessInterface
- Parameters:
id
- the ID-String of the objectpermission
- the permission/action to be granted, e.g. "read"userInfo
- the MCRUser, whose permissions are checked- Returns:
- true if the permission is granted, else false
-
checkPermission
Description copied from interface:MCRAccessInterface
determines whether the current user has the permission to perform a certain action. All information regarding the current user is capsulated by aMCRSession
instance which can be retrieved byMCRSession currentSession = MCRSessionMgr.getCurrentSession();
This method is used for checking "a priori permissions" like "create-document" where a String ID does not exist yet- Specified by:
checkPermission
in interfaceMCRAccessInterface
- Parameters:
permission
- the permission/action to be granted, e.g. "create-document"- Returns:
- true if the permission is granted, else false
- See Also:
-
checkPermissionForUser
Deprecated.Description copied from interface:MCRRuleAccessInterface
determines whether a given user has the permission to perform a certain action. no session data will be checked here. This method is used for checking "a priori permissions" like "create-document" where a String ID does not exist yet- Specified by:
checkPermissionForUser
in interfaceMCRRuleAccessInterface
- Parameters:
permission
- the permission/action to be granted, e.g. "create-document"userID
- the MCRUser, whose permissions are checked- Returns:
- true if the permission is granted, else false
- See Also:
-
checkPermissionForUser
Description copied from interface:MCRAccessInterface
determines whether a given user has the permission to perform a certain action. no session data will be checked here. This method is used for checking "a priori permissions" like "create-document" where a String ID does not exist yet- Specified by:
checkPermissionForUser
in interfaceMCRAccessInterface
- Parameters:
permission
- the permission/action to be granted, e.g. "create-document"userInfo
- the MCRUser, whose permissions are checked- Returns:
- true if the permission is granted, else false
-
checkPermission
Description copied from interface:MCRRuleAccessInterface
determines whether the current user has the permission to perform a certain action. All information regarding the current user is capsulated by aMCRSession
instance which can be retrieved byMCRSession currentSession = MCRSessionMgr.getCurrentSession();
- Specified by:
checkPermission
in interfaceMCRRuleAccessInterface
- Parameters:
rule
- the jdom-representation of a mycore access rule- Returns:
- true if the permission is granted, else false
- See Also:
-
getRule
Description copied from interface:MCRRuleAccessInterface
exports a access rule as JDOM element.- Specified by:
getRule
in interfaceMCRRuleAccessInterface
- Parameters:
objID
- the ID-String of the objectpermission
- the access permission for the rule- Returns:
- the rule as jdom element, or
null
if no rule is defined
-
getRule
Description copied from interface:MCRRuleAccessInterface
exports a access rule for a "a priori permission" as JDOM element.- Specified by:
getRule
in interfaceMCRRuleAccessInterface
- Parameters:
permission
- the access permission for the rule- Returns:
- the rule as jdom element, or
null
if no rule is defined
-
getRuleDescription
Description copied from interface:MCRRuleAccessInterface
returns the prosa description of a defined rule for a "a priori" permission like "create-document".- Specified by:
getRuleDescription
in interfaceMCRRuleAccessInterface
- Parameters:
permission
- the access permission for the rule- Returns:
- the String of the description
-
getRuleDescription
Description copied from interface:MCRRuleAccessInterface
returns the prosa description of a defined rule.- Specified by:
getRuleDescription
in interfaceMCRRuleAccessInterface
- Parameters:
id
- the ID-String of the objectpermission
- the access permission for the rule- Returns:
- the String of the description
-
getPermissionsForID
Description copied from interface:MCRRuleAccessInterface
lists all permissions defined for theid
. The parameterid
serves as an identifier for the concrete underlying rule, e.g. a MCRObjectID.- Specified by:
getPermissionsForID
in interfaceMCRRuleAccessInterface
- Returns:
- a
List
of all forid
defined permission
-
getPermissions
Description copied from interface:MCRRuleAccessInterface
lists all a-priori permissions like "create-document".- Specified by:
getPermissions
in interfaceMCRRuleAccessInterface
- Returns:
- a
List
of all defined permissions
-
hasRule
checks wether a rule with the id and permission is defined. It's the same as calling(getRule(id, permission)!=null);
- Specified by:
hasRule
in interfaceMCRRuleAccessInterface
- Parameters:
id
- the ID-String of the objectpermission
- the access permission for the rule- Returns:
- false, if getRule(id, permission) would return null, else true
- See Also:
-
hasRule
checks wether a rule with the id is defined. It's the same as calling(getPermissionsForID(id).size()>0);
- Specified by:
hasRule
in interfaceMCRRuleAccessInterface
- Parameters:
id
- the ID-String of the object- Returns:
- false, if getPermissionsForID(id) would return an empty list, else true
- See Also:
-
getAccessPermissionsFromConfiguration
just returns the String of Access Permissions configured in property "MCR.AccessPermissions"- Specified by:
getAccessPermissionsFromConfiguration
in interfaceMCRRuleAccessInterface
- Returns:
- the permissions as List
-
getAllControlledIDs
Description copied from interface:MCRRuleAccessInterface
lists all String IDs, a permission is assigned to. The parameterid
serves as an identifier for the concrete underlying rule, e.g. a MCRObjectID.- Specified by:
getAllControlledIDs
in interfaceMCRRuleAccessInterface
- Returns:
- a sorted and distinct
List
of allString
IDs
-
createRule
Description copied from interface:MCRRuleAccessInterface
create an access rule in the rulestore using an rule string in plain text- Specified by:
createRule
in interfaceMCRRuleAccessInterface
- Parameters:
rule
- the rule string in plain textdescription
- a String description of the rule in prosa
-
createRule
Description copied from interface:MCRRuleAccessInterface
create an access rule in the rulestore using an rule string in plain text- Specified by:
createRule
in interfaceMCRRuleAccessInterface
- Parameters:
rule
- the rule string as xmldescription
- a String description of the rule in prosa
-
getNormalizedRuleString
Description copied from interface:MCRRuleAccessInterface
generate rule string from xml- Specified by:
getNormalizedRuleString
in interfaceMCRRuleAccessInterface
- Returns:
- the normalized rule string
-
getAccessRule
Description copied from interface:MCRRuleAccessInterface
returns a MCRAccessRule which could be validated All information regarding the current user is capsulated by aMCRSession
instance which can be retrieved byMCRSession currentSession = MCRSessionMgr.getCurrentSession();
The parameterid
serves as an identifier for the concrete underlying rule, e.g. a MCRObjectID.- Specified by:
getAccessRule
in interfaceMCRRuleAccessInterface
- Parameters:
id
- the ID-String of the objectpermission
- the permission/action to be granted, e.g. "read"- Returns:
- MCRAccessRule instance or null if no rule is defined;
- See Also:
-