com.caplin.permissioning

Class Permissionable

java.lang.Object

com.caplin.permissioning.Permissionable

Direct Known Subclasses:

Group, User

public abstract class Permissionable
extends java.lang.Object

Classes that extend this class can be assigned permissions. The User and Group classes extend Permissionable.

A permission either allows or denies an action on a product and namespace. Each permission specifies:

• The set of products that the permission applies to.
• The namespace of the permission.
• The action that is being allowed or denied.

Each product in a product set can be represented by a regular expression. For example, the regular expression "/FX/.*" would match all FX products.

The regular expression representing the product can also contain the substitution tokens "%u" and "%U". When the Permissioning Auth Module checks a permission to see if it applies to a requested product, it replaces the "%u" token with the username of the logged in user, and the "%U" token with the session name allocated by Liberator for that user session.

Substitution tokens can be placed in a product permission to prevent one user from accessing another user's data. For example, if the username of the logged in user is "Bob" and the requested product is "/Private/John/FX", the permissioned product "/Private/%u/FX" will not match the requested product "/Private/John/FX", and the permission will not apply to this request.

Product requests are always denied unless a matching permission allows the action, and no other permission denies the action.

Field Summary

Fields

Modifier and Type	Field and Description
protected java.lang.String	name
protected java.util.Map<java.lang.String,Group>	parents
protected java.util.Map<java.lang.String,com.caplin.permissioning.ProductPermissionSet>	productPermissionSets

Method Summary

Methods

Modifier and Type	Method and Description
void	applyPermission(java.util.Set<java.lang.String> productSet, java.lang.String nameSpace, java.lang.String action, Authorization auth) Adds a permission that either allows or denies a single action on a product set and namespace.
protected java.util.Map<java.lang.String,com.caplin.permissioning.ProductPermissionSet>	copyPermissions()
void	deny(java.util.Set<java.lang.String> productSet, java.lang.String nameSpace, java.lang.String... actions) Adds a permission that denies one or more actions on a product set and namespace.
boolean	equals(java.lang.Object that) Indicates whether or not another object is "equal to" this Permissionable.
java.lang.String	getName() Gets the name of this Permissionable.
int	hashCode() Returns a hash code value for this Permissionable.
void	permit(java.util.Set<java.lang.String> productSet, java.lang.String nameSpace, java.lang.String... actions) Adds a permission that allows one or more actions on a product set and namespace.
void	removeAllPermissions() Removes every permission for this Permissionable.
void	removePermission(java.util.Set<java.lang.String> products, java.lang.String namespace, java.lang.String... actions) Removes a permission for a single action on a product set and namespace.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Field Detail

name

protected final java.lang.String name

productPermissionSets

protected java.util.Map<java.lang.String,com.caplin.permissioning.ProductPermissionSet> productPermissionSets

parents

protected final java.util.Map<java.lang.String,Group> parents

Method Detail

getName

public java.lang.String getName()
                         throws java.lang.IllegalStateException

Gets the name of this Permissionable.

A Permissionable is named when it is created (see the createUser() and createGroup() methods of the PermissioningDataSource).

Returns:

the name of this Permissionable.

Throws:

java.lang.IllegalStateException - if this Permissionable was removed from the PermissioningDatasource.

applyPermission

public void applyPermission(java.util.Set<java.lang.String> productSet,
                   java.lang.String nameSpace,
                   java.lang.String action,
                   Authorization auth)
                     throws NoTransactionInProgressException,
                            java.lang.IllegalStateException

Adds a permission that either allows or denies a single action on a product set and namespace.

This permission is added to the permissions already assigned to the Permissionable, and replaces any other permission that Permissionable has for this action, product set, and namespace.

Parameters:

productSet - the set of products that the permission applies to.

nameSpace - the namespace of the permission. To add the permission to the default namespace, set the namespace to Constants.DEFAULT_PERMISSION_NAMESPACE.

action - the action that is being permitted.

auth - the Authorization that allows or denies the action.

Throws:

NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction

java.lang.IllegalStateException - if this Permissionable was removed from the PermissioningDatasource.

permit

public void permit(java.util.Set<java.lang.String> productSet,
          java.lang.String nameSpace,
          java.lang.String... actions)
            throws NoTransactionInProgressException,
                   java.lang.IllegalStateException

Adds a permission that allows one or more actions on a product set and namespace.

This permission is added to the permissions already assigned to this Permissionable, and replaces any other permission it has for these actions, product set, and namespace.

Parameters:

productSet - the set of products this this permissions applies to

nameSpace - the namespace of the permission. To add the permission to the default namespace, set the namespace to Constants.DEFAULT_PERMISSION_NAMESPACE.

actions - the actions that are being permitted. Any number of actions can be specified as a comma separated sequence of varargs

Throws:

NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction

java.lang.IllegalStateException - if this Permissionable was removed from the PermissioningDatasource.

deny

public void deny(java.util.Set<java.lang.String> productSet,
        java.lang.String nameSpace,
        java.lang.String... actions)
          throws NoTransactionInProgressException,
                 java.lang.IllegalStateException

Adds a permission that denies one or more actions on a product set and namespace.

This permission is added to the permissions already assigned to this Permissionable, and replaces any other permission it has for these actions, product set, and namespace.

Parameters:

productSet - the set of products this this permissions applies to

nameSpace - the namespace of the permission. To add the permission to the default namespace, set the namespace to Constants.DEFAULT_PERMISSION_NAMESPACE.

actions - the actions that are being permitted. Any number of actions can be specified as a comma separated sequence of varargs

Throws:

NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction

java.lang.IllegalStateException - if this Permissionable was removed from the PermissioningDatasource.

removePermission

public void removePermission(java.util.Set<java.lang.String> products,
                    java.lang.String namespace,
                    java.lang.String... actions)
                      throws NoTransactionInProgressException,
                             java.lang.IllegalStateException

Removes a permission for a single action on a product set and namespace. No permissions are removed if the permission does not exist.

Parameters:

products - the set of products the permission applies to

namespace - the namespace of the permission. If the permission resides in the default namespace, use the namespace Constants.DEFAULT_PERMISSION_NAMESPACE.

actions - the actions that permission to be removed allows or denies. Do not specify any code>action if you want to remove all permissions for a given product set and namespace.

Throws:

NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction

java.lang.IllegalStateException - if this Permissionable was removed from the PermissioningDatasource.

removeAllPermissions

public void removeAllPermissions()

Removes every permission for this Permissionable.

Throws:

NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction

java.lang.IllegalStateException - if this Permissionable was removed from the PermissioningDatasource.

equals

public boolean equals(java.lang.Object that)

Indicates whether or not another object is "equal to" this Permissionable. The equality is based on the type and name of the objects.

Overrides:

equals in class java.lang.Object

Parameters:

that - the object that is to be compared to this Permissionable object.

Returns:

true if the objects are equal, false otherwise.

hashCode

public int hashCode()

Returns a hash code value for this Permissionable. The hash code is calculated using the type and name of the Permissionable.

Overrides:

hashCode in class java.lang.Object

Returns:

a hash code value for this Permissionable.

copyPermissions

protected java.util.Map<java.lang.String,com.caplin.permissioning.ProductPermissionSet> copyPermissions()