Package com.caplin.permissioning

Class Permissionable

java.lang.Object
com.caplin.permissioning.Permissionable
Direct Known Subclasses:
Group, User
public abstract class Permissionable extends Object

Classes that extend this class can be assigned permissions. The User and Group classes extend Permissionable.

A permission either allows or denies an action on a product and namespace. Each permission specifies:

  • The set of products that the permission applies to.
  • The namespace of the permission.
  • The action that is being allowed or denied.

Each product in a product set can be represented by a regular expression. For example, the regular expression "/FX/.*" would match all FX products.

The regular expression representing the product can also contain the substitution tokens "%u" and "%U". When the Permissioning Auth Module checks a permission to see if it applies to a requested product, it replaces the "%u" token with the username of the logged in user, and the "%U" token with the session name allocated by Liberator for that user session.

Substitution tokens can be placed in a product permission to prevent one user from accessing another user's data. For example, if the username of the logged in user is "Bob" and the requested product is "/Private/John/FX", the permissioned product "/Private/%u/FX" will not match the requested product "/Private/John/FX", and the permission will not apply to this request.

Product requests are always denied unless a matching permission allows the action, and no other permission denies the action.

  • Field Details

    • name

      protected final String name

    • productPermissionSets

      protected Map<String,com.caplin.permissioning.ProductPermissionSet> productPermissionSets

    • parents

      protected final Map<String,Group> parents

  • Method Details

    • getName

      public String getName() throws IllegalStateException

      Gets the name of this Permissionable.

      A Permissionable is named when it is created (see the createUser() and createGroup() methods of the PermissioningDataSource).

      Returns:
      the name of this Permissionable.
      Throws:
      IllegalStateException - if this Permissionable was removed from the PermissioningDatasource.

    • applyPermission

      public void applyPermission(Set<String> productSet, String nameSpace, String action, Authorization auth) throws NoTransactionInProgressException, IllegalStateException

      Adds a permission that either allows or denies a single action on a product set and namespace.

      This permission is added to the permissions already assigned to the Permissionable, and replaces any other permission that Permissionable has for this action, product set, and namespace.

      Parameters:
      productSet - the set of products that the permission applies to.
      nameSpace - the namespace of the permission. To add the permission to the default namespace, set the namespace to Constants.DEFAULT_PERMISSION_NAMESPACE.
      action - the action that is being permitted.
      auth - the Authorization that allows or denies the action.
      Throws:
      NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction
      IllegalStateException - if this Permissionable was removed from the PermissioningDatasource.

    • permit

      public void permit(Set<String> productSet, String nameSpace, String... actions) throws NoTransactionInProgressException, IllegalStateException

      Adds a permission that allows one or more actions on a product set and namespace.

      This permission is added to the permissions already assigned to this Permissionable, and replaces any other permission it has for these actions, product set, and namespace.

      Parameters:
      productSet - the set of products this this permissions applies to
      nameSpace - the namespace of the permission. To add the permission to the default namespace, set the namespace to Constants.DEFAULT_PERMISSION_NAMESPACE.
      actions - the actions that are being permitted. Any number of actions can be specified as a comma separated sequence of varargs
      Throws:
      NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction
      IllegalStateException - if this Permissionable was removed from the PermissioningDatasource.

    • deny

      public void deny(Set<String> productSet, String nameSpace, String... actions) throws NoTransactionInProgressException, IllegalStateException

      Adds a permission that denies one or more actions on a product set and namespace.

      This permission is added to the permissions already assigned to this Permissionable, and replaces any other permission it has for these actions, product set, and namespace.

      Parameters:
      productSet - the set of products this this permissions applies to
      nameSpace - the namespace of the permission. To add the permission to the default namespace, set the namespace to Constants.DEFAULT_PERMISSION_NAMESPACE.
      actions - the actions that are being permitted. Any number of actions can be specified as a comma separated sequence of varargs
      Throws:
      NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction
      IllegalStateException - if this Permissionable was removed from the PermissioningDatasource.

    • removePermission

      public void removePermission(Set<String> products, String namespace, String... actions) throws NoTransactionInProgressException, IllegalStateException

      Removes a permission for a single action on a product set and namespace. No permissions are removed if the permission does not exist.

      Parameters:
      products - the set of products the permission applies to
      namespace - the namespace of the permission. If the permission resides in the default namespace, use the namespace Constants.DEFAULT_PERMISSION_NAMESPACE.
      actions - the actions that permission to be removed allows or denies. Do not specify any code>action if you want to remove all permissions for a given product set and namespace.
      Throws:
      NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction
      IllegalStateException - if this Permissionable was removed from the PermissioningDatasource.

    • removeAllPermissions

      public void removeAllPermissions()

      Removes every permission for this Permissionable.

      Throws:
      NoTransactionInProgressException - if this method is called outside the scope of a PermissioningDataSource transaction
      IllegalStateException - if this Permissionable was removed from the PermissioningDatasource.

    • equals

      public boolean equals(Object that)

      Indicates whether or not another object is "equal to" this Permissionable. The equality is based on the type and name of the objects.

      Overrides:
      equals in class Object
      Parameters:
      that - the object that is to be compared to this Permissionable object.
      Returns:
      true if the objects are equal, false otherwise.

    • hashCode

      public int hashCode()

      Returns a hash code value for this Permissionable. The hash code is calculated using the type and name of the Permissionable.

      Overrides:
      hashCode in class Object
      Returns:
      a hash code value for this Permissionable.

    • copyPermissions

      protected Map<String,com.caplin.permissioning.ProductPermissionSet> copyPermissions()