ome.security.basic
Class BasicACLVoter

java.lang.Object
  extended by ome.security.basic.BasicACLVoter
All Implemented Interfaces:
ACLVoter

public class BasicACLVoter
extends Object
implements ACLVoter

Since:
3.0-M3
Version:
$Revision: 6373 $, $Date: 2010-03-24 15:27:14 +0000 (Wed, 24 Mar 2010) $
Author:
Josh Moore, josh.moore at gmx.de
See Also:
Token, SecuritySystem, Details, Permissions

Field Summary
protected  CurrentDetails currentUser
           
protected  SecurityFilter securityFilter
           
protected  SystemTypes sysTypes
           
protected  TokenHolder tokenHolder
           
 
Constructor Summary
BasicACLVoter(CurrentDetails cd, SystemTypes sysTypes, TokenHolder tokenHolder, SecurityFilter securityFilter)
           
 
Method Summary
 boolean allowChmod(ome.model.IObject iObject)
          test whether the given object can have its Permissions changed within the current security context.
 boolean allowCreation(ome.model.IObject iObject)
          test whether the given object should be insertable into the DB.
 boolean allowDelete(ome.model.IObject iObject, ome.model.internal.Details trustedDetails)
          test whether the given object should be deleteable given the trusted details.
 boolean allowLoad(Class<? extends ome.model.IObject> klass, ome.model.internal.Details d, long id)
          delegates to SecurityFilter because that is where the logic is defined for the read filter Ignores the id for the moment.
 boolean allowUpdate(ome.model.IObject iObject, ome.model.internal.Details trustedDetails)
          test whether the given object should be updateable given the trusted details.
 void throwCreationViolation(ome.model.IObject iObject)
          throws a SecurityViolation based on the given IObject and the context of the current user.
 void throwDeleteViolation(ome.model.IObject iObject)
          throws a SecurityViolation based on the given IObject and the context of the current user.
 void throwLoadViolation(ome.model.IObject iObject)
          throws a SecurityViolation based on the given IObject and the context of the current user.
 void throwUpdateViolation(ome.model.IObject iObject)
          throws a SecurityViolation based on the given IObject and the context of the current user.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

currentUser

protected final CurrentDetails currentUser

sysTypes

protected final SystemTypes sysTypes

tokenHolder

protected final TokenHolder tokenHolder

securityFilter

protected final SecurityFilter securityFilter
Constructor Detail

BasicACLVoter

public BasicACLVoter(CurrentDetails cd,
                     SystemTypes sysTypes,
                     TokenHolder tokenHolder,
                     SecurityFilter securityFilter)
Method Detail

allowChmod

public boolean allowChmod(ome.model.IObject iObject)
Description copied from interface: ACLVoter
test whether the given object can have its Permissions changed within the current security context.

Specified by:
allowChmod in interface ACLVoter

allowLoad

public boolean allowLoad(Class<? extends ome.model.IObject> klass,
                         ome.model.internal.Details d,
                         long id)
delegates to SecurityFilter because that is where the logic is defined for the read filter Ignores the id for the moment. Though we pass in whether or not a share is active for completeness, a different ACLVoter implementation will almost certainly be active for share use.

Specified by:
allowLoad in interface ACLVoter
Parameters:
klass - a non-null class to test for loading
id - the id of the object which will be loaded. As opposed to the rest of the object, this must be known.
Returns:
true if loading of this object can proceed
See Also:
ACLEventListener.onPostLoad(org.hibernate.event.PostLoadEvent)

throwLoadViolation

public void throwLoadViolation(ome.model.IObject iObject)
                        throws ome.conditions.SecurityViolation
Description copied from interface: ACLVoter
throws a SecurityViolation based on the given IObject and the context of the current user.

Specified by:
throwLoadViolation in interface ACLVoter
Parameters:
iObject - Non-null object which caused this violation
Throws:
ome.conditions.SecurityViolation
See Also:
ACLEventListener#onPostLoad(org.hibernate.event.PostLoadEvent)}

allowCreation

public boolean allowCreation(ome.model.IObject iObject)
Description copied from interface: ACLVoter
test whether the given object should be insertable into the DB. No trusted details is passed to this method, since for transient entities there are no trusted values. The SecuritySystem implementors will usually call ACLVoter.throwCreationViolation(IObject) if this method returns false.

Specified by:
allowCreation in interface ACLVoter
Parameters:
iObject - a non-null entity to test for creation.
Returns:
true if creation of this object can proceed
See Also:
ACLEventListener.onPreInsert(org.hibernate.event.PreInsertEvent)

throwCreationViolation

public void throwCreationViolation(ome.model.IObject iObject)
                            throws ome.conditions.SecurityViolation
Description copied from interface: ACLVoter
throws a SecurityViolation based on the given IObject and the context of the current user.

Specified by:
throwCreationViolation in interface ACLVoter
Parameters:
iObject - Non-null object which caused this violation
Throws:
ome.conditions.SecurityViolation
See Also:
ACLEventListener#onPreInsert(org.hibernate.event.PreInsertEvent)}

allowUpdate

public boolean allowUpdate(ome.model.IObject iObject,
                           ome.model.internal.Details trustedDetails)
Description copied from interface: ACLVoter
test whether the given object should be updateable given the trusted details. The details will usually be retrieved from the current state array coming from the database. The SecuritySystem implementors will usually call ACLVoter.throwUpdateViolation(IObject) if this method returns false.

Specified by:
allowUpdate in interface ACLVoter
Parameters:
iObject - a non-null entity to test for update.
trustedDetails - a Details instance that is known to be valid.
Returns:
true if update of this object can proceed
See Also:
ACLEventListener.onPreUpdate(org.hibernate.event.PreUpdateEvent)

throwUpdateViolation

public void throwUpdateViolation(ome.model.IObject iObject)
                          throws ome.conditions.SecurityViolation
Description copied from interface: ACLVoter
throws a SecurityViolation based on the given IObject and the context of the current user.

Specified by:
throwUpdateViolation in interface ACLVoter
Parameters:
iObject - Non-null object which caused this violation
Throws:
ome.conditions.SecurityViolation
See Also:
ACLEventListener.onPreUpdate(org.hibernate.event.PreUpdateEvent)

allowDelete

public boolean allowDelete(ome.model.IObject iObject,
                           ome.model.internal.Details trustedDetails)
Description copied from interface: ACLVoter
test whether the given object should be deleteable given the trusted details. The details will usually be retrieved from the current state array coming from the database. The SecuritySystem implementors will usually call ACLVoter.throwDeleteViolation(IObject) if this method returns false.

Specified by:
allowDelete in interface ACLVoter
Parameters:
iObject - a non-null entity to test for deletion.
trustedDetails - a Details instance that is known to be valid.
Returns:
true if deletion of this object can proceed
See Also:
ACLEventListener.onPreDelete(org.hibernate.event.PreDeleteEvent)

throwDeleteViolation

public void throwDeleteViolation(ome.model.IObject iObject)
                          throws ome.conditions.SecurityViolation
Description copied from interface: ACLVoter
throws a SecurityViolation based on the given IObject and the context of the current user.

Specified by:
throwDeleteViolation in interface ACLVoter
Parameters:
iObject - Non-null object which caused this violation
Throws:
ome.conditions.SecurityViolation
See Also:
ACLEventListener.onPreDelete(org.hibernate.event.PreDeleteEvent)


OmeroJava Api

Version: Beta-4.2.0-r7571-b29

Copyright © 2009 The University of Dundee. All Rights Reserved.