public class Permissions extends Object implements Serializable
Details
instance. It is
strongly encouraged to not base any code on the implementation of
the rights, roles, and flag but rather to rely on the public methods.
In the future, further roles, rights, and flags may be added to this class. This will change the representation in the database, but the simple grant/revoke/isSet logic will remain the same.
Modifier and Type | Class and Description |
---|---|
static class |
Permissions.Flag
Currently unused.
|
static class |
Permissions.Right
enumeration of granted rights.
|
static class |
Permissions.Role
enumeration of currently active roles.
|
Modifier and Type | Field and Description |
---|---|
static int |
ANNOTATERESTRICTION |
static Permissions |
COLLAB_READLINK
an immutable
Permissions instance with read and write permissions
for group members. |
static Permissions |
COLLAB_READONLY
an immutable
Permissions instance with permissions for group
members to read other members' data. |
static int |
DELETERESTRICTION |
static Permissions |
DUMMY
Marker object which can be set on objects to show that the Permissions
instance given contains no value.
|
static int |
EDITRESTRICTION |
static Permissions |
EMPTY
an immutable
Permissions instance with all rights
turned off. |
static Permissions |
GROUP_IMMUTABLE
R_R___ : user and group can only read
|
static Permissions |
GROUP_PRIVATE
RWRW__ : user and group can read and write
|
static Permissions |
GROUP_READABLE
RWR___ : user can read and write, group can read
|
static Permissions |
GROUP_WRITEABLE
RWRWR_ : user and group can read and write, world can read
|
static int |
LINKRESTRICTION |
static Permissions |
PRIVATE
an immutable
Permissions instance with permissions only for the
object owner.. |
static Permissions |
PUBLIC
an immutable
Permissions instance with all Rights
granted. |
static Permissions |
READ_ONLY
an immutable
Permissions instance with all Permissions.Right.WRITE
rights turned off. |
static Permissions |
USER_IMMUTABLE
R______ : user and only the user can only read
|
static Permissions |
USER_PRIVATE
RW____ : user and only user can read and write
|
static Permissions |
USER_WRITEABLE
RWR_R_ : all can read, user can write
|
static Permissions |
WORLD_IMMUTABLE
R_R_R_ : all can only read
|
static Permissions |
WORLD_WRITEABLE
RWRWRW : everyone can read and write
|
Constructor and Description |
---|
Permissions()
simple contructor.
|
Permissions(Permissions p)
copy constructor.
|
Modifier and Type | Method and Description |
---|---|
void |
addExtendedRestrictions(Set<String> extendedRestrictions) |
static int |
bit(Permissions.Flag flag)
returns the order of the bit representing the given
Permissions.Flag . |
static int |
bit(Permissions.Role role,
Permissions.Right right)
returns the order of the bit representing the given
Permissions.Role and
Permissions.Right . |
String[] |
copyExtendedRestrictions()
Produce a copy of restrictions for use elsewhere.
|
boolean[] |
copyRestrictions()
Produce a copy of restrictions for use elsewhere.
|
void |
copyRestrictions(boolean[] source,
String[] extendedRestrictions)
Safely copy the source array.
|
void |
copyRestrictions(int allow,
Set<String> extendedRestrictions)
Copy restrictions based on the integer returned by BasicACLVoter.
|
protected long |
getPerm1() |
Permissions |
grant(Permissions.Role role,
Permissions.Right... rights)
|
Permissions |
grantAll(Permissions mask)
takes a permissions instance and ORs it with the current instance.
|
boolean |
identical(Permissions p)
two
Permissions instances are identical if they have
the same bit representation. |
static boolean |
isDisallow(boolean[] restrictions,
int restriction) |
boolean |
isDisallowAnnotate() |
boolean |
isDisallowDelete() |
boolean |
isDisallowEdit() |
boolean |
isDisallowLink() |
boolean |
isGranted(Permissions.Role role,
Permissions.Right right)
tests that a given
Permissions.Role has the given Permissions.Right . |
boolean |
isSet(Permissions.Flag flag)
tests that a given
Permissions.Flag is set. |
static Permissions |
parseString(String rwrwrw) |
Permissions |
revoke(Permissions.Role role,
Permissions.Right... rights)
|
Permissions |
revokeAll(Permissions mask)
takes a permissions instance and ANDs it with the current instance.
|
boolean |
sameRights(Permissions p)
returns true if two
Permissions instances have all the same
Permissions.Right / Permissions.Role pairs granted. |
Permissions |
set(Permissions.Flag flag)
turn a given
Permissions.Flag on. |
static void |
setDisallow(boolean[] restrictions,
int restriction,
boolean disallow) |
Permissions |
setDisallowAnnotate(boolean disallowAnnotate) |
Permissions |
setDisallowDelete(boolean disallowDelete) |
Permissions |
setDisallowEdit(boolean disallowEdit) |
Permissions |
setDisallowLink(boolean disallowLink) |
protected void |
setPerm1(long value) |
protected static long |
singleBitOn(Permissions.Role role,
Permissions.Right right)
returns a long with only a single 1 defined by role/right
|
protected static long |
singleBitOut(Permissions.Role role,
Permissions.Right right)
returns a long with only a single 0 defined by role/right
|
String |
toString()
produces a String representation of the
Permissions similar to
those on a Unix filesystem. |
Permissions |
unSet(Permissions.Flag flag)
turn a given
Permissions.Flag off. |
public static final int LINKRESTRICTION
public static final int EDITRESTRICTION
public static final int DELETERESTRICTION
public static final int ANNOTATERESTRICTION
public static final Permissions EMPTY
Permissions
instance with all rights
turned off.public static final Permissions DUMMY
public static final Permissions USER_IMMUTABLE
public static final Permissions USER_PRIVATE
public static final Permissions GROUP_READABLE
public static final Permissions GROUP_PRIVATE
public static final Permissions GROUP_WRITEABLE
public static final Permissions WORLD_WRITEABLE
public static final Permissions USER_WRITEABLE
public static final Permissions WORLD_IMMUTABLE
public static final Permissions GROUP_IMMUTABLE
public static final Permissions READ_ONLY
Permissions
instance with all Permissions.Right.WRITE
rights turned off. Identical to WORLD_IMMUTABLE
public static final Permissions PRIVATE
Permissions
instance with permissions only for the
object owner.. Identical to USER_PRIVATE
.public static final Permissions COLLAB_READONLY
Permissions
instance with permissions for group
members to read other members' data. Identical to
GROUP_READABLE
.public static final Permissions COLLAB_READLINK
Permissions
instance with read and write permissions
for group members. Identical to GROUP_PRIVATE
.public static final Permissions PUBLIC
public Permissions()
public Permissions(Permissions p)
Permissions
with the same
rights
as the argument.public boolean isGranted(Permissions.Role role, Permissions.Right right)
Permissions.Role
has the given Permissions.Right
.public boolean isSet(Permissions.Flag flag)
Permissions.Flag
is set.public static int bit(Permissions.Flag flag)
Permissions.Flag
. This
is dependent on the internal representation of Permission
and
should only be used when necessary.ome.tools.hibernate.SecurityFilter
public static int bit(Permissions.Role role, Permissions.Right right)
Permissions.Role
and
Permissions.Right
. This is dependent on the internal representation of
Permissions
and should only be used when necessary.ome.tools.hibernate.SecurityFilter
public static Permissions parseString(String rwrwrw)
public static boolean isDisallow(boolean[] restrictions, int restriction)
public boolean isDisallowAnnotate()
public boolean isDisallowDelete()
public boolean isDisallowEdit()
public boolean isDisallowLink()
public boolean[] copyRestrictions()
public String[] copyExtendedRestrictions()
public void copyRestrictions(boolean[] source, String[] extendedRestrictions)
public void copyRestrictions(int allow, Set<String> extendedRestrictions)
public Permissions grant(Permissions.Role role, Permissions.Right... rights)
public Permissions revoke(Permissions.Role role, Permissions.Right... rights)
public Permissions grantAll(Permissions mask)
Permissions mask = new Permissions().grant(WORLD,READ);
someEntity.getDetails().getPermissions().grantAllk(mask);
will allow READ access (and possibly more) to
someEntity
for members of WORLD.public Permissions revokeAll(Permissions mask)
Permissions mask = new Permissions().revoke(WORLD,READ,WRITE,USE);
someEntity.getDetails().getPermissions().applyMask(mask);
will disallow all access to someEntity
for members
of WORLD.
This also implies that applyMask can be used to make copies of
Permissions. For example,
new Permissions().applyMask( somePermissions );
will produce a copy of
somePermissions
.
Note: the logic here is different from Unix UMASKS.public Permissions set(Permissions.Flag flag)
Permissions.Flag
on. A null Permissions.Flag
will be ignored.public Permissions unSet(Permissions.Flag flag)
Permissions.Flag
off. A null Permissions.Flag
will be ignored.public static void setDisallow(boolean[] restrictions, int restriction, boolean disallow)
public Permissions setDisallowAnnotate(boolean disallowAnnotate)
public Permissions setDisallowDelete(boolean disallowDelete)
public Permissions setDisallowEdit(boolean disallowEdit)
public Permissions setDisallowLink(boolean disallowLink)
public String toString()
Permissions
similar to
those on a Unix filesystem. Unset bits are represented by a dash, while
other bits are represented by a symbolic value in the correct bit
position. For example, a Permissions with all rights
granted to all but WORLD roles
would look like: rwrw--public boolean sameRights(Permissions p)
Permissions
instances have all the same
Permissions.Right
/ Permissions.Role
pairs granted.public boolean identical(Permissions p)
Permissions
instances are identical
if they have
the same bit representation.protected long getPerm1()
protected void setPerm1(long value)
protected static final long singleBitOut(Permissions.Role role, Permissions.Right right)
protected static final long singleBitOn(Permissions.Role role, Permissions.Right right)
Version: 5.1.4-ice35-b55
Copyright © 2015 The University of Dundee & Open Microscopy Environment. All Rights Reserved.