Constructor and Description |
---|
CompositeACLVoter(CurrentDetails cd,
BasicACLVoter basic,
SharingACLVoter sharing) |
Modifier and Type | Method and Description |
---|---|
boolean |
allowAnnotate(IObject object,
Details trustedDetails)
test whether the given object should be annotatable given the trusted
details . |
boolean |
allowChmod(IObject object)
test whether the given object can have its
Permissions changed within the current
security context . |
boolean |
allowCreation(IObject object)
test whether the given object should be insertable into the DB.
|
boolean |
allowDelete(IObject object,
Details trustedDetails)
test whether the given object should be deleteable given the trusted
details . |
boolean |
allowLoad(org.hibernate.Session session,
Class<? extends IObject> klass,
Details trustedDetails,
long id)
|
boolean |
allowUpdate(IObject object,
Details trustedDetails)
test whether the given object should be updateable given the trusted
details . |
ACLVoter |
choose() |
void |
postProcess(IObject object)
|
Set<String> |
restrictions(IObject object)
Provide the active restrictions for this
IObject . |
void |
throwCreationViolation(IObject object)
throws a
SecurityViolation based on the given IObject and
the context of the current user. |
void |
throwDeleteViolation(IObject object)
throws a
SecurityViolation based on the given IObject and
the context of the current user. |
void |
throwLoadViolation(IObject object)
throws a
SecurityViolation based on the given IObject and
the context of the current user. |
void |
throwUpdateViolation(IObject object)
throws a
SecurityViolation based on the given IObject and
the context of the current user. |
public CompositeACLVoter(CurrentDetails cd, BasicACLVoter basic, SharingACLVoter sharing)
public ACLVoter choose()
public boolean allowChmod(IObject object)
ACLVoter
Permissions
changed within the current
security context
.allowChmod
in interface ACLVoter
object
- a model objectpublic boolean allowCreation(IObject object)
ACLVoter
details
is passed to this method, since for
transient entities there are no trusted values.
The SecuritySystem
implementors will usually call
ACLVoter.throwCreationViolation(IObject)
if this method returns false.allowCreation
in interface ACLVoter
object
- a non-null entity to test for creation.ACLEventListener.onPreInsert(org.hibernate.event.PreInsertEvent)
public boolean allowDelete(IObject object, Details trustedDetails)
ACLVoter
details
. The details will usually be retrieved from the
current state array coming from the database.
The SecuritySystem
implementors will usually call
ACLVoter.throwDeleteViolation(IObject)
if this method returns false.allowDelete
in interface ACLVoter
object
- a non-null entity to test for deletion.trustedDetails
- a Details
instance that is known to be valid.ACLEventListener.onPreDelete(org.hibernate.event.PreDeleteEvent)
public boolean allowLoad(org.hibernate.Session session, Class<? extends IObject> klass, Details trustedDetails, long id)
ACLVoter
Class
with the given
Details
should be loadable in the current security context.
This method does not take an actual object because that will not be
generated until after loading is permitted.
The SecuritySystem
implementors will usually call
ACLVoter.throwLoadViolation(IObject)
if this method returns false.allowLoad
in interface ACLVoter
session
- the Hibernate session to use for the queryklass
- a non-null class to test for loadingtrustedDetails
- the non-null trusted details (usually from the db) for this
instanceid
- the id of the object which will be loaded. As opposed to the
rest of the object, this must be known.ACLEventListener.onPostLoad(org.hibernate.event.PostLoadEvent)
public boolean allowAnnotate(IObject object, Details trustedDetails)
ACLVoter
details
. The details will usually be retrieved from the
current state array coming from the database.allowAnnotate
in interface ACLVoter
object
- a non-null entity to test for update.trustedDetails
- a Details
instance that is known to be valid.public boolean allowUpdate(IObject object, Details trustedDetails)
ACLVoter
details
. The details will usually be retrieved from the
current state array coming from the database.
The SecuritySystem
implementors will usually call
ACLVoter.throwUpdateViolation(IObject)
if this method returns false.allowUpdate
in interface ACLVoter
object
- a non-null entity to test for update.trustedDetails
- a Details
instance that is known to be valid.ACLEventListener.onPreUpdate(org.hibernate.event.PreUpdateEvent)
public void throwCreationViolation(IObject object) throws SecurityViolation
ACLVoter
SecurityViolation
based on the given IObject
and
the context of the current user.throwCreationViolation
in interface ACLVoter
object
- Non-null object which caused this violationSecurityViolation
ACLEventListener.onPreInsert(org.hibernate.event.PreInsertEvent)
public void throwDeleteViolation(IObject object) throws SecurityViolation
ACLVoter
SecurityViolation
based on the given IObject
and
the context of the current user.throwDeleteViolation
in interface ACLVoter
object
- Non-null object which caused this violationSecurityViolation
ACLEventListener.onPreDelete(org.hibernate.event.PreDeleteEvent)
public void throwLoadViolation(IObject object) throws SecurityViolation
ACLVoter
SecurityViolation
based on the given IObject
and
the context of the current user.throwLoadViolation
in interface ACLVoter
object
- Non-null object which caused this violationSecurityViolation
ACLEventListener.onPostLoad(org.hibernate.event.PostLoadEvent)
public void throwUpdateViolation(IObject object) throws SecurityViolation
ACLVoter
SecurityViolation
based on the given IObject
and
the context of the current user.throwUpdateViolation
in interface ACLVoter
object
- Non-null object which caused this violationSecurityViolation
ACLEventListener.onPreUpdate(org.hibernate.event.PreUpdateEvent)
public Set<String> restrictions(IObject object)
ACLVoter
IObject
.
See PolicyService
for further details.restrictions
in interface ACLVoter
object
- a model object
Version: 5.3.5-ice35-b73
Copyright © 2017 The University of Dundee & Open Microscopy Environment. All Rights Reserved.