Package mc.core.domain.base.aspect

Class AspectPermission<T extends ComplexEntity>

java.lang.Object
mc.core.system.base.BaseBean
mc.core.domain.base.dobj.AbstractAspect<T>
mc.core.domain.base.aspect.AspectPermission<T>
public class AspectPermission<T extends ComplexEntity> extends AbstractAspect<T>

  • Constructor Details

    • AspectPermission

      public AspectPermission()

  • Method Details

    • getPermissionsForObjectAndUser

      public List<Permission> getPermissionsForObjectAndUser(ComplexEntity object, User user)
      returns rights for object and user including the user rights from user group membership
      Parameters:
      object - ComplexEntity to get permissions for, mandatory
      user - to get permissions for, optional
      Returns:
      list of rights for object and user

    • getPermissionsForObjectsAndUser

      public Map<ComplexEntity,List<Permission>> getPermissionsForObjectsAndUser(List<? extends ComplexEntity> objects, User user)
      optimization method for reading permissions for a list of objects through one DB query. retrieves permissions for object itself and for primary collection of object, if object is ICollectionManaged and for secondary collections of object, if object is ICollectionListManaged. Optionally only gets permissions for given user (including the user groups he belongs to), otherwise returns all permissions
      Parameters:
      objects - list of CEs to get permissions for, mandatory. If list is empty returns empty map.
      user - to get permissions for, optional
      Returns:
      map containing an entry for every entered object and a corresponding permission list for every object. list may be empty.

    • hasPermission

      public boolean hasPermission(ComplexEntity object, User user, RightType rightType, Locale locale)
      checks if given user has a permission with given right type or including rightType for given object. If rightType is localeDependent compares locales in permissions. WARNING: must only be used for RightTypes that are not user defined! For user defined Rights use hasPermission(ComplexEntity, User, Right, Locale)
      Parameters:
      object - mandatory, object, for which permissions will be checked
      user - for whom and his user groups permissions will be checked
      rightType - optional, must not be user defined, default is READ
      locale - optional, necessary for locale dependent RightType, default is content locale
      Returns:
      true if permission or including permission exists

    • hasPermission

      public boolean hasPermission(ComplexEntity object, User user, Right right, Locale locale)
      checks if user has given right on this object. If right is locale dependent also checks the locale. Includes the user rights from user group membership.
      Returns:
      true if the user has the right

    • hasPermission

      public boolean hasPermission(ComplexEntity object, UserGroup userGroup, RightType rightType, Locale locale)
      checks if given user group has a permission with given right type or including rightType for given object. If rightType is localeDependent compares locales in permissions. WARNING: must only be used for RightTypes that are not user defined! For user defined Rights use hasPermission(ComplexEntity, User, Right, Locale)
      Parameters:
      object - mandatory, object, for which permissions will be checked
      userGroup - for which permissions will be checked
      rightType - optional, must not be user defined, default is READ
      locale - optional, necessary for locale dependent RightType, default is content locale
      Returns:
      true if permission or including permission exists

    • hasPermission

      public boolean hasPermission(ComplexEntity cEntity, RightType rType)
      convenience method to check for right of right type on given entity for session user and content locale. Only checks for directly allowed right for entity.
      Parameters:
      cEntity - mandatory, must not be null.
      rType - optional, default is READ
      Returns:
      true if permission is granted.

    • hasPermission

      public boolean hasPermission(Collection collection, User user, RightType rightType, Locale locale, boolean forItems)
      checks for right of given right type for item entity type of collection for session user and content locale
      Parameters:
      collection - mandatory, if not persistent, item class should be set
      user - mandatory, the user for which permission is to be checked
      rightType - optional, default is RightType.READ
      locale - optional, default is content locale
      forItems - if true and item class in collection is set checks permission for collection item class, otherwise for collection itself.
      Returns:
      true if permission is granted.

    • permissionCheckObsolete

      public boolean permissionCheckObsolete(ComplexEntity entity, User user)
      rules:
      • 1. no permission check for root
      • 2. no permission check if disabled in Session
      • 3. no permission check if entity is not right managed ( implements IRightManaged AND hasObjectRights=true ) OR ICollectionManaged OR ICollectionListManaged

    • permissionCheckObsolete

      public boolean permissionCheckObsolete(User user)
      Check only dependent on user (can be used to determine if permission-criteria should be added for search when instanced entity not available) rules:
      • 1. no permission check for root
      • 2. no permission check if disabled in Session

    • getPrincipalsWithPermission

      public List<Principal> getPrincipalsWithPermission(T object, RightType rightType)
      returns principals (user or user group) that have permission of given right type or included right type that is allowed for object
      Parameters:
      object - mandatory
      rightType - mandatory

    • filterByPermissions

      public List<T> filterByPermissions(List<T> entityListToCheck, RightType rightType)
      filters given entity list for only those for which current user has given right with content locale of session.
      Parameters:
      entityListToCheck - mandatory, can be empty
      rightType - optional, default is READ
      Returns:
      Subset of entityListToCheck where the given rightType is granted or its check obsolete. Order of entityListToCheck is retained.

    • filterByPermissions

      public List<T> filterByPermissions(List<T> entityListToCheck, User user, RightType rightType, Locale locale)
      filters given entity list for only those for which given user has given right
      Parameters:
      entityListToCheck - mandatory, can be empty
      user - mandatory
      rightType - optional, default is READ
      locale - optional, default is content locale
      Returns:
      Subset of entityListToCheck where the given rightType is granted or its check obsolete. Order of entityListToCheck is retained.

    • buildPermissionMap

      public Map<RightType,Boolean> buildPermissionMap(T entity, User user)
      build a map for non userDefined right types with Boolean flag for given object and user. if entity is IStateManaged also checks if in correct edit state
      Parameters:
      entity - mandatory
      user - mandatory
      Returns:
      map with ALL non userDefined right types and boolean flags for check right for this object, content and translate locales from session data by dependent rights. if permissionCheckObsolete == true returns a map with TRUE for all right types

    • buildPermissionMaps

      public Map<ComplexEntity,Map<RightType,Boolean>> buildPermissionMaps(List<? extends ComplexEntity> entities, User user, boolean includeEditState)
      build a map for non userDefined right types with Boolean flag for given object and user. if entity is IStateManaged and flag ist set also checks if in correct edit state
      Parameters:
      entities - mandatory, list can be empty
      user - mandatory
      includeEditState - if true also checks for correct edit state
      Returns:
      map with ALL non userDefined right types and boolean flags for check right for all objects, content and translate locales from session data by dependent rights. if permissionCheckObsolete == true returns a map with TRUE for all right types

    • buildRightsMaps

      public Map<T,mc.core.system.util.misc.ListMap<Right,Locale>> buildRightsMaps(List<T> entities, User user)
      return a map where entity is mapped to ListMap with right as key and list of locales as value. The locales list contains the locales for which user has locale dependent right on entity. for locale independent right types, or if user has locale dependent right on all locales (e.g. through right inclusion) list is empty.
      This method returns all rights of the user on each of the entities, also the included rights and the user defined rights.
      Parameters:
      entities - mandatory, list can be empty but must not be null.
      user - mandatory, must not be null.
      Returns:
      ListMap<Right, Locale> a map that has Right as key and a list of Locale as value. Never null.

    • buildRightsMap

      public mc.core.system.util.misc.ListMap<Right,Locale> buildRightsMap(T entity, User user)
      return a map with right and list of locale containing the locales for which user has locale dependent right on object. for locale independent right types, or if user has locale dependent right on all localse (e.g. through right inclusion) empty list.
      This method returns all rights of the user on the entity, also the included rights and the user defined rights.
      Parameters:
      entity - mandatory
      user - mandatory
      Returns:
      ListMap<Right, Locale> a map that has Right as key and a list of Locale as value

    • setPermissions

      public void setPermissions(ComplexEntity object, Principal principal, List<DataMap> permissionsMapList, boolean deleteExisting, boolean recursive) throws ApplicationException
      set permissions for given user or userGroup, optionally also recursive on children. Start Actionlet if nr of offspring is large. Read permission map from list of dataMap converterted from json String which should have this format (remove comments to get valid json):
       [
    {   
        "right": "EDIT" //locale independent right
    },
    {   
        "right": "TRANSLATE", //locale dependent right
        "locales": [ "de_DE", "en_US", "fr_FR"]
    },
    {   
        "right": 1, //user defined right, locale dependent
        "locales": [ "de_DE", "fr_FR"]
    }
 ]
      Parameters:
      object - mandatory: object for which permissions should be set
      principal - User or UserGroup, mandatory
      permissionsMapList - List of DataMap for each permission. DataMap must contain entry for right with key 'right' and rightType or right-id as value. For locale dependent rights also a list (json format) of locale keys. mandatory
      deleteExisting - overwrite (true) or add (false) existing permissions
      recursive - set permissions on all children
      Throws:
      ApplicationException

    • setPermissions

      public void setPermissions(ComplexEntity object, Principal principal, Map<Right,List<Locale>> permissions, boolean deleteExisting) throws ApplicationException
      set permissions for given user or userGroup, also recursive on children. Start Actionlet if nr of offspring is large.
      Parameters:
      object - mandatory: object for which permissions should be set
      principal - User or UserGroup, mandatory
      permissions - mandatory, map with rights and locales (for locale dependent rights)
      deleteExisting - set (true) or add (false) existing permissions
      Throws:
      ApplicationException

    • setPermissions

      public void setPermissions(ComplexEntity object, ComplexEntity inheritedFrom, Principal principal, Map<Right,List<Locale>> permissions, boolean deleteExisting, boolean recursive) throws ApplicationException
      set permissions for given user or userGroup which may be inherited, also recursive on children. Start Actionlet if nr of offspring is large.
      Parameters:
      object - mandatory: object for which permissions should be set
      inheritedFrom - optional, object from which permissions are inherited
      principal - User or UserGroup, mandatory
      permissions - mandatory, map with rights and locales (for locale dependent rights)
      deleteExisting - set (true) or add (false) existing permissions
      Throws:
      ApplicationException

    • setPermissionsOnObjectOnly

      public void setPermissionsOnObjectOnly(ComplexEntity object, Principal principal, Map<Right,List<Locale>> permissions, boolean deleteExisting) throws ApplicationException
      set permissions for given user or userGroup only on object, not on children
      Parameters:
      object - mandatory: object for which permissions should be set
      principal - User or UserGroup, mandatory
      permissions - mandatory, map with rights and locales (for locale dependent rights)
      deleteExisting - set (true) or add (false) existing permissions
      Throws:
      ApplicationException

    • setPermissionsForContentLocale

      public void setPermissionsForContentLocale(ComplexEntity object, Principal principal, RightType[] rightTypes) throws ApplicationException
      set permissions of given rightTypes for given user or userGroup on object and on children. If object is a collection only sets the collection-specific rights, not the rights for assets. Use method setPermissions(ComplexEntity, Principal, Map, boolean) to set asset-specific right.
      Parameters:
      object - mandatory: object for which permissions should be set
      principal - User or UserGroup, mandatory
      rightTypes - mandatory, (locale == current content locale for locale dependent rights)
      Throws:
      ApplicationException

    • setPermissionsFromParent

      public void setPermissionsFromParent(ComplexEntity entity, ComplexEntity parent)
      writes permissions from given parent entity onto given entity, sets either parent as inheritedFrom or, if exists, inheritedFrom of parent. Always adds permissions, does not merge with existing permissions
      Parameters:
      entity - mandatory, entity on which permissions are set
      parent - mandatory, entity from with permissions are read

    • isAllowedForEntity

      public boolean isAllowedForEntity(Right right, Class<? extends IBaseEntity> entityClass)
      Checks if right itself is allowed for given entity class and also if the rightType of right is within allowed right types of the entity (in case of collection only of collection not of item class).
      Parameters:
      right - mandatory
      entityClass - mandatory

    • copyPermissions

      public void copyPermissions(ComplexEntity source, ComplexEntity target, boolean recursive) throws ApplicationException
      copies permissions of source entity to target entity, filtered by allowedRightTypes of target entity. Overwrites existing permission for principals given in permissions of source entity, but leaves permission of other principals alone.
      Parameters:
      source - mandatory, the source entity
      target - mandatory, the target entity
      recursive - if true also copies permissions onto children of target entity if target is HrcEntity, or onto items and items of child collections if target is Collection
      Throws:
      ApplicationException

    • filterForCopy

      public Set<Right> filterForCopy(Right rightToCheck, Set<Right> allowedRights)
      check at first by allowed right, else get all included rights and check it agains
      Parameters:
      rightToCheck -
      allowedRights -
      Returns:

    • getAllowedRights

      public List<Right> getAllowedRights(Class<? extends ComplexEntity> entityClass)
      Parameters:
      entityClass - mandatory
      Returns:
      list of rights that are active and allowed for this entity class. Should not be called for Collection because a valid instance is needed to obtain also the allowed rights it's item entity class. Returns empty list for not right managed entity types.

    • getAllowedRights

      public List<Right> getAllowedRights(ComplexEntity entity)
      Parameters:
      entity - mandatory
      Returns:
      list of rights that are active and allowed for this entity type. If entity is a Collection returns the combined allowed rights for Collection and it's item entity class. Returns empty list for not right managed entity types.

    • getAllowedRightTypes

      public List<RightType> getAllowedRightTypes(ComplexEntity entity)