Interface AuthorizationOracle
-
- All Implemented Interfaces:
public interface AuthorizationOracle
-
-
Method Summary
Modifier and Type Method Description Boolean
hasGlobalPermission(RadarToken identity, Permission permission)
Whether identity has permission permission on a global level. abstract Boolean
hasPermission(RadarToken identity, Permission permission, EntityDetails entity, Permission.Entity entityScope)
Whether identity has permission permission, regarding given entity. abstract Boolean
hasScope(RadarToken identity, Permission permission)
Whether given identity would have the permission scope in any of its roles. abstract AuthorityReferenceSet
referentsByScope(RadarToken identity, Permission permission)
Return a list of referents, per scope, that given identity has given permission on. Boolean
mayBeGranted(Collection<RoleAuthority> $self, Permission permission)
abstract Boolean
mayBeGranted(RoleAuthority $self, Permission permission)
-
-
Method Detail
-
hasGlobalPermission
Boolean hasGlobalPermission(RadarToken identity, Permission permission)
Whether identity has permission permission on a global level.
-
hasPermission
abstract Boolean hasPermission(RadarToken identity, Permission permission, EntityDetails entity, Permission.Entity entityScope)
Whether identity has permission permission, regarding given entity. An additional entityScope can be provided to check whether the permission is also valid regarding that scope. The permission is checked both for its own entity scope and for the EntityDetails.minimumEntityOrNull entity scope.
-
hasScope
abstract Boolean hasScope(RadarToken identity, Permission permission)
Whether given identity would have the permission scope in any of its roles. This doesn't check whether identity has access to a specific entity or global access.
-
referentsByScope
abstract AuthorityReferenceSet referentsByScope(RadarToken identity, Permission permission)
Return a list of referents, per scope, that given identity has given permission on. The GLOBAL scope does not have any referents, so that will always return an empty list. The ORGANIZATION scope will give a list of organization names, and the PROJECT scope a list of project names. If identity has no role with given permission, this will return an empty map.
-
mayBeGranted
Boolean mayBeGranted(Collection<RoleAuthority> $self, Permission permission)
-
mayBeGranted
abstract Boolean mayBeGranted(RoleAuthority $self, Permission permission)
-
-
-
-