Constructor Detail

• MPAuthorizationOracle

  MPAuthorizationOracle(EntityRelationService relationService)

Method Detail

• hasPermission

   Boolean hasPermission(RadarToken identity, Permission permission, EntityDetails entity, Permission.Entity entityScope)

  Whether identity has permission permission, regarding given entity. An additional entityScope can be provided to check whether the permission is also valid regarding that scope. The permission is checked both for its own entity scope and for the EntityDetails.minimumEntityOrNull entity scope.

• hasScope

   Boolean hasScope(RadarToken identity, Permission permission)

  Whether given identity would have the permission scope in any of its roles. This doesn't check whether identity has access to a specific entity or global access.

• referentsByScope

   AuthorityReferenceSet referentsByScope(RadarToken identity, Permission permission)

  Return a list of referents, per scope, that given identity has given permission on. The GLOBAL scope does not have any referents, so that will always return an empty list. The ORGANIZATION scope will give a list of organization names, and the PROJECT scope a list of project names. If identity has no role with given permission, this will return an empty map.

• mayBeGranted

   Boolean mayBeGranted(RoleAuthority $self, Permission permission)

• mayBeGranted

   Boolean mayBeGranted(Collection<RoleAuthority> $self, Permission permission)

• allowedRoles

   final static Set<RoleAuthority> allowedRoles(Permission permission)

  Look up the allowed authorities for a given permission. Authorities are String constants that appear in RoleAuthority.

  Parameters:

  permission - The permission to look up.