Class MPAuthorizationOracle
-
- All Implemented Interfaces:
-
org.radarbase.auth.authorization.AuthorizationOracle
public final class MPAuthorizationOracle implements AuthorizationOracle
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description public class
MPAuthorizationOracle.Permissions
Created by dverbeec on 22/09/2017.
-
Field Summary
Fields Modifier and Type Field Description public final static MPAuthorizationOracle.Permissions
Permissions
-
Constructor Summary
Constructors Constructor Description MPAuthorizationOracle(EntityRelationService relationService)
-
Method Summary
Modifier and Type Method Description Boolean
hasPermission(RadarToken identity, Permission permission, EntityDetails entity, Permission.Entity entityScope)
Whether identity has permission permission, regarding given entity. Boolean
hasScope(RadarToken identity, Permission permission)
Whether given identity would have the permission scope in any of its roles. AuthorityReferenceSet
referentsByScope(RadarToken identity, Permission permission)
Return a list of referents, per scope, that given identity has given permission on. Boolean
mayBeGranted(RoleAuthority $self, Permission permission)
Boolean
mayBeGranted(Collection<RoleAuthority> $self, Permission permission)
final static Set<RoleAuthority>
allowedRoles(Permission permission)
Look up the allowed authorities for a given permission. -
-
Constructor Detail
-
MPAuthorizationOracle
MPAuthorizationOracle(EntityRelationService relationService)
-
-
Method Detail
-
hasPermission
Boolean hasPermission(RadarToken identity, Permission permission, EntityDetails entity, Permission.Entity entityScope)
Whether identity has permission permission, regarding given entity. An additional entityScope can be provided to check whether the permission is also valid regarding that scope. The permission is checked both for its own entity scope and for the EntityDetails.minimumEntityOrNull entity scope.
-
hasScope
Boolean hasScope(RadarToken identity, Permission permission)
Whether given identity would have the permission scope in any of its roles. This doesn't check whether identity has access to a specific entity or global access.
-
referentsByScope
AuthorityReferenceSet referentsByScope(RadarToken identity, Permission permission)
Return a list of referents, per scope, that given identity has given permission on. The GLOBAL scope does not have any referents, so that will always return an empty list. The ORGANIZATION scope will give a list of organization names, and the PROJECT scope a list of project names. If identity has no role with given permission, this will return an empty map.
-
mayBeGranted
Boolean mayBeGranted(RoleAuthority $self, Permission permission)
-
mayBeGranted
Boolean mayBeGranted(Collection<RoleAuthority> $self, Permission permission)
-
allowedRoles
final static Set<RoleAuthority> allowedRoles(Permission permission)
Look up the allowed authorities for a given permission. Authorities are String constants that appear in RoleAuthority.
- Parameters:
permission
- The permission to look up.
-
-
-
-