Package ch.ivyteam.ivy.security
Interface ISecurityDescriptor
-
public interface ISecurityDescriptor
A Security Descriptor is used to decide if a session has a permission to do something. A Security Descriptor typically is associated to an object, like a web application or the ivyGrid Server. Therefore a session can do something on an object if the session has the permission on the object's security descriptor. The security descriptor can be modified by session who has the right to do that. Modifications are grant or deny a permission to a user or role.- Since:
- 17.05.2006
- API:
- This is a public API.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
checkPermission(ISession currentSession, IPermission permission)
Checks if the session has a certain permissionvoid
denyPermission(IPermission permission, ISecurityMember member)
Denies a permission to a security membervoid
denyPermissions(IPermissionGroup permissionGroup, ISecurityMember member)
Denies a all permissions of a permission group to a security memberList<IAccessControl>
getAccessControlsForPermission(IPermission permission)
Gets the access control entries for a certain permissionlong
getId()
Gets the identifier of the security descriptorIUser
getOwner()
Gets the owner of the object, this security descriptor belongs toIPermissionAccess
getPermissionAccess(IPermission permission, ISecurityMember member)
Gets the permission access of a security memberList<IPermissionAccess>
getPermissionAccesses(ISecurityMember member)
Gets all permission accesses of all permissions for a security memberIPermissionGroupAccess
getPermissionGroupAccess(IPermissionGroup permissionGroup, ISecurityMember member)
Gets the permission group access of a security member (all permissions of the group, including all sub groups are checked).List<IPermission>
getPermissions()
Gets the permissions that can be granted and denied on this security descriptorISecurityDescriptorType
getSecurityDescriptorType()
Gets the security descriptor typevoid
grantPermission(IPermission permission, ISecurityMember member)
Grants a permission to a security membervoid
grantPermissions(IPermissionGroup permissionGroup, ISecurityMember member)
Grants all permissions of a permission group to a security memberboolean
hasPermission(ISession session, IPermission permission)
Checks if the session has a certain permissionvoid
undenyPermission(IPermission permission, ISecurityMember member)
Undeny a permission from a security membervoid
undenyPermissions(IPermissionGroup permissionGroup, ISecurityMember member)
Undeny a all permissions of a permission group from a security membervoid
ungrantPermission(IPermission permission, ISecurityMember member)
Ungrants a permission from a security membervoid
ungrantPermissions(IPermissionGroup permissionGroup, ISecurityMember member)
Ungrants a all permissions of a permission group from a security member
-
-
-
Method Detail
-
hasPermission
boolean hasPermission(ISession session, IPermission permission)
Checks if the session has a certain permission- Parameters:
session
- the session to checkpermission
- the permission to check- Returns:
- true if sesion has permission, otherwise false
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
getPermissions
List<IPermission> getPermissions()
Gets the permissions that can be granted and denied on this security descriptor- Returns:
- list with the permissions
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS SecurityDescriptorReadAllPermissions PERMISSION OR OWNS SecurityDescriptorReadAllPermissions@SYSTEM PERMISSION
-
getOwner
IUser getOwner()
Gets the owner of the object, this security descriptor belongs to- Returns:
- owner of the object
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS SecurityDescriptorReadOwner PERMISSION OR OWNS SecurityDescriptorReadOwner@SYSTEM PERMISSION
-
getSecurityDescriptorType
ISecurityDescriptorType getSecurityDescriptorType()
Gets the security descriptor type- Returns:
- security descriptor type
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS SecurityDescriptorReadSecurityDescriptorType PERMISSION OR OWNS SecurityDescriptorReadSecurityDescriptorType@SYSTEM PERMISSION
-
getAccessControlsForPermission
List<IAccessControl> getAccessControlsForPermission(IPermission permission)
Gets the access control entries for a certain permission- Parameters:
permission
- The permission whichs access control entries should be return- Returns:
- list with AccessControls for a permission
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS SecurityDescriptorReadAccessControl PERMISSION OR OWNS SecurityDescriptorReadAccessControl@SYSTEM PERMISSION
-
grantPermission
void grantPermission(IPermission permission, ISecurityMember member)
Grants a permission to a security member- Parameters:
permission
- the permission to grantmember
- the security member to which the permission should be granted- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
ungrantPermission
void ungrantPermission(IPermission permission, ISecurityMember member)
Ungrants a permission from a security member- Parameters:
permission
- the permission to ungrantmember
- the security memberr from which the permission should be ungranted- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS SecurityDescriptorUngrantPermission PERMISSION OR OWNS SecurityDescriptorUngrantPermission@SYSTEM PERMISSION
-
denyPermission
void denyPermission(IPermission permission, ISecurityMember member)
Denies a permission to a security member- Parameters:
permission
- the permission to denymember
- the security member to which the permission should be denied- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS SecurityDescriptorDenyPermission PERMISSION OR OWNS SecurityDescriptorDenyPermission@SYSTEM PERMISSION
-
undenyPermission
void undenyPermission(IPermission permission, ISecurityMember member)
Undeny a permission from a security member- Parameters:
permission
- the permission to undenymember
- the security memberr from which the permission should be undenied- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS SecurityDescriptorUndenyPermission PERMISSION OR OWNS SecurityDescriptorUndenyPermission@SYSTEM PERMISSION
-
grantPermissions
void grantPermissions(IPermissionGroup permissionGroup, ISecurityMember member)
Grants all permissions of a permission group to a security member- Parameters:
permissionGroup
- the permission group to grant all permissions ofmember
- the security member to which the permission should be granted- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
ungrantPermissions
void ungrantPermissions(IPermissionGroup permissionGroup, ISecurityMember member)
Ungrants a all permissions of a permission group from a security member- Parameters:
permissionGroup
- the permission group to ungrant all permissions ofmember
- the security memberr from which the permission should be ungranted- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS SecurityDescriptorUngrantPermission PERMISSION OR OWNS SecurityDescriptorUngrantPermission@SYSTEM PERMISSION
-
denyPermissions
void denyPermissions(IPermissionGroup permissionGroup, ISecurityMember member)
Denies a all permissions of a permission group to a security member- Parameters:
permissionGroup
- the permission group to deny all permissions ofmember
- the security member to which the permission should be denied- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS SecurityDescriptorDenyPermission PERMISSION OR OWNS SecurityDescriptorDenyPermission@SYSTEM PERMISSION
-
undenyPermissions
void undenyPermissions(IPermissionGroup permissionGroup, ISecurityMember member)
Undeny a all permissions of a permission group from a security member- Parameters:
permissionGroup
- the permission group to undeny all permissions ofmember
- the security memberr from which the permission should be undenied- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS SecurityDescriptorUndenyPermission PERMISSION OR OWNS SecurityDescriptorUndenyPermission@SYSTEM PERMISSION
-
getPermissionAccess
IPermissionAccess getPermissionAccess(IPermission permission, ISecurityMember member)
Gets the permission access of a security member- Parameters:
permission
- the permission which permission access should be returnmember
- the security member which permission access should be returned- Returns:
- permisssion access
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS SecurityDescriptorReadPermissionAccess PERMISSION OR OWNS SecurityDescriptorReadPermissionAccess@SYSTEM PERMISSION
-
getPermissionAccesses
List<IPermissionAccess> getPermissionAccesses(ISecurityMember member)
Gets all permission accesses of all permissions for a security member- Parameters:
member
- the security member which permission accesses should be returned- Returns:
- list with the permission accesses
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS SecurityDescriptorReadAllPermissionAccess PERMISSION OR OWNS SecurityDescriptorReadAllPermissionAccess@SYSTEM PERMISSION
-
getPermissionGroupAccess
IPermissionGroupAccess getPermissionGroupAccess(IPermissionGroup permissionGroup, ISecurityMember member)
Gets the permission group access of a security member (all permissions of the group, including all sub groups are checked).- Parameters:
permissionGroup
- The permission group whose permission access should be determinedmember
- The security member for which the access should be determined- Returns:
- permisssion access group
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
checkPermission
void checkPermission(ISession currentSession, IPermission permission)
Checks if the session has a certain permission- Parameters:
currentSession
- the session to checkpermission
- the permission to check- Throws:
ch.ivyteam.ivy.security.PermissionDeniedException
- if session does not own permissionPersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
getId
long getId()
Gets the identifier of the security descriptor- Returns:
- identifier
- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
-