org.squashtest.tm.service.internal.security

Class AclPermissionEvaluationService

java.lang.Object

org.squashtest.tm.service.internal.security.AclPermissionEvaluationService

All Implemented Interfaces:

PermissionEvaluationService

@Service(value="squashtest.core.security.PermissionEvaluationService")
@Transactional(readOnly=true)
public class AclPermissionEvaluationService
extends Object
implements PermissionEvaluationService

TODO this service can be queried many times by a controller outside of a tx, which means lots of shord lived tx and measurable performance effects. We should add some sort of cache over this service which would short-circuit the tx.

Constructor Summary

Constructors

Constructor and Description
AclPermissionEvaluationService()

Method Summary

Methods

Modifier and Type	Method and Description
boolean	canRead(Object object) short hand for hasRoleOrPermissionOnObject('ROLE_ADMIN', 'READ', object);
boolean	hasMoreThanRead(Object object) return true if the user has more than readonly on the object
boolean	hasPermissionOnObject(String permissionName, Long entityId, String entityClassName) returns true if the current user has the given permission on the object of the given id and classname.
boolean	hasPermissionOnObject(String permission, Object entity)
boolean	hasRole(String role) return true if the user has the given role.
boolean	hasRoleOrPermissionOnObject(String role, String permissionName, Long entityId, String entityClassName) Same as PermissionEvaluationService.hasRoleOrPermissionOnObject(String, String, Object), except that Object is explicitly identified by its ID and classname
boolean	hasRoleOrPermissionOnObject(String role, String permissionName, Object object)
Map<String,Boolean>	hasRoleOrPermissionsOnObject(String role, String[] permissions, Object entity)
Collection<String>	permissionsOn(String className, long id) returns the list of all permissions the curent user has on en entity refernced by its classname and identifier.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AclPermissionEvaluationService

public AclPermissionEvaluationService()

Method Detail

hasRoleOrPermissionOnObject

public boolean hasRoleOrPermissionOnObject(String role,
                                  String permissionName,
                                  Object object)

Specified by:

hasRoleOrPermissionOnObject in interface PermissionEvaluationService

permissionName - String representation of the permission.

Returns:

true if the current user either has the given role or has the required permission on the given object.

hasPermissionOnObject

public boolean hasPermissionOnObject(String permission,
                            Object entity)

Specified by:

hasPermissionOnObject in interface PermissionEvaluationService

Parameters:

permission - String representation of the permission.

Returns:

true if the current user has the required permission on the given object.

See Also:

PermissionEvaluationService.hasPermissionOnObject(String, Object)

hasRoleOrPermissionOnObject

public boolean hasRoleOrPermissionOnObject(String role,
                                  String permissionName,
                                  Long entityId,
                                  String entityClassName)

Description copied from interface: PermissionEvaluationService

Same as PermissionEvaluationService.hasRoleOrPermissionOnObject(String, String, Object), except that Object is explicitly identified by its ID and classname

Specified by:

hasRoleOrPermissionOnObject in interface PermissionEvaluationService

Returns:

canRead

public boolean canRead(Object object)

Description copied from interface: PermissionEvaluationService

short hand for hasRoleOrPermissionOnObject('ROLE_ADMIN', 'READ', object);

Specified by:

canRead in interface PermissionEvaluationService

Returns:

hasRole

@Transactional(propagation=SUPPORTS)
public boolean hasRole(String role)

Description copied from interface: PermissionEvaluationService

return true if the user has the given role.

Specified by:

hasRole in interface PermissionEvaluationService

Returns:

hasMoreThanRead

public boolean hasMoreThanRead(Object object)

Description copied from interface: PermissionEvaluationService

return true if the user has more than readonly on the object

Specified by:

hasMoreThanRead in interface PermissionEvaluationService

Returns:

hasPermissionOnObject

public boolean hasPermissionOnObject(String permissionName,
                            Long entityId,
                            String entityClassName)

Description copied from interface: PermissionEvaluationService

returns true if the current user has the given permission on the object of the given id and classname.

Specified by:

hasPermissionOnObject in interface PermissionEvaluationService

Returns:

true if the current user has the given permission on the object of the given id and classname.

hasRoleOrPermissionsOnObject

public Map<String,Boolean> hasRoleOrPermissionsOnObject(String role,
                                               String[] permissions,
                                               Object entity)

Specified by:

hasRoleOrPermissionsOnObject in interface PermissionEvaluationService

permissions - String representation of the permission.

Returns:

true if the current user has the required permission on the given object.

permissionsOn

public Collection<String> permissionsOn(@NotNull
                               String className,
                               long id)

Description copied from interface: PermissionEvaluationService

returns the list of all permissions the curent user has on en entity refernced by its classname and identifier. admin role is checked and grants all permisisons.

Specified by:

permissionsOn in interface PermissionEvaluationService

Parameters:

className - class name of the entity

id - identifier of the entity

Returns:

the set of permissions for the given entity.