com.flexive.shared.content
Class FxPermissionUtils

java.lang.Object
  extended by com.flexive.shared.content.FxPermissionUtils

public class FxPermissionUtils
extends java.lang.Object

Permission Utilities

Author:
Markus Plesser (markus.plesser@flexive.com), UCS - unique computing solutions gmbh (http://www.ucs.at)

Field Summary
static byte PERM_MASK_INSTANCE
           
static byte PERM_MASK_PROPERTY
           
static byte PERM_MASK_STEP
           
static byte PERM_MASK_TYPE
           
 
Constructor Summary
FxPermissionUtils()
           
 
Method Summary
static void checkMandatorExistance(long id)
          Check if the mandator with the requested id exists and is active.
static boolean checkPermission(UserTicket ticket, ACL.Permission permission, FxContentSecurityInfo si, boolean throwException)
          Permission check for existing contents
static boolean checkPermission(UserTicket ticket, long ownerId, ACL.Permission permission, FxType type, long stepACL, long contentACL, boolean throwException)
          Permission check for (new) contents
protected static void checkPropertyPermission(FxValue value, java.lang.String xpath, UserTicket ticket, long creatorId, long aclId, ACL.Permission perm)
          Check a single property permission
static void checkPropertyPermissions(FxContent content, ACL.Permission perm)
          Check if the calling user has the requested permission for all properties in this content.
static void checkPropertyPermissions(long creatorId, FxDelta delta, ACL.Permission perm)
          Check propery permissions for delta updates
static void checkRole(UserTicket ticket, Role... roles)
          Throw an exception if the calling user is not in the given roles
static void checkTypeAvailable(long typeId, boolean allowLocked)
          Check if the requested FxType is available.
static byte encodeTypePermissions(boolean useInstancePermissions, boolean usePropertyPermissions, boolean useStepPermissions, boolean useTypePermissions)
          Encode permissions for use in FxType
static PermissionSet getPermissions(long acl, FxType type, long stepACL, long createdBy, long mandator)
          Get a users permission for a given instance ACL
static java.lang.String toString(byte bitCodedPermissions)
          Get a human readable form of bit coded permissions
static void unwrapNoAccessValues(FxContent content, FxContent original)
          Unwrap all FxNoAccess values to their original values.
static void wrapNoAccessValues(UserTicket ticket, FxContentSecurityInfo securityInfo, FxContent content, FxType type, FxEnvironment env)
          Process a contents property and wrap FxValue's in FxNoAccess or set them to readonly where appropriate
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

PERM_MASK_INSTANCE

public static final byte PERM_MASK_INSTANCE
See Also:
Constant Field Values

PERM_MASK_PROPERTY

public static final byte PERM_MASK_PROPERTY
See Also:
Constant Field Values

PERM_MASK_STEP

public static final byte PERM_MASK_STEP
See Also:
Constant Field Values

PERM_MASK_TYPE

public static final byte PERM_MASK_TYPE
See Also:
Constant Field Values
Constructor Detail

FxPermissionUtils

public FxPermissionUtils()
Method Detail

checkPermission

public static boolean checkPermission(UserTicket ticket,
                                      long ownerId,
                                      ACL.Permission permission,
                                      FxType type,
                                      long stepACL,
                                      long contentACL,
                                      boolean throwException)
                               throws FxNoAccessException
Permission check for (new) contents

Parameters:
ticket - calling users ticket
ownerId - owner of the content to check
permission - permission to check
type - used type
stepACL - step ACL
contentACL - content ACL
throwException - should exception be thrown
Returns:
access granted
Throws:
FxNoAccessException - if not accessible for calling user

checkPermission

public static boolean checkPermission(UserTicket ticket,
                                      ACL.Permission permission,
                                      FxContentSecurityInfo si,
                                      boolean throwException)
                               throws FxNoAccessException
Permission check for existing contents

Parameters:
ticket - calling users ticket
permission - permission to check
si - security info of the content to check
throwException - should exception be thrown
Returns:
access granted
Throws:
FxNoAccessException - if access denied and exception should be thrown

wrapNoAccessValues

public static void wrapNoAccessValues(UserTicket ticket,
                                      FxContentSecurityInfo securityInfo,
                                      FxContent content,
                                      FxType type,
                                      FxEnvironment env)
                               throws FxNotFoundException,
                                      FxInvalidParameterException,
                                      FxNoAccessException
Process a contents property and wrap FxValue's in FxNoAccess or set them to readonly where appropriate

Parameters:
ticket - calling users ticket
securityInfo - needed security information
content - the content to process
type - the content's FxType
env - environment
Throws:
FxNotFoundException - on errors
FxInvalidParameterException - on errors
FxNoAccessException - on errors

unwrapNoAccessValues

public static void unwrapNoAccessValues(FxContent content,
                                        FxContent original)
                                 throws FxNotFoundException,
                                        FxInvalidParameterException,
                                        FxNoAccessException
Unwrap all FxNoAccess values to their original values. Must be called as supervisor to work ...

Parameters:
content - the FxContent to process
original - the original content to get the wrapped values from
Throws:
FxNotFoundException - on errors
FxInvalidParameterException - on errors
FxNoAccessException - on errors

checkPropertyPermissions

public static void checkPropertyPermissions(FxContent content,
                                            ACL.Permission perm)
                                     throws FxNotFoundException,
                                            FxInvalidParameterException,
                                            FxNoAccessException
Check if the calling user has the requested permission for all properties in this content. Call only if the assigned type uses propery permissions! Delete permission can not be checked using this method since it can't be determined if a property has been removed!

Parameters:
content - content to check
perm - requested permission
Throws:
FxNotFoundException - on errors
FxInvalidParameterException - on errors
FxNoAccessException - on errors

checkPropertyPermissions

public static void checkPropertyPermissions(long creatorId,
                                            FxDelta delta,
                                            ACL.Permission perm)
                                     throws FxNoAccessException
Check propery permissions for delta updates

Parameters:
creatorId - content instance creator
delta - delta changes
perm - permisson to check
Throws:
FxNoAccessException - if not accessible for the calling user

checkPropertyPermission

protected static void checkPropertyPermission(FxValue value,
                                              java.lang.String xpath,
                                              UserTicket ticket,
                                              long creatorId,
                                              long aclId,
                                              ACL.Permission perm)
                                       throws FxNoAccessException
Check a single property permission

Parameters:
value - the affected value
xpath - xpath of the property
ticket - calling users ticket
creatorId - creator of the content instance
aclId - acl id to check
perm - permission to check
Throws:
FxNoAccessException - if not accessible for the calling user

encodeTypePermissions

public static byte encodeTypePermissions(boolean useInstancePermissions,
                                         boolean usePropertyPermissions,
                                         boolean useStepPermissions,
                                         boolean useTypePermissions)
Encode permissions for use in FxType

Parameters:
useInstancePermissions - instance
usePropertyPermissions - property
useStepPermissions - (workflow)step
useTypePermissions - type
Returns:
encoded permissions

toString

public static java.lang.String toString(byte bitCodedPermissions)
Get a human readable form of bit coded permissions

Parameters:
bitCodedPermissions - permissions
Returns:
human readable form

getPermissions

public static PermissionSet getPermissions(long acl,
                                           FxType type,
                                           long stepACL,
                                           long createdBy,
                                           long mandator)
                                    throws FxNoAccessException
Get a users permission for a given instance ACL

Parameters:
acl - instance ACL
type - used type
stepACL - step ACL
createdBy - owner
mandator - mandator
Returns:
array of permissions in the order edit, relate, delete, export and create
Throws:
FxNoAccessException - if no read access if permitted

checkRole

public static void checkRole(UserTicket ticket,
                             Role... roles)
                      throws FxNoAccessException
Throw an exception if the calling user is not in the given roles

Parameters:
ticket - calling user
roles - Roles to check
Throws:
FxNoAccessException - on errors

checkTypeAvailable

public static void checkTypeAvailable(long typeId,
                                      boolean allowLocked)
                               throws FxApplicationException
Check if the requested FxType is available. A FxNotFoundException will be thrown if the FxType's state is TypeState.Unavailable, if allowLocked is true and the FxType's state is TypeState.Locked a FxNoAccessException will be thrown.

Parameters:
typeId - requested type id to check
allowLocked - allow a locked state?
Throws:
FxApplicationException - on errors
See Also:
TypeState

checkMandatorExistance

public static void checkMandatorExistance(long id)
                                   throws FxNotFoundException
Check if the mandator with the requested id exists and is active. Will throw a FxNotFoundException if inactive or not existant.

Parameters:
id - requested mandator id
Throws:
FxNotFoundException - if inactive or not existant