Class Keyring

  • Direct Known Subclasses:
    InternalJobQueue.JobQueueKeyring, Job.SignalKeyring, ServiceSessionControl.ServicesKeyring

    class Keyring
    extends Object
    Objects of this class holds information about a user's access permissions, group and role membership. This object is created when a user logs in and is managed entirely by the SessionControl. It is never exposed to client applications.

    The object is not populated with information at creation time. It is done the first time it needs the information. Thereafter, a timer is set to make sure the information is updated at regular intervals, in case some adminstrator changes the permissions and/or membership for the user. The interval is specified by the permission.timeout value in the base.config file.

    Version:
    2.0
    Author:
    Nicklas
    See Also:
    SessionControl.login(LoginRequest)
    • Field Detail

      • log

        private static final org.slf4j.Logger log
        Log core events.
      • isInitialised

        private static boolean isInitialised
      • userId

        private final int userId
        The logged in user's ID.
      • itemPermissions

        private int[][] itemPermissions
        Two-dimensional array for holding the permissions for ItemKey:s. The first column holds the key ID, the second the Permission. Ie. key_id = [0, x], permission = [1, x] The rows are sorted by key_id in ascending order.
      • rolePermissions

        private int[][] rolePermissions
        Two-dimensional array for holding the permissions for RoleKey:s. The first column holds the key ID, the second the Permission. Ie. key_id = [0, x], permission = [1, x] The rows are sorted by key_id in ascending order.
      • projectPermissions

        private int[][] projectPermissions
        Two-dimensional array for holding the permissions for ProjectKey:s. The first column holds the key ID, the second the Permission. Ie. key_id = [0, x], permission = [1, x] The rows are sorted by key_id in ascending order.
      • pluginPermissions

        private int[][] pluginPermissions
        Two-dimensional array for holding the permission for PluginDefinition:s. The first column holds the key ID, the second the maximum permission, and the third the override permissions. Ie. key_id = [0, x], maxPermission = [1, x], overridePermission = [2, x]
      • groups

        private Set<Integer> groups
        Holds the ID of all groups that the user is a member of, directly or indirectly.
      • groupsWithNonHiddenMembers

        private Set<Integer> groupsWithNonHiddenMembers
        A subset of the 'groups' set that holds the id of the groups that has hiddenMembers = false
      • projects

        private Map<Integer,​Integer> projects
        Holds the ID and permission of all projects that the user is a member of, directly or via a group.
      • users

        private Set<Integer> users
        Holds the ID of all users which are members of at least one of the groups that the logged in user is also a member of.
      • roles

        private Set<Integer> roles
        Holds the ID of all roles that the user is a member of.
      • inactiveRoles

        private Set<Integer> inactiveRoles
        Holds the ID of the roles that are inactive.
        Since:
        3.11
      • projectId

        private int projectId
        The active project's ID.
      • maxProjectPermission

        private int maxProjectPermission
        Holds the logged in user's maximum Permission within the active project.
      • usePluginPermissions

        private final boolean usePluginPermissions
        If the running plugin should use specific permissions or not.
      • pluginId

        private final int pluginId
        The running plugin's ID.
      • reload

        private volatile boolean reload
        TRUE if the Timer has signaled that it is time to reload the information.
      • itemKeys

        private Set<Integer> itemKeys
        A set holding all item keys, which is needed for efficient listing of shared items.
      • projectKeys

        private Set<Integer> projectKeys
        A set holding all project keys, which is needed for efficient listing of shared items.
      • ROOT

        private static int ROOT
      • EVERYONE

        private static int EVERYONE
      • ALL

        private static int ALL
      • ALL_ITEM

        private static int ALL_ITEM
      • DENY_ITEM

        private static int DENY_ITEM
    • Constructor Detail

      • Keyring

        Keyring​(int userId)
         throws BaseException
        Create a new Keyring object.
        Parameters:
        userId - The ID of the user
        Throws:
        BaseException - This exception is thrown if there is an error
      • Keyring

        Keyring​(Keyring parent,
                int pluginId,
                boolean usePluginPermissions)
    • Method Detail

      • init

        static void init()
      • unload

        static void unload()
        Unload all settings.
      • setReload

        void setReload​(boolean reload)
      • getReload

        boolean getReload()
      • reload

        private boolean reload()
        Reload all permission information
        Returns:
        TRUE if permissions were loaded successfully, FALSE otherwise
      • loadRoles

        private void loadRoles​(org.hibernate.Session session)
                        throws BaseException
        Loads role membership for the user and put that information in the roles variable.
        Throws:
        BaseException
      • loadProjects

        private void loadProjects​(org.hibernate.Session session)
                           throws BaseException
        Loads project membership for the user and put that information in the projects variable.
        Throws:
        BaseException
      • loadUsers

        private void loadUsers​(org.hibernate.Session session)
                        throws BaseException
        Load all users which are member of at least one group where the logged in user is also a member and put that information in the users variable. If a project is active, also load the members and owner of that project.
        Throws:
        BaseException
      • loadPluginPermissionKeys

        private void loadPluginPermissionKeys​(org.hibernate.Session session)
                                       throws BaseException
        Load all PluginKeys:s for the active plugin.
        Parameters:
        session - The session to get the query through.
        Throws:
        BaseException - If there is an error.
      • loadMaxProjectPermission

        private void loadMaxProjectPermission​(org.hibernate.Session session,
                                              ProjectData projectData)
                                       throws BaseException
        Find out the logged in user's maximum permission to the active project and put the result in maxProjectPermission.
        Throws:
        BaseException
      • getMaxProjectPermission

        int getMaxProjectPermission()
        Get the max project permission within the currently active project.
      • setRoleInactive

        boolean setRoleInactive​(int roleId,
                                boolean inactive)
        Set a roles as inactive (or active).
        Returns:
        TRUE if the status was changes, FALSE if not
        Since:
        3.11
      • permissionForKey

        private int permissionForKey​(int key,
                                     int[][] permissions)
        Returns the permission value for the specified key or PERMISSION.DENIED if not found in the array of keys.
        Parameters:
        key - The key to look for
        permissions - An array with two columns, the first holds the key_id and the second the permission
        Returns:
        The permissions for the key
      • isDenied

        private boolean isDenied​(int permission)
        Checks if the DENIED bit is set in the permission.
      • getRolePermissions

        int getRolePermissions​(Item itemType)
        Get the logged in user's permission to an unspecified item of a certain Item type. If Permission.DENIED is set, it overrides all other permissions.
        Parameters:
        itemType - The item type as defined by the Item class
        Returns:
        The permission
      • getPluginPermissions

        PluginPermission getPluginPermissions​(Item itemType)
        Get the active plugin's permissions to an unspecified item of a certain Item type.
        Parameters:
        itemType - The item type as defined by the Item class
        Returns:
        The permission
      • getSharedPermissions

        int getSharedPermissions​(ShareableData sharableData)
      • getInactiveRoles

        Set<Integer> getInactiveRoles()
      • getGroups

        Set<Integer> getGroups​(boolean onlyWithNonHiddenMembers)
      • getUsers

        Set<Integer> getUsers()
        Get all users that share group membership with the logged in user. Only groups membership in groups that has hiddenMembers=false are considered.