Class Role

  • All Implemented Interfaces:
    AccessControlled, Identifiable, Nameable, Registered, Removable, SystemItem

    public class Role
    extends BasicItem
    implements Nameable, Removable, SystemItem, Registered
    This class is used to represent roles. A role is used in the permission system to give users access to various parts of BASE. A permission given to a role is global, ie. it applies to all items of a spcific type on the entire server, and not only within a group or project. For example it is possible to give READ access to all SAMPLE:s, no matter if the owner has shared them to other users or not.

    BASE comes with a predefined set of roles, for example ADMINISTRATOR and GUEST, which have been configured with what we think is an appropriate combination of privileges. If you wish, you may create more roles. Use roles only for functional grouping of the users, and not for organisational grouping. If you wish to do that you should use a Group or Project instead.

    Version:
    2.0
    Author:
    Nicklas
    See Also:
    Group, Project
    Last modified
    $Date: 2017-03-13 09:15:46 +0100 (må, 13 mar 2017) $
    • Field Detail

      • TYPE

        public static final Item TYPE
        The type of item represented by this class.
        See Also:
        Item.ROLE, getType()
      • ADMINISTRATOR

        public static final String ADMINISTRATOR
        The id for the Role item representing adminstrators. By default administrators have full privileges on the server.
        See Also:
        Constant Field Values
      • SUPERVISOR

        public static final String SUPERVISOR
        The id for the Role item representing supervisors. A supervisor have READ permission to everything in BASE.
        See Also:
        Constant Field Values
      • POWER_USER

        public static final String POWER_USER
        The id for the Role item representing power users. A power user have less permissions than an administrator but may do some things that an ordinary user may not.
        See Also:
        Constant Field Values
      • USER

        public static final String USER
        The id for the Role item representing regular users. This role should be sufficient for most regular users of BASE.
        See Also:
        Constant Field Values
      • GUEST

        public static final String GUEST
        The id for the Role item representing guests. Guests have very limited access to the server.
        See Also:
        Constant Field Values
      • JOBAGENT

        public static final String JOBAGENT
        The id for the Role item representing job agents. The job agents have permission to read jobs and execute them.
        See Also:
        Constant Field Values
      • RUNTIME_FILTER

        private static final QueryRuntimeFilter RUNTIME_FILTER
        This filter will limit a query to only return roles where the logged in user is a member unless the logged in user has generic read permission.
    • Constructor Detail

    • Method Detail

      • getNew

        public static Role getNew​(DbControl dc)
                           throws BaseException
        Create a new Role item.
        Parameters:
        dc - The DbControl which will be used for permission checking and database access.
        Returns:
        The new Role item
        Throws:
        BaseException - If there is an error
      • getQuery

        public static ItemQuery<Role> getQuery()
        Get a ItemQuery object configured to retrieve Role items. If the logged in user doesn't have generic permission to all roles, only roles where that user is a member are included in the list.
        Returns:
        A ItemQuery object
      • getType

        public Item getType()
        Description copied from interface: Identifiable
        Get the type of item represented by the object. The returned value is one of the values defined in the Item enumeration.
        Specified by:
        getType in interface Identifiable
        Returns:
        A value indicating the type of item
      • getName

        public String getName()
        Description copied from interface: Nameable
        Get the name of the item.
        Specified by:
        getName in interface Nameable
        Returns:
        A String with the name of the item
      • getDescription

        public String getDescription()
        Description copied from interface: Nameable
        Get the description for the item.
        Specified by:
        getDescription in interface Nameable
        Returns:
        A String with a description of the item
      • isRemoved

        public boolean isRemoved()
        Description copied from interface: Removable
        Check if the removed flag is set for this item.
        Specified by:
        isRemoved in interface Removable
        Returns:
        TRUE if the item is flagged as removed, FALSE otherwise
      • getSystemId

        public String getSystemId()
        Description copied from interface: SystemItem
        Get the system id for the item.
        Specified by:
        getSystemId in interface SystemItem
        Returns:
        The id of the item or null if it is not a system item
      • isSystemItem

        public boolean isSystemItem()
        Description copied from interface: SystemItem
        Check if the item is a system item or not. A system item have a non-null value for the system id.
        Specified by:
        isSystemItem in interface SystemItem
        Returns:
        TRUE if this item is a system item, FALSE otherwise
      • getEntryDate

        public Date getEntryDate()
        Description copied from interface: Registered
        Get the date that the item was registered in the database.
        Specified by:
        getEntryDate in interface Registered
        Returns:
        A date or null if this is not known
      • setEntryDate

        public void setEntryDate​(Date entryDate)
        Description copied from interface: Registered
        Set the date the entry was registered in the database. Implementations should only allow this property to be set before the item is first stored in the database. The intention of this method is to facilitate export/import of data between server.
        Specified by:
        setEntryDate in interface Registered
        Parameters:
        entryDate - A date or null to use today's date
      • initPermissions

        void initPermissions​(int granted,
                             int denied)
                      throws BaseException
        If the logged in user is a member of this role, read permission is granted. If this is a system role, delete and create permissions are revoked.
        Overrides:
        initPermissions in class BasicItem
        Parameters:
        granted - Permissions that have been granted by the subclass
        denied - Permissions that have been denied by the subclass
        Throws:
        BaseException - If the permissions couldn't be initialised
      • isDefault

        public boolean isDefault()
        If this role should be assigned to new users by default or not.
        Since:
        2.4
      • isMember

        public boolean isMember​(User user)
        Check if the given user is member of this role or not.
        Parameters:
        user - The user to check
        Returns:
        TRUE if the user is member, FALSE otherwise
      • getUsers

        public ItemQuery<User> getUsers()
        Get a query that returns the users that are members of this role. This query excludes users that the logged in user doesn't have permission to read.
        See Also:
        User.getQuery()