2.17.2: 2011-06-17

net.sf.basedb.core
Class Keyring

java.lang.Object
  extended by net.sf.basedb.core.Keyring
Direct Known Subclasses:
InternalJobQueue.JobQueueKeyring, InternalStorageController.StorageKeyring

 class Keyring
extends Object

Objects of this class holds information about a user's access permissions, group and role membership. This object is created when a user logs in and is managed entirely by the SessionControl. It is never exposed to client applications.

The object is not populated with information at creation time. It is done the first time it needs the information. Thereafter, a timer is set to make sure the information is updated at regular intervals, in case some adminstrator changes the permissions and/or membership for the user. The interval is specified by the permission.timeout value in the base.config file.

Version:
2.0
Author:
Nicklas
See Also:
SessionControl.login(String, String, String, boolean)

Nested Class Summary
private  class Keyring.ReloadTask
           
 
Field Summary
private static int ALL
           
private static int ALL_ITEM
           
private static int DENY_ITEM
           
private static int EVERYONE
           
private  Set<Integer> groups
          Holds the ID of all groups that the user is a member of, directly or indirectly.
private  Set<Integer> groupsWithNonHiddenMembers
          A subset of the 'groups' set that holds the id of the groups that has hiddenMembers = false
private static boolean isInitialised
           
private  Set<Integer> itemKeys
          A set holding all item keys, which is needed for efficient listing of shared items.
private  int[][] itemPermissions
          Two-dimensional array for holding the permissions for ItemKey:s.
private static Logger log
          Log core events.
private  int maxProjectPermission
          Holds the logged in user's maximum Permission within the active project.
private  int pluginId
          The running plugin's ID.
private  int[][] pluginPermissions
          Two-dimensional array for holding the permission for PluginDefinition:s.
private  int projectId
          The active project's ID.
private  Set<Integer> projectKeys
          A set holding all project keys, which is needed for efficient listing of shared items.
private  int[][] projectPermissions
          Two-dimensional array for holding the permissions for ProjectKey:s.
private  Map<Integer,Integer> projects
          Holds the ID and permission of all projects that the user is a member of, directly or via a group.
private  boolean reload
          TRUE if the Timer has signaled that it is time to reload the information.
private  int[][] rolePermissions
          Two-dimensional array for holding the permissions for RoleKey:s.
private  Set<Integer> roles
          Holds the ID of all roles that the user is a member of.
private static int ROOT
           
private  boolean usePluginPermissions
          If the running plugin should use specific permissions or not.
private  int userId
          The logged in user's ID.
private  Set<Integer> users
          Holds the ID of all users which are members of at least one of the groups that the logged in user is also a member of.
 
Constructor Summary
Keyring(int userId)
          Create a new Keyring object.
Keyring(Keyring parent, int pluginId, boolean usePluginPermissions)
           
 
Method Summary
(package private)  int getAllPermissions(Item itemType, UserData owner, ItemKeyData itemKey, ProjectKeyData projectKey)
           
(package private)  Set<Integer> getGroups(boolean onlyWithNonHiddenMembers)
           
(package private)  Set<Integer> getItemKeys(Permission permission)
           
(package private)  PluginPermission getPluginPermissions(Item itemType)
          Get the active plugin's permissions to an unspecified item of a certain Item type.
(package private)  Set<Integer> getProjectKeys(Permission permission)
           
(package private)  Map<Integer,Integer> getProjects()
           
(package private)  boolean getReload()
           
(package private)  int getRolePermissions(Item itemType)
          Get the logged in user's permission to an unspecified item of a certain Item type.
(package private)  Set<Integer> getRoles()
           
(package private)  int getSharedPermissions(ShareableData sharableData)
           
(package private)  Set<Integer> getUsers()
          Get all users that share group membership with the logged in user.
(package private) static void init()
           
private  boolean isDenied(int permission)
          Checks if the DENIED bit is set in the permission.
private  void loadGroups(org.hibernate.Session session)
          Loads group membership for the user and put that information in the groups and groupsWithNonHiddenMembers variables.
private  void loadItemKeys(org.hibernate.Session session)
          Load all ItemKey:s for the logged in user and put the result in itemPermissions
private  void loadMaxProjectPermission(org.hibernate.Session session, ProjectData projectData)
          Find out the logged in user's maximum permission to the active project and put the result in maxProjectPermission.
private  void loadPluginPermissionKeys(org.hibernate.Session session)
          Load all PluginKeys:s for the active plugin.
private  void loadProjectKeys(org.hibernate.Session session)
          Load all ProjectKey:s for the logged in user.
private  void loadProjects(org.hibernate.Session session)
          Loads project membership for the user and put that information in the projects variable.
private  void loadRoleKeys(org.hibernate.Session session)
          Load all RoleKey:s for the logged in user and put the result in rolePermissions
private  void loadRoles(org.hibernate.Session session)
          Loads role membership for the user and put that information in the roles variable.
private  void loadUsers(org.hibernate.Session session)
          Load all users which are member of at least one group where the logged in user is also a member and put that information in the users variable.
private  int permissionForKey(int key, int[][] permissions)
          Returns the permission value for the specified key or PERMISSION.DENIED if not found in the array of keys.
private  boolean reload()
          Reload all permission information
(package private)  void setActiveProject(ProjectData projectData)
          Set the active project.
(package private)  void setReload(boolean reload)
           
(package private) static void unload()
          Unload all settings.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

log

private static final Logger log
Log core events.


isInitialised

private static boolean isInitialised

userId

private final int userId
The logged in user's ID.


itemPermissions

private int[][] itemPermissions
Two-dimensional array for holding the permissions for ItemKey:s. The first column holds the key ID, the second the Permission. Ie. key_id = [0, x], permission = [1, x] The rows are sorted by key_id in ascending order.


rolePermissions

private int[][] rolePermissions
Two-dimensional array for holding the permissions for RoleKey:s. The first column holds the key ID, the second the Permission. Ie. key_id = [0, x], permission = [1, x] The rows are sorted by key_id in ascending order.


projectPermissions

private int[][] projectPermissions
Two-dimensional array for holding the permissions for ProjectKey:s. The first column holds the key ID, the second the Permission. Ie. key_id = [0, x], permission = [1, x] The rows are sorted by key_id in ascending order.


pluginPermissions

private int[][] pluginPermissions
Two-dimensional array for holding the permission for PluginDefinition:s. The first column holds the key ID, the second the maximum permission, and the third the override permissions. Ie. key_id = [0, x], maxPermission = [1, x], overridePermission = [2, x]


groups

private Set<Integer> groups
Holds the ID of all groups that the user is a member of, directly or indirectly.


groupsWithNonHiddenMembers

private Set<Integer> groupsWithNonHiddenMembers
A subset of the 'groups' set that holds the id of the groups that has hiddenMembers = false


projects

private Map<Integer,Integer> projects
Holds the ID and permission of all projects that the user is a member of, directly or via a group.


users

private Set<Integer> users
Holds the ID of all users which are members of at least one of the groups that the logged in user is also a member of.


roles

private Set<Integer> roles
Holds the ID of all roles that the user is a member of.


projectId

private int projectId
The active project's ID.


maxProjectPermission

private int maxProjectPermission
Holds the logged in user's maximum Permission within the active project.


usePluginPermissions

private final boolean usePluginPermissions
If the running plugin should use specific permissions or not.


pluginId

private final int pluginId
The running plugin's ID.


reload

private boolean reload
TRUE if the Timer has signaled that it is time to reload the information.


itemKeys

private Set<Integer> itemKeys
A set holding all item keys, which is needed for efficient listing of shared items.


projectKeys

private Set<Integer> projectKeys
A set holding all project keys, which is needed for efficient listing of shared items.


ROOT

private static int ROOT

EVERYONE

private static int EVERYONE

ALL

private static int ALL

ALL_ITEM

private static int ALL_ITEM

DENY_ITEM

private static int DENY_ITEM
Constructor Detail

Keyring

Keyring(int userId)
  throws BaseException
Create a new Keyring object.

Parameters:
userId - The ID of the user
Throws:
BaseException - This exception is thrown if there is an error

Keyring

Keyring(Keyring parent,
        int pluginId,
        boolean usePluginPermissions)
Method Detail

init

static void init()

unload

static void unload()
Unload all settings.


setReload

void setReload(boolean reload)

getReload

boolean getReload()

reload

private boolean reload()
Reload all permission information

Returns:
TRUE if permissions were loaded successfully, FALSE otherwise

loadRoles

private void loadRoles(org.hibernate.Session session)
                throws BaseException
Loads role membership for the user and put that information in the roles variable.

Throws:
BaseException

loadGroups

private void loadGroups(org.hibernate.Session session)
                 throws BaseException
Loads group membership for the user and put that information in the groups and groupsWithNonHiddenMembers variables.

Throws:
BaseException

loadProjects

private void loadProjects(org.hibernate.Session session)
                   throws BaseException
Loads project membership for the user and put that information in the projects variable.

Throws:
BaseException

loadUsers

private void loadUsers(org.hibernate.Session session)
                throws BaseException
Load all users which are member of at least one group where the logged in user is also a member and put that information in the users variable. If a project is active, also load the members and owner of that project.

Throws:
BaseException

loadItemKeys

private void loadItemKeys(org.hibernate.Session session)
                   throws BaseException
Load all ItemKey:s for the logged in user and put the result in itemPermissions

Throws:
BaseException

loadRoleKeys

private void loadRoleKeys(org.hibernate.Session session)
                   throws BaseException
Load all RoleKey:s for the logged in user and put the result in rolePermissions

Throws:
BaseException

loadPluginPermissionKeys

private void loadPluginPermissionKeys(org.hibernate.Session session)
                               throws BaseException
Load all PluginKeys:s for the active plugin.

Parameters:
session - The session to get the query through.
Throws:
BaseException - If there is an error.

loadProjectKeys

private void loadProjectKeys(org.hibernate.Session session)
                      throws BaseException
Load all ProjectKey:s for the logged in user.

Throws:
BaseException

loadMaxProjectPermission

private void loadMaxProjectPermission(org.hibernate.Session session,
                                      ProjectData projectData)
                               throws BaseException
Find out the logged in user's maximum permission to the active project and put the result in maxProjectPermission.

Throws:
BaseException

setActiveProject

void setActiveProject(ProjectData projectData)
                throws PermissionDeniedException,
                       BaseException
Set the active project.

Parameters:
projectData - The project to make active, or null to disable it
Throws:
PermissionDeniedException
BaseException

permissionForKey

private int permissionForKey(int key,
                             int[][] permissions)
Returns the permission value for the specified key or PERMISSION.DENIED if not found in the array of keys.

Parameters:
key - The key to look for
permissions - An array with two columns, the first holds the key_id and the second the permission
Returns:
The permissions for the key

isDenied

private boolean isDenied(int permission)
Checks if the DENIED bit is set in the permission.


getRolePermissions

int getRolePermissions(Item itemType)
Get the logged in user's permission to an unspecified item of a certain Item type. If Permission.DENIED is set, it overrides all other permissions.

Parameters:
itemType - The item type as defined by the Item class
Returns:
The permission

getPluginPermissions

PluginPermission getPluginPermissions(Item itemType)
Get the active plugin's permissions to an unspecified item of a certain Item type.

Parameters:
itemType - The item type as defined by the Item class
Returns:
The permission

getSharedPermissions

int getSharedPermissions(ShareableData sharableData)

getAllPermissions

int getAllPermissions(Item itemType,
                      UserData owner,
                      ItemKeyData itemKey,
                      ProjectKeyData projectKey)

getRoles

Set<Integer> getRoles()

getGroups

Set<Integer> getGroups(boolean onlyWithNonHiddenMembers)

getUsers

Set<Integer> getUsers()
Get all users that share group membership with the logged in user. Only groups membership in groups that has hiddenMembers=false are considered.


getProjects

Map<Integer,Integer> getProjects()

getItemKeys

Set<Integer> getItemKeys(Permission permission)

getProjectKeys

Set<Integer> getProjectKeys(Permission permission)

2.17.2: 2011-06-17