|
2.17.2: 2011-06-17 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object net.sf.basedb.core.BasicItem<RoleData> net.sf.basedb.core.Role
public class Role
This class is used to represent roles. A role is used in the
permission system to give users access to various parts
of BASE. A permission given to a role is global, ie. it applies to
all items of a spcific type on the entire server, and not only within
a group or project. For example it is possible to give READ
access to all SAMPLE
:s, no matter if the owner has shared them
to other users or not.
BASE comes with a predefined set of roles, for example
ADMINISTRATOR
and GUEST
, which have been
configured with what we think is an appropriate combination of
privileges. If you wish, you may create more roles. Use roles
only for functional grouping of the users, and not
for organisational grouping. If you wish to do that you should
use a Group
or Project
instead.
Group
,
Project
,
Default permissionsNested Class Summary | |
---|---|
private static class |
Role.QueryRuntimeFilterImpl
A runtime filter implementation that limits a query to only return roles where the logged in user is a member unless the logged in user has generic read permission. |
Field Summary | |
---|---|
static String |
ADMINISTRATOR
The id for the Role item representing adminstrators. |
static String |
GUEST
The id for the Role item representing guests. |
static String |
JOBAGENT
The id for the Role item representing job agents. |
static String |
POWER_USER
The id for the Role item representing power users. |
private static QueryRuntimeFilter |
RUNTIME_FILTER
This filter will limit a query to only return roles where the logged in user is a member unless the logged in user has generic read permission. |
static String |
SUPERVISOR
The id for the Role item representing supervisors. |
static Item |
TYPE
The type of item represented by this class. |
static String |
USER
The id for the Role item representing regular users. |
Fields inherited from interface net.sf.basedb.core.Nameable |
---|
MAX_DESCRIPTION_LENGTH, MAX_NAME_LENGTH |
Fields inherited from interface net.sf.basedb.core.SystemItem |
---|
MAX_SYSTEM_ID_LENGTH |
Constructor Summary | |
---|---|
Role(RoleData roleData)
|
Method Summary | |
---|---|
void |
addUser(User user)
Assign this Role to a user. |
static Role |
getById(DbControl dc,
int id)
Get a Role item when you know the ID. |
String |
getDescription()
Get the description for the item. |
Date |
getEntryDate()
Get the date that the item was registered in the database. |
String |
getName()
Get the name of the item. |
static Role |
getNew(DbControl dc)
Create a new Role item. |
static ItemQuery<Role> |
getQuery()
Get a ItemQuery object configured
to retrieve Role items. |
String |
getSystemId()
Get the system id for the item. |
Item |
getType()
Get the type of item represented by the object. |
ItemQuery<User> |
getUsers()
Get a query that returns the users that are members of this role. |
(package private) void |
initPermissions(int granted,
int denied)
If the logged in user is a member of this role, read permission is granted. |
boolean |
isDefault()
If this role should be assigned to new users by default or not. |
boolean |
isMember(User user)
Check if the given user is member of this role or not. |
boolean |
isRemoved()
Check if the removed flag is set for this item. |
boolean |
isSystemItem()
Check if the item is a system item or not. |
void |
removeUser(User user)
Revoke this Role from a user. |
void |
setDefault(boolean isDefault)
If this role should be assigned to new users by default or not. |
void |
setDescription(String description)
Set the description for the item. |
void |
setName(String name)
Set the name of the item. |
void |
setRemoved(boolean removed)
Set the removed flag for this item. |
Methods inherited from class net.sf.basedb.core.BasicItem |
---|
addUsingItems, addUsingItems, checkPermission, equals, getData, getDbControl, getId, getPermissions, getPluginPermissions, getSessionControl, getUsingItems, getVersion, hashCode, hasPermission, isDetached, isInDatabase, isUsed, onAfterCommit, onAfterInsert, onBeforeCommit, onRollback, setDbControl, setProjectDefaults, toString, toTransferable, validate |
Methods inherited from class java.lang.Object |
---|
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Methods inherited from interface net.sf.basedb.core.Identifiable |
---|
getId, getVersion |
Methods inherited from interface net.sf.basedb.core.AccessControlled |
---|
checkPermission, getPermissions, hasPermission |
Field Detail |
---|
public static final Item TYPE
Item.ROLE
,
getType()
public static final String ADMINISTRATOR
Role
item representing adminstrators.
By default administrators have full privileges on
the server.
public static final String SUPERVISOR
Role
item representing supervisors.
A supervisor have READ permission to everything in BASE.
public static final String POWER_USER
Role
item representing power users.
A power user have less permissions than an administrator
but may do some things that an ordinary user may not.
public static final String USER
Role
item representing regular users.
This role should be sufficient for most regular users
of BASE.
public static final String GUEST
Role
item representing guests.
Guests have very limited access to the server.
public static final String JOBAGENT
Role
item representing job agents.
The job agents have permission to read jobs and execute them.
private static final QueryRuntimeFilter RUNTIME_FILTER
Constructor Detail |
---|
Role(RoleData roleData)
Method Detail |
---|
public static Role getNew(DbControl dc) throws BaseException
Role
item.
dc
- The DbControl
which will be used for
permission checking and database access.
Role
item
BaseException
- If there is an errorpublic static Role getById(DbControl dc, int id) throws ItemNotFoundException, PermissionDeniedException, BaseException
Role
item when you know the ID.
dc
- The DbControl
which will be used for
permission checking and database access.id
- The ID of the item to load
Role
item
ItemNotFoundException
- If an item with the specified
ID is not found
PermissionDeniedException
- If the logged in user doesn't
have Permission.READ
permission to the item
BaseException
- If there is another errorpublic static ItemQuery<Role> getQuery()
ItemQuery
object configured
to retrieve Role
items. If the logged in user
doesn't have generic permission to all roles, only roles
where that user is a member are included in the list.
ItemQuery
objectpublic Item getType()
Identifiable
Item
enumeration.
getType
in interface Identifiable
public String getName()
Nameable
getName
in interface Nameable
String
with the name of the itempublic void setName(String name) throws PermissionDeniedException, InvalidDataException
Nameable
Nameable.MAX_NAME_LENGTH
constant.
setName
in interface Nameable
name
- The new name for the item
PermissionDeniedException
- If the logged in user doesn't
have write permission
InvalidDataException
- If the name is null or longer
than specified by the Nameable.MAX_NAME_LENGTH
constantpublic String getDescription()
Nameable
getDescription
in interface Nameable
String
with a description of the itempublic void setDescription(String description) throws PermissionDeniedException, InvalidDataException
Nameable
Nameable.MAX_DESCRIPTION_LENGTH
constant.
setDescription
in interface Nameable
description
- The new description for the item
PermissionDeniedException
- If the logged in user doesn't
have write permission
InvalidDataException
- If the description longer
than specified by the Nameable.MAX_DESCRIPTION_LENGTH
constantpublic boolean isRemoved()
Removable
isRemoved
in interface Removable
public void setRemoved(boolean removed) throws PermissionDeniedException
Removable
setRemoved
in interface Removable
removed
- TRUE if the item should be flagged as removed,
FALSE otherwise
PermissionDeniedException
- If the logged in user doesn't
have Permission.DELETE
permission for setting the flag
to TRUE or Permission.WRITE
permission for setting the
flag to FALSEpublic String getSystemId()
SystemItem
getSystemId
in interface SystemItem
public boolean isSystemItem()
SystemItem
isSystemItem
in interface SystemItem
public Date getEntryDate()
Registered
getEntryDate
in interface Registered
void initPermissions(int granted, int denied) throws BaseException
initPermissions
in class BasicItem<RoleData>
granted
- Permissions that have been granted by the subclassdenied
- Permissions that have been denied by the subclass
BaseException
- If the permissions couldn't be initialisedpublic boolean isDefault()
public void setDefault(boolean isDefault)
User.addToDefaultRolesAndGroups()
.
isDefault
- The new setting
PermissionDeniedException
- If the logged in user doesn't
have Permission.WRITE
permission for the rolepublic void addUser(User user) throws PermissionDeniedException, InvalidDataException
Role
to a user.
user
- The user to be assigned this role
PermissionDeniedException
- If the logged in user doesn't
have Permission.WRITE
permission for the role and
Permission.USE
permission for the user
InvalidDataException
- If the user is nullpublic void removeUser(User user) throws PermissionDeniedException, InvalidDataException
Role
from a user.
user
- The user that should be removed from this role
PermissionDeniedException
- If the logged in user doesn't
have Permission.WRITE
permission for the role and
Permission.USE
permission for the user
InvalidDataException
- If the user is nullpublic boolean isMember(User user)
user
- The user to check
public ItemQuery<User> getUsers()
User.getQuery()
|
2.17.2: 2011-06-17 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |