Package net.sf.basedb.core
Class Keyring
java.lang.Object
net.sf.basedb.core.Keyring
- Direct Known Subclasses:
InternalJobQueue.JobQueueKeyring
,Job.SignalKeyring
,ServiceSessionControl.ServicesKeyring
class Keyring extends Object
Objects of this class holds information about a user's access permissions,
group and role membership. This object is created when a user logs in and
is managed entirely by the
SessionControl
. It is never exposed
to client applications.
The object is not populated with information at creation time. It is done
the first time it needs the information. Thereafter, a timer is set to
make sure the information is updated at regular intervals, in case
some adminstrator changes the permissions and/or membership for
the user. The interval is specified by the permission.timeout
value in the base.config
file.
- Version:
- 2.0
- Author:
- Nicklas
- See Also:
SessionControl.login(LoginRequest)
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private class
Keyring.ReloadTask
-
Field Summary
Fields Modifier and Type Field Description private static int
ALL
private static int
ALL_ITEM
private static int
DENY_ITEM
private static int
EVERYONE
private Set<Integer>
groups
Holds the ID of all groups that the user is a member of, directly or indirectly.private Set<Integer>
groupsWithNonHiddenMembers
A subset of the 'groups' set that holds the id of the groups that has hiddenMembers = falseprivate Set<Integer>
inactiveRoles
Holds the ID of the roles that are inactive.private static boolean
isInitialised
private Set<Integer>
itemKeys
A set holding all item keys, which is needed for efficient listing of shared items.private int[][]
itemPermissions
Two-dimensional array for holding the permissions forItemKey
:s.private static org.slf4j.Logger
log
Log core events.private int
maxProjectPermission
Holds the logged in user's maximumPermission
within the active project.private int
pluginId
The running plugin's ID.private int[][]
pluginPermissions
Two-dimensional array for holding the permission forPluginDefinition
:s.private int
projectId
The active project's ID.private Set<Integer>
projectKeys
A set holding all project keys, which is needed for efficient listing of shared items.private int[][]
projectPermissions
Two-dimensional array for holding the permissions forProjectKey
:s.private Map<Integer,Integer>
projects
Holds the ID and permission of all projects that the user is a member of, directly or via a group.private boolean
reload
TRUE if the Timer has signaled that it is time to reload the information.private int[][]
rolePermissions
Two-dimensional array for holding the permissions forRoleKey
:s.private Set<Integer>
roles
Holds the ID of all roles that the user is a member of.private static int
ROOT
private boolean
usePluginPermissions
If the running plugin should use specific permissions or not.private int
userId
The logged in user's ID.private Set<Integer>
users
Holds the ID of all users which are members of at least one of the groups that the logged in user is also a member of. -
Constructor Summary
-
Method Summary
Modifier and Type Method Description (package private) int
getAllPermissions(Item itemType, UserData owner, ItemKeyData itemKey, ProjectKeyData projectKey)
(package private) Set<Integer>
getGroups(boolean onlyWithNonHiddenMembers)
(package private) Set<Integer>
getInactiveRoles()
(package private) Set<Integer>
getItemKeys(Permission permission)
(package private) int
getMaxProjectPermission()
Get the max project permission within the currently active project.(package private) PluginPermission
getPluginPermissions(Item itemType)
Get the active plugin's permissions to an unspecified item of a certainItem
type.(package private) Set<Integer>
getProjectKeys(Permission permission)
(package private) Map<Integer,Integer>
getProjects()
(package private) boolean
getReload()
(package private) int
getRolePermissions(Item itemType)
Get the logged in user's permission to an unspecified item of a certainItem
type.(package private) Set<Integer>
getRoles()
(package private) int
getSharedPermissions(ShareableData sharableData)
(package private) Set<Integer>
getUsers()
Get all users that share group membership with the logged in user.(package private) static void
init()
private boolean
isDenied(int permission)
Checks if the DENIED bit is set in the permission.private void
loadGroups(Session session)
Loads group membership for the user and put that information in thegroups
andgroupsWithNonHiddenMembers
variables.private void
loadItemKeys(Session session)
Load allItemKey
:s for the logged in user and put the result initemPermissions
private void
loadMaxProjectPermission(Session session, ProjectData projectData)
Find out the logged in user's maximum permission to the active project and put the result inmaxProjectPermission
.private void
loadPluginPermissionKeys(Session session)
Load allPluginKeys
:s for the active plugin.private void
loadProjectKeys(Session session)
Load allProjectKey
:s for the logged in user.private void
loadProjects(Session session)
Loads project membership for the user and put that information in theprojects
variable.private void
loadRoleKeys(Session session)
Load allRoleKey
:s for the logged in user and put the result inrolePermissions
private void
loadRoles(Session session)
Loads role membership for the user and put that information in theroles
variable.private void
loadUsers(Session session)
Load all users which are member of at least one group where the logged in user is also a member and put that information in theusers
variable.private int
permissionForKey(int key, int[][] permissions)
Returns the permission value for the specified key or PERMISSION.DENIED if not found in the array of keys.private boolean
reload()
Reload all permission information(package private) void
setActiveProject(ProjectData projectData)
Set the active project.(package private) void
setReload(boolean reload)
(package private) boolean
setRoleInactive(int roleId, boolean inactive)
Set a roles as inactive (or active).(package private) static void
unload()
Unload all settings.
-
Field Details
-
log
private static final org.slf4j.Logger logLog core events. -
isInitialised
private static boolean isInitialised -
userId
private final int userIdThe logged in user's ID. -
itemPermissions
private int[][] itemPermissionsTwo-dimensional array for holding the permissions forItemKey
:s. The first column holds the key ID, the second thePermission
. Ie. key_id = [0, x], permission = [1, x] The rows are sorted by key_id in ascending order. -
rolePermissions
private int[][] rolePermissionsTwo-dimensional array for holding the permissions forRoleKey
:s. The first column holds the key ID, the second thePermission
. Ie. key_id = [0, x], permission = [1, x] The rows are sorted by key_id in ascending order. -
projectPermissions
private int[][] projectPermissionsTwo-dimensional array for holding the permissions forProjectKey
:s. The first column holds the key ID, the second thePermission
. Ie. key_id = [0, x], permission = [1, x] The rows are sorted by key_id in ascending order. -
pluginPermissions
private int[][] pluginPermissionsTwo-dimensional array for holding the permission forPluginDefinition
:s. The first column holds the key ID, the second the maximum permission, and the third the override permissions. Ie. key_id = [0, x], maxPermission = [1, x], overridePermission = [2, x] -
groups
Holds the ID of all groups that the user is a member of, directly or indirectly. -
groupsWithNonHiddenMembers
A subset of the 'groups' set that holds the id of the groups that has hiddenMembers = false -
projects
Holds the ID and permission of all projects that the user is a member of, directly or via a group. -
users
Holds the ID of all users which are members of at least one of the groups that the logged in user is also a member of. -
roles
Holds the ID of all roles that the user is a member of. -
inactiveRoles
Holds the ID of the roles that are inactive.- Since:
- 3.11
-
projectId
private int projectIdThe active project's ID. -
maxProjectPermission
private int maxProjectPermissionHolds the logged in user's maximumPermission
within the active project. -
usePluginPermissions
private final boolean usePluginPermissionsIf the running plugin should use specific permissions or not. -
pluginId
private final int pluginIdThe running plugin's ID. -
reload
private volatile boolean reloadTRUE if the Timer has signaled that it is time to reload the information. -
itemKeys
A set holding all item keys, which is needed for efficient listing of shared items. -
projectKeys
A set holding all project keys, which is needed for efficient listing of shared items. -
ROOT
private static int ROOT -
EVERYONE
private static int EVERYONE -
ALL
private static int ALL -
ALL_ITEM
private static int ALL_ITEM -
DENY_ITEM
private static int DENY_ITEM
-
-
Constructor Details
-
Keyring
Create a newKeyring
object.- Parameters:
userId
- The ID of the user- Throws:
BaseException
- This exception is thrown if there is an error
-
Keyring
Keyring(Keyring parent, int pluginId, boolean usePluginPermissions)
-
-
Method Details
-
init
static void init() -
unload
static void unload()Unload all settings. -
setReload
void setReload(boolean reload) -
getReload
boolean getReload() -
reload
private boolean reload()Reload all permission information- Returns:
- TRUE if permissions were loaded successfully, FALSE otherwise
-
loadRoles
Loads role membership for the user and put that information in theroles
variable.- Throws:
BaseException
-
loadGroups
Loads group membership for the user and put that information in thegroups
andgroupsWithNonHiddenMembers
variables.- Throws:
BaseException
-
loadProjects
Loads project membership for the user and put that information in theprojects
variable.- Throws:
BaseException
-
loadUsers
Load all users which are member of at least one group where the logged in user is also a member and put that information in theusers
variable. If a project is active, also load the members and owner of that project.- Throws:
BaseException
-
loadItemKeys
Load allItemKey
:s for the logged in user and put the result initemPermissions
- Throws:
BaseException
-
loadRoleKeys
Load allRoleKey
:s for the logged in user and put the result inrolePermissions
- Throws:
BaseException
-
loadPluginPermissionKeys
Load allPluginKeys
:s for the active plugin.- Parameters:
session
- The session to get the query through.- Throws:
BaseException
- If there is an error.
-
loadProjectKeys
Load allProjectKey
:s for the logged in user.- Throws:
BaseException
-
loadMaxProjectPermission
private void loadMaxProjectPermission(Session session, ProjectData projectData) throws BaseExceptionFind out the logged in user's maximum permission to the active project and put the result inmaxProjectPermission
.- Throws:
BaseException
-
getMaxProjectPermission
int getMaxProjectPermission()Get the max project permission within the currently active project. -
setActiveProject
Set the active project.- Parameters:
projectData
- The project to make active, or null to disable it- Throws:
PermissionDeniedException
BaseException
-
setRoleInactive
boolean setRoleInactive(int roleId, boolean inactive)Set a roles as inactive (or active).- Returns:
- TRUE if the status was changes, FALSE if not
- Since:
- 3.11
-
permissionForKey
private int permissionForKey(int key, int[][] permissions)Returns the permission value for the specified key or PERMISSION.DENIED if not found in the array of keys.- Parameters:
key
- The key to look forpermissions
- An array with two columns, the first holds the key_id and the second the permission- Returns:
- The permissions for the key
-
isDenied
private boolean isDenied(int permission)Checks if the DENIED bit is set in the permission. -
getRolePermissions
Get the logged in user's permission to an unspecified item of a certainItem
type. IfPermission.DENIED
is set, it overrides all other permissions.- Parameters:
itemType
- The item type as defined by theItem
class- Returns:
- The permission
-
getPluginPermissions
Get the active plugin's permissions to an unspecified item of a certainItem
type.- Parameters:
itemType
- The item type as defined by theItem
class- Returns:
- The permission
-
getAllPermissions
int getAllPermissions(Item itemType, UserData owner, ItemKeyData itemKey, ProjectKeyData projectKey) -
getRoles
-
getInactiveRoles
-
getGroups
-
getUsers
Get all users that share group membership with the logged in user. Only groups membership in groups that has hiddenMembers=false are considered. -
getProjects
-
getItemKeys
-
getProjectKeys
-