Package net.sf.basedb.core
Class Role
java.lang.Object
net.sf.basedb.core.BasicItem
net.sf.basedb.core.Role
- All Implemented Interfaces:
AccessControlled
,Identifiable
,Nameable
,Registered
,Removable
,SystemItem
This class is used to represent roles. A role is used in the
permission system to give users access to various parts
of BASE. A permission given to a role is global, ie. it applies to
all items of a spcific type on the entire server, and not only within
a group or project. For example it is possible to give
READ
access to all SAMPLE
:s, no matter if the owner has shared them
to other users or not.
BASE comes with a predefined set of roles, for example
ADMINISTRATOR
and GUEST
, which have been
configured with what we think is an appropriate combination of
privileges. If you wish, you may create more roles. Use roles
only for functional grouping of the users, and not
for organisational grouping. If you wish to do that you should
use a Group
or Project
instead.
-
Nested Class Summary
Modifier and TypeClassDescriptionprivate static class
A runtime filter implementation that limits a query to only return roles where the logged in user is a member unless the logged in user has generic read permission. -
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The id for theRole
item representing adminstrators.static final String
The id for theRole
item representing guests.static final String
The id for theRole
item representing job agents.static final String
The id for theRole
item representing power users.private static final QueryRuntimeFilter
This filter will limit a query to only return roles where the logged in user is a member unless the logged in user has generic read permission.static final String
The id for theRole
item representing supervisors.static final Item
The type of item represented by this class.static final String
The id for theRole
item representing regular users.Fields inherited from interface net.sf.basedb.core.Nameable
MAX_DESCRIPTION_LENGTH, MAX_NAME_LENGTH
Fields inherited from interface net.sf.basedb.core.SystemItem
MAX_SYSTEM_ID_LENGTH
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
Assign thisRole
to a user.static Role
Get aRole
item when you know the ID.(package private) RoleData
getData()
Get theBasicData
object that holds all data for this item.Get the description for the item.Get the date that the item was registered in the database.getName()
Get the name of the item.static Role
Create a newRole
item.getQuery()
Get aItemQuery
object configured to retrieveRole
items.Get the user that flagged this item for removal.Get the system id for the item.getType()
Get the type of item represented by the object.getUsers()
Get a query that returns the users that are members of this role.(package private) void
initPermissions
(int granted, int denied) If the logged in user is a member of this role, read permission is granted.boolean
If this role should be assigned to new users by default or not.boolean
Check if the given user is member of this role or not.boolean
Check if the removed flag is set for this item.boolean
Check if the item is a system item or not.void
removeUser
(User user) Revoke thisRole
from a user.void
setDefault
(boolean isDefault) If this role should be assigned to new users by default or not.void
setDescription
(String description) Set the description for the item.void
setEntryDate
(Date entryDate) Set the date the entry was registered in the database.void
Set the name of the item.void
setRemoved
(boolean removed) Set the removed flag for this item.Methods inherited from class net.sf.basedb.core.BasicItem
addAnnotatableParents, addUsingItems, addUsingItems, breakCircularReferences, checkBatchAnnotatableUsage, checkPermission, equals, getBasicData, getDbControl, getId, getPermissions, getPluginPermissions, getSessionControl, getUsingItems, getVersion, hashCode, hasPermission, isDetached, isInDatabase, isUsed, onAfterCommit, onAfterInsert, onBeforeCommit, onRollback, setDbControl, setProjectDefaults, toString, validate
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
Methods inherited from interface net.sf.basedb.core.AccessControlled
checkPermission, getPermissions, hasPermission
Methods inherited from interface net.sf.basedb.core.Identifiable
getId, getVersion
-
Field Details
-
TYPE
The type of item represented by this class. -
ADMINISTRATOR
The id for theRole
item representing adminstrators. By default administrators have full privileges on the server.- See Also:
-
SUPERVISOR
The id for theRole
item representing supervisors. A supervisor have READ permission to everything in BASE.- See Also:
-
POWER_USER
The id for theRole
item representing power users. A power user have less permissions than an administrator but may do some things that an ordinary user may not.- See Also:
-
USER
The id for theRole
item representing regular users. This role should be sufficient for most regular users of BASE.- See Also:
-
GUEST
The id for theRole
item representing guests. Guests have very limited access to the server.- See Also:
-
JOBAGENT
The id for theRole
item representing job agents. The job agents have permission to read jobs and execute them.- See Also:
-
RUNTIME_FILTER
This filter will limit a query to only return roles where the logged in user is a member unless the logged in user has generic read permission.
-
-
Constructor Details
-
Role
Role(RoleData roleData)
-
-
Method Details
-
getNew
Create a newRole
item.- Parameters:
dc
- TheDbControl
which will be used for permission checking and database access.- Returns:
- The new
Role
item - Throws:
BaseException
- If there is an error
-
getById
public static Role getById(DbControl dc, int id) throws ItemNotFoundException, PermissionDeniedException, BaseException Get aRole
item when you know the ID.- Parameters:
dc
- TheDbControl
which will be used for permission checking and database access.id
- The ID of the item to load- Returns:
- The
Role
item - Throws:
ItemNotFoundException
- If an item with the specified ID is not foundPermissionDeniedException
- If the logged in user doesn't havePermission.READ
permission to the itemBaseException
- If there is another error
-
getQuery
Get aItemQuery
object configured to retrieveRole
items. If the logged in user doesn't have generic permission to all roles, only roles where that user is a member are included in the list.- Returns:
- A
ItemQuery
object
-
getData
RoleData getData()Description copied from class:BasicItem
Get theBasicData
object that holds all data for this item. -
getType
Description copied from interface:Identifiable
Get the type of item represented by the object. The returned value is one of the values defined in theItem
enumeration.- Specified by:
getType
in interfaceIdentifiable
- Returns:
- A value indicating the type of item
-
getName
Description copied from interface:Nameable
Get the name of the item. -
setName
Description copied from interface:Nameable
Set the name of the item. The name cannot be null and mustn't be longer than the value specified by theNameable.MAX_NAME_LENGTH
constant.- Specified by:
setName
in interfaceNameable
- Parameters:
name
- The new name for the item- Throws:
PermissionDeniedException
- If the logged in user doesn't have write permissionInvalidDataException
- If the name is null or longer than specified by theNameable.MAX_NAME_LENGTH
constant
-
getDescription
Description copied from interface:Nameable
Get the description for the item.- Specified by:
getDescription
in interfaceNameable
- Returns:
- A
String
with a description of the item
-
setDescription
public void setDescription(String description) throws PermissionDeniedException, InvalidDataException Description copied from interface:Nameable
Set the description for the item. The description can be null but mustn't be longer than the value specified by theNameable.MAX_DESCRIPTION_LENGTH
constant.- Specified by:
setDescription
in interfaceNameable
- Parameters:
description
- The new description for the item- Throws:
PermissionDeniedException
- If the logged in user doesn't have write permissionInvalidDataException
- If the description longer than specified by theNameable.MAX_DESCRIPTION_LENGTH
constant
-
isRemoved
public boolean isRemoved()Description copied from interface:Removable
Check if the removed flag is set for this item. -
setRemoved
Description copied from interface:Removable
Set the removed flag for this item.- Specified by:
setRemoved
in interfaceRemovable
- Parameters:
removed
- TRUE if the item should be flagged as removed, FALSE otherwise- Throws:
PermissionDeniedException
- If the logged in user doesn't havePermission.DELETE
permission for setting the flag to TRUE orPermission.WRITE
permission for setting the flag to FALSE
-
getRemovedBy
Description copied from interface:Removable
Get the user that flagged this item for removal.- Specified by:
getRemovedBy
in interfaceRemovable
- Returns:
- A User object, or null if this item has not been flagged
- Throws:
PermissionDeniedException
- If the logged in user doesn't havePermission.READ
permission for the userItemNotFoundException
- If the user that removed this item can't be found
-
getSystemId
Description copied from interface:SystemItem
Get the system id for the item.- Specified by:
getSystemId
in interfaceSystemItem
- Returns:
- The id of the item or null if it is not a system item
-
isSystemItem
public boolean isSystemItem()Description copied from interface:SystemItem
Check if the item is a system item or not. A system item have a non-null value for the system id.- Specified by:
isSystemItem
in interfaceSystemItem
- Returns:
- TRUE if this item is a system item, FALSE otherwise
-
getEntryDate
Description copied from interface:Registered
Get the date that the item was registered in the database.- Specified by:
getEntryDate
in interfaceRegistered
- Returns:
- A date or null if this is not known
-
setEntryDate
Description copied from interface:Registered
Set the date the entry was registered in the database. Implementations should only allow this property to be set before the item is first stored in the database. The intention of this method is to facilitate export/import of data between server.- Specified by:
setEntryDate
in interfaceRegistered
- Parameters:
entryDate
- A date or null to use today's date
-
initPermissions
If the logged in user is a member of this role, read permission is granted. If this is a system role, delete and create permissions are revoked.- Overrides:
initPermissions
in classBasicItem
- Parameters:
granted
- Permissions that have been granted by the subclassdenied
- Permissions that have been denied by the subclass- Throws:
BaseException
- If the permissions couldn't be initialised
-
isDefault
public boolean isDefault()If this role should be assigned to new users by default or not.- Since:
- 2.4
-
setDefault
public void setDefault(boolean isDefault) If this role should be assigned to new users by default or not. Note! The client must callUser.addToDefaultRolesAndGroups()
.- Parameters:
isDefault
- The new setting- Throws:
PermissionDeniedException
- If the logged in user doesn't havePermission.WRITE
permission for the role- Since:
- 2.4
-
addUser
Assign thisRole
to a user.- Parameters:
user
- The user to be assigned this role- Throws:
PermissionDeniedException
- If the logged in user doesn't havePermission.WRITE
permission for the role andPermission.USE
permission for the userInvalidDataException
- If the user is null
-
removeUser
Revoke thisRole
from a user.- Parameters:
user
- The user that should be removed from this role- Throws:
PermissionDeniedException
- If the logged in user doesn't havePermission.WRITE
permission for the role andPermission.USE
permission for the userInvalidDataException
- If the user is null
-
isMember
Check if the given user is member of this role or not.- Parameters:
user
- The user to check- Returns:
- TRUE if the user is member, FALSE otherwise
-
getUsers
Get a query that returns the users that are members of this role. This query excludes users that the logged in user doesn't have permission to read.- See Also:
-