public class Role extends BasicItem<RoleData> implements Nameable, Removable, SystemItem, Registered
READ
access to all SAMPLE
:s, no matter if the owner has shared them
to other users or not.
BASE comes with a predefined set of roles, for example
ADMINISTRATOR
and GUEST
, which have been
configured with what we think is an appropriate combination of
privileges. If you wish, you may create more roles. Use roles
only for functional grouping of the users, and not
for organisational grouping. If you wish to do that you should
use a Group
or Project
instead.
Modifier and Type | Class and Description |
---|---|
private static class |
Role.QueryRuntimeFilterImpl
A runtime filter implementation that limits a query to only
return roles where the logged in user is a member unless the logged in user
has generic read permission.
|
Modifier and Type | Field and Description |
---|---|
static String |
ADMINISTRATOR
The id for the
Role item representing adminstrators. |
static String |
GUEST
The id for the
Role item representing guests. |
static String |
JOBAGENT
The id for the
Role item representing job agents. |
static String |
POWER_USER
The id for the
Role item representing power users. |
private static QueryRuntimeFilter |
RUNTIME_FILTER
This filter will limit a query to only return roles
where the logged in user is a member unless the logged in user
has generic read permission.
|
static String |
SUPERVISOR
The id for the
Role item representing supervisors. |
static Item |
TYPE
The type of item represented by this class.
|
static String |
USER
The id for the
Role item representing regular users. |
MAX_DESCRIPTION_LENGTH, MAX_NAME_LENGTH
MAX_SYSTEM_ID_LENGTH
Modifier and Type | Method and Description |
---|---|
void |
addUser(User user)
Assign this
Role to a user. |
static Role |
getById(DbControl dc,
int id)
Get a
Role item when you know the ID. |
String |
getDescription()
Get the description for the item.
|
Date |
getEntryDate()
Get the date that the item was registered in the database.
|
String |
getName()
Get the name of the item.
|
static Role |
getNew(DbControl dc)
Create a new
Role item. |
static ItemQuery<Role> |
getQuery()
Get a
ItemQuery object configured
to retrieve Role items. |
String |
getSystemId()
Get the system id for the item.
|
Item |
getType()
Get the type of item represented by the object.
|
ItemQuery<User> |
getUsers()
Get a query that returns the users that
are members of this role.
|
(package private) void |
initPermissions(int granted,
int denied)
If the logged in user is a member of this role, read permission
is granted.
|
boolean |
isDefault()
If this role should be assigned to new users by default or not.
|
boolean |
isMember(User user)
Check if the given user is member of this role or not.
|
boolean |
isRemoved()
Check if the removed flag is set for this item.
|
boolean |
isSystemItem()
Check if the item is a system item or not.
|
void |
removeUser(User user)
Revoke this
Role from a user. |
void |
setDefault(boolean isDefault)
If this role should be assigned to new users by default or not.
|
void |
setDescription(String description)
Set the description for the item.
|
void |
setName(String name)
Set the name of the item.
|
void |
setRemoved(boolean removed)
Set the removed flag for this item.
|
addUsingItems, addUsingItems, checkPermission, equals, getData, getDbControl, getId, getPermissions, getPluginPermissions, getSessionControl, getUsingItems, getVersion, hashCode, hasPermission, isDetached, isInDatabase, isUsed, onAfterCommit, onAfterInsert, onBeforeCommit, onRollback, setDbControl, setProjectDefaults, toString, validate
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
getId, getVersion
checkPermission, getPermissions, hasPermission
public static final Item TYPE
public static final String ADMINISTRATOR
Role
item representing adminstrators.
By default administrators have full privileges on
the server.public static final String SUPERVISOR
Role
item representing supervisors.
A supervisor have READ permission to everything in BASE.public static final String POWER_USER
Role
item representing power users.
A power user have less permissions than an administrator
but may do some things that an ordinary user may not.public static final String USER
Role
item representing regular users.
This role should be sufficient for most regular users
of BASE.public static final String GUEST
Role
item representing guests.
Guests have very limited access to the server.public static final String JOBAGENT
Role
item representing job agents.
The job agents have permission to read jobs and execute them.private static final QueryRuntimeFilter RUNTIME_FILTER
Role(RoleData roleData)
public static Role getNew(DbControl dc) throws BaseException
Role
item.dc
- The DbControl
which will be used for
permission checking and database access.Role
itemBaseException
- If there is an errorpublic static Role getById(DbControl dc, int id) throws ItemNotFoundException, PermissionDeniedException, BaseException
Role
item when you know the ID.dc
- The DbControl
which will be used for
permission checking and database access.id
- The ID of the item to loadRole
itemItemNotFoundException
- If an item with the specified
ID is not foundPermissionDeniedException
- If the logged in user doesn't
have Permission.READ
permission to the itemBaseException
- If there is another errorpublic static ItemQuery<Role> getQuery()
ItemQuery
object configured
to retrieve Role
items. If the logged in user
doesn't have generic permission to all roles, only roles
where that user is a member are included in the list.ItemQuery
objectpublic Item getType()
Identifiable
Item
enumeration.getType
in interface Identifiable
public String getName()
Nameable
public void setName(String name) throws PermissionDeniedException, InvalidDataException
Nameable
Nameable.MAX_NAME_LENGTH
constant.setName
in interface Nameable
name
- The new name for the itemPermissionDeniedException
- If the logged in user doesn't
have write permissionInvalidDataException
- If the name is null or longer
than specified by the Nameable.MAX_NAME_LENGTH
constantpublic String getDescription()
Nameable
getDescription
in interface Nameable
String
with a description of the itempublic void setDescription(String description) throws PermissionDeniedException, InvalidDataException
Nameable
Nameable.MAX_DESCRIPTION_LENGTH
constant.setDescription
in interface Nameable
description
- The new description for the itemPermissionDeniedException
- If the logged in user doesn't
have write permissionInvalidDataException
- If the description longer
than specified by the Nameable.MAX_DESCRIPTION_LENGTH
constantpublic boolean isRemoved()
Removable
public void setRemoved(boolean removed) throws PermissionDeniedException
Removable
setRemoved
in interface Removable
removed
- TRUE if the item should be flagged as removed,
FALSE otherwisePermissionDeniedException
- If the logged in user doesn't
have Permission.DELETE
permission for setting the flag
to TRUE or Permission.WRITE
permission for setting the
flag to FALSEpublic String getSystemId()
SystemItem
getSystemId
in interface SystemItem
public boolean isSystemItem()
SystemItem
isSystemItem
in interface SystemItem
public Date getEntryDate()
Registered
getEntryDate
in interface Registered
void initPermissions(int granted, int denied) throws BaseException
initPermissions
in class BasicItem<RoleData>
granted
- Permissions that have been granted by the subclassdenied
- Permissions that have been denied by the subclassBaseException
- If the permissions couldn't be initialisedpublic boolean isDefault()
public void setDefault(boolean isDefault)
User.addToDefaultRolesAndGroups()
.isDefault
- The new settingPermissionDeniedException
- If the logged in user doesn't
have Permission.WRITE
permission for the rolepublic void addUser(User user) throws PermissionDeniedException, InvalidDataException
Role
to a user.user
- The user to be assigned this rolePermissionDeniedException
- If the logged in user doesn't
have Permission.WRITE
permission for the role and
Permission.USE
permission for the userInvalidDataException
- If the user is nullpublic void removeUser(User user) throws PermissionDeniedException, InvalidDataException
Role
from a user.user
- The user that should be removed from this rolePermissionDeniedException
- If the logged in user doesn't
have Permission.WRITE
permission for the role and
Permission.USE
permission for the userInvalidDataException
- If the user is nullpublic boolean isMember(User user)
user
- The user to checkpublic ItemQuery<User> getUsers()
User.getQuery()