Package net.sf.basedb.core

Class Keyring

java.lang.Object
net.sf.basedb.core.Keyring
Direct Known Subclasses:
InternalJobQueue.JobQueueKeyring, Job.SignalKeyring, ServiceSessionControl.ServicesKeyring
class Keyring
extends Object
Objects of this class holds information about a user's access permissions, group and role membership. This object is created when a user logs in and is managed entirely by the SessionControl. It is never exposed to client applications.

The object is not populated with information at creation time. It is done the first time it needs the information. Thereafter, a timer is set to make sure the information is updated at regular intervals, in case some adminstrator changes the permissions and/or membership for the user. The interval is specified by the permission.timeout value in the base.config file.

Version:
2.0
Author:
Nicklas
See Also:
SessionControl.login(LoginRequest)

  • Field Details

    • log

      private static final org.slf4j.Logger log
      Log core events.

    • isInitialised

      private static boolean isInitialised

    • userId

      private final int userId
      The logged in user's ID.

    • itemPermissions

      private int[][] itemPermissions
      Two-dimensional array for holding the permissions for ItemKey:s. The first column holds the key ID, the second the Permission. Ie. key_id = [0, x], permission = [1, x] The rows are sorted by key_id in ascending order.

    • rolePermissions

      private int[][] rolePermissions
      Two-dimensional array for holding the permissions for RoleKey:s. The first column holds the key ID, the second the Permission. Ie. key_id = [0, x], permission = [1, x] The rows are sorted by key_id in ascending order.

    • projectPermissions

      private int[][] projectPermissions
      Two-dimensional array for holding the permissions for ProjectKey:s. The first column holds the key ID, the second the Permission. Ie. key_id = [0, x], permission = [1, x] The rows are sorted by key_id in ascending order.

    • pluginPermissions

      private int[][] pluginPermissions
      Two-dimensional array for holding the permission for PluginDefinition:s. The first column holds the key ID, the second the maximum permission, and the third the override permissions. Ie. key_id = [0, x], maxPermission = [1, x], overridePermission = [2, x]

    • groups

      private Set<Integer> groups
      Holds the ID of all groups that the user is a member of, directly or indirectly.

    • groupsWithNonHiddenMembers

      private Set<Integer> groupsWithNonHiddenMembers
      A subset of the 'groups' set that holds the id of the groups that has hiddenMembers = false

    • projects

      private Map<Integer,​Integer> projects
      Holds the ID and permission of all projects that the user is a member of, directly or via a group.

    • users

      private Set<Integer> users
      Holds the ID of all users which are members of at least one of the groups that the logged in user is also a member of.

    • roles

      private Set<Integer> roles
      Holds the ID of all roles that the user is a member of.

    • inactiveRoles

      private Set<Integer> inactiveRoles
      Holds the ID of the roles that are inactive.
      Since:
      3.11

    • projectId

      private int projectId
      The active project's ID.

    • maxProjectPermission

      private int maxProjectPermission
      Holds the logged in user's maximum Permission within the active project.

    • usePluginPermissions

      private final boolean usePluginPermissions
      If the running plugin should use specific permissions or not.

    • pluginId

      private final int pluginId
      The running plugin's ID.

    • reload

      private volatile boolean reload
      TRUE if the Timer has signaled that it is time to reload the information.

    • itemKeys

      private Set<Integer> itemKeys
      A set holding all item keys, which is needed for efficient listing of shared items.

    • projectKeys

      private Set<Integer> projectKeys
      A set holding all project keys, which is needed for efficient listing of shared items.

    • ROOT

      private static int ROOT

    • EVERYONE

      private static int EVERYONE

    • ALL

      private static int ALL

    • ALL_ITEM

      private static int ALL_ITEM

    • DENY_ITEM

      private static int DENY_ITEM

  • Constructor Details

    • Keyring

      Keyring​(int userId) throws BaseException
      Create a new Keyring object.
      Parameters:
      userId - The ID of the user
      Throws:
      BaseException - This exception is thrown if there is an error

    • Keyring

      Keyring​(Keyring parent, int pluginId, boolean usePluginPermissions)

  • Method Details

    • init

      static void init()

    • unload

      static void unload()
      Unload all settings.

    • setReload

      void setReload​(boolean reload)

    • getReload

      boolean getReload()

    • reload

      private boolean reload()
      Reload all permission information
      Returns:
      TRUE if permissions were loaded successfully, FALSE otherwise

    • loadRoles

      private void loadRoles​(Session session) throws BaseException
      Loads role membership for the user and put that information in the roles variable.
      Throws:
      BaseException

    • loadGroups

      private void loadGroups​(Session session) throws BaseException
      Loads group membership for the user and put that information in the groups and groupsWithNonHiddenMembers variables.
      Throws:
      BaseException

    • loadProjects

      private void loadProjects​(Session session) throws BaseException
      Loads project membership for the user and put that information in the projects variable.
      Throws:
      BaseException

    • loadUsers

      private void loadUsers​(Session session) throws BaseException
      Load all users which are member of at least one group where the logged in user is also a member and put that information in the users variable. If a project is active, also load the members and owner of that project.
      Throws:
      BaseException

    • loadItemKeys

      private void loadItemKeys​(Session session) throws BaseException
      Load all ItemKey:s for the logged in user and put the result in itemPermissions
      Throws:
      BaseException

    • loadRoleKeys

      private void loadRoleKeys​(Session session) throws BaseException
      Load all RoleKey:s for the logged in user and put the result in rolePermissions
      Throws:
      BaseException

    • loadPluginPermissionKeys

      private void loadPluginPermissionKeys​(Session session) throws BaseException
      Load all PluginKeys:s for the active plugin.
      Parameters:
      session - The session to get the query through.
      Throws:
      BaseException - If there is an error.

    • loadProjectKeys

      private void loadProjectKeys​(Session session) throws BaseException
      Load all ProjectKey:s for the logged in user.
      Throws:
      BaseException

    • loadMaxProjectPermission

      private void loadMaxProjectPermission​(Session session, ProjectData projectData) throws BaseException
      Find out the logged in user's maximum permission to the active project and put the result in maxProjectPermission.
      Throws:
      BaseException

    • getMaxProjectPermission

      int getMaxProjectPermission()
      Get the max project permission within the currently active project.

    • setActiveProject

      void setActiveProject​(ProjectData projectData) throws PermissionDeniedException, BaseException
      Set the active project.
      Parameters:
      projectData - The project to make active, or null to disable it
      Throws:
      PermissionDeniedException
      BaseException

    • setRoleInactive

      boolean setRoleInactive​(int roleId, boolean inactive)
      Set a roles as inactive (or active).
      Returns:
      TRUE if the status was changes, FALSE if not
      Since:
      3.11

    • permissionForKey

      private int permissionForKey​(int key, int[][] permissions)
      Returns the permission value for the specified key or PERMISSION.DENIED if not found in the array of keys.
      Parameters:
      key - The key to look for
      permissions - An array with two columns, the first holds the key_id and the second the permission
      Returns:
      The permissions for the key

    • isDenied

      private boolean isDenied​(int permission)
      Checks if the DENIED bit is set in the permission.

    • getRolePermissions

      int getRolePermissions​(Item itemType)
      Get the logged in user's permission to an unspecified item of a certain Item type. If Permission.DENIED is set, it overrides all other permissions.
      Parameters:
      itemType - The item type as defined by the Item class
      Returns:
      The permission

    • getPluginPermissions

      PluginPermission getPluginPermissions​(Item itemType)
      Get the active plugin's permissions to an unspecified item of a certain Item type.
      Parameters:
      itemType - The item type as defined by the Item class
      Returns:
      The permission

    • getSharedPermissions

      int getSharedPermissions​(ShareableData sharableData)

    • getAllPermissions

      int getAllPermissions​(Item itemType, UserData owner, ItemKeyData itemKey, ProjectKeyData projectKey)

    • getRoles

      Set<Integer> getRoles()

    • getInactiveRoles

      Set<Integer> getInactiveRoles()

    • getGroups

      Set<Integer> getGroups​(boolean onlyWithNonHiddenMembers)

    • getUsers

      Set<Integer> getUsers()
      Get all users that share group membership with the logged in user. Only groups membership in groups that has hiddenMembers=false are considered.

    • getProjects

      Map<Integer,​Integer> getProjects()

    • getItemKeys

      Set<Integer> getItemKeys​(Permission permission)

    • getProjectKeys

      Set<Integer> getProjectKeys​(Permission permission)