Package com.webmethods.portal.mech.access

Interface IAccessMechanics

All Superinterfaces:
IComponent, IInitializable, IMechanics, ISystemHandler
All Known Subinterfaces:
IBasicMechanics, IContainerContentConstraintMechanics, IContainerMechanics, IContentMechanics, IFolderMechanics, ILinkMechanics, ILocalePortletMechanics, IPortalRulesMechanics, IPortletMechanics, IRuleMechanics, IScheduleMechanics, ISkinMechanics, ITaskMechanics, ITaskScheduleMechanics, ITemplateMechanics, ITopicMechanics, IVersionableMechanics, IWebAppMechanics, IXTypeMechanics
public interface IAccessMechanics extends IMechanics
Mechanics for performing access checking.

  • Field Details

  • Method Details

    • getAclView

      IListView<IAceView> getAclView(IThingID itemID) throws PortalException
      Returns access control list for this item
      Parameters:
      itemID -
      Returns:
      list view of IAceView objects
      Throws:
      PortalException

    • getAccess

      @Deprecated int getAccess(IThingID itemId, IThingID userId, Map<?,?> capabilities) throws PortalException
      Deprecated.
      use getAccessEx(IThingID, IThingID) instead
      Returns the bit set representing the access rights the specified user has for the specified item.
      Parameters:
      itemId - Item whose access is requested.
      userId - User whose access to the item is requested.
      Returns:
      Bit set representing the access rights the user has for the item.
      Throws:
      PortalException

    • getAccessEx

      IRightSet getAccessEx(IThingID itemId, IThingID userId) throws PortalException
      Returns the access right set the specified user has for the specified item
      Parameters:
      itemId - Item whose access is requested.
      userId - User whose access to the item is requested.
      Returns:
      complete right set for an item
      Throws:
      PortalException

    • getSecurityRealm

      IThingID getSecurityRealm(IThingID itemID) throws PortalException
      Returns thing ID of the policy assigned to the object. May return null if there are no assigned policy
      Parameters:
      itemID -
      Returns:
      Throws:
      PortalException

    • listSecurityRealmObjects

      IThingIDList listSecurityRealmObjects(IThingID securityRealmID) throws PortalException
      Returns list of objects that have assigned that security realm. May return empty list
      Parameters:
      securityRealmID - thing ID of the security realm
      Returns:
      Throws:
      PortalException

    • getAccessList

      @Deprecated int[] getAccessList(IThingIDList thingIDList, IThingID userId, Map<?,?> capabilities) throws PortalException
      Deprecated.
      use getAccessListEx(IThingIDList, IThingID) instead
      Returns an array of bit sets representing the access rights granted to the specified user for the specified items.
      Parameters:
      thingIDList - Items whose access to get.
      userId - User whose access to get.
      Returns:
      An array of bit sets representing the access rights.
      Throws:
      PortalException
      See Also:

    • getAccessListEx

      List<IRightSet> getAccessListEx(IThingIDList thingIDList, IThingID userId) throws PortalException
      Returns an array of IRightSet representing the access rights granted to the specified user for the specified items.
      Parameters:
      thingIDList - Items whose access to get.
      userId - User whose access to get.
      Returns:
      List of IRightSet
      Throws:
      PortalException
      See Also:

    • checkAccess

      @Deprecated void checkAccess(IThingID itemId, IThingID userId, int rights, Map<?,?> capabilities) throws PortalException
      Deprecated.
      use checkAccessEx(IThingID, IThingID, IRightSet) instead
      Check access for a given thingID.
      Parameters:
      itemId - The item being checked for access.
      userId - The user wanting access.
      rights - The requested rights (see IAccessRight).
      Throws:
      PortalException

    • checkAccessEx

      void checkAccessEx(IThingID itemId, IThingID userId, IRightSet rightSet) throws PortalException
      Check access for a given thingID.
      Parameters:
      itemId - The item being checked for access.
      userId - The user wanting access.
      rightSet - The requested rights .
      Throws:
      PortalException

    • canSetAccess

      boolean canSetAccess(IThingID itemId, IThingID userId, boolean recursive) throws PortalException
      Returns true if the specified user can add or modify entries in the access list of the specified item.
      Parameters:
      itemId - IURI of item
      userId - IThingID of user
      recursive - True if we want to recursively check the item's descendants.
      Returns:
      True if the user can add or modify entries in the access list of the item, False if they can't.
      Throws:
      PortalException - if the userId is invalid.

    • canSetSecurityRealm

      boolean canSetSecurityRealm(IThingID itemID, IThingID userID, IThingID policyID, boolean recursive) throws PortalException
      Returns true if user can set policy on the item
      Parameters:
      itemID - item thing ID
      userID - user thing ID
      policyID - policy object ID
      recursive - whether policy will be set recursive
      Returns:
      Throws:
      PortalException

    • checkSetAccess

      void checkSetAccess(IThingID itemId, IThingID userId, boolean recursive) throws PortalException, PortalAccessException
      Throws a PortalAccessException if the specified user cannot add or modify entries in the access list of the specified item.
      Parameters:
      itemId - IURI of item
      userId - IThingID of user
      recursive - True if we want to recursively check the item's descendants.
      Throws:
      PortalAccessException - if the user cannot add or modify entries in the access list of the item.
      PortalException - if the userId is invalid.

    • checkSetSecurityRealm

      void checkSetSecurityRealm(IThingID itemID, IThingID userID, IThingID policyID, boolean recursive) throws PortalException, PortalAccessException
      Checks if user can set policy on the item, otherwise exception is thrown
      Parameters:
      itemID - item thing ID
      userID - user thing ID
      policyID - policy object ID
      recursive - whether policy will be set recursive
      Throws:
      PortalException
      PortalAccessException

    • canRemoveAccess

      boolean canRemoveAccess(IThingID itemId, IThingID userId, boolean recursive) throws PortalException
      Returns true if the specified user can remove entries from the access list of the specified item.
      Parameters:
      itemId - IURI of item
      userId - IThingID of user
      recursive - True if we want to recursively check the item's descendants.
      Returns:
      True if the user can remove entries from the access list of the item, False if they can't.
      Throws:
      PortalException - if the userId is invalid.

    • canRemoveSecurityRealm

      boolean canRemoveSecurityRealm(IThingID itemId, IThingID userId, boolean recursive) throws PortalException
      Returns true if user can remove policy from the specified item
      Parameters:
      itemId - thing ID of the item
      userId - user thing ID
      recursive - whether policy should be removed recursively
      Returns:
      Throws:
      PortalException

    • checkRemoveAccess

      void checkRemoveAccess(IThingID itemId, IThingID userId, boolean recursive) throws PortalException, PortalAccessException
      Throws a PortalAccessException if the specified user cannot remove entries from the access list of the specified item.
      Parameters:
      itemId - IURI of item
      userId - IThingID of user
      recursive - True if we want to recursively check the item's descendants.
      Throws:
      PortalAccessException - if the user cannot remove entries from the access list of the item.
      PortalException - if the userId is invalid.

    • checkRemoveSecurityRealm

      void checkRemoveSecurityRealm(IThingID itemID, IThingID userID, boolean recursive) throws PortalException, PortalAccessException
      Checks if user can remove policy from the specified item, otherwise exception will be thrown
      Parameters:
      itemID - thing ID of the item
      userID - user thing ID
      recursive - whether policy should be removed recursively
      Throws:
      PortalException
      PortalAccessException

    • canSetAuthentication

      boolean canSetAuthentication(IThingID itemId, IThingID userId, boolean recursive) throws PortalException
      Returns true if the specified user can set the authentication type of the specified item.
      Parameters:
      itemId - IURI of item
      userId - IThingID of user
      recursive - True if we want to recursively check the item's descendants.
      Returns:
      True if the user can set the authentication type of the item, False if they can't.
      Throws:
      PortalException - if the userId is invalid.

    • checkSetAuthentication

      void checkSetAuthentication(IThingID itemId, IThingID userId, boolean recursive) throws PortalException, PortalAccessException
      Throws a PortalAccessException if the specified user cannot set the authentication type of the specified item.
      Parameters:
      itemId - IURI of item
      userId - IThingID of user
      recursive - True if we want to recursively check the item's descendants.
      Throws:
      PortalAccessException - if the user cannot set the authentication type of the item.
      PortalException - if the userId is invalid.

    • canSetOwner

      boolean canSetOwner(IThingID itemId, IThingID userId) throws PortalException
      Returns true if the specified user can set the owner of the specified item.
      Parameters:
      itemId - IURI of item
      userId - IThingID of user
      Returns:
      True if the user can set the owner of the item, False if they can't.
      Throws:
      PortalException - if the userId is invalid.

    • checkSetOwner

      void checkSetOwner(IThingID itemId, IThingID userId) throws PortalException, PortalAccessException
      Throws a PortalAccessException if the specified user cannot set the owner of the specified item.
      Parameters:
      itemId - IURI of item
      userId - IThingID of user
      Throws:
      PortalAccessException - if the user cannot set the owner of the item.
      PortalException - if the userId is invalid.

    • fireSetAccessEvent

      void fireSetAccessEvent(IThingID itemId, IThingID userId, int status, List<? extends IURI> principalIds) throws PortalException
      Fires a set access event.
      Parameters:
      itemId - Item to whose access list entries were added or modified.
      userId - User who set the access.
      status - Status of the event (successful, denied, error).
      principalIds - List of IURIs whose access was modified.
      Throws:
      PortalException - if the userId is invalid.

    • fireSetAccessEvent

      void fireSetAccessEvent(IThingID itemId, IThingID userId, int status, List<? extends IURI> principalIds, boolean recursive) throws PortalException
      Fires a set access event.
      Parameters:
      itemId - Item to whose access list entries were added or modified.
      userId - User who set the access.
      status - Status of the event (successful, denied, error).
      principalIds - List of IURIs whose access was modified.
      Throws:
      PortalException - if the userId is invalid.

    • fireSetSecurityRealmEvent

      void fireSetSecurityRealmEvent(IThingID itemId, IThingID userId, IThingID policyID, boolean recursive) throws PortalException
      Fires event about setting policy on the item
      Parameters:
      itemId - item thing ID
      userId - user ID which performed an operation
      policyID - policy object ID
      recursive - if this was a recursive operation
      Throws:
      PortalException

    • fireRemoveAcccesEvent

      void fireRemoveAcccesEvent(IThingID itemId, IThingID userId, int status, List<? extends IURI> principalIds) throws PortalException
      Fires a remove access event.
      Parameters:
      itemId - Item to which access list entries were removed.
      userId - User who removed the access.
      status - Status of the event (successful, denied, error).
      principalIds - List of IURIs whose access was removed.
      Throws:
      PortalException - if the userId is invalid.

    • fireRemoveSecurityRealmEvent

      void fireRemoveSecurityRealmEvent(IThingID itemID, IThingID userID, IThingID policyID, boolean recursive) throws PortalException
      Fires an event about policy being removed from an item
      Parameters:
      itemID - item thing ID
      userID - user thing Id who performed an operation
      recursive - whether this was a recursive
      Throws:
      PortalException

    • fireRemoveAcccesEvent

      void fireRemoveAcccesEvent(IThingID itemId, IThingID userId, int status, List<? extends IURI> principalIds, boolean recursive) throws PortalException
      Fires a remove access event.
      Parameters:
      itemId - Item to which access list entries were removed.
      userId - User who removed the access.
      status - Status of the event (successful, denied, error).
      principalIds - List of IURIs whose access was removed.
      Throws:
      PortalException - if the userId is invalid.

    • fireSetAuthenticationEvent

      void fireSetAuthenticationEvent(IThingID itemId, IThingID userId, int status, String scheme) throws PortalException
      Fires a set authentication event.
      Parameters:
      itemId - Item whose authentication scheme was set.
      userId - User who set the authentication scheme.
      status - Status of the event (successful, denied, error).
      scheme - Name of the authentication scheme.
      Throws:
      PortalException - if the userId is invalid.

    • fireSetAuthenticationEvent

      void fireSetAuthenticationEvent(IThingID itemId, IThingID userId, int status, String scheme, boolean recursive) throws PortalException
      Fires a set authentication event.
      Parameters:
      itemId - Item whose authentication scheme was set.
      userId - User who set the authentication scheme.
      status - Status of the event (successful, denied, error).
      scheme - Name of the authentication scheme.
      Throws:
      PortalException - if the userId is invalid.

    • fireSetOwnerEvent

      void fireSetOwnerEvent(IThingID itemId, IThingID userId, int status, IThingID newOwnerId, IThingID oldOwnerId) throws PortalException
      Fires a set owner event.
      Parameters:
      itemId - Item whose owner was set.
      userId - User who set the owner.
      status - Status of the event (successful, denied, error).
      newOwnerId - New owner.
      oldOwnerId - Old owner.
      Throws:
      PortalException - if the userId is invalid.

    • fireSetOwnerEvent

      void fireSetOwnerEvent(IThingID itemId, IThingID userId, int status, IThingID newOwnerId, IThingID oldOwnerId, boolean recursive) throws PortalException
      Fires a set owner event.
      Parameters:
      itemId - Item whose owner was set.
      userId - User who set the owner.
      status - Status of the event (successful, denied, error).
      newOwnerId - New owner.
      oldOwnerId - Old owner.
      Throws:
      PortalException - if the userId is invalid.

    • getRightsForType

      IListView<IView> getRightsForType(String xtypeName) throws PortalException
      Returns list view of all registered access rights for the specified xtype
      Parameters:
      xtypeName -
      Returns:
      Throws:
      PortalException

    • getRightValueForName

      int getRightValueForName(String xtypeName, String rightName) throws PortalException
      Returns integer right value from the registered right name. It also resolves legacy right names like: READ, MODIFY, DELETE, MODIFY_PERMISSION, CREATE_ITEM, CREATE_CONTAINER
      Parameters:
      xtypeName - xtype name or basic type name for an object
      rightName -
      Returns:
      valid right value for the name or -1 if not found
      Throws:
      PortalException

    • getRightNameForValue

      String getRightNameForValue(String xtypeName, int rightValue) throws PortalException
      Returns right name from given right value and xtype id. Different xtypes may share right with the same value, but have a different name
      Parameters:
      xtypeName - xtype name or basic type name of an object
      rightValue - right value
      Returns:
      right name as registered for given xtype or null if not found
      Throws:
      PortalException

    • removeAces

      void removeAces(IThingID itemId, List<? extends IURI> principalIds, boolean recursive) throws PortalException
      Removes the access entries for the specified item.
      Parameters:
      itemId - Item whose access entries to remove.
      principalIds - List of IURIs to remove.
      recursive - True if the removal should be applied to this item's descendants.
      Throws:
      PortalException

    • removeSecurityRealm

      void removeSecurityRealm(IThingID itemID, IThingID policyID, boolean recursive) throws PortalException
      Removes any assigned policies from the given item
      Parameters:
      itemID - item thing ID
      recursive - whether to remove policy recursively
      Throws:
      PortalException

    • setAces

      @Deprecated void setAces(IThingID itemId, List<? extends IURI> principalIds, boolean recursive, int grant, int deny, int exclusive) throws PortalException
      Deprecated.
      use setAcesEx(IThingID, List, boolean, IRightSet, IRightSet, IRightSet) instead
      Sets the access entries of the specified item.
      Parameters:
      itemId - Item whose access entries to set.
      principalIds - List of IURIs for which to add or modify access.
      recursive - True if the access modification should be applied to this item's descendants.
      grant - Bit set of rights to grant.
      deny - Bit set of rights to deny.
      exclusive - Bit set of rights to grant exclusively.
      Throws:
      PortalException
      See Also:

    • setAcesEx

      void setAcesEx(IThingID itemId, List<? extends IURI> principalIds, boolean recursive, IRightSet grant, IRightSet deny, IRightSet exclusive) throws PortalException
      Sets the access entries of the specified item.
      Parameters:
      itemId - Item whose access entries to set.
      principalIds - List of IURIs for which to add or modify access.
      recursive - True if the access modification should be applied to this item's descendants.
      grant - Bit set of rights to grant.
      deny - Bit set of rights to deny.
      exclusive - Bit set of rights to grant exclusively.
      delegate - Bit set of rights that may be delegated.
      Throws:
      PortalException
      See Also:

    • cloneAces

      void cloneAces(IThingID sourceID, IThingID targetID) throws PortalException
      clone the aces from the source to the destination
      Parameters:
      sourceID -
      targetID -
      Throws:
      PortalException

    • setSecurityRealm

      void setSecurityRealm(IThingID itemID, IThingID policyID, boolean recursive) throws PortalException
      Sets policy for the given item
      Parameters:
      itemID - item thing ID
      policyID - policy object ID
      recursive - whether to set policy recursively
      Throws:
      PortalException

    • setSecurityRealm

      void setSecurityRealm(IThingID itemID, IThingID policyID, boolean recursive, boolean disableOverwrite) throws PortalException
      Sets policy for the given item
      Parameters:
      itemID - item thing ID
      policyID - policy object ID
      recursive - whether to set policy recursively
      disableOverwrite - disable overwrite of policy selections
      Throws:
      PortalException

    • getAuthSchemeForAuthLevel

      String getAuthSchemeForAuthLevel(int level) throws PortalException
      Parameters:
      level -
      Returns:
      the common name for the auth Level
      Throws:
      PortalException - if no scheme is found for that level

    • getAuthLevelForAuthScheme

      int getAuthLevelForAuthScheme(String authScheme) throws PortalException
      Parameters:
      authScheme -
      Returns:
      the level for the common name
      Throws:
      PortalException - if no auth level is found

    • getAuthScheme

      IAuthScheme getAuthScheme(String authSchemeName) throws PortalException
      Returns:
      auth scheme object for the common name
      Throws:
      PortalException - if no auth scheme is found

    • getAvailableAuthSchemes

      IThingIDList getAvailableAuthSchemes() throws PortalException
      Gets a list of available IThingID's who's IThing's implement IAuthScheme
      Throws:
      PortalException

    • getAuthSchemeForResource

      IAuthScheme getAuthSchemeForResource(IURI uri) throws PortalException
      Returns the appropriate IAuthScheme for a specific resource
      Throws:
      PortalException

    • getDefaultAuthScheme

      IAuthScheme getDefaultAuthScheme() throws PortalException
      Returns the current default auth scheme
      Throws:
      PortalException

    • invalidateAcesForUser

      void invalidateAcesForUser(IThingID userID) throws PortalException
      Invalidates mechanics acl cache for the given user
      Parameters:
      userID -
      Throws:
      PortalException

    • invalidateAcesForThing

      void invalidateAcesForThing(IThingID thingID) throws PortalException
      Invalidates access cache for the given thing
      Parameters:
      thingID -
      Throws:
      PortalException