Access (Eagle-I Repository Webapp 1.2-MS3.01 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | ENUM CONSTANTS | FIELD | METHOD

DETAIL: ENUM CONSTANTS | FIELD | METHOD

org.eaglei.repository.model
Enum Access

java.lang.Object
  java.lang.Enum<Access>
      org.eaglei.repository.model.Access

All Implemented Interfaces:: java.io.Serializable, java.lang.Comparable<Access>

public enum Access
extends java.lang.Enum<Access>
extends java.lang.Enum<Access>

Access control for the repository. The Access class is two things: 1. Enumerated type describing the type of operation the user is allowed to do. These correspond to REPO constants (and maybe should move there?) 2. A collection of static utility methods to: a. Answer access-control questions b. Manage the records of access grants, including import/export (These arguably don't belong in this enum class but that's how the code evolved and moving the static methods to a new class isn't really any more clear..) Access permission is computed as follows: 1. Does current user have the Superuser role? If so, always "yes". 2. Is there a direct grant, e.g. :has___Access ? 3. Indirect role grant? e.g. :has___Access , and user asserts that role (i.e. :hasRole ) NOTES: - Roles are NOT hierarchical, each role is independent. - ALL users have :Role_Authenticated and :Role_Anonymous asserted invisibly (materialized but managed automatically) - A session without a logged-in user is identified as :Role_Anonymous Started April, 2010

Version:: $Id: $
Author:: Larry Stone

Enum Constant Summary
`ADD`
`ADMIN`
`READ` Types of access to be granted
`REMOVE`

Field Summary
`static org.openrdf.query.impl.DatasetImpl`	`ACCESS_DATASET`

Method Summary
`static void`	`filterByPermission(javax.servlet.http.HttpServletRequest request, org.openrdf.model.URI aprincipal, java.lang.String name, java.lang.String results, java.lang.String patternGroup, Access pred, org.openrdf.query.Dataset dataset, org.openrdf.query.BindingSet bindings, org.openrdf.query.TupleQueryResultHandler handler)` Filters results of query by what the current user has indicated permission on..
`org.openrdf.model.URI`	`getURI()` Get the URI referenced by this access type.
`static boolean`	`hasPermission(javax.servlet.http.HttpServletRequest request, org.openrdf.model.Resource subject, Access pred)` hasPermission - predicate, general permission test.
`static boolean`	`hasPermissionOnUser(javax.servlet.http.HttpServletRequest request, java.lang.String username)` Special case access predicate on User objects.
`static boolean`	`isAccessPredicate(org.openrdf.model.URI uri)` Predicate testing whether a URI is a valid access grant property.
`java.lang.String`	`toString()`
`static Access`	`valueOf(java.lang.String name)` Returns the enum constant of this type with the specified name.
`static Access[]`	`values()` Returns an array containing the constants of this enum type, in the order they are declared.

Methods inherited from class java.lang.Enum
`clone, compareTo, equals, finalize, getDeclaringClass, hashCode, name, ordinal, valueOf`

Methods inherited from class java.lang.Object
`getClass, notify, notifyAll, wait, wait, wait`

Enum Constant Detail

READ

public static final Access READ

Types of access to be granted

ADD

public static final Access ADD

REMOVE

public static final Access REMOVE

ADMIN

public static final Access ADMIN

Field Detail

ACCESS_DATASET

public static final org.openrdf.query.impl.DatasetImpl ACCESS_DATASET

Method Detail

values

public static Access[] values()

Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows:

for (Access c : Access.values())
    System.out.println(c);

Returns:: an array containing the constants of this enum type, in the order they are declared

valueOf

public static Access valueOf(java.lang.String name)

Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)

Parameters:: name - the name of the enum constant to be returned.
Returns:: the enum constant with the specified name
Throws:: java.lang.IllegalArgumentException - if this enum type has no constant with the specified name; java.lang.NullPointerException - if the argument is null

isAccessPredicate

public static boolean isAccessPredicate(org.openrdf.model.URI uri)

Predicate testing whether a URI is a valid access grant property.

Parameters:: uri - the uri to test
Returns:: true if uri is the URI value of an access grant keyword.

getURI

public org.openrdf.model.URI getURI()

Get the URI referenced by this access type.

Returns:: a URI object.

toString

public java.lang.String toString()

Overrides:: toString in class java.lang.Enum<Access>

hasPermission

public static boolean hasPermission(javax.servlet.http.HttpServletRequest request,
                                    org.openrdf.model.Resource subject,
                                    Access pred)

hasPermission - predicate, general permission test.

Does current user have the indicated permission on this resource? See the general formula and rules for computing access in comments at the head of this class.

Parameters:: request - a HttpServletRequest object.; subject - the object being tested for access; pred - the type of access
Returns:: a boolean, true if access was granted.

hasPermissionOnUser

public static boolean hasPermissionOnUser(javax.servlet.http.HttpServletRequest request,
                                          java.lang.String username)

Special case access predicate on User objects. Does CURRENT AUTHENTICATED user have permission TO MODIFY the User object associated with this username? True if it matches the current logged-in user, or we are superuser.

Parameters:: request - a HttpServletRequest object.; username - principal (i.e. RDBMS username, value of :hasPrincipal), a String object.
Returns:: a boolean, true if permission is gratned.

filterByPermission

public static void filterByPermission(javax.servlet.http.HttpServletRequest request,
                                      org.openrdf.model.URI aprincipal,
                                      java.lang.String name,
                                      java.lang.String results,
                                      java.lang.String patternGroup,
                                      Access pred,
                                      org.openrdf.query.Dataset dataset,
                                      org.openrdf.query.BindingSet bindings,
                                      org.openrdf.query.TupleQueryResultHandler handler)

Filters results of query by what the current user has indicated permission on.. Resource (URI) expected to be in variable named "?{name}" so this SPARQL pattern group fragment (in "{ }") can be combined with the rest of the query. See hasPermission() for algorithm to figure permission. The only difference is that this does NOT work for superuser. (It could be added if there is a need.) Results are returned by calling tuple query handler. ***** WARNING ***** DO NOT call this if you are superuser! It will not work. Test for superuser before calling this filter and use alternate query.

Parameters:: request - a HttpServletRequest object.; principal - URI of user or role being checked for permission; name - bare name of the variable in query containing URI to test for access. NOTE: 'name' MUST be a variable in 'results' list; results - query results clause, i.e. SELECT WHERE ...; patternGroup - query fragment; pred - type of access being tested, a org.eaglei.repository.Access object.; dataset - the dataset on whcih to operate, MUST not be null; handler - a TupleQueryResultHandler object.