com.wewebu.ow.server.role
Interface OwRoleManager

All Known Subinterfaces:
OwIntegratedApplicationRoleManager
All Known Implementing Classes:
OwSimpleRoleManager, OwStandardRoleManager

public interface OwRoleManager

Interface for the role manager.
Override this class to implement your own role manager and set the role manager in the bootstrap settings.
You get a instance of the RoleManager by calling getContext().getRoleManager().

Alfresco Workdesk
Copyright (c) Alfresco Software, Inc.
All rights reserved.

For licensing information read the license.txt file or
go to: http://wiki.alfresco.com


Field Summary
static int[] m_predefinedcategories
          array of all predefined categories
static int ROLE_ACCESS_MASK_FLAG_DYNAMIC_RESOURCE_MODIFY
          access mask flag for startup folder: modify this property
static int ROLE_ACCESS_MASK_FLAG_INDEX_FIELD_MODIFY
          access mask flag for Object classes: modify this property
static int ROLE_ACCESS_MASK_FLAG_INDEX_FIELD_VIEW
          access mask flag for Object classes: view this property
static int ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_CHECKIN
          access mask flag for Object classes: checkin objects of this class
static int ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_CREATE
          access mask flag for Object classes: create objects of this class
static int ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_VIEW
          access mask flag for Object classes: view objects of this class
static int ROLE_ACCESS_RIGHT_ALLOWED
          the role is granted to the resource
static int ROLE_ACCESS_RIGHT_DENIED
          the role is explicitly denied for that resource.
static int ROLE_ACCESS_RIGHT_NOT_ALLOWED
          default access right: the role has no access to the resource
static int ROLE_CATEGORY_DESIGN
          category for the design
static int ROLE_CATEGORY_INDEX_FIELDS
          category for index fields
static int ROLE_CATEGORY_OBJECT_CLASSES
          category for object classes
static int ROLE_CATEGORY_PLUGIN
          category for the plugins to check against role system, used in isAllowed(...)
static int ROLE_CATEGORY_SEARCH_TEMPLATE
          category for the search templates displayed in search to check against role system, used in isAllowed(...)
static int ROLE_CATEGORY_SELECTIVE_CONFIGURATION
          category for the selective configuration
static int ROLE_CATEGORY_STANDARD_FUNCTION
          category for the standard functions to check against role system, used in isAllowed(...)
static int ROLE_CATEGORY_STARTUP_FOLDER
          category for startup folder
static int ROLE_CATEGORY_USER_START
          user defined categories in overridden role managers start here
static int ROLE_CATEGORY_VIRTUAL_FOLDER
          category for startup folder
static int ROLE_CATEGORY_VIRTUAL_QUEUE
          category for virtual queues to check against role system, used in isAllowed(...)
static int ROLE_RESOURCE_CONTEXT_CHECKIN
          resource context CHECKIN
static int ROLE_RESOURCE_CONTEXT_CREATE
          resource context CREATE
static int ROLE_RESOURCE_CONTEXT_VIEW
          resource context VIEW
static String STD_FUNC_CAN_EDIT_SITE_SETTINGS
          resource ID
 
Method Summary
 boolean canExplicitDeny()
          Check if rolemanager supports explicit deny of resources.
 boolean canPersistAccessMask()
          Check if the rolemanager can persist changes on the access mask.
 boolean canRefreshStaticConfiguration()
          Check if update the configuration data is supported
 int getAccessMask(String roleName_p, int category_p, String resourceId_p)
          Get the access mask for this resource.
 Map getAccessMaskDescriptions(int category_p)
          Returns a map between the access right flag and the localized display name.
 int getAccessRights(String roleName_p, int category_p, String resourceId_p)
          Retrieves the access rights for a given role to a given resource.
 Collection getAllowedResources(int category_p)
          get all resources the current user has access to for a given category
 Collection getCategories()
          get all defined categories and displaynames as a map
 String getCategoryDisplayName(Locale locale_p, int categorie_p)
          get a display name for the given category
 Collection getConfiguredCategories()
          Get configured categories and displaynames as a map.
 OwXMLUtil getDefaultMIMENode(int iObjectType_p)
          get the default MIME XML Entry for the given object type.
 String getDesign()
          get the name of the design for the current user can be overridden by rolemanager implementation Specifies the subfolder under /designs/ where to retrieve the design files.
 String getMasterRole()
          get the master role that is currently selected for the current user
 String getMasterRoleDisplayName(Locale locale_p, String strRole_p)
          get a displayname for the given master role
 Collection getMasterRoles()
          get a list of master roles that can be selected for the current user
 OwXMLUtil getMIMENode(String strMIMEType_p)
          get the MIME XML Entry for the given MIMEType.
 OwXMLUtil getPlugin(String strID_p)
          get a plugin description by its key that are allowed for the logged on user.
 List getPlugins(String strType_p)
          get a list of plugin description OwXMLUtil nodes by type as defined in OwConfiguration, that are allowed for the logged on user.
 String getResourceDisplayName(Locale locale_p, int categorie_p, String strID_p)
          get a display name for the given category
 Collection getResources(int category_p)
          get all available resources for a given category
 boolean hasAccessMaskRight(int iCategory_p, String strResourceID_p, int requiredAccessMask_p)
          checks if the current user designated by its credentials is allowed to use the given resource and has the required right in its access mask for that resource.
 boolean hasMasterRoles()
          check if selectable master roles are supported by the rolemanager for the current user
 void init(OwRoleManagerContext mainContext_p, OwXMLUtil configNode_p)
          init the manager, set context optionally set a prefix to distinguish several different applications.
 boolean isAllowed(int iCategory_p, String strResourceID_p)
          checks if the current user designated by its credentials is allowed to use the given resource / function
 boolean isGlobalRole(String roleName_p)
          Determine if the given role name is a global role or a mandator specific role.
 boolean isGlobalRoleModificationAllowed()
          Check if the current user is allowed to modify global roles, which are not bound to a specific mandator.
 boolean isStaticResourceCategory(int category_p)
           
 void loginInit()
          init called AFTER the user has logged in.
 void refreshStaticConfiguration()
          Refresh the static configuration data
 void replaceResource(String roleName_p, int category_p, String oldResourceId_p, String newResourceId_p)
          Replaces the given dynamic old resource with a new one for its occurrences in access settings entries corresponding to the given role.
 void setAccessMask(String roleName_p, int category_p, String resourceId_p, int accessMask_p)
          Set the access mask for this resource.
 void setAccessRights(String roleName_p, int category_p, String resourceId_p, int accessRights_p)
          Persists the access rights for a given role to a given resource.
 boolean setMasterRole(String strRole_p)
          set the role that is currently selected for the user
 

Field Detail

ROLE_CATEGORY_PLUGIN

static final int ROLE_CATEGORY_PLUGIN
category for the plugins to check against role system, used in isAllowed(...)

See Also:
Constant Field Values

ROLE_CATEGORY_VIRTUAL_QUEUE

static final int ROLE_CATEGORY_VIRTUAL_QUEUE
category for virtual queues to check against role system, used in isAllowed(...)

See Also:
Constant Field Values

ROLE_CATEGORY_SEARCH_TEMPLATE

static final int ROLE_CATEGORY_SEARCH_TEMPLATE
category for the search templates displayed in search to check against role system, used in isAllowed(...)

See Also:
Constant Field Values

ROLE_CATEGORY_STANDARD_FUNCTION

static final int ROLE_CATEGORY_STANDARD_FUNCTION
category for the standard functions to check against role system, used in isAllowed(...)

See Also:
Constant Field Values

ROLE_CATEGORY_DESIGN

static final int ROLE_CATEGORY_DESIGN
category for the design

See Also:
Constant Field Values

ROLE_CATEGORY_SELECTIVE_CONFIGURATION

static final int ROLE_CATEGORY_SELECTIVE_CONFIGURATION
category for the selective configuration

See Also:
Constant Field Values

ROLE_CATEGORY_OBJECT_CLASSES

static final int ROLE_CATEGORY_OBJECT_CLASSES
category for object classes

See Also:
Constant Field Values

ROLE_CATEGORY_INDEX_FIELDS

static final int ROLE_CATEGORY_INDEX_FIELDS
category for index fields

See Also:
Constant Field Values

ROLE_CATEGORY_STARTUP_FOLDER

static final int ROLE_CATEGORY_STARTUP_FOLDER
category for startup folder

See Also:
Constant Field Values

ROLE_CATEGORY_VIRTUAL_FOLDER

static final int ROLE_CATEGORY_VIRTUAL_FOLDER
category for startup folder

See Also:
Constant Field Values

ROLE_CATEGORY_USER_START

static final int ROLE_CATEGORY_USER_START
user defined categories in overridden role managers start here

See Also:
Constant Field Values

ROLE_RESOURCE_CONTEXT_CREATE

static final int ROLE_RESOURCE_CONTEXT_CREATE
resource context CREATE

See Also:
Constant Field Values

ROLE_RESOURCE_CONTEXT_CHECKIN

static final int ROLE_RESOURCE_CONTEXT_CHECKIN
resource context CHECKIN

See Also:
Constant Field Values

ROLE_RESOURCE_CONTEXT_VIEW

static final int ROLE_RESOURCE_CONTEXT_VIEW
resource context VIEW

See Also:
Constant Field Values

m_predefinedcategories

static final int[] m_predefinedcategories
array of all predefined categories


ROLE_ACCESS_RIGHT_NOT_ALLOWED

static final int ROLE_ACCESS_RIGHT_NOT_ALLOWED
default access right: the role has no access to the resource

See Also:
Constant Field Values

ROLE_ACCESS_RIGHT_ALLOWED

static final int ROLE_ACCESS_RIGHT_ALLOWED
the role is granted to the resource

See Also:
Constant Field Values

ROLE_ACCESS_RIGHT_DENIED

static final int ROLE_ACCESS_RIGHT_DENIED
the role is explicitly denied for that resource. Users of this role have no access to the resource even if it is allowed by other roles the user is in.

See Also:
Constant Field Values

ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_VIEW

static final int ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_VIEW
access mask flag for Object classes: view objects of this class

See Also:
Constant Field Values

ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_CREATE

static final int ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_CREATE
access mask flag for Object classes: create objects of this class

See Also:
Constant Field Values

ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_CHECKIN

static final int ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_CHECKIN
access mask flag for Object classes: checkin objects of this class

See Also:
Constant Field Values

ROLE_ACCESS_MASK_FLAG_INDEX_FIELD_VIEW

static final int ROLE_ACCESS_MASK_FLAG_INDEX_FIELD_VIEW
access mask flag for Object classes: view this property

See Also:
Constant Field Values

ROLE_ACCESS_MASK_FLAG_INDEX_FIELD_MODIFY

static final int ROLE_ACCESS_MASK_FLAG_INDEX_FIELD_MODIFY
access mask flag for Object classes: modify this property

See Also:
Constant Field Values

ROLE_ACCESS_MASK_FLAG_DYNAMIC_RESOURCE_MODIFY

static final int ROLE_ACCESS_MASK_FLAG_DYNAMIC_RESOURCE_MODIFY
access mask flag for startup folder: modify this property

See Also:
Constant Field Values

STD_FUNC_CAN_EDIT_SITE_SETTINGS

static final String STD_FUNC_CAN_EDIT_SITE_SETTINGS
resource ID

See Also:
Constant Field Values
Method Detail

init

void init(OwRoleManagerContext mainContext_p,
          OwXMLUtil configNode_p)
          throws Exception
init the manager, set context optionally set a prefix to distinguish several different applications. The rolemanager will filter the allowed plugins, MIME settings and design with the prefix. The default is empty. e.g. used for the Zero-Install Desktop Integration (ZIDI) to display a different set of plugins, MIME table and design for the Zero-Install Desktop Integration (ZIDI)

Parameters:
mainContext_p - reference to the main app context of the application
configNode_p - OwXMLUtil node with configuration information
Throws:
Exception

loginInit

void loginInit()
               throws Exception
init called AFTER the user has logged in. NOTE: This function is called only once after login to do special initialization, which can only be performed with valid credentials.

Throws:
Exception

refreshStaticConfiguration

void refreshStaticConfiguration()
                                throws Exception
Refresh the static configuration data

Throws:
Exception

canRefreshStaticConfiguration

boolean canRefreshStaticConfiguration()
                                      throws Exception
Check if update the configuration data is supported

Throws:
Exception

isAllowed

boolean isAllowed(int iCategory_p,
                  String strResourceID_p)
                  throws Exception
checks if the current user designated by its credentials is allowed to use the given resource / function

Parameters:
iCategory_p - of the requested function
strResourceID_p - String ID of the requested resource (function / plugin id)
Returns:
true if user has permission, false if permission is denied
Throws:
Exception

hasAccessMaskRight

boolean hasAccessMaskRight(int iCategory_p,
                           String strResourceID_p,
                           int requiredAccessMask_p)
                           throws Exception
checks if the current user designated by its credentials is allowed to use the given resource and has the required right in its access mask for that resource.

Parameters:
iCategory_p - of the requested function
strResourceID_p - String ID of the requested resource (function / plugin id)
requiredAccessMask_p - a 32 bit bitset with all flags set that have to be checked for the current user
Returns:
true if user has permission, false if permission is denied
Throws:
Exception

getAllowedResources

Collection getAllowedResources(int category_p)
                               throws Exception
get all resources the current user has access to for a given category

Parameters:
category_p - int category for given user
Returns:
Collection of String (resource IDs)
Throws:
Exception

getDesign

String getDesign()
                 throws Exception
get the name of the design for the current user can be overridden by rolemanager implementation Specifies the subfolder under /designs/ where to retrieve the design files. i.e. CSS, images, layouts... This function can be used to make the look & feel dependent on the logged in user.

Returns:
name of design to use, default = "default"
Throws:
Exception

getPlugins

List getPlugins(String strType_p)
                throws Exception
get a list of plugin description OwXMLUtil nodes by type as defined in OwConfiguration, that are allowed for the logged on user.

Returns:
list of OwXMLUtil plugin nodes for the given type or null if not found
Throws:
Exception

getPlugin

OwXMLUtil getPlugin(String strID_p)
                    throws Exception
get a plugin description by its key that are allowed for the logged on user.

Returns:
OwXMLUtil or null if not found
Throws:
Exception

getMIMENode

OwXMLUtil getMIMENode(String strMIMEType_p)
                      throws Exception
get the MIME XML Entry for the given MIMEType. Lookup in MimeMap that are allowed for the logged on user.
 <?xml version="1.0"?>
  <mimetable>
   <mime typ="file/txt">
    <icon>file_txt.png</icon>
    <viewerservlet>getConent</viewerservlet>
   </mime>
   <!--further MIME entries-->
  </mimetable>
 

Parameters:
strMIMEType_p - OwObject MIMEType
Returns:
org.w3c.dom.Node DOM Node of MIME entry from MIME table, or null if not found
Throws:
Exception

getDefaultMIMENode

OwXMLUtil getDefaultMIMENode(int iObjectType_p)
                             throws Exception
get the default MIME XML Entry for the given object type. that are allowed for the logged on user.

Parameters:
iObjectType_p - Objecttype
Returns:
org.w3c.dom.Node DOM Node of MIME entry from MIME table, or null if not found
Throws:
Exception

getCategories

Collection getCategories()
get all defined categories and displaynames as a map

Returns:
Collection of Integer keys (categories)

getConfiguredCategories

Collection getConfiguredCategories()
Get configured categories and displaynames as a map. If no categories are configured, all categories are returned.

Returns:
- a Collection of Integer keys (categories).
Since:
2.5.3.0

getCategoryDisplayName

String getCategoryDisplayName(Locale locale_p,
                              int categorie_p)
get a display name for the given category

Parameters:
locale_p - Locale to use
categorie_p - Integer from getCategories() method

getResources

Collection getResources(int category_p)
                        throws Exception
get all available resources for a given category

Parameters:
category_p - int category
Returns:
Collection of String keys (resource IDs)
Throws:
Exception

getResourceDisplayName

String getResourceDisplayName(Locale locale_p,
                              int categorie_p,
                              String strID_p)
get a display name for the given category

Parameters:
locale_p - Locale to use
categorie_p - Integer from getCategories() method
strID_p - String resource ID

getAccessRights

int getAccessRights(String roleName_p,
                    int category_p,
                    String resourceId_p)
                    throws Exception
Retrieves the access rights for a given role to a given resource.

Parameters:
roleName_p - the name of the role to retrieve the access rights for
category_p - the category of the resource to retrieve the access rights for
resourceId_p - the ID of the resource to retrieve the access rights for
Returns:
one of the ROLE_ACCESS_RIGHT_ constants
Throws:
Exception
See Also:
ROLE_ACCESS_RIGHT_NOT_ALLOWED, ROLE_ACCESS_RIGHT_ALLOWED, ROLE_ACCESS_RIGHT_DENIED

setAccessRights

void setAccessRights(String roleName_p,
                     int category_p,
                     String resourceId_p,
                     int accessRights_p)
                     throws Exception
Persists the access rights for a given role to a given resource.

Parameters:
roleName_p - name of the role to set the access rights for
category_p - category of the resource to set the access rights for
resourceId_p - ID of the resource to set the access rights for
accessRights_p - the new access rights to persist as one of the ROLE_ACCESS_RIGHT_ constants
Throws:
Exception
See Also:
ROLE_ACCESS_RIGHT_NOT_ALLOWED, ROLE_ACCESS_RIGHT_ALLOWED, ROLE_ACCESS_RIGHT_DENIED

replaceResource

void replaceResource(String roleName_p,
                     int category_p,
                     String oldResourceId_p,
                     String newResourceId_p)
                     throws Exception
Replaces the given dynamic old resource with a new one for its occurrences in access settings entries corresponding to the given role.

Parameters:
roleName_p -
category_p -
oldResourceId_p -
newResourceId_p -
Throws:
Exception

getAccessMask

int getAccessMask(String roleName_p,
                  int category_p,
                  String resourceId_p)
Get the access mask for this resource.

Parameters:
roleName_p - the name of the role to retrieve the access mask for
category_p - the category of the resource to retrieve the access mask for
resourceId_p - the ID of the resource to retrieve the access mask for
Returns:
the access mask for this resource as an ORed collection of access flags retrieved by getAccessMaskDescriptions

setAccessMask

void setAccessMask(String roleName_p,
                   int category_p,
                   String resourceId_p,
                   int accessMask_p)
                   throws Exception
Set the access mask for this resource.

Parameters:
roleName_p - name of the role to set the access mask for
category_p - category of the resource to set the access mask for
resourceId_p - ID of the resource to set the access mask for
accessMask_p - the new access mask
Throws:
Exception

canExplicitDeny

boolean canExplicitDeny()
Check if rolemanager supports explicit deny of resources.

Returns:
true = Explicit deny is supported false = Explicit deny is not supported

canPersistAccessMask

boolean canPersistAccessMask()
Check if the rolemanager can persist changes on the access mask. If not, the getAccessMask() method will always return a full access mask

Returns:
true = Explicit deny is supported false = Explicit deny is not supported

isGlobalRoleModificationAllowed

boolean isGlobalRoleModificationAllowed()
Check if the current user is allowed to modify global roles, which are not bound to a specific mandator.

Returns:
true = current user is allowed to modify global roles false = current user is not allowed to modify global roles

isGlobalRole

boolean isGlobalRole(String roleName_p)
Determine if the given role name is a global role or a mandator specific role.

Parameters:
roleName_p - the name of the role to check
Returns:
true = rolename_p is a global role false = rolename_p is a mandator specific role

getAccessMaskDescriptions

Map getAccessMaskDescriptions(int category_p)
Returns a map between the access right flag and the localized display name. All checked access right flags are ORed together and form the int value of the access mask.

Parameters:
category_p - the category to retrieve the flag map for
Returns:
Map between Integer and String mapping the access mask flags to their display names

getMasterRoles

Collection getMasterRoles()
                          throws Exception
get a list of master roles that can be selected for the current user

Returns:
Collection of String, or null if no roles can be selected
Throws:
Exception

getMasterRoleDisplayName

String getMasterRoleDisplayName(Locale locale_p,
                                String strRole_p)
                                throws Exception
get a displayname for the given master role

Parameters:
locale_p - Locale to use
strRole_p - String
Returns:
String displayname for given role
Throws:
Exception

getMasterRole

String getMasterRole()
                     throws Exception
get the master role that is currently selected for the current user

Returns:
String role, or null if no roles can be selected
Throws:
Exception

setMasterRole

boolean setMasterRole(String strRole_p)
                      throws Exception
set the role that is currently selected for the user

Parameters:
strRole_p - String
Returns:
boolean true = role changed
Throws:
Exception

hasMasterRoles

boolean hasMasterRoles()
check if selectable master roles are supported by the rolemanager for the current user

Returns:
boolean true = given user has roles

isStaticResourceCategory

boolean isStaticResourceCategory(int category_p)
Parameters:
category_p -
Returns:
true if the given category is a static resource category (i.e. categories that have a predefined resource set associated with them - new resources can not be added directly)
Since:
4.0.0.0


Copyright © 2013 Alfresco Business Solutions. All Rights Reserved.