com.wewebu.ow.server.role

Interface OwRoleManager

All Known Subinterfaces:

OwIntegratedApplicationRoleManager

All Known Implementing Classes:

OwSimpleRoleManager, OwStandardRoleManager

public interface OwRoleManager

Interface for the role manager.
Override this class to implement your own role manager and set the role manager in the bootstrap settings.
You get a instance of the RoleManager by calling getContext().getRoleManager().

Alfresco Workdesk
Copyright (c) Alfresco Software, Inc.
All rights reserved.

For licensing information read the license.txt file or
go to: http://wiki.alfresco.com

Field Summary

Fields

Modifier and Type	Field and Description
static int[]	m_predefinedcategories array of all predefined categories
static int	ROLE_ACCESS_MASK_FLAG_DYNAMIC_RESOURCE_MODIFY access mask flag for startup folder: modify this property
static int	ROLE_ACCESS_MASK_FLAG_INDEX_FIELD_MODIFY access mask flag for Object classes: modify this property
static int	ROLE_ACCESS_MASK_FLAG_INDEX_FIELD_VIEW access mask flag for Object classes: view this property
static int	ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_CHECKIN access mask flag for Object classes: checkin objects of this class
static int	ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_CREATE access mask flag for Object classes: create objects of this class
static int	ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_VIEW access mask flag for Object classes: view objects of this class
static int	ROLE_ACCESS_RIGHT_ALLOWED the role is granted to the resource
static int	ROLE_ACCESS_RIGHT_DENIED the role is explicitly denied for that resource.
static int	ROLE_ACCESS_RIGHT_NOT_ALLOWED default access right: the role has no access to the resource
static int	ROLE_CATEGORY_BPM_PROCESS_DEFINITION Category for process definitions.
static int	ROLE_CATEGORY_DESIGN category for the design
static int	ROLE_CATEGORY_INDEX_FIELDS category for index fields
static int	ROLE_CATEGORY_OBJECT_CLASSES category for object classes
static int	ROLE_CATEGORY_PLUGIN category for the plugins to check against role system, used in isAllowed(...)
static int	ROLE_CATEGORY_SEARCH_TEMPLATE category for the search templates displayed in search to check against role system, used in isAllowed(...)
static int	ROLE_CATEGORY_SELECTIVE_CONFIGURATION category for the selective configuration
static int	ROLE_CATEGORY_STANDARD_FUNCTION category for the standard functions to check against role system, used in isAllowed(...)
static int	ROLE_CATEGORY_STARTUP_FOLDER category for startup folder
static int	ROLE_CATEGORY_USER_START user defined categories in overridden role managers start here
static int	ROLE_CATEGORY_VIRTUAL_FOLDER category for startup folder
static int	ROLE_CATEGORY_VIRTUAL_QUEUE category for virtual queues to check against role system, used in isAllowed(...)
static int	ROLE_RESOURCE_CONTEXT_CHECKIN resource context CHECKIN
static int	ROLE_RESOURCE_CONTEXT_CREATE resource context CREATE
static int	ROLE_RESOURCE_CONTEXT_VIEW resource context VIEW
static String	STD_FUNC_CAN_EDIT_SITE_SETTINGS resource ID

Method Summary

Methods

Modifier and Type	Method and Description
boolean	canExplicitDeny() Check if rolemanager supports explicit deny of resources.
boolean	canPersistAccessMask() Check if the rolemanager can persist changes on the access mask.
boolean	canRefreshStaticConfiguration() Check if update the configuration data is supported
int	getAccessMask(String roleName_p, int category_p, String resourceId_p) Get the access mask for this resource.
Map	getAccessMaskDescriptions(int category_p) Returns a map between the access right flag and the localized display name.
int	getAccessRights(String roleName_p, int category_p, String resourceId_p) Retrieves the access rights for a given role to a given resource.
Collection	getAllowedResources(int category_p) get all resources the current user has access to for a given category
Collection	getCategories() get all defined categories and displaynames as a map
String	getCategoryDisplayName(Locale locale_p, int categorie_p) get a display name for the given category
Collection	getConfiguredCategories() Get configured categories and displaynames as a map.
OwXMLUtil	getDefaultMIMENode(int iObjectType_p) get the default MIME XML Entry for the given object type.
String	getDesign() get the name of the design for the current user can be overridden by rolemanager implementation Specifies the subfolder under /designs/ where to retrieve the design files.
String	getMasterRole() get the master role that is currently selected for the current user
String	getMasterRoleDisplayName(Locale locale_p, String strRole_p) get a displayname for the given master role
Collection	getMasterRoles() get a list of master roles that can be selected for the current user
OwXMLUtil	getMIMENode(String strMIMEType_p) get the MIME XML Entry for the given MIMEType.
OwXMLUtil	getPlugin(String strID_p) get a plugin description by its key that are allowed for the logged on user.
List	getPlugins(String strType_p) get a list of plugin description OwXMLUtil nodes by type as defined in OwConfiguration, that are allowed for the logged on user.
String	getResourceDisplayName(Locale locale_p, int categorie_p, String strID_p) get a display name for the given category
Collection	getResources(int category_p) get all available resources for a given category
boolean	hasAccessMaskRight(int iCategory_p, String strResourceID_p, int requiredAccessMask_p) checks if the current user designated by its credentials is allowed to use the given resource and has the required right in its access mask for that resource.
boolean	hasMasterRoles() check if selectable master roles are supported by the rolemanager for the current user
void	init(OwRoleManagerContext mainContext_p, OwXMLUtil configNode_p) init the manager, set context optionally set a prefix to distinguish several different applications.
boolean	isAllowed(int iCategory_p, String strResourceID_p) checks if the current user designated by its credentials is allowed to use the given resource / function
boolean	isGlobalRole(String roleName_p) Determine if the given role name is a global role or a mandator specific role.
boolean	isGlobalRoleModificationAllowed() Check if the current user is allowed to modify global roles, which are not bound to a specific mandator.
boolean	isStaticResourceCategory(int category_p)
void	loginInit() init called AFTER the user has logged in.
void	refreshStaticConfiguration() Refresh the static configuration data
void	replaceResource(String roleName_p, int category_p, String oldResourceId_p, String newResourceId_p) Replaces the given dynamic old resource with a new one for its occurrences in access settings entries corresponding to the given role.
void	setAccessMask(String roleName_p, int category_p, String resourceId_p, int accessMask_p) Set the access mask for this resource.
void	setAccessRights(String roleName_p, int category_p, String resourceId_p, int accessRights_p) Persists the access rights for a given role to a given resource.
boolean	setMasterRole(String strRole_p) set the role that is currently selected for the user

Field Detail

ROLE_CATEGORY_PLUGIN

static final int ROLE_CATEGORY_PLUGIN

category for the plugins to check against role system, used in isAllowed(...)

See Also:

Constant Field Values

ROLE_CATEGORY_VIRTUAL_QUEUE

static final int ROLE_CATEGORY_VIRTUAL_QUEUE

category for virtual queues to check against role system, used in isAllowed(...)

See Also:

Constant Field Values

ROLE_CATEGORY_SEARCH_TEMPLATE

static final int ROLE_CATEGORY_SEARCH_TEMPLATE

category for the search templates displayed in search to check against role system, used in isAllowed(...)

See Also:

Constant Field Values

ROLE_CATEGORY_STANDARD_FUNCTION

static final int ROLE_CATEGORY_STANDARD_FUNCTION

category for the standard functions to check against role system, used in isAllowed(...)

See Also:

Constant Field Values

ROLE_CATEGORY_DESIGN

static final int ROLE_CATEGORY_DESIGN

category for the design

See Also:

Constant Field Values

ROLE_CATEGORY_SELECTIVE_CONFIGURATION

static final int ROLE_CATEGORY_SELECTIVE_CONFIGURATION

category for the selective configuration

See Also:

Constant Field Values

ROLE_CATEGORY_OBJECT_CLASSES

static final int ROLE_CATEGORY_OBJECT_CLASSES

category for object classes

See Also:

Constant Field Values

ROLE_CATEGORY_INDEX_FIELDS

static final int ROLE_CATEGORY_INDEX_FIELDS

category for index fields

See Also:

Constant Field Values

ROLE_CATEGORY_STARTUP_FOLDER

static final int ROLE_CATEGORY_STARTUP_FOLDER

category for startup folder

See Also:

Constant Field Values

ROLE_CATEGORY_VIRTUAL_FOLDER

static final int ROLE_CATEGORY_VIRTUAL_FOLDER

category for startup folder

See Also:

Constant Field Values

ROLE_CATEGORY_BPM_PROCESS_DEFINITION

static final int ROLE_CATEGORY_BPM_PROCESS_DEFINITION

Category for process definitions.

Since:

4.2.0.1

See Also:

Constant Field Values

ROLE_CATEGORY_USER_START

static final int ROLE_CATEGORY_USER_START

user defined categories in overridden role managers start here

See Also:

Constant Field Values

ROLE_RESOURCE_CONTEXT_CREATE

static final int ROLE_RESOURCE_CONTEXT_CREATE

resource context CREATE

See Also:

Constant Field Values

ROLE_RESOURCE_CONTEXT_CHECKIN

static final int ROLE_RESOURCE_CONTEXT_CHECKIN

resource context CHECKIN

See Also:

Constant Field Values

ROLE_RESOURCE_CONTEXT_VIEW

static final int ROLE_RESOURCE_CONTEXT_VIEW

resource context VIEW

See Also:

Constant Field Values

m_predefinedcategories

static final int[] m_predefinedcategories

array of all predefined categories

ROLE_ACCESS_RIGHT_NOT_ALLOWED

static final int ROLE_ACCESS_RIGHT_NOT_ALLOWED

default access right: the role has no access to the resource

See Also:

Constant Field Values

ROLE_ACCESS_RIGHT_ALLOWED

static final int ROLE_ACCESS_RIGHT_ALLOWED

the role is granted to the resource

See Also:

Constant Field Values

ROLE_ACCESS_RIGHT_DENIED

static final int ROLE_ACCESS_RIGHT_DENIED

the role is explicitly denied for that resource. Users of this role have no access to the resource even if it is allowed by other roles the user is in.

See Also:

Constant Field Values

ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_VIEW

static final int ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_VIEW

access mask flag for Object classes: view objects of this class

See Also:

Constant Field Values

ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_CREATE

static final int ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_CREATE

access mask flag for Object classes: create objects of this class

See Also:

Constant Field Values

ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_CHECKIN

static final int ROLE_ACCESS_MASK_FLAG_OBJECT_CLASSES_CHECKIN

access mask flag for Object classes: checkin objects of this class

See Also:

Constant Field Values

ROLE_ACCESS_MASK_FLAG_INDEX_FIELD_VIEW

static final int ROLE_ACCESS_MASK_FLAG_INDEX_FIELD_VIEW

access mask flag for Object classes: view this property

See Also:

Constant Field Values

ROLE_ACCESS_MASK_FLAG_INDEX_FIELD_MODIFY

static final int ROLE_ACCESS_MASK_FLAG_INDEX_FIELD_MODIFY

access mask flag for Object classes: modify this property

See Also:

Constant Field Values

ROLE_ACCESS_MASK_FLAG_DYNAMIC_RESOURCE_MODIFY

static final int ROLE_ACCESS_MASK_FLAG_DYNAMIC_RESOURCE_MODIFY

access mask flag for startup folder: modify this property

See Also:

Constant Field Values

STD_FUNC_CAN_EDIT_SITE_SETTINGS

static final String STD_FUNC_CAN_EDIT_SITE_SETTINGS

resource ID

See Also:

Constant Field Values

Method Detail

init

void init(OwRoleManagerContext mainContext_p,
        OwXMLUtil configNode_p)
          throws Exception

init the manager, set context optionally set a prefix to distinguish several different applications. The rolemanager will filter the allowed plugins, MIME settings and design with the prefix. The default is empty. e.g. used for the Zero-Install Desktop Integration (ZIDI) to display a different set of plugins, MIME table and design for the Zero-Install Desktop Integration (ZIDI)

Parameters:

mainContext_p - reference to the main app context of the application

configNode_p - OwXMLUtil node with configuration information

Throws:

Exception

loginInit

void loginInit()
               throws Exception

init called AFTER the user has logged in. NOTE: This function is called only once after login to do special initialization, which can only be performed with valid credentials.

Throws:

Exception

refreshStaticConfiguration

void refreshStaticConfiguration()
                                throws Exception

Refresh the static configuration data

Throws:

Exception

canRefreshStaticConfiguration

boolean canRefreshStaticConfiguration()
                                      throws Exception

Check if update the configuration data is supported

Throws:

Exception

isAllowed

boolean isAllowed(int iCategory_p,
                String strResourceID_p)
                  throws Exception

checks if the current user designated by its credentials is allowed to use the given resource / function

Parameters:

iCategory_p - of the requested function

strResourceID_p - String ID of the requested resource (function / plugin id)

Returns:

true if user has permission, false if permission is denied

Throws:

Exception

hasAccessMaskRight

boolean hasAccessMaskRight(int iCategory_p,
                         String strResourceID_p,
                         int requiredAccessMask_p)
                           throws Exception

checks if the current user designated by its credentials is allowed to use the given resource and has the required right in its access mask for that resource.

Parameters:

iCategory_p - of the requested function

strResourceID_p - String ID of the requested resource (function / plugin id)

requiredAccessMask_p - a 32 bit bitset with all flags set that have to be checked for the current user

Returns:

true if user has permission, false if permission is denied

Throws:

Exception

getAllowedResources

Collection getAllowedResources(int category_p)
                               throws Exception

get all resources the current user has access to for a given category

Parameters:

category_p - int category for given user

Returns:

Collection of String (resource IDs)

Throws:

Exception

getDesign

String getDesign()
                 throws Exception

get the name of the design for the current user can be overridden by rolemanager implementation Specifies the subfolder under /designs/ where to retrieve the design files. i.e. CSS, images, layouts... This function can be used to make the look & feel dependent on the logged in user.

Returns:

name of design to use, default = "default"

Throws:

Exception

getPlugins

List getPlugins(String strType_p)
                throws Exception

get a list of plugin description OwXMLUtil nodes by type as defined in OwConfiguration, that are allowed for the logged on user.

Returns:

list of OwXMLUtil plugin nodes for the given type or null if not found

Throws:

Exception

getPlugin

OwXMLUtil getPlugin(String strID_p)
                    throws Exception

get a plugin description by its key that are allowed for the logged on user.

Returns:

OwXMLUtil or null if not found

Throws:

Exception

getMIMENode

OwXMLUtil getMIMENode(String strMIMEType_p)
                      throws Exception

get the MIME XML Entry for the given MIMEType. Lookup in MimeMap that are allowed for the logged on user.

 <?xml version="1.0"?>
  <mimetable>
   <mime typ="file/txt">
    <icon>file_txt.png</icon>
    <viewerservlet>getConent</viewerservlet>
   </mime>
   <!--further MIME entries-->
  </mimetable>
 

Parameters:

strMIMEType_p - OwObject MIMEType

Returns:

org.w3c.dom.Node DOM Node of MIME entry from MIME table, or null if not found

Throws:

Exception

getDefaultMIMENode

OwXMLUtil getDefaultMIMENode(int iObjectType_p)
                             throws Exception

get the default MIME XML Entry for the given object type. that are allowed for the logged on user.

Parameters:

iObjectType_p - Objecttype

Returns:

org.w3c.dom.Node DOM Node of MIME entry from MIME table, or null if not found

Throws:

Exception

getCategories

Collection getCategories()

get all defined categories and displaynames as a map

Returns:

Collection of Integer keys (categories)

getConfiguredCategories

Collection getConfiguredCategories()

Get configured categories and displaynames as a map. If no categories are configured, all categories are returned.

Returns:

- a Collection of Integer keys (categories).

Since:

2.5.3.0

getCategoryDisplayName

String getCategoryDisplayName(Locale locale_p,
                            int categorie_p)

get a display name for the given category

Parameters:

locale_p - Locale to use

categorie_p - Integer from getCategories() method

getResources

Collection getResources(int category_p)
                        throws Exception

get all available resources for a given category

Parameters:

category_p - int category

Returns:

Collection of String keys (resource IDs)

Throws:

Exception

getResourceDisplayName

String getResourceDisplayName(Locale locale_p,
                            int categorie_p,
                            String strID_p)

get a display name for the given category

Parameters:

locale_p - Locale to use

categorie_p - Integer from getCategories() method

strID_p - String resource ID

getAccessRights

int getAccessRights(String roleName_p,
                  int category_p,
                  String resourceId_p)
                    throws Exception

Retrieves the access rights for a given role to a given resource.

Parameters:

roleName_p - the name of the role to retrieve the access rights for

category_p - the category of the resource to retrieve the access rights for

resourceId_p - the ID of the resource to retrieve the access rights for

Returns:

one of the ROLE_ACCESS_RIGHT_ constants

Throws:

Exception

See Also:

ROLE_ACCESS_RIGHT_NOT_ALLOWED, ROLE_ACCESS_RIGHT_ALLOWED, ROLE_ACCESS_RIGHT_DENIED

setAccessRights

void setAccessRights(String roleName_p,
                   int category_p,
                   String resourceId_p,
                   int accessRights_p)
                     throws Exception

Persists the access rights for a given role to a given resource.

Parameters:

roleName_p - name of the role to set the access rights for

category_p - category of the resource to set the access rights for

resourceId_p - ID of the resource to set the access rights for

accessRights_p - the new access rights to persist as one of the ROLE_ACCESS_RIGHT_ constants

Throws:

Exception

See Also:

ROLE_ACCESS_RIGHT_NOT_ALLOWED, ROLE_ACCESS_RIGHT_ALLOWED, ROLE_ACCESS_RIGHT_DENIED

replaceResource

void replaceResource(String roleName_p,
                   int category_p,
                   String oldResourceId_p,
                   String newResourceId_p)
                     throws Exception

Replaces the given dynamic old resource with a new one for its occurrences in access settings entries corresponding to the given role.

Parameters:

roleName_p -

category_p -

oldResourceId_p -

newResourceId_p -

Throws:

Exception

getAccessMask

int getAccessMask(String roleName_p,
                int category_p,
                String resourceId_p)

Get the access mask for this resource.

Parameters:

roleName_p - the name of the role to retrieve the access mask for

category_p - the category of the resource to retrieve the access mask for

resourceId_p - the ID of the resource to retrieve the access mask for

Returns:

the access mask for this resource as an ORed collection of access flags retrieved by getAccessMaskDescriptions

setAccessMask

void setAccessMask(String roleName_p,
                 int category_p,
                 String resourceId_p,
                 int accessMask_p)
                   throws Exception

Set the access mask for this resource.

Parameters:

roleName_p - name of the role to set the access mask for

category_p - category of the resource to set the access mask for

resourceId_p - ID of the resource to set the access mask for

accessMask_p - the new access mask

Throws:

Exception

canExplicitDeny

boolean canExplicitDeny()

Check if rolemanager supports explicit deny of resources.

Returns:

true = Explicit deny is supported false = Explicit deny is not supported

canPersistAccessMask

boolean canPersistAccessMask()

Check if the rolemanager can persist changes on the access mask. If not, the getAccessMask() method will always return a full access mask

Returns:

true = Explicit deny is supported false = Explicit deny is not supported

isGlobalRoleModificationAllowed

boolean isGlobalRoleModificationAllowed()

Check if the current user is allowed to modify global roles, which are not bound to a specific mandator.

Returns:

true = current user is allowed to modify global roles false = current user is not allowed to modify global roles

isGlobalRole

boolean isGlobalRole(String roleName_p)

Determine if the given role name is a global role or a mandator specific role.

Parameters:

roleName_p - the name of the role to check

Returns:

true = rolename_p is a global role false = rolename_p is a mandator specific role

getAccessMaskDescriptions

Map getAccessMaskDescriptions(int category_p)

Returns a map between the access right flag and the localized display name. All checked access right flags are ORed together and form the int value of the access mask.

Parameters:

category_p - the category to retrieve the flag map for

Returns:

Map between Integer and String mapping the access mask flags to their display names

getMasterRoles

Collection getMasterRoles()
                          throws Exception

get a list of master roles that can be selected for the current user

Returns:

Collection of String, or null if no roles can be selected

Throws:

Exception

getMasterRoleDisplayName

String getMasterRoleDisplayName(Locale locale_p,
                              String strRole_p)
                                throws Exception

get a displayname for the given master role

Parameters:

locale_p - Locale to use

strRole_p - String

Returns:

String displayname for given role

Throws:

Exception

getMasterRole

String getMasterRole()
                     throws Exception

get the master role that is currently selected for the current user

Returns:

String role, or null if no roles can be selected

Throws:

Exception

setMasterRole

boolean setMasterRole(String strRole_p)
                      throws Exception

set the role that is currently selected for the user

Parameters:

strRole_p - String

Returns:

boolean true = role changed

Throws:

Exception

hasMasterRoles

boolean hasMasterRoles()

check if selectable master roles are supported by the rolemanager for the current user

Returns:

boolean true = given user has roles

isStaticResourceCategory

boolean isStaticResourceCategory(int category_p)

Parameters:

category_p -

Returns:

true if the given category is a static resource category (i.e. categories that have a predefined resource set associated with them - new resources can not be added directly)

Since:

4.0.0.0