com.jalios.jcms.policy

Interface RightPolicyFilter

All Superinterfaces:

java.lang.Comparable, PluginComponent, PolicyFilter

All Known Implementing Classes:

BasicRightPolicyFilter, QuotaPolicyFilter, UnzipRightPolicyFilter

public interface RightPolicyFilter
extends PolicyFilter

The RightPolicyFilter is a hook called JCMS Rights mecanism to handle custom rights. It handle upload, behavior, management and visibility rights. It DO NOT handle create/update/delete rights. for this purpose use DataController.

Since:

jcms-5.7.0

Version:

$Revision: 42750 $

Author:

Jean-Philippe Encausse

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	REVISION

Method Summary

Modifier and Type	Method and Description
boolean	callCanBeReadBy(PublicationCriteria pubCriteria) Call by HibernateUtil.queryPublication(PublicationCriteria).
boolean	canBeReadBy(boolean isAuthorized, Category cat, Group grp, boolean checkAncestors) Called by Category.canBeReadBy(Group, boolean).
boolean	canBeReadBy(boolean isAuthorized, Category cat, Member mbr, boolean searchInGroups, boolean checkAncestors) Called by Category.canBeReadBy(Member, boolean, boolean).
boolean	canBeReadBy(boolean isAuthorized, Group grp, Member mbr) Called by Data.canBeReadBy(Member).
boolean	canBeReadBy(boolean isAuthorized, Publication pub, Group grp) Called by Publication.canBeReadBy(Group).
boolean	canBeReadBy(boolean isAuthorized, Publication pub, Member mbr, boolean searchInGroups) Called by Publication.canBeReadBy(Member, boolean).
boolean	canCreateContact(boolean isAuthorized, Member mbr) Check if the given member can create a new contact.
boolean	canCreateWorkspace(boolean isAuthorized, Member mbr, Workspace model) Check if this member can create workspace : - ex nihilo if model is null; - by copiing model if model is not null.
boolean	canDeleteOther(boolean isAuthorized, Member mbr, java.lang.Class clazz, Workspace ws) Check if this member can delete-other this clazz in at least one of the given workspace.
boolean	canDeleteOther(boolean isAuthorized, Member mbr, Data data) Check if this member can delete-other this instance.
boolean	canManageCategory(boolean isAuthorized, Member mbr, Category cat, boolean searchInGroups, boolean searchInParent) Called by Member.canManageCategory(Category, boolean, boolean).
boolean	canPublish(boolean isAuthorized, Member mbr, java.lang.Class clazz, java.util.Set wsSet) Check if this member can publish this clazz in at least one of the given workspace.
boolean	canUpdateOther(boolean isAuthorized, Member mbr, java.lang.Class clazz, Workspace ws) Check if this member can update-other this clazz in at least one of the given workspace.
boolean	canUpdateOther(boolean isAuthorized, Member mbr, Data data) Check if this member can update-other this instance.
boolean	canUseCategory(boolean isAuthorized, Member mbr, Category cat, boolean searchInGroups, boolean searchInParent) Called by Member.canUseCategory(Category, boolean, boolean).
boolean	canWorkOn(boolean isAuthorized, Publication pub, Member member) Called by Member.canWorkOn(Publication).
ControllerStatus	canWorkOn(ControllerStatus status, int op, Member mbr, Member member) Called by Member.checkMember(int, Member, java.util.Map).
java.lang.Boolean	checkAccess(Member member, java.lang.String resource, java.util.Map<java.lang.String,java.lang.Object> context) This methods is invoked by the AccessControlManager every time a resource access right is checked.
boolean	checkAfterUpload(DocUploadInfo info) Checks if the uploaded file must be accepted or rejected.
boolean	checkBeforeUpload(java.lang.String fieldName, java.lang.String contentType, java.lang.String fileName) Checks if the uploaded file must be accepted or rejected.
ControllerStatus	checkHtml(java.lang.String str, java.lang.String field) This method is called to check if the given string does not contain forbidden HTML code
int	getOrder() Returns object orders value.
java.util.Set<Workspace>	getWorkspaceSet(java.util.Set<Workspace> workspaceSet, Member mbr) Retrieve the workspace set of the specified Member.
boolean	isAdmin(boolean isAdmin, Member member, Workspace ws) Called by Workspace.isAdmin(Member).
boolean	isWorker(boolean isWorker, Member member, Workspace ws) Called by Member.isWorker(Workspace) and Member.isWorker().

Methods inherited from interface java.lang.Comparable

compareTo

Methods inherited from interface com.jalios.jcms.plugin.PluginComponent

init

Field Detail

REVISION

static final java.lang.String REVISION

See Also:

Constant Field Values

Method Detail

canUpdateOther

boolean canUpdateOther(boolean isAuthorized,
                       Member mbr,
                       Data data)

Check if this member can update-other this instance. This method is called by Member.canUpdateOther(Data)

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

data - the data to check

Returns:

true it the given member can update given instances

canDeleteOther

boolean canDeleteOther(boolean isAuthorized,
                       Member mbr,
                       Data data)

Check if this member can delete-other this instance. This method is called by Member.canDeleteOther(Data)

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

data - the data to check

Returns:

true it the given member can delete given instances

callCanBeReadBy

boolean callCanBeReadBy(PublicationCriteria pubCriteria)

Call by HibernateUtil.queryPublication(PublicationCriteria). It checks if the method canBeReadBy(boolean, Publication, Member, boolean) must be called on the results of the query.

Parameters:

pubCriteria - the criteria of the query.

Returns:

true if method canBeReadBy(boolean, Publication, Member, boolean) must be called.

Since:

jcms-7.0.0

canBeReadBy

boolean canBeReadBy(boolean isAuthorized,
                    Publication pub,
                    Member mbr,
                    boolean searchInGroups)

Called by Publication.canBeReadBy(Member, boolean). It checks if a member can read the given publication. WARNING: HIGHLY SENSIBLE, do not modify without being sure of what you do, can dramatically impact performance and can break existing rights behaviour.

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

pub - the publication to check

mbr - the member to check

searchInGroups - if true check if one of the group this member belongs to is authorized to read this publication.

Returns:

true if the member can read this publication

Since:

jcms-4.1

canBeReadBy

boolean canBeReadBy(boolean isAuthorized,
                    Publication pub,
                    Group grp)

Called by Publication.canBeReadBy(Group). It checks if a group can read this publication.

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

pub - the publication to check

grp - the group to check

Returns:

true if the group can read this publication

Since:

jcms-4.1

canBeReadBy

boolean canBeReadBy(boolean isAuthorized,
                    Group grp,
                    Member mbr)

Called by Data.canBeReadBy(Member). It checks if a member can read this group.

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

grp - the group

mbr - the member

Returns:

true if the member can read this group

Since:

jcms-7.1.3

canWorkOn

boolean canWorkOn(boolean isAuthorized,
                  Publication pub,
                  Member member)

Called by Member.canWorkOn(Publication). It checks if the given member can work on the given publication (ie, if it has the rights and if it is in a state the member can work in).

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

pub - the publication to check

member - the member to check

Returns:

true if the member can work on the publication

Since:

jcms-5.0.0

canWorkOn

ControllerStatus canWorkOn(ControllerStatus status,
                           int op,
                           Member mbr,
                           Member member)

Called by Member.checkMember(int, Member, java.util.Map). It checks if the given member can work on the given member.

Parameters:

status - the internal JCMS controller status.

op - the operation (OP_CREATE, OP_UPDATE, OP_DELETE)

mbr - the member to work on

member - the member to check

Returns:

true if the member can work on the publication

Since:

jcms-6.1.0

isWorker

boolean isWorker(boolean isWorker,
                 Member member,
                 Workspace ws)

Called by Member.isWorker(Workspace) and Member.isWorker(). It checks if the given Member is a Worker for the site or the given workspace

Parameters:

isWorker - true if internal JCMS control authorized the member to perform this action

member - the member to check

ws - the workspace to check or null if caller is Member.isWorker()

Returns:

true if given Member is a Worker

Since:

jcms-5.7.1

canPublish

boolean canPublish(boolean isAuthorized,
                   Member mbr,
                   java.lang.Class clazz,
                   java.util.Set wsSet)

Check if this member can publish this clazz in at least one of the given workspace. This method is called by Member.canPublish(Class, Set)

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

clazz - the class to check

wsSet - the Set ow workspace to work with

Returns:

true it the given member can publish the given class

canUpdateOther

boolean canUpdateOther(boolean isAuthorized,
                       Member mbr,
                       java.lang.Class clazz,
                       Workspace ws)

Check if this member can update-other this clazz in at least one of the given workspace. This method is called by Member.canUpdateOther(Class, Workspace)

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

clazz - the class to check

ws - the Workspace to check

Returns:

true it the given member can update instances of the given class

canDeleteOther

boolean canDeleteOther(boolean isAuthorized,
                       Member mbr,
                       java.lang.Class clazz,
                       Workspace ws)

Check if this member can delete-other this clazz in at least one of the given workspace. This method is called by Member.canDeleteOther(Class, Workspace)

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

clazz - the class to check

ws - the Workspace to check

Returns:

true it the given member can delete instances of the given class

canBeReadBy

boolean canBeReadBy(boolean isAuthorized,
                    Category cat,
                    Member mbr,
                    boolean searchInGroups,
                    boolean checkAncestors)

Called by Category.canBeReadBy(Member, boolean, boolean). It checks if a member can read the given category.

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

cat - the category to check

mbr - the member to check

searchInGroups - if true check if one of the group this member belongs to is authorized to read this category.

checkAncestors - if true checks the read rights of the ancestors of this category.

Returns:

true if the member can read this category

Since:

jcms-4.1

canBeReadBy

boolean canBeReadBy(boolean isAuthorized,
                    Category cat,
                    Group grp,
                    boolean checkAncestors)

Called by Category.canBeReadBy(Group, boolean). It checks if a group can read this category.

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

cat - the category to check

grp - the group to check

checkAncestors - if true checks the read rights of the ancestors of this category.

Returns:

true if the group can read this category

Since:

jcms-4.1

canUseCategory

boolean canUseCategory(boolean isAuthorized,
                       Member mbr,
                       Category cat,
                       boolean searchInGroups,
                       boolean searchInParent)

Called by Member.canUseCategory(Category, boolean, boolean). It check if a category can be used by given Member. Note In current implementation:

• Always true for admin
• Not called if can not read category

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

cat - the category to check

searchInGroups - if true check if one of the group this

searchInParent - if true check in parent category

Returns:

true if the member can use (check) this category

Since:

jcms-5.7.1

canManageCategory

boolean canManageCategory(boolean isAuthorized,
                          Member mbr,
                          Category cat,
                          boolean searchInGroups,
                          boolean searchInParent)

Called by Member.canManageCategory(Category, boolean, boolean). It check if a category can be managed by given Member

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

cat - the category to check

searchInGroups - if true check if one of the group this

searchInParent - if true check in parent category

Returns:

true if the member can manage (edit/update) this category branch

Since:

jcms-5.7.1

canCreateWorkspace

boolean canCreateWorkspace(boolean isAuthorized,
                           Member mbr,
                           Workspace model)

Check if this member can create workspace : - ex nihilo if model is null; - by copiing model if model is not null. This method is called by Member.canCreateWorkspace(Workspace)

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

model - the workspace to duplicate or null if the workspace has to be created ex nihilo

Returns:

true if a workspace can be created by member false otherwise.

Since:

jcms-5.7.3

getWorkspaceSet

java.util.Set<Workspace> getWorkspaceSet(java.util.Set<Workspace> workspaceSet,
                                         Member mbr)

Retrieve the workspace set of the specified Member.

This method is called by Member.getWorkspaceSet().
You MUST NOT (and cannot) modify the workspaceSet received in parameters, create a new TreeSet of workspace and return it.

Parameters:

workspaceSet - the workspace set computed by internal JCMS routine

mbr - the member for which the workspace set is computed

Returns:

the new workspace set to use

Since:

jcms-7.0.2

isAdmin

boolean isAdmin(boolean isAdmin,
                Member member,
                Workspace ws)

Called by Workspace.isAdmin(Member). It checks if the given Member is an administrator for the specified workspace.

If you change the default behavior for a Member, you should also implement get getWorkspaceSet(Set, Member) (see issue JCMS-2601 for a implementation example).

Parameters:

isAdmin - true if internal JCMS control found member as admin of workspace

member - the member to check

ws - the workspace to check, never null

Returns:

true if given Member is an admin

Since:

jcms-7.1 jcms-7.0.4

canCreateContact

boolean canCreateContact(boolean isAuthorized,
                         Member mbr)

Check if the given member can create a new contact.

Parameters:

isAuthorized - true if internal JCMS control authorized the member to perform this action

mbr - the member to check

Returns:

true if the given member can create a new contact.

Since:

jcms-8.0.0

checkBeforeUpload

boolean checkBeforeUpload(java.lang.String fieldName,
                          java.lang.String contentType,
                          java.lang.String fileName)

Checks if the uploaded file must be accepted or rejected. This method is called by sub classes of MultiPartFilter AFTER InitFilter BUT BEFORE doInitPage.jsp. The file has not been uploaded. The JcmsContext returned by Channel.getCurrentJcmsContext() is not completly initialized.

Parameters:

fieldName - the name of the field for the given file

contentType - the content type of the file

fileName - the name of the file

Returns:

true if the file is accepted

Since:

jcms-5.7.0

checkAfterUpload

boolean checkAfterUpload(DocUploadInfo info)

Checks if the uploaded file must be accepted or rejected. This method is called by DocUploadInfo.doUpload() called by DocUploadHandler and EditDataHandler for MultiPartRequest BEFORE JavaBean validation. The method Channel.getCurrentJcmsContext() must be called to get more information about Member and Workspace.A DataController must be used to check Document during validation.

Parameters:

info - information about the uploaded file

Returns:

true if the file is accepted

Since:

jcms-5.7.0

checkHtml

ControllerStatus checkHtml(java.lang.String str,
                           java.lang.String field)

This method is called to check if the given string does not contain forbidden HTML code

Parameters:

str - the String to be checked

field - the name of the field which is checked

Returns:

a ControllerStatus

Since:

jcms-5.0.0

See Also:

JcmsUtil.checkHtml(String,String)

checkAccess

java.lang.Boolean checkAccess(Member member,
                              java.lang.String resource,
                              java.util.Map<java.lang.String,java.lang.Object> context)

This methods is invoked by the AccessControlManager every time a resource access right is checked.

Parameters:

member - the Member for which access right is verified

resource - a resource URI using a path representation, eg "admin/dev/store-cleaner"

context - an optionnal context map containing relevant information such as workspace or data

Returns:

null if you don't want to interfer with default behavior, true to grant authorization, false to deny authorization

Since:

jcms-7.0.0

getOrder

int getOrder()

Returns object orders value.

Returns:

int object orders value.