BasicRightPolicyFilter (JCMS API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.jalios.jcms.policy
Class BasicRightPolicyFilter

java.lang.Object
  com.jalios.jcms.policy.AbstractPolicyFilter
      com.jalios.jcms.policy.BasicRightPolicyFilter

All Implemented Interfaces:: PluginComponent, PolicyFilter, RightPolicyFilter, Comparable

Direct Known Subclasses:: QuotaPolicyFilter, ReviewRightPolicyFilter, UnzipRightPolicyFilter

public class BasicRightPolicyFilter
extends AbstractPolicyFilter
implements RightPolicyFilter, PluginComponent
extends AbstractPolicyFilter
implements RightPolicyFilter, PluginComponent

Default implementation of RightPolicyFilter

Since:: jcms-5.7.0
Version:: $Revision: 42628 $
Author:: Jean-Philippe Encausse
See Also:: RightPolicyFilter

Field Summary
`static String`	`REVISION`

Fields inherited from class com.jalios.jcms.policy.AbstractPolicyFilter
`order`

Constructor Summary
`BasicRightPolicyFilter()`

Method Summary
`boolean`	`callCanBeReadBy(Class clazz)` This convenient method is a simplfied version of `callCanBeReadBy(PublicationCriteria)`.
`boolean`	`callCanBeReadBy(PublicationCriteria pubCriteria)` Call by `HibernateUtil.queryPublication(PublicationCriteria)`.
`boolean`	`canBeReadBy(boolean isAuthorized, Category cat, Group grp, boolean checkAncestors)` Called by `Category.canBeReadBy(Group, boolean)`.
`boolean`	`canBeReadBy(boolean isAuthorized, Category cat, Member mbr, boolean searchInGroups, boolean checkAncestors)` Called by `Category.canBeReadBy(Member, boolean, boolean)`.
`boolean`	`canBeReadBy(boolean isAuthorized, Group grp, Member mbr)` Called by `Group.canBeReadBy(Member)`.
`boolean`	`canBeReadBy(boolean isAuthorized, Publication pub, Group grp)` Called by `Publication.canBeReadBy(Group)`.
`boolean`	`canBeReadBy(boolean isAuthorized, Publication pub, Member mbr, boolean searchInGroups)` Called by `Publication.canBeReadBy(Member, boolean)`.
`boolean`	`canCreateWorkspace(boolean isAuthorized, Member mbr, Workspace model)` Check if this member can create workspace : - ex nihilo if model is null; - by copiing model if model is not null.
`boolean`	`canDeleteOther(boolean isAuthorized, Member mbr, Class clazz, Workspace ws)` Check if this member can delete-other this clazz in at least one of the given workspace.
`boolean`	`canDeleteOther(boolean isAuthorized, Member mbr, Data data)` Check if this member can delete-other this instance.
`boolean`	`canManageCategory(boolean isAuthorized, Member mbr, Category cat, boolean searchInGroups, boolean searchInParent)` Called by `Member.canManageCategory(Category, boolean, boolean)`.
`boolean`	`canPublish(boolean isAuthorized, Member mbr, Class clazz, Set wsSet)` Check if this member can publish this clazz in at least one of the given workspace.
`boolean`	`canUpdateOther(boolean isAuthorized, Member mbr, Class clazz, Workspace ws)` Check if this member can update-other this clazz in at least one of the given workspace.
`boolean`	`canUpdateOther(boolean isAuthorized, Member mbr, Data data)` Check if this member can update-other this instance.
`boolean`	`canUseCategory(boolean isAuthorized, Member mbr, Category cat, boolean searchInGroups, boolean searchInParent)` Called by `Member.canUseCategory(Category, boolean, boolean)`.
`boolean`	`canWorkOn(boolean isAuthorized, Publication pub, Member member)` Called by `Member.canWorkOn(Publication)`.
`ControllerStatus`	`canWorkOn(ControllerStatus status, int op, Member mbr, Member member)` Called by `Member.checkMember(int, Member, java.util.Map)`.
`Boolean`	`checkAccess(Member member, String resource, Map<String,Object> context)` The `checkAccess(...)` implementation of the BasicRightPolicyFilter does not modify the default behavior of the AccessControlManager so ACL will be applied as defined (ie : it returns null).
`boolean`	`checkAfterUpload(DocUploadInfo info)` Checks if the uploaded file must be accepted or rejected.
`boolean`	`checkBeforeUpload(String fieldName, String contentType, String fileName)` Checks if the uploaded file must be accepted or rejected.
`ControllerStatus`	`checkHtml(String str, String field)` This method is called to check if the given string does not contain forbidden HTML code
`Set<Workspace>`	`getWorkspaceSet(Set<Workspace> workspaceSet, Member mbr)` Retrieve the workspace set of the specified Member.
`boolean`	`init(Plugin plugin)` Initialize the component with the given plugin configuration
`boolean`	`isAdmin(boolean isAdmin, Member member, Workspace ws)` Called by `Workspace.isAdmin(Member)`.
`boolean`	`isWorker(boolean isWorker, Member member, Workspace ws)` Called by `Member.isWorker(Workspace)` and `Member.isWorker()`.

Methods inherited from class com.jalios.jcms.policy.AbstractPolicyFilter
`compareTo, equals, getOrder, setOrder`

Methods inherited from class java.lang.Object
`clone, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Methods inherited from interface com.jalios.jcms.policy.RightPolicyFilter
`getOrder`

Methods inherited from interface java.lang.Comparable
`compareTo`

Field Detail

REVISION

public static final String REVISION

See Also:: Constant Field Values

Constructor Detail

BasicRightPolicyFilter

public BasicRightPolicyFilter()

Method Detail

init

public boolean init(Plugin plugin)

Description copied from interface: PluginComponent

Initialize the component with the given plugin configuration

Specified by:: init in interface PluginComponent

Parameters:: plugin - the calling plugin
Returns:: true if the component has been correctly initialized.
Since:: jcms-5.7.1
See Also:: PluginComponent.init(Plugin)

canUpdateOther

public boolean canUpdateOther(boolean isAuthorized,
                              Member mbr,
                              Data data)

Description copied from interface: RightPolicyFilter

Check if this member can update-other this instance. This method is called by Member.canUpdateOther(Data)

Specified by:: canUpdateOther in interface RightPolicyFilter

Parameters:: isAuthorized - true if internal JCMS control authorized the member to perform this action; mbr - the member to check; data - the data to check
Returns:: true it the given member can update given instances
See Also:: RightPolicyFilter.canUpdateOther(boolean, Member, Data)

canDeleteOther

public boolean canDeleteOther(boolean isAuthorized,
                              Member mbr,
                              Data data)

Description copied from interface: RightPolicyFilter

Check if this member can delete-other this instance. This method is called by Member.canDeleteOther(Data)

Specified by:: canDeleteOther in interface RightPolicyFilter

Parameters:: isAuthorized - true if internal JCMS control authorized the member to perform this action; mbr - the member to check; data - the data to check
Returns:: true it the given member can delete given instances
See Also:: RightPolicyFilter.canDeleteOther(boolean, Member, Data)

callCanBeReadBy

public boolean callCanBeReadBy(PublicationCriteria pubCriteria)

Description copied from interface: RightPolicyFilter

Call by HibernateUtil.queryPublication(PublicationCriteria). It checks if the method RightPolicyFilter.canBeReadBy(boolean, Publication, Member, boolean) must be called on the results of the query.

Specified by:: callCanBeReadBy in interface RightPolicyFilter

Parameters:: pubCriteria - the criteria of the query.
Returns:: true if method RightPolicyFilter.canBeReadBy(boolean, Publication, Member, boolean) must be called.
See Also:: RightPolicyFilter.callCanBeReadBy(PublicationCriteria)

callCanBeReadBy

public boolean callCanBeReadBy(Class clazz)

This convenient method is a simplfied version of callCanBeReadBy(PublicationCriteria).

Parameters:: clazz - the class to check (never null)
Returns:: true if the method canBeReadBy(boolean, Publication, Member, boolean) must be called for the given class.
Since:: jcms-7.0.0

canBeReadBy

public boolean canBeReadBy(boolean isAuthorized,
                           Publication pub,
                           Member mbr,
                           boolean searchInGroups)

Description copied from interface: RightPolicyFilter

Called by Publication.canBeReadBy(Member, boolean). It checks if a member can read the given publication. WARNING: HIGHLY SENSIBLE, do not modify without being sure of what you do, can dramatically impact performance and can break existing rights behaviour.

Specified by:: canBeReadBy in interface RightPolicyFilter

Parameters:: isAuthorized - true if internal JCMS control authorized the member to perform this action; pub - the publication to check; mbr - the member to check; searchInGroups - if true check if one of the group this member belongs to is authorized to read this publication.
Returns:: true if the member can read this publication
See Also:: RightPolicyFilter.canBeReadBy(boolean, Publication, Member, boolean)

canBeReadBy

public boolean canBeReadBy(boolean isAuthorized,
                           Publication pub,
                           Group grp)

Description copied from interface: RightPolicyFilter

Called by Publication.canBeReadBy(Group). It checks if a group can read this publication.

Specified by:: canBeReadBy in interface RightPolicyFilter

Parameters:: isAuthorized - true if internal JCMS control authorized the member to perform this action; pub - the publication to check; grp - the group to check
Returns:: true if the group can read this publication
See Also:: RightPolicyFilter.canBeReadBy(boolean, Publication, Group)

canWorkOn

public boolean canWorkOn(boolean isAuthorized,
                         Publication pub,
                         Member member)

Description copied from interface: RightPolicyFilter

Called by Member.canWorkOn(Publication). It checks if the given member can work on the given publication (ie, if it has the rights and if it is in a state the member can work in).

Specified by:: canWorkOn in interface RightPolicyFilter

Parameters:: isAuthorized - true if internal JCMS control authorized the member to perform this action; pub - the publication to check; member - the member to check
Returns:: true if the member can work on the publication
See Also:: RightPolicyFilter.canWorkOn(boolean, Publication, Member)

canWorkOn

public ControllerStatus canWorkOn(ControllerStatus status,
                                  int op,
                                  Member mbr,
                                  Member member)

Description copied from interface: RightPolicyFilter

Called by Member.checkMember(int, Member, java.util.Map). It checks if the given member can work on the given member.

Specified by:: canWorkOn in interface RightPolicyFilter

Parameters:: status - the internal JCMS controller status.; op - the operation (OP_CREATE, OP_UPDATE, OP_DELETE); mbr - the member to work on; member - the member to check
Returns:: true if the member can work on the publication
See Also:: RightPolicyFilter.canWorkOn(ControllerStatus, int, Member, Member)

isWorker

public boolean isWorker(boolean isWorker,
                        Member member,
                        Workspace ws)

Description copied from interface: RightPolicyFilter

Called by Member.isWorker(Workspace) and Member.isWorker(). It checks if the given Member is a Worker for the site or the given workspace

Specified by:: isWorker in interface RightPolicyFilter

Parameters:: isWorker - true if internal JCMS control authorized the member to perform this action; member - the member to check; ws - the workspace to check or null if caller is Member.isWorker()
Returns:: true if given Member is a Worker
See Also:: RightPolicyFilter.isWorker(boolean, Member, Workspace)

canPublish

public boolean canPublish(boolean isAuthorized,
                          Member mbr,
                          Class clazz,
                          Set wsSet)

Description copied from interface: RightPolicyFilter

Check if this member can publish this clazz in at least one of the given workspace. This method is called by Member.canPublish(Class, Set)

Specified by:: canPublish in interface RightPolicyFilter

Parameters:: isAuthorized - true if internal JCMS control authorized the member to perform this action; mbr - the member to check; clazz - the class to check; wsSet - the Set ow workspace to work with
Returns:: true it the given member can publish the given class
See Also:: RightPolicyFilter.canPublish(boolean, Member, Class, Set)

canUpdateOther

public boolean canUpdateOther(boolean isAuthorized,
                              Member mbr,
                              Class clazz,
                              Workspace ws)

Description copied from interface: RightPolicyFilter

Check if this member can update-other this clazz in at least one of the given workspace. This method is called by Member.canUpdateOther(Class, Workspace)

Specified by:: canUpdateOther in interface RightPolicyFilter

Parameters:: isAuthorized - true if internal JCMS control authorized the member to perform this action; mbr - the member to check; clazz - the class to check; ws - the Workspace to check
Returns:: true it the given member can update instances of the given class
See Also:: RightPolicyFilter.canUpdateOther(boolean, Member, Class, Workspace)

canDeleteOther

public boolean canDeleteOther(boolean isAuthorized,
                              Member mbr,
                              Class clazz,
                              Workspace ws)

Description copied from interface: RightPolicyFilter

Check if this member can delete-other this clazz in at least one of the given workspace. This method is called by Member.canDeleteOther(Class, Workspace)

Specified by:: canDeleteOther in interface RightPolicyFilter

Parameters:: isAuthorized - true if internal JCMS control authorized the member to perform this action; mbr - the member to check; clazz - the class to check; ws - the Workspace to check
Returns:: true it the given member can delete instances of the given class
See Also:: RightPolicyFilter.canDeleteOther(boolean, Member, Class, Workspace)

canBeReadBy

public boolean canBeReadBy(boolean isAuthorized,
                           Category cat,
                           Member mbr,
                           boolean searchInGroups,
                           boolean checkAncestors)

Description copied from interface: RightPolicyFilter

Called by Category.canBeReadBy(Member, boolean, boolean). It checks if a member can read the given category.

Specified by:: canBeReadBy in interface RightPolicyFilter

Parameters:: isAuthorized - true if internal JCMS control authorized the member to perform this action; cat - the category to check; mbr - the member to check; searchInGroups - if true check if one of the group this member belongs to is authorized to read this category.; checkAncestors - if true checks the read rights of the ancestors of this category.
Returns:: true if the member can read this category
See Also:: RightPolicyFilter.canBeReadBy(boolean, Category, Member, boolean, boolean)

canBeReadBy

public boolean canBeReadBy(boolean isAuthorized,
                           Category cat,
                           Group grp,
                           boolean checkAncestors)

Description copied from interface: RightPolicyFilter

Called by Category.canBeReadBy(Group, boolean). It checks if a group can read this category.

Specified by:: canBeReadBy in interface RightPolicyFilter

Parameters:: isAuthorized - true if internal JCMS control authorized the member to perform this action; cat - the category to check; grp - the group to check; checkAncestors - if true checks the read rights of the ancestors of this category.
Returns:: true if the group can read this category
See Also:: RightPolicyFilter.canBeReadBy(boolean, Category, Group, boolean)

canUseCategory

public boolean canUseCategory(boolean isAuthorized,
                              Member mbr,
                              Category cat,
                              boolean searchInGroups,
                              boolean searchInParent)

Description copied from interface: RightPolicyFilter

Called by Member.canUseCategory(Category, boolean, boolean). It check if a category can be used by given Member. Note In current implementation:

Always true for admin
Not called if can not read category

Specified by:: canUseCategory in interface RightPolicyFilter

Parameters:: isAuthorized - true if internal JCMS control authorized the member to perform this action; mbr - the member to check; cat - the category to check; searchInGroups - if true check if one of the group this; searchInParent - if true check in parent category
Returns:: true if the member can use (check) this category
Since:: jcms-5.7.1
See Also:: RightPolicyFilter.canUseCategory(boolean, Member, Category, boolean, boolean)

canManageCategory

public boolean canManageCategory(boolean isAuthorized,
                                 Member mbr,
                                 Category cat,
                                 boolean searchInGroups,
                                 boolean searchInParent)

Description copied from interface: RightPolicyFilter

Called by Member.canManageCategory(Category, boolean, boolean). It check if a category can be managed by given Member

Specified by:: canManageCategory in interface RightPolicyFilter

Parameters:: isAuthorized - true if internal JCMS control authorized the member to perform this action; mbr - the member to check; cat - the category to check; searchInGroups - if true check if one of the group this; searchInParent - if true check in parent category
Returns:: true if the member can manage (edit/update) this category branch
Since:: jcms-5.7.1
See Also:: RightPolicyFilter.canManageCategory(boolean, Member, Category, boolean, boolean)

canCreateWorkspace

public boolean canCreateWorkspace(boolean isAuthorized,
                                  Member mbr,
                                  Workspace model)

Description copied from interface: RightPolicyFilter

Check if this member can create workspace : - ex nihilo if model is null; - by copiing model if model is not null. This method is called by Member.canCreateWorkspace(Workspace)

Specified by:: canCreateWorkspace in interface RightPolicyFilter

Parameters:: isAuthorized - true if internal JCMS control authorized the member to perform this action; mbr - the member to check; model - the workspace to duplicate or null if the workspace has to be created ex nihilo
Returns:: true if a workspace can be created by member false otherwise.
Since:: jcms-5.7.3
See Also:: RightPolicyFilter.canCreateWorkspace(boolean, Member, Workspace)

getWorkspaceSet

public Set<Workspace> getWorkspaceSet(Set<Workspace> workspaceSet,
                                      Member mbr)

Description copied from interface: RightPolicyFilter

Retrieve the workspace set of the specified Member.

This method is called by Member.getWorkspaceSet().
You MUST NOT (and cannot) modify the workspaceSet received in parameters, create a new TreeSet of workspace and return it.

Specified by:: getWorkspaceSet in interface RightPolicyFilter

Parameters:: workspaceSet - the workspace set computed by internal JCMS routine; mbr - the member for which the workspace set is computed
Returns:: the new workspace set to use
Since:: jcms-7.0.2
See Also:: RightPolicyFilter.getWorkspaceSet(Set, Member)

isAdmin

public boolean isAdmin(boolean isAdmin,
                       Member member,
                       Workspace ws)

Description copied from interface: RightPolicyFilter

Called by Workspace.isAdmin(Member). It checks if the given Member is an administrator for the specified workspace.

If you change the default behavior for a Member, you should also implement get RightPolicyFilter.getWorkspaceSet(Set, Member) (see issue JCMS-2601 for a implementation example).

Specified by:: isAdmin in interface RightPolicyFilter

Parameters:: isAdmin - true if internal JCMS control found member as admin of workspace; member - the member to check; ws - the workspace to check, never null
Returns:: true if given Member is an admin
Since:: jcms-7.1 jcms-7.0.4
See Also:: RightPolicyFilter.isAdmin(boolean, Member, Workspace)

canBeReadBy

public boolean canBeReadBy(boolean isAuthorized,
                           Group grp,
                           Member mbr)

Description copied from interface: RightPolicyFilter

Called by Group.canBeReadBy(Member). It checks if a member can read this group.

Specified by:: canBeReadBy in interface RightPolicyFilter

Parameters:: isAuthorized - true if internal JCMS control authorized the member to perform this action; grp - the group; mbr - the member
Returns:: true if the member can read this group

checkBeforeUpload

public boolean checkBeforeUpload(String fieldName,
                                 String contentType,
                                 String fileName)

Description copied from interface: RightPolicyFilter

Checks if the uploaded file must be accepted or rejected. This method is called by sub classes of MultiPartFilter AFTER InitFilter BUT BEFORE doInitPage.jsp. The file has not been uploaded. The JcmsContext returned by Channel.getCurrentJcmsContext() is not completly initialized.

Specified by:: checkBeforeUpload in interface RightPolicyFilter

Parameters:: fieldName - the name of the field for the given file; contentType - the content type of the file; fileName - the name of the file
Returns:: true if the file is accepted
See Also:: RightPolicyFilter.checkBeforeUpload(String, String, String)

checkAfterUpload

public boolean checkAfterUpload(DocUploadInfo info)

Description copied from interface: RightPolicyFilter

Checks if the uploaded file must be accepted or rejected. This method is called by DocUploadInfo.doUpload() called by DocUploadHandler and EditDataHandler for MultiPartRequest BEFORE JavaBean validation. The method Channel.getCurrentJcmsContext() must be called to get more information about Member and Workspace.A DataController must be used to check Document during validation.

Specified by:: checkAfterUpload in interface RightPolicyFilter

Parameters:: info - information about the uploaded file
Returns:: true if the file is accepted
See Also:: RightPolicyFilter.checkAfterUpload(DocUploadInfo)

checkHtml

public ControllerStatus checkHtml(String str,
                                  String field)

Description copied from interface: RightPolicyFilter

This method is called to check if the given string does not contain forbidden HTML code

Specified by:: checkHtml in interface RightPolicyFilter

Parameters:: str - the String to be checked; field - the name of the field which is checked
Returns:: a ControllerStatus
See Also:: RightPolicyFilter.checkHtml(String, String)

checkAccess

public Boolean checkAccess(Member member,
                           String resource,
                           Map<String,Object> context)

The checkAccess(...) implementation of the BasicRightPolicyFilter does not modify the default behavior of the AccessControlManager so ACL will be applied as defined (ie : it returns null).

Specified by:: checkAccess in interface RightPolicyFilter

Parameters:: member - the Member for which access right is verified; resource - a resource URI using a path representation, eg "admin/dev/store-cleaner"; context - an optionnal context map containing relevant information such as workspace or data
Returns:: null if you don't want to interfer with default behavior, true to grant authorization, false to deny authorization
See Also:: RightPolicyFilter.checkAccess(Member, String, Map)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.jalios.jcms.policy Class BasicRightPolicyFilter

REVISION

BasicRightPolicyFilter

init

canUpdateOther

canDeleteOther

callCanBeReadBy

callCanBeReadBy

canBeReadBy

canBeReadBy

canWorkOn

canWorkOn

isWorker

canPublish

canUpdateOther

canDeleteOther

canBeReadBy

canBeReadBy

canUseCategory

canManageCategory

canCreateWorkspace

getWorkspaceSet

isAdmin

canBeReadBy

checkBeforeUpload

checkAfterUpload

checkHtml

checkAccess

com.jalios.jcms.policy
Class BasicRightPolicyFilter