Package com.jalios.jcms.policy

Interface RightPolicyFilter

    • Field Detail

      • CTXT_CATEGORIES

        static final java.lang.String CTXT_CATEGORIES
        RPF Context map key to use indicate the Set of category in which operation is requested.

        If specified, value MUST be a Set of Category.

        Since:
        jcms-10.0.6 / JCMS-8882
        See Also:
        Constant Field Values

    • Method Detail

      • canUpdateOther

        boolean canUpdateOther​(boolean isAuthorized,
                       Member mbr,
                       Data data)
        Check if this member can update-other this instance. This method is called by Member.canUpdateOther(Data)
        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        mbr - the member to check
        data - the data to check
        Returns:
        true it the given member can update given instances

      • canDeleteOther

        boolean canDeleteOther​(boolean isAuthorized,
                       Member mbr,
                       Data data)
        Check if this member can delete-other this instance. This method is called by Member.canDeleteOther(Data)
        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        mbr - the member to check
        data - the data to check
        Returns:
        true it the given member can delete given instances

      • canBeReadBy

        boolean canBeReadBy​(boolean isAuthorized,
                    Publication pub,
                    Member mbr,
                    boolean searchInGroups)
        Called by Publication.canBeReadBy(Member, boolean). It checks if a member can read the given publication. WARNING: HIGHLY SENSIBLE, do not modify without being sure of what you do, can dramatically impact performance and can break existing rights behaviour.
        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        pub - the publication to check
        mbr - the member to check
        searchInGroups - if true check if one of the group this member belongs to is authorized to read this publication.
        Returns:
        true if the member can read this publication
        Since:
        jcms-4.1

      • canBeReadBy

        @Deprecated
boolean canBeReadBy​(boolean isAuthorized,
                    Publication pub,
                    Group grp)
        Deprecated.
        since JCMS-8577
        Called by Publication.canBeReadBy(Group). It checks if a group can read this publication.
        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        pub - the publication to check
        grp - the group to check
        Returns:
        true if the group can read this publication
        Since:
        jcms-4.1

      • canBeReadBy

        boolean canBeReadBy​(boolean isAuthorized,
                    Group grp,
                    Member mbr)
        Called by Data.canBeReadBy(Member). It checks if a member can read this group.
        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        grp - the group
        mbr - the member
        Returns:
        true if the member can read this group
        Since:
        jcms-7.1.3

      • canBeReadBy

        boolean canBeReadBy​(boolean isAuthorized,
                    Member mbrToRead,
                    Member mbrReading)
        Checks if a member can read the specified Member.

        Invoked by internal implementation of Data.canBeReadBy(Member).

        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        mbrToRead - the Member that would be read
        mbrReading - the Member performing the read operation
        Returns:
        true if the member can read the Member, false otherwise
        Since:
        jcms-10.0.1 / JCMS-4784

      • canBeReadBy

        boolean canBeReadBy​(boolean isAuthorized,
                    Workspace ws,
                    Member mbr)
        Checks if a member can read the specified Workspace.

        Invoked by internal implementation of Data.canBeReadBy(Member).

        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        ws - the Workspace that would be read
        mbr - the Member performing the read operation
        Returns:
        true if the member can read the Workspace, false otherwise
        Since:
        jcms-10.0.4 / JCMS-8011

      • canWorkOn

        boolean canWorkOn​(boolean isAuthorized,
                  Publication pub,
                  Member member)
        Called by Member.canWorkOn(Publication). It checks if the given member can work on the given publication (ie, if it has the rights and if it is in a state the member can work in).
        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        pub - the publication to check
        member - the member to check
        Returns:
        true if the member can work on the publication
        Since:
        jcms-5.0.0

      • canWorkOn

        ControllerStatus canWorkOn​(ControllerStatus status,
                           int op,
                           Member mbr,
                           Member member)
        Called by Member.checkMember(int, Member, java.util.Map). It checks if the given member can work on the given member.
        Parameters:
        status - the internal JCMS controller status.
        op - the operation (OP_CREATE, OP_UPDATE, OP_DELETE)
        mbr - the member to work on
        member - the member to check
        Returns:
        true if the member can work on the other member
        Since:
        jcms-6.1.0

      • isWorker

        boolean isWorker​(boolean isWorker,
                 Member member,
                 Workspace ws)
        Called by Member.isWorker(Workspace) and Member.isWorker(). It checks if the given Member is a Worker for the site or the given workspace
        Parameters:
        isWorker - true if internal JCMS control authorized the member to perform this action
        member - the member to check
        ws - the workspace to check or null if caller is Member.isWorker()
        Returns:
        true if given Member is a Worker
        Since:
        jcms-5.7.1

      • canPublish

        boolean canPublish​(boolean isAuthorized,
                   Member mbr,
                   java.lang.Class clazz,
                   java.util.Set wsSet)
        Check if this member can publish this clazz in at least one of the given workspace. This method is called by Member.canPublish(Class, Set)
        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        mbr - the member to check
        clazz - the class to check
        wsSet - the Set of workspace to work with
        Returns:
        true it the given member can publish the given class

      • canUpdateOther

        boolean canUpdateOther​(boolean isAuthorized,
                       Member mbr,
                       java.lang.Class clazz,
                       Workspace ws)
        Check if this member can update-other this clazz in at least one of the given workspace. This method is called by Member.canUpdateOther(Class, Workspace)
        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        mbr - the member to check
        clazz - the class to check
        ws - the Workspace to check
        Returns:
        true it the given member can update instances of the given class

      • canDeleteOther

        boolean canDeleteOther​(boolean isAuthorized,
                       Member mbr,
                       java.lang.Class clazz,
                       Workspace ws)
        Check if this member can delete-other this clazz in at least one of the given workspace. This method is called by Member.canDeleteOther(Class, Workspace)
        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        mbr - the member to check
        clazz - the class to check
        ws - the Workspace to check
        Returns:
        true it the given member can delete instances of the given class

      • canBeReadBy

        boolean canBeReadBy​(boolean isAuthorized,
                    Category cat,
                    Member mbr,
                    boolean searchInGroups,
                    boolean checkAncestors)
        Called by Category.canBeReadBy(Member, boolean, boolean). It checks if a member can read the given category.
        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        cat - the category to check
        mbr - the member to check
        searchInGroups - if true check if one of the group this member belongs to is authorized to read this category.
        checkAncestors - if true checks the read rights of the ancestors of this category.
        Returns:
        true if the member can read this category
        Since:
        jcms-4.1

      • canBeReadBy

        @Deprecated
boolean canBeReadBy​(boolean isAuthorized,
                    Category cat,
                    Group grp,
                    boolean checkAncestors)
        Deprecated.
        since JCMS-8579
        Called by Category.canBeReadBy(Group, boolean). It checks if a group can read this category.
        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        cat - the category to check
        grp - the group to check
        checkAncestors - if true checks the read rights of the ancestors of this category.
        Returns:
        true if the group can read this category
        Since:
        jcms-4.1

      • canUseCategory

        boolean canUseCategory​(boolean isAuthorized,
                       Member mbr,
                       Category cat,
                       boolean searchInGroups,
                       boolean searchInParent)
        Called by Member.canUseCategory(Category, boolean, boolean). It check if a category can be used by given Member. Note In current implementation:
        • Always true for admin
        • Not called if can not read category
        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        mbr - the member to check
        cat - the category to check
        searchInGroups - if true check if one of the group this
        searchInParent - if true check in parent category
        Returns:
        true if the member can use (check) this category
        Since:
        jcms-5.7.1

      • canManageCategory

        boolean canManageCategory​(boolean isAuthorized,
                          Member mbr,
                          Category cat,
                          boolean searchInGroups,
                          boolean searchInParent)
        Called by Member.canManageCategory(Category, boolean, boolean). It check if a category can be managed by given Member
        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        mbr - the member to check
        cat - the category to check
        searchInGroups - if true check if one of the group this
        searchInParent - if true check in parent category
        Returns:
        true if the member can manage (edit/update) this category branch
        Since:
        jcms-5.7.1

      • canCreateWorkspace

        boolean canCreateWorkspace​(boolean isAuthorized,
                           Member mbr,
                           Workspace model)
        Check if this member can create workspace : - ex nihilo if model is null; - by copiing model if model is not null. This method is called by Member.canCreateWorkspace(Workspace)
        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        mbr - the member to check
        model - the workspace to duplicate or null if the workspace has to be created ex nihilo
        Returns:
        true if a workspace can be created by member false otherwise.
        Since:
        jcms-5.7.3

      • getWorkspaceSet

        java.util.Set<Workspace> getWorkspaceSet​(java.util.Set<Workspace> workspaceSet,
                                         Member mbr)
        Retrieve the workspace set of the specified Member.

        This method is called by Member.getWorkspaceSet().
        You MUST NOT (and cannot) modify the workspaceSet received in parameters, create a new TreeSet of workspace and return it.

        Parameters:
        workspaceSet - the workspace set computed by internal JCMS routine
        mbr - the member for which the workspace set is computed
        Returns:
        the new workspace set to use
        Since:
        jcms-7.0.2

      • isAdmin

        boolean isAdmin​(boolean isAdmin,
                Member member,
                Workspace ws)
        Called by Workspace.isAdmin(Member). It checks if the given Member is an administrator for the specified workspace.

        If you change the default behavior for a Member, you should also implement get getWorkspaceSet(Set, Member) (see issue JCMS-2601 for a implementation example).

        Parameters:
        isAdmin - true if internal JCMS control found member as admin of workspace
        member - the member to check
        ws - the workspace to check, never null
        Returns:
        true if given Member is an admin
        Since:
        jcms-7.1 jcms-7.0.4

      • canCreateContact

        boolean canCreateContact​(boolean isAuthorized,
                         Member mbr)
        Check if the given member can create a new contact.
        Parameters:
        isAuthorized - true if internal JCMS control authorized the member to perform this action
        mbr - the member to check
        Returns:
        true if the given member can create a new contact.
        Since:
        jcms-8.0.0

      • checkBeforeUpload

        boolean checkBeforeUpload​(java.lang.String fieldName,
                          java.lang.String contentType,
                          java.lang.String fileName)
        Checks if the uploaded file must be accepted or rejected. This method is called by sub classes of MultiPartFilter AFTER InitFilter BUT BEFORE doInitPage.jsp. The file has not been uploaded. The JcmsContext returned by Channel.getCurrentJcmsContext() is not completly initialized.
        Parameters:
        fieldName - the name of the field for the given file
        contentType - the content type of the file
        fileName - the name of the file
        Returns:
        true if the file is accepted
        Since:
        jcms-5.7.0

      • checkAfterUpload

        boolean checkAfterUpload​(DocUploadInfo info)
        Checks if the uploaded file must be accepted or rejected. This method is called by DocUploadInfo.doUpload() called by DocUploadHandler and EditDataHandler for MultiPartRequest BEFORE JavaBean validation. The method Channel.getCurrentJcmsContext() must be called to get more information about Member and Workspace.A DataController must be used to check Document during validation.
        Parameters:
        info - information about the uploaded file
        Returns:
        true if the file is accepted
        Since:
        jcms-5.7.0

      • checkHtml

        ControllerStatus checkHtml​(java.lang.String str,
                           java.lang.String field)
        This method is called to check if the given string does not contain forbidden HTML code
        Parameters:
        str - the String to be checked
        field - the name of the field which is checked
        Returns:
        a ControllerStatus
        Since:
        jcms-5.0.0
        See Also:
        JcmsUtil.checkHtml(String,String)

      • checkAccess

        java.lang.Boolean checkAccess​(Member member,
                              java.lang.String resource,
                              java.util.Map<java.lang.String,​java.lang.Object> context)
        This methods is invoked by the AccessControlManager every time a resource access right is checked.
        Parameters:
        member - the Member for which access right is verified
        resource - a resource URI using a path representation, eg "admin/dev/store-cleaner"
        context - an optional context map containing relevant information such as workspace or data
        Returns:
        null if you don't want to interfer with default behavior, true to grant authorization, false to deny authorization
        Since:
        jcms-7.0.0

      • getOrder

        int getOrder()
        Returns object orders value.
        Returns:
        int object orders value.