Hyperic HQ Plugin API v. 4.4.0.2

org.hyperic.hq.authz.shared
Class PermissionManagerImpl

java.lang.Object
  extended by org.hyperic.hq.authz.server.session.AuthzSession
      extended by org.hyperic.hq.authz.shared.PermissionManager
          extended by org.hyperic.hq.authz.shared.PermissionManagerImpl

public class PermissionManagerImpl
extends PermissionManager


Nested Class Summary
 
Nested classes/interfaces inherited from class org.hyperic.hq.authz.shared.PermissionManager
PermissionManager.RolePermNativeSQL
 
Field Summary
 
Fields inherited from class org.hyperic.hq.authz.shared.PermissionManager
OPERATION_PAGER
 
Fields inherited from class org.hyperic.hq.authz.server.session.AuthzSession
ctx, log
 
Constructor Summary
PermissionManagerImpl()
           
 
Method Summary
 void check(java.lang.Integer subjectId, java.lang.Integer typeId, java.lang.Integer instanceId, java.lang.Integer operationId)
          Check permission.
 void check(java.lang.Integer subject, ResourceType type, java.lang.Integer instanceId, java.lang.String operation)
          Check permission.
 void check(java.lang.Integer subjectId, java.lang.String resType, java.lang.Integer instanceId, java.lang.String operation)
          Check permission.
 java.util.List findOperationScopeBySubject(AuthzSubject subj, java.lang.Integer opId)
          Find the list of instance ids for which a given subject id has a given operation.
 java.util.List findOperationScopeBySubject(AuthzSubject subj, java.lang.String opName, java.lang.String resType)
          Find the list of instance ids for which a given subject id has the named operation in one of their roles or owns a resource for which the operation is valid
 Resource[] findOperationScopeBySubjectBatch(AuthzSubject whoami, ResourceValue[] resArr, java.lang.String[] opArr)
          Find the list of resources for which a given subject id can perform specified operation.
 java.util.Collection findServiceResources(AuthzSubject subj, java.lang.Boolean fsystem)
           
 java.util.List findViewableResources(AuthzSubject subj, java.lang.String searchFor, PageControl pc)
          Search viewable resources of any type
 java.util.List findViewableResources(AuthzSubject subj, java.lang.String resType, java.lang.String resName, java.lang.String appdefTypeStr, java.lang.Integer typeId, PageControl pc)
          Get viewable resources of a specific type
 java.lang.String getAlertDefsHQL()
           
 java.lang.String getAlertsHQL(boolean inEscalation, boolean notFixed, java.lang.Integer groupId, java.lang.Integer alertDefId, boolean count)
           
 java.util.List getAllOperations(AuthzSubject subject, PageControl pc)
          Get all operations for a given subject
 CloningBossInterface getCloningBoss()
          Return the CloningBoss implementation
 java.lang.String getGroupAlertDefsHQL()
           
 java.lang.String getGroupAlertsHQL(boolean inEscalation, boolean notFixed, java.lang.Integer groupId, java.lang.Integer galertDefId)
           
 java.util.Collection getGroupResources(java.lang.Integer subjectId, java.lang.Integer groupId, java.lang.Boolean fsystem)
           
 HierarchicalAlertingManagerInterface getHierarchicalAlertingManager()
          Return the HierarchicalAlertingManager implementation
 MaintenanceEventManagerInterface getMaintenanceEventManager()
          Return the MaintenanceEventManager implementation
 java.lang.String getOperableGroupsHQL(AuthzSubject subject, java.lang.String alias, java.lang.String oper)
           
 java.lang.String getResourceTypeSQL(java.lang.String instanceId, java.lang.Integer subjectId, java.lang.String resType, java.lang.String op)
           
 PermissionManager.RolePermNativeSQL getRolePermissionNativeSQL(java.lang.String resourceVar, java.lang.String eventLogVar, java.lang.String subjectParam, java.lang.String opListViewResourcesParam, java.lang.String opListManageAlertsParam)
           
 java.lang.String getSQLWhere(java.lang.Integer subjectId)
          Get a clause that you can append to an existing WHERE clause to make it authz-aware.
 boolean hasAdminPermission(java.lang.Integer who)
          Check whether a user has permission to access the admin component.
 boolean hasGuestRole()
          Check to see if user can see role dashboards
 EdgePermCheck makePermCheckHql(java.lang.String subjectParam, java.lang.String resourceVar, java.lang.String resourceParam, java.lang.String distanceParam, java.lang.String opsParam, boolean includeDescendants)
          Generates an object which aids in the creation of hierarchical, permission checking HQL.
 EdgePermCheck makePermCheckSql(java.lang.String subjectParam, java.lang.String resVar, java.lang.String resParam, java.lang.String distanceParam, java.lang.String opsParam, boolean includeDescendants)
          Generates an object which aids in the creation of hierarchical, permission checking SQL.
 
Methods inherited from class org.hyperic.hq.authz.shared.PermissionManager
findResourceCount, getConnection, makePermCheckHql, makePermCheckSql
 
Methods inherited from class org.hyperic.hq.authz.server.session.AuthzSession
findPrototype, findSubjectByAuth, getContainmentRelation, getInitialContext, getNetworkRelation, getOperationDAO, getResourceDAO, getResourceGroupDAO, getResourceTypeDAO, getRoleDAO, getRootResourceType, getSessionContext, getSubjectDAO, getVirtualRelation, lookupSubject, setSessionContext, toPojos
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PermissionManagerImpl

public PermissionManagerImpl()
Method Detail

check

public void check(java.lang.Integer subject,
                  ResourceType type,
                  java.lang.Integer instanceId,
                  java.lang.String operation)
           throws PermissionException
Description copied from class: PermissionManager
Check permission.

Specified by:
check in class PermissionManager
Parameters:
subject - The subject.
type - The type of the resource.
instanceId - The consumer's ID for the resource in question.
operation - The operation (as a String) that the subject may want to perform.
Throws:
PermissionException - If subject is not authorized to perform the given operation on the resource of the given type whose id is instanceId.

check

public void check(java.lang.Integer subjectId,
                  java.lang.Integer typeId,
                  java.lang.Integer instanceId,
                  java.lang.Integer operationId)
           throws PermissionException
Description copied from class: PermissionManager
Check permission.

Specified by:
check in class PermissionManager
Parameters:
subjectId - ID of the subject.
typeId - ID of the type of the resource.
instanceId - The consumer's ID for the resource in question.
operationId - ID of the operation that the subject may want to perform.
Throws:
PermissionException - If subject is not authorized to perform the given operation on the resource of the given type whose id is instanceId.

check

public void check(java.lang.Integer subjectId,
                  java.lang.String resType,
                  java.lang.Integer instanceId,
                  java.lang.String operation)
           throws PermissionException
Description copied from class: PermissionManager
Check permission.

Specified by:
check in class PermissionManager
Parameters:
subjectId - ID of the subject.
instanceId - The consumer's ID for the resource in question.
Throws:
PermissionException - If subject is not authorized to perform the given operation on the resource of the given type whose id is instanceId.

hasAdminPermission

public boolean hasAdminPermission(java.lang.Integer who)
Description copied from class: PermissionManager
Check whether a user has permission to access the admin component.

Specified by:
hasAdminPermission in class PermissionManager
Returns:
true - if user has administerCAM operation false otherwise

findOperationScopeBySubject

public java.util.List findOperationScopeBySubject(AuthzSubject subj,
                                                  java.lang.String opName,
                                                  java.lang.String resType)
                                           throws javax.ejb.FinderException,
                                                  PermissionException
Description copied from class: PermissionManager
Find the list of instance ids for which a given subject id has the named operation in one of their roles or owns a resource for which the operation is valid

Specified by:
findOperationScopeBySubject in class PermissionManager
Returns:
List of integer instance ids
Throws:
javax.ejb.FinderException
PermissionException

findOperationScopeBySubject

public java.util.List findOperationScopeBySubject(AuthzSubject subj,
                                                  java.lang.Integer opId)
                                           throws javax.ejb.FinderException,
                                                  PermissionException
Description copied from class: PermissionManager
Find the list of instance ids for which a given subject id has a given operation.

Specified by:
findOperationScopeBySubject in class PermissionManager
Returns:
List of integer instance ids
Throws:
javax.ejb.FinderException
PermissionException

findOperationScopeBySubjectBatch

public Resource[] findOperationScopeBySubjectBatch(AuthzSubject whoami,
                                                   ResourceValue[] resArr,
                                                   java.lang.String[] opArr)
                                            throws javax.ejb.FinderException
Description copied from class: PermissionManager
Find the list of resources for which a given subject id can perform specified operation. This method operates on a batch of resources and their corresponding operations. Unlike, other findOperScopeBySubj methods, this one operates on any type of resource and thus the "resource and operation" tuple should be expressed by common index.

Specified by:
findOperationScopeBySubjectBatch in class PermissionManager
Parameters:
whoami - - subject
resArr - - batch of resources to verify
opArr - - corresponding batch of operations
Returns:
array of authz Resources
Throws:
javax.ejb.FinderException

findViewableResources

public java.util.List findViewableResources(AuthzSubject subj,
                                            java.lang.String resType,
                                            java.lang.String resName,
                                            java.lang.String appdefTypeStr,
                                            java.lang.Integer typeId,
                                            PageControl pc)
Description copied from class: PermissionManager
Get viewable resources of a specific type

Specified by:
findViewableResources in class PermissionManager
resType - the authz resource type name
resName - if result should filter by resource name
appdefTypeStr - the Appdef type name, like 'platform', 'server', etc
typeId - the appdef type ID, e.g. the platform_type_id
Returns:
a list of Integers representing instance ids

findViewableResources

public java.util.List findViewableResources(AuthzSubject subj,
                                            java.lang.String searchFor,
                                            PageControl pc)
Description copied from class: PermissionManager
Search viewable resources of any type

Specified by:
findViewableResources in class PermissionManager
Returns:
a list of Integers representing instance ids

getResourceTypeSQL

public java.lang.String getResourceTypeSQL(java.lang.String instanceId,
                                           java.lang.Integer subjectId,
                                           java.lang.String resType,
                                           java.lang.String op)
Specified by:
getResourceTypeSQL in class PermissionManager

getAllOperations

public java.util.List getAllOperations(AuthzSubject subject,
                                       PageControl pc)
                                throws PermissionException,
                                       javax.ejb.FinderException
Description copied from class: PermissionManager
Get all operations for a given subject

Specified by:
getAllOperations in class PermissionManager
Returns:
a list of Integers representing instance ids
Throws:
PermissionException
javax.ejb.FinderException

getGroupResources

public java.util.Collection getGroupResources(java.lang.Integer subjectId,
                                              java.lang.Integer groupId,
                                              java.lang.Boolean fsystem)
Specified by:
getGroupResources in class PermissionManager

findServiceResources

public java.util.Collection findServiceResources(AuthzSubject subj,
                                                 java.lang.Boolean fsystem)
Specified by:
findServiceResources in class PermissionManager

getRolePermissionNativeSQL

public PermissionManager.RolePermNativeSQL getRolePermissionNativeSQL(java.lang.String resourceVar,
                                                                      java.lang.String eventLogVar,
                                                                      java.lang.String subjectParam,
                                                                      java.lang.String opListViewResourcesParam,
                                                                      java.lang.String opListManageAlertsParam)
Specified by:
getRolePermissionNativeSQL in class PermissionManager

getAlertsHQL

public java.lang.String getAlertsHQL(boolean inEscalation,
                                     boolean notFixed,
                                     java.lang.Integer groupId,
                                     java.lang.Integer alertDefId,
                                     boolean count)
Specified by:
getAlertsHQL in class PermissionManager

getAlertDefsHQL

public java.lang.String getAlertDefsHQL()
Specified by:
getAlertDefsHQL in class PermissionManager

getGroupAlertsHQL

public java.lang.String getGroupAlertsHQL(boolean inEscalation,
                                          boolean notFixed,
                                          java.lang.Integer groupId,
                                          java.lang.Integer galertDefId)
Specified by:
getGroupAlertsHQL in class PermissionManager

getGroupAlertDefsHQL

public java.lang.String getGroupAlertDefsHQL()
Specified by:
getGroupAlertDefsHQL in class PermissionManager

hasGuestRole

public boolean hasGuestRole()
Description copied from class: PermissionManager
Check to see if user can see role dashboards

Specified by:
hasGuestRole in class PermissionManager

makePermCheckSql

public EdgePermCheck makePermCheckSql(java.lang.String subjectParam,
                                      java.lang.String resVar,
                                      java.lang.String resParam,
                                      java.lang.String distanceParam,
                                      java.lang.String opsParam,
                                      boolean includeDescendants)
Description copied from class: PermissionManager
Generates an object which aids in the creation of hierarchical, permission checking SQL. This is the SQL version of makePermCheckHql This method spits out a piece of SQL, like: JOIN EAM_RESOURCE_EDGE edge ON edge.TO_ID = resId edge.FROM_ID = resId WHERE (resId = :resParam AND edge.distance >= :distParam AND resSubjId = :subjParam AND ... AND ...) Therefore, it must used between the select and last parts of the where clause, preceded by an 'and' The arguments ending with 'Param' are used to identify names of Query parameters which will later passed in. (e.g. query.setParameter("subject", s) The arguments ending in 'Var' are the SQL variable names used straight in the SQL text. (e.g. "select rez from Resource rez "... , you would specify the name of your resourceVar as 'rez')

Specified by:
makePermCheckSql in class PermissionManager
includeDescendants - - include the resource's descendants in the query

makePermCheckHql

public EdgePermCheck makePermCheckHql(java.lang.String subjectParam,
                                      java.lang.String resourceVar,
                                      java.lang.String resourceParam,
                                      java.lang.String distanceParam,
                                      java.lang.String opsParam,
                                      boolean includeDescendants)
Description copied from class: PermissionManager
Generates an object which aids in the creation of hierarchical, permission checking HQL. This method spits out a piece of HQL, like: join r.toEdges _e ... where _e.fromDistance >= :distance (could be '=' based on includeDescendants) and ... and ... Therefore, it must used between the select and last parts of the where clause, preceded by an 'and' The arguments ending with 'Param' are used to identify names of Query parameters which will later passed in. (e.g. query.setParameter("subject", s) The arguments ending in 'Var' are the SQL variable names used straight in the SQL text. (e.g. "select rez from Resource rez "... , you would specify the name of your resourceVar as 'rez')

Specified by:
makePermCheckHql in class PermissionManager
includeDescendants - - include the resource's descendants in the query

getOperableGroupsHQL

public java.lang.String getOperableGroupsHQL(AuthzSubject subject,
                                             java.lang.String alias,
                                             java.lang.String oper)
Specified by:
getOperableGroupsHQL in class PermissionManager

getSQLWhere

public java.lang.String getSQLWhere(java.lang.Integer subjectId)
Description copied from class: PermissionManager
Get a clause that you can append to an existing WHERE clause to make it authz-aware. Note that your WHERE clause must include at least 1 condition, as the value returned from this method begins with 'AND'. Also, the alias of the EAM_RESOURCE table is assumed to be 'res'.

Specified by:
getSQLWhere in class PermissionManager
Returns:
a clause that can be appended to a WHERE clause to query against authz data.

getMaintenanceEventManager

public MaintenanceEventManagerInterface getMaintenanceEventManager()
Description copied from class: PermissionManager
Return the MaintenanceEventManager implementation

Specified by:
getMaintenanceEventManager in class PermissionManager

getCloningBoss

public CloningBossInterface getCloningBoss()
Description copied from class: PermissionManager
Return the CloningBoss implementation

Specified by:
getCloningBoss in class PermissionManager

getHierarchicalAlertingManager

public HierarchicalAlertingManagerInterface getHierarchicalAlertingManager()
Description copied from class: PermissionManager
Return the HierarchicalAlertingManager implementation

Specified by:
getHierarchicalAlertingManager in class PermissionManager

Hyperic HQ Plugin API v. 4.4.0.2

Copyright © 2004-2006 Hyperic, Inc. support@hyperic.net, All Rights Reserved.