Hyperic HQ Plugin API v. 4.4.0.2

org.hyperic.hq.authz.shared
Class PermissionManager

java.lang.Object
  extended by org.hyperic.hq.authz.server.session.AuthzSession
      extended by org.hyperic.hq.authz.shared.PermissionManager
Direct Known Subclasses:
PermissionManagerImpl

public abstract class PermissionManager
extends AuthzSession


Nested Class Summary
static interface PermissionManager.RolePermNativeSQL
           
 
Field Summary
static java.lang.String OPERATION_PAGER
           
 
Fields inherited from class org.hyperic.hq.authz.server.session.AuthzSession
ctx, log
 
Constructor Summary
PermissionManager()
           
 
Method Summary
abstract  void check(java.lang.Integer subjectId, java.lang.Integer typeId, java.lang.Integer instanceId, java.lang.Integer operationId)
          Check permission.
abstract  void check(java.lang.Integer subject, ResourceType type, java.lang.Integer instanceId, java.lang.String operation)
          Check permission.
abstract  void check(java.lang.Integer subjectId, java.lang.String resType, java.lang.Integer instanceId, java.lang.String operation)
          Check permission.
abstract  java.util.List findOperationScopeBySubject(AuthzSubject subj, java.lang.Integer opId)
          Find the list of instance ids for which a given subject id has a given operation.
abstract  java.util.List findOperationScopeBySubject(AuthzSubject subj, java.lang.String opName, java.lang.String resType)
          Find the list of instance ids for which a given subject id has the named operation in one of their roles or owns a resource for which the operation is valid
abstract  Resource[] findOperationScopeBySubjectBatch(AuthzSubject whoami, ResourceValue[] resArr, java.lang.String[] opArr)
          Find the list of resources for which a given subject id can perform specified operation.
 int findResourceCount(AuthzSubject subj, java.lang.String resourceType, java.lang.String operation, java.util.Collection excludes)
           
abstract  java.util.Collection findServiceResources(AuthzSubject subj, java.lang.Boolean fsystem)
           
abstract  java.util.List findViewableResources(AuthzSubject subj, java.lang.String searchFor, PageControl pc)
          Search viewable resources of any type
abstract  java.util.List findViewableResources(AuthzSubject subj, java.lang.String resType, java.lang.String resName, java.lang.String appdefTypeStr, java.lang.Integer typeId, PageControl pc)
          Get viewable resources of a specific type
abstract  java.lang.String getAlertDefsHQL()
           
abstract  java.lang.String getAlertsHQL(boolean inEscalation, boolean notFixed, java.lang.Integer groupId, java.lang.Integer alertDefId, boolean count)
           
abstract  java.util.List getAllOperations(AuthzSubject subject, PageControl pc)
          Get all operations for a given subject
abstract  CloningBossInterface getCloningBoss()
          Return the CloningBoss implementation
protected  java.sql.Connection getConnection()
           
abstract  java.lang.String getGroupAlertDefsHQL()
           
abstract  java.lang.String getGroupAlertsHQL(boolean inEscalation, boolean notFixed, java.lang.Integer groupId, java.lang.Integer galertDefId)
           
abstract  java.util.Collection getGroupResources(java.lang.Integer subjectId, java.lang.Integer groupId, java.lang.Boolean fsystem)
           
abstract  HierarchicalAlertingManagerInterface getHierarchicalAlertingManager()
          Return the HierarchicalAlertingManager implementation
abstract  MaintenanceEventManagerInterface getMaintenanceEventManager()
          Return the MaintenanceEventManager implementation
abstract  java.lang.String getOperableGroupsHQL(AuthzSubject subject, java.lang.String alias, java.lang.String oper)
           
abstract  java.lang.String getResourceTypeSQL(java.lang.String instanceId, java.lang.Integer subjectId, java.lang.String resType, java.lang.String op)
           
abstract  PermissionManager.RolePermNativeSQL getRolePermissionNativeSQL(java.lang.String resourceVar, java.lang.String eventLogVar, java.lang.String subjectParam, java.lang.String opListViewResourcesParam, java.lang.String opListManageAlertsParam)
           
abstract  java.lang.String getSQLWhere(java.lang.Integer subjectId)
          Get a clause that you can append to an existing WHERE clause to make it authz-aware.
abstract  boolean hasAdminPermission(java.lang.Integer who)
          Check whether a user has permission to access the admin component.
abstract  boolean hasGuestRole()
          Check to see if user can see role dashboards
 EdgePermCheck makePermCheckHql(java.lang.String resourceVar, boolean includeDescendants)
          Creates an edge perm check with default names of the replacement variables and parameters.
abstract  EdgePermCheck makePermCheckHql(java.lang.String subjectParam, java.lang.String resourceVar, java.lang.String resourceParam, java.lang.String distanceParam, java.lang.String opsParam, boolean includeDescendants)
          Generates an object which aids in the creation of hierarchical, permission checking HQL.
 EdgePermCheck makePermCheckSql(java.lang.String resourceVar, boolean includeDescendants)
          Creates an edge perm check with default names of the replacement variables and parameters.
abstract  EdgePermCheck makePermCheckSql(java.lang.String subjectParam, java.lang.String resourceVar, java.lang.String resourceParam, java.lang.String distanceParam, java.lang.String opsParam, boolean includeDescendants)
          Generates an object which aids in the creation of hierarchical, permission checking SQL.
 
Methods inherited from class org.hyperic.hq.authz.server.session.AuthzSession
findPrototype, findSubjectByAuth, getContainmentRelation, getInitialContext, getNetworkRelation, getOperationDAO, getResourceDAO, getResourceGroupDAO, getResourceTypeDAO, getRoleDAO, getRootResourceType, getSessionContext, getSubjectDAO, getVirtualRelation, lookupSubject, setSessionContext, toPojos
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

OPERATION_PAGER

public static final java.lang.String OPERATION_PAGER
Constructor Detail

PermissionManager

public PermissionManager()
Method Detail

check

public abstract void check(java.lang.Integer subject,
                           ResourceType type,
                           java.lang.Integer instanceId,
                           java.lang.String operation)
                    throws PermissionException
Check permission.

Parameters:
subject - The subject.
type - The type of the resource.
instanceId - The consumer's ID for the resource in question.
operation - The operation (as a String) that the subject may want to perform.
Throws:
PermissionException - If subject is not authorized to perform the given operation on the resource of the given type whose id is instanceId.

check

public abstract void check(java.lang.Integer subjectId,
                           java.lang.Integer typeId,
                           java.lang.Integer instanceId,
                           java.lang.Integer operationId)
                    throws PermissionException
Check permission.

Parameters:
subjectId - ID of the subject.
typeId - ID of the type of the resource.
instanceId - The consumer's ID for the resource in question.
operationId - ID of the operation that the subject may want to perform.
Throws:
PermissionException - If subject is not authorized to perform the given operation on the resource of the given type whose id is instanceId.

check

public abstract void check(java.lang.Integer subjectId,
                           java.lang.String resType,
                           java.lang.Integer instanceId,
                           java.lang.String operation)
                    throws PermissionException
Check permission.

Parameters:
subjectId - ID of the subject.
typeId - ID of the type of the resource.
instanceId - The consumer's ID for the resource in question.
operationId - ID of the operation that the subject may want to perform.
Throws:
PermissionException - If subject is not authorized to perform the given operation on the resource of the given type whose id is instanceId.

hasAdminPermission

public abstract boolean hasAdminPermission(java.lang.Integer who)
Check whether a user has permission to access the admin component.

Returns:
true - if user has administerCAM operation false otherwise

hasGuestRole

public abstract boolean hasGuestRole()
Check to see if user can see role dashboards


findOperationScopeBySubject

public abstract java.util.List findOperationScopeBySubject(AuthzSubject subj,
                                                           java.lang.String opName,
                                                           java.lang.String resType)
                                                    throws javax.ejb.FinderException,
                                                           PermissionException
Find the list of instance ids for which a given subject id has the named operation in one of their roles or owns a resource for which the operation is valid

Returns:
List of integer instance ids
Throws:
javax.ejb.FinderException
PermissionException

findOperationScopeBySubject

public abstract java.util.List findOperationScopeBySubject(AuthzSubject subj,
                                                           java.lang.Integer opId)
                                                    throws javax.ejb.FinderException,
                                                           PermissionException
Find the list of instance ids for which a given subject id has a given operation.

Returns:
List of integer instance ids
Throws:
javax.ejb.FinderException
PermissionException

findOperationScopeBySubjectBatch

public abstract Resource[] findOperationScopeBySubjectBatch(AuthzSubject whoami,
                                                            ResourceValue[] resArr,
                                                            java.lang.String[] opArr)
                                                     throws javax.ejb.FinderException
Find the list of resources for which a given subject id can perform specified operation. This method operates on a batch of resources and their corresponding operations. Unlike, other findOperScopeBySubj methods, this one operates on any type of resource and thus the "resource and operation" tuple should be expressed by common index.

Parameters:
whoami - - subject
resArr - - batch of resources to verify
opArr - - corresponding batch of operations
Returns:
array of authz Resources
Throws:
javax.ejb.FinderException

findViewableResources

public abstract java.util.List findViewableResources(AuthzSubject subj,
                                                     java.lang.String resType,
                                                     java.lang.String resName,
                                                     java.lang.String appdefTypeStr,
                                                     java.lang.Integer typeId,
                                                     PageControl pc)
Get viewable resources of a specific type

Parameters:
resType - the authz resource type name
resName - if result should filter by resource name
appdefTypeStr - the Appdef type name, like 'platform', 'server', etc
typeId - the appdef type ID, e.g. the platform_type_id
Returns:
a list of Integers representing instance ids

findViewableResources

public abstract java.util.List findViewableResources(AuthzSubject subj,
                                                     java.lang.String searchFor,
                                                     PageControl pc)
Search viewable resources of any type

Returns:
a list of Integers representing instance ids

getSQLWhere

public abstract java.lang.String getSQLWhere(java.lang.Integer subjectId)
Get a clause that you can append to an existing WHERE clause to make it authz-aware. Note that your WHERE clause must include at least 1 condition, as the value returned from this method begins with 'AND'. Also, the alias of the EAM_RESOURCE table is assumed to be 'res'.

Returns:
a clause that can be appended to a WHERE clause to query against authz data.

getAllOperations

public abstract java.util.List getAllOperations(AuthzSubject subject,
                                                PageControl pc)
                                         throws PermissionException,
                                                javax.ejb.FinderException
Get all operations for a given subject

Returns:
a list of Integers representing instance ids
Throws:
PermissionException
javax.ejb.FinderException

getResourceTypeSQL

public abstract java.lang.String getResourceTypeSQL(java.lang.String instanceId,
                                                    java.lang.Integer subjectId,
                                                    java.lang.String resType,
                                                    java.lang.String op)

getOperableGroupsHQL

public abstract java.lang.String getOperableGroupsHQL(AuthzSubject subject,
                                                      java.lang.String alias,
                                                      java.lang.String oper)

getGroupResources

public abstract java.util.Collection getGroupResources(java.lang.Integer subjectId,
                                                       java.lang.Integer groupId,
                                                       java.lang.Boolean fsystem)

findServiceResources

public abstract java.util.Collection findServiceResources(AuthzSubject subj,
                                                          java.lang.Boolean fsystem)

getRolePermissionNativeSQL

public abstract PermissionManager.RolePermNativeSQL getRolePermissionNativeSQL(java.lang.String resourceVar,
                                                                               java.lang.String eventLogVar,
                                                                               java.lang.String subjectParam,
                                                                               java.lang.String opListViewResourcesParam,
                                                                               java.lang.String opListManageAlertsParam)

getAlertsHQL

public abstract java.lang.String getAlertsHQL(boolean inEscalation,
                                              boolean notFixed,
                                              java.lang.Integer groupId,
                                              java.lang.Integer alertDefId,
                                              boolean count)

getAlertDefsHQL

public abstract java.lang.String getAlertDefsHQL()

getGroupAlertsHQL

public abstract java.lang.String getGroupAlertsHQL(boolean inEscalation,
                                                   boolean notFixed,
                                                   java.lang.Integer groupId,
                                                   java.lang.Integer galertDefId)

getGroupAlertDefsHQL

public abstract java.lang.String getGroupAlertDefsHQL()

makePermCheckSql

public EdgePermCheck makePermCheckSql(java.lang.String resourceVar,
                                      boolean includeDescendants)
Creates an edge perm check with default names of the replacement variables and parameters. Used for a SQL query.

Parameters:
includeDescendants - - include the resource's descendants in the query

makePermCheckHql

public EdgePermCheck makePermCheckHql(java.lang.String resourceVar,
                                      boolean includeDescendants)
Creates an edge perm check with default names of the replacement variables and parameters. Used for a HQL query.

Parameters:
includeDescendants - - include the resource's descendants in the query

makePermCheckSql

public abstract EdgePermCheck makePermCheckSql(java.lang.String subjectParam,
                                               java.lang.String resourceVar,
                                               java.lang.String resourceParam,
                                               java.lang.String distanceParam,
                                               java.lang.String opsParam,
                                               boolean includeDescendants)
Generates an object which aids in the creation of hierarchical, permission checking SQL. This is the SQL version of makePermCheckHql This method spits out a piece of SQL, like: JOIN EAM_RESOURCE_EDGE edge ON edge.TO_ID = resId edge.FROM_ID = resId WHERE (resId = :resParam AND edge.distance >= :distParam AND resSubjId = :subjParam AND ... AND ...) Therefore, it must used between the select and last parts of the where clause, preceded by an 'and' The arguments ending with 'Param' are used to identify names of Query parameters which will later passed in. (e.g. query.setParameter("subject", s) The arguments ending in 'Var' are the SQL variable names used straight in the SQL text. (e.g. "select rez from Resource rez "... , you would specify the name of your resourceVar as 'rez')

Parameters:
includeDescendants - - include the resource's descendants in the query

makePermCheckHql

public abstract EdgePermCheck makePermCheckHql(java.lang.String subjectParam,
                                               java.lang.String resourceVar,
                                               java.lang.String resourceParam,
                                               java.lang.String distanceParam,
                                               java.lang.String opsParam,
                                               boolean includeDescendants)
Generates an object which aids in the creation of hierarchical, permission checking HQL. This method spits out a piece of HQL, like: join r.toEdges _e ... where _e.fromDistance >= :distance (could be '=' based on includeDescendants) and ... and ... Therefore, it must used between the select and last parts of the where clause, preceded by an 'and' The arguments ending with 'Param' are used to identify names of Query parameters which will later passed in. (e.g. query.setParameter("subject", s) The arguments ending in 'Var' are the SQL variable names used straight in the SQL text. (e.g. "select rez from Resource rez "... , you would specify the name of your resourceVar as 'rez')

Parameters:
includeDescendants - - include the resource's descendants in the query

getMaintenanceEventManager

public abstract MaintenanceEventManagerInterface getMaintenanceEventManager()
Return the MaintenanceEventManager implementation


getCloningBoss

public abstract CloningBossInterface getCloningBoss()
Return the CloningBoss implementation


getHierarchicalAlertingManager

public abstract HierarchicalAlertingManagerInterface getHierarchicalAlertingManager()
Return the HierarchicalAlertingManager implementation


findResourceCount

public int findResourceCount(AuthzSubject subj,
                             java.lang.String resourceType,
                             java.lang.String operation,
                             java.util.Collection excludes)
Parameters:
subj - AuthzSubject
platformResType - The resource_type associated with the EAM_RESOURCE and EAM_RESOURCE_TYPE tables. e.g. "covalentEAMPlatform" from AuthzConstants class.
operation - The associated operation from AuthzConstants. e.g. "viewPlatform"
excludes - Collection of Integers that represent the ResourceId of the protoTypes to exclude
Returns:
a count of viewable resources that the subj is able view

getConnection

protected java.sql.Connection getConnection()
                                     throws java.sql.SQLException
Throws:
java.sql.SQLException

Hyperic HQ Plugin API v. 4.4.0.2

Copyright © 2004-2006 Hyperic, Inc. support@hyperic.net, All Rights Reserved.