com.semarchy.mdm.runtime.model.security
Interface ILogicalModelSecurityProvider


public interface ILogicalModelSecurityProvider

Allows to check the actual privileges granted for a given model and user.

Author:
sebastien.arod@semarchy.com

Field Summary
static String SEMARCHY_ADMIN_ROLE
           
 
Method Summary
 AttributeAuthorization getAttributeAuthorization(IAttribute attribute)
          Deprecated. use LogicalModelAuthorizations.getAttributeAuthorization(IAttribute)
 List<IHumanTask> getClaimableTask(List<IHumanTask> tasks)
          Return the list of tasks filtered to contain only tasks for which isTaskActionAuthorized(IHumanTask) returns true.
 EntityAuthorization getEntityAuthorization(IEntity entity)
          Deprecated. use LogicalModelAuthorizations.getEntityAuthorization(IEntity)
 LogicalModelAuthorizations getLogicalModelAuthorizations()
          Return the LogicalModelAuthorizations relative to current user
 IModel getModel()
          Deprecated.  
 Set<String> getRoleNames()
          Deprecated. use LogicalModelAuthorizations.getRoleNames()
<WT extends IHumanWorkflow>
List<WT>
getStartableWorkflows(List<WT> workflows)
          Return the list of workflows filtered to contain only workflows for which isStartAuthorized(IHumanWorkflow) returns true.
 String getUsername()
          authenticated user name
 boolean isApplicationAuthorized(String applicationName)
          Deprecated. use IApplication.isAccessAuthorized(LogicalModelAuthorizations) instead
 boolean isCertificationQueueAuthorized(String applicationName)
          Returns whether current user is authorized to access given application's certification queue feature, or not.
 boolean isCheckoutAuthorized(IEntity entity)
          Return whether current user is authorized to checkout records related to the provided IEntity, or not.
 boolean isCreateAuthorized(IEntity entity)
          Return true if creation of record for IEntity pEntity is allowed.
 boolean isDashboardAuthorized(String applicationName)
          Returns whether current user is authorized to access given application's dashboard feature, or not.
 boolean isDataAdmin()
          Deprecated. use LogicalModelAuthorizations.isDataAdmin()
 boolean isDupsManagementAuthorized(IEntity entity)
          Returns true if user is authorized to manage/modify duplicates for a given entity.
 boolean isEntitiesListAuthorized(String applicationName)
          Returns whether current user is authorized to access given application's entities list feature, or not.
 boolean isErrorsNavigationAuthorized(String applicationName)
           
 boolean isExportAuthorized(IEntity entity)
          Return true if export of data from IEntity pEntity is allowed.
 boolean isLineageAuthorized(String applicationName)
          Returns whether current user is authorized to access given application's lineage feature, or not.
 boolean isModelAuthorized()
          Returns whether current user is authorized to access underlying IModel, or not.
 boolean isReadAuthorized(IAttribute attribute)
          Return true if attribute is partially or fully readable.
 boolean isReadAuthorized(IEntity entity)
          Return true if isReadAuthorized(IAttribute) returns true for at least one (not IPKAttribute) of the IEntity.getAttributes().
 boolean isRemoveAuthorized(IEntity entity)
          Return true if removal of record for IEntity pEntity is allowed.
 boolean isStartAuthorized(IHumanWorkflow workflow)
          Deprecated. use IHumanWorkflow.isStartable(LogicalModelAuthorizations)
 boolean isTaskActionAuthorized(IHumanTask task)
          Indicates whether user is authorized to act on the IHumanTask (claim / unclaim / complete).
 boolean isWorkflowAdmin(IHumanWorkflow workflow)
          Deprecated. use IHumanWorkflow.isAdministrator(LogicalModelAuthorizations)
 boolean isWriteAuthorized(IAttribute attribute)
          Return true if write is authorized for attribute.
 boolean isWriteAuthorized(IEntity entity)
          Return true if isWriteAuthorized(IAttribute) returns true for at least one (not IPKAttribute) of the IEntity.getAttributes().
 

Field Detail

SEMARCHY_ADMIN_ROLE

static final String SEMARCHY_ADMIN_ROLE
See Also:
Constant Field Values
Method Detail

getLogicalModelAuthorizations

LogicalModelAuthorizations getLogicalModelAuthorizations()
Return the LogicalModelAuthorizations relative to current user

Returns:

getModel

IModel getModel()
Deprecated. 

The Model for which the Security provider has been built

Returns:

getUsername

String getUsername()
authenticated user name

Returns:

getRoleNames

Set<String> getRoleNames()
Deprecated. use LogicalModelAuthorizations.getRoleNames()

Return the list of role names for current user. Caller should generally rely on more specific methods to check privileges.

Returns:

isDataAdmin

boolean isDataAdmin()
Deprecated. use LogicalModelAuthorizations.isDataAdmin()

Return true if has a data admin role for current model.

Returns:

isReadAuthorized

boolean isReadAuthorized(IEntity entity)
Return true if isReadAuthorized(IAttribute) returns true for at least one (not IPKAttribute) of the IEntity.getAttributes().

Parameters:
entity -
Returns:

isWriteAuthorized

boolean isWriteAuthorized(IEntity entity)
Return true if isWriteAuthorized(IAttribute) returns true for at least one (not IPKAttribute) of the IEntity.getAttributes().

Parameters:
entity -
Returns:

isModelAuthorized

boolean isModelAuthorized()
Returns whether current user is authorized to access underlying IModel, or not.

A user is authorized to access a model if an only if at least one IEntity of the underlying model is readable by that user.

Returns:
true if the model is authorized, false otherwise
See Also:
isReadAuthorized(IEntity)

isApplicationAuthorized

boolean isApplicationAuthorized(String applicationName)
Deprecated. use IApplication.isAccessAuthorized(LogicalModelAuthorizations) instead

Returns whether current user is authorized to access given application, or not.

Parameters:
applicationName - the name of the application
Returns:
true if current user can access the application, false otherwise

isLineageAuthorized

boolean isLineageAuthorized(String applicationName)
Returns whether current user is authorized to access given application's lineage feature, or not.

Parameters:
applicationName - the name of the application
Returns:
true if current user can access the lineage, false otherwise

isCertificationQueueAuthorized

boolean isCertificationQueueAuthorized(String applicationName)
Returns whether current user is authorized to access given application's certification queue feature, or not.

Parameters:
applicationName - the name of the application
Returns:
true if current user can access the certification queue, false otherwise

isEntitiesListAuthorized

boolean isEntitiesListAuthorized(String applicationName)
Returns whether current user is authorized to access given application's entities list feature, or not.

Parameters:
applicationName - the name of the application
Returns:
true if current user can access the entities list, false otherwise

isDashboardAuthorized

boolean isDashboardAuthorized(String applicationName)
Returns whether current user is authorized to access given application's dashboard feature, or not.

Parameters:
applicationName - the name of the application
Returns:
true if current user can access the dashboard, false otherwise

isExportAuthorized

boolean isExportAuthorized(IEntity entity)
Return true if export of data from IEntity pEntity is allowed. The implementation will first check that the IEntity is readable isReadAuthorized(IEntity) and that the user have been granted the Export privilege for this IEntity in design time.

Parameters:
entity -
Returns:

isCreateAuthorized

boolean isCreateAuthorized(IEntity entity)
Return true if creation of record for IEntity pEntity is allowed. The implementation will first check that the IEntity is writable isWriteAuthorized(IEntity) and that the user have been granted the Create privilege for this IEntity in design time.

Parameters:
entity -
Returns:

isCheckoutAuthorized

boolean isCheckoutAuthorized(IEntity entity)
Return whether current user is authorized to checkout records related to the provided IEntity, or not.

Parameters:
entity - the type of records
Returns:
true if checkout is authorized, false otherwise

isRemoveAuthorized

boolean isRemoveAuthorized(IEntity entity)
Return true if removal of record for IEntity pEntity is allowed. The implementation will first check that the IEntity is writable isWriteAuthorized(IEntity) and that the user have been granted the Remove privilege for this IEntity in design time.

Parameters:
entity -
Returns:

getEntityAuthorization

EntityAuthorization getEntityAuthorization(IEntity entity)
Deprecated. use LogicalModelAuthorizations.getEntityAuthorization(IEntity)

Parameters:
entity -
Returns:

getAttributeAuthorization

AttributeAuthorization getAttributeAuthorization(IAttribute attribute)
Deprecated. use LogicalModelAuthorizations.getAttributeAuthorization(IAttribute)

Parameters:
attribute -
Returns:

isReadAuthorized

boolean isReadAuthorized(IAttribute attribute)
Return true if attribute is partially or fully readable. This is strictly equivalent to: getAttributeAuthorization(pAttribute).getReadAuuthorizedScope() != RowScope#NO_ROWS

Parameters:
attribute -
Returns:
Throws:
IllegalArgumentException - if IAttribute is not IEntityAttribute or IComplexAtomicAttribute

isWorkflowAdmin

boolean isWorkflowAdmin(IHumanWorkflow workflow)
Deprecated. use IHumanWorkflow.isAdministrator(LogicalModelAuthorizations)

Return true if user has the IHumanWorkflow.getAdminRoleName() role name or if isDataAdmin();

Returns:

isTaskActionAuthorized

boolean isTaskActionAuthorized(IHumanTask task)
Indicates whether user is authorized to act on the IHumanTask (claim / unclaim / complete). User can act on task if he is workflow admin of workflow to which the task belongs isWorkflowAdmin(IHumanWorkflow) or user has the IHumanTask.getAssignedToRoleName() role. This only checks that user has the authorization to do things on the designed IHumanTask. See IActivityTask for methods to check the status of the IActivityTask.

Parameters:
task -
Returns:
true if user can act false otherwise
See Also:
IActivityTask.isClaimable(ILogicalModelSecurityProvider), IActivityTask.isCompletable(ILogicalModelSecurityProvider), IActivityTask.isTaskDataModifiable(ILogicalModelSecurityProvider), IActivityTask.isUnclaimable(ILogicalModelSecurityProvider)

isStartAuthorized

boolean isStartAuthorized(IHumanWorkflow workflow)
Deprecated. use IHumanWorkflow.isStartable(LogicalModelAuthorizations)

Indicates whether user is authorized to start the pWorkflow User is authorized to start the workflow if isWorkflowAdmin(IHumanWorkflow) returns true or if user has been granted the role IHumanWorkflow.getInitiatorRoleName().s

Parameters:
workflow -
Returns:
true if user can start the workflow false otherwise

getStartableWorkflows

<WT extends IHumanWorkflow> List<WT> getStartableWorkflows(List<WT> workflows)
Return the list of workflows filtered to contain only workflows for which isStartAuthorized(IHumanWorkflow) returns true.

Parameters:
workflows -

getClaimableTask

List<IHumanTask> getClaimableTask(List<IHumanTask> tasks)
Return the list of tasks filtered to contain only tasks for which isTaskActionAuthorized(IHumanTask) returns true.

Parameters:
tasks -

isWriteAuthorized

boolean isWriteAuthorized(IAttribute attribute)
Return true if write is authorized for attribute. Attribute has to be either IEntityAttribute or IComplexAtomicAttribute

Parameters:
pAttribute -
Returns:
Throws:
IllegalArgumentException - if IAttribute is not IEntityAttribute or IComplexAtomicAttribute

isDupsManagementAuthorized

boolean isDupsManagementAuthorized(IEntity entity)
Returns true if user is authorized to manage/modify duplicates for a given entity.

Parameters:
entity -
Returns:

isErrorsNavigationAuthorized

boolean isErrorsNavigationAuthorized(String applicationName)


Copyright © 2015. All Rights Reserved.