Package ch.ivyteam.ivy.security

Interface ISecurityDescriptor

  • public interface ISecurityDescriptor
    A Security Descriptor is used to decide if a session has a permission to do something. A Security Descriptor typically is associated to an object, like a web application or the ivyGrid Server. Therefore a session can do something on an object if the session has the permission on the object's security descriptor. The security descriptor can be modified by session who has the right to do that. Modifications are grant or deny a permission to a user or role.
    Since:
    17.05.2006
    API:
    This is a public API.

    • Method Detail

      • hasPermission

        boolean hasPermission​(ISession session,
                      IPermission permission)
        Checks if the session has a certain permission
        Parameters:
        session - the session to check
        permission - the permission to check
        Returns:
        true if sesion has permission, otherwise false
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • getPermissions

        List<IPermission> getPermissions()
        Gets the permissions that can be granted and denied on this security descriptor
        Returns:
        list with the permissions
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS SecurityDescriptorReadAllPermissions PERMISSION OR OWNS SecurityDescriptorReadAllPermissions@SYSTEM PERMISSION

      • getOwner

        IUser getOwner()
        Gets the owner of the object, this security descriptor belongs to
        Returns:
        owner of the object
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS SecurityDescriptorReadOwner PERMISSION OR OWNS SecurityDescriptorReadOwner@SYSTEM PERMISSION

      • getSecurityDescriptorType

        ISecurityDescriptorType getSecurityDescriptorType()
        Gets the security descriptor type
        Returns:
        security descriptor type
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS SecurityDescriptorReadSecurityDescriptorType PERMISSION OR OWNS SecurityDescriptorReadSecurityDescriptorType@SYSTEM PERMISSION

      • getAccessControlsForPermission

        List<IAccessControl> getAccessControlsForPermission​(IPermission permission)
        Gets the access control entries for a certain permission
        Parameters:
        permission - The permission whichs access control entries should be return
        Returns:
        list with AccessControls for a permission
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS SecurityDescriptorReadAccessControl PERMISSION OR OWNS SecurityDescriptorReadAccessControl@SYSTEM PERMISSION

      • grantPermission

        void grantPermission​(IPermission permission,
                     ISecurityMember member)
        Grants a permission to a security member
        Parameters:
        permission - the permission to grant
        member - the security member to which the permission should be granted
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • ungrantPermission

        void ungrantPermission​(IPermission permission,
                       ISecurityMember member)
        Ungrants a permission from a security member
        Parameters:
        permission - the permission to ungrant
        member - the security memberr from which the permission should be ungranted
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS SecurityDescriptorUngrantPermission PERMISSION OR OWNS SecurityDescriptorUngrantPermission@SYSTEM PERMISSION

      • denyPermission

        void denyPermission​(IPermission permission,
                    ISecurityMember member)
        Denies a permission to a security member
        Parameters:
        permission - the permission to deny
        member - the security member to which the permission should be denied
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS SecurityDescriptorDenyPermission PERMISSION OR OWNS SecurityDescriptorDenyPermission@SYSTEM PERMISSION

      • undenyPermission

        void undenyPermission​(IPermission permission,
                      ISecurityMember member)
        Undeny a permission from a security member
        Parameters:
        permission - the permission to undeny
        member - the security memberr from which the permission should be undenied
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS SecurityDescriptorUndenyPermission PERMISSION OR OWNS SecurityDescriptorUndenyPermission@SYSTEM PERMISSION

      • grantPermissions

        void grantPermissions​(IPermissionGroup permissionGroup,
                      ISecurityMember member)
        Grants all permissions of a permission group to a security member
        Parameters:
        permissionGroup - the permission group to grant all permissions of
        member - the security member to which the permission should be granted
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • ungrantPermissions

        void ungrantPermissions​(IPermissionGroup permissionGroup,
                        ISecurityMember member)
        Ungrants a all permissions of a permission group from a security member
        Parameters:
        permissionGroup - the permission group to ungrant all permissions of
        member - the security memberr from which the permission should be ungranted
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS SecurityDescriptorUngrantPermission PERMISSION OR OWNS SecurityDescriptorUngrantPermission@SYSTEM PERMISSION

      • denyPermissions

        void denyPermissions​(IPermissionGroup permissionGroup,
                     ISecurityMember member)
        Denies a all permissions of a permission group to a security member
        Parameters:
        permissionGroup - the permission group to deny all permissions of
        member - the security member to which the permission should be denied
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS SecurityDescriptorDenyPermission PERMISSION OR OWNS SecurityDescriptorDenyPermission@SYSTEM PERMISSION

      • undenyPermissions

        void undenyPermissions​(IPermissionGroup permissionGroup,
                       ISecurityMember member)
        Undeny a all permissions of a permission group from a security member
        Parameters:
        permissionGroup - the permission group to undeny all permissions of
        member - the security memberr from which the permission should be undenied
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS SecurityDescriptorUndenyPermission PERMISSION OR OWNS SecurityDescriptorUndenyPermission@SYSTEM PERMISSION

      • getPermissionAccess

        IPermissionAccess getPermissionAccess​(IPermission permission,
                                      ISecurityMember member)
        Gets the permission access of a security member
        Parameters:
        permission - the permission which permission access should be return
        member - the security member which permission access should be returned
        Returns:
        permisssion access
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS SecurityDescriptorReadPermissionAccess PERMISSION OR OWNS SecurityDescriptorReadPermissionAccess@SYSTEM PERMISSION

      • getPermissionAccesses

        List<IPermissionAccess> getPermissionAccesses​(ISecurityMember member)
        Gets all permission accesses of all permissions for a security member
        Parameters:
        member - the security member which permission accesses should be returned
        Returns:
        list with the permission accesses
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS SecurityDescriptorReadAllPermissionAccess PERMISSION OR OWNS SecurityDescriptorReadAllPermissionAccess@SYSTEM PERMISSION

      • getPermissionGroupAccess

        IPermissionGroupAccess getPermissionGroupAccess​(IPermissionGroup permissionGroup,
                                                ISecurityMember member)
        Gets the permission group access of a security member (all permissions of the group, including all sub groups are checked).
        Parameters:
        permissionGroup - The permission group whose permission access should be determined
        member - The security member for which the access should be determined
        Returns:
        permisssion access group
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • checkPermission

        void checkPermission​(ISession currentSession,
                     IPermission permission)
        Checks if the session has a certain permission
        Parameters:
        currentSession - the session to check
        permission - the permission to check
        Throws:
        ch.ivyteam.ivy.security.PermissionDeniedException - if session does not own permission
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • getId

        long getId()
        Gets the identifier of the security descriptor
        Returns:
        identifier
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.