Package com.qfs.security

Interface IBranchPermissionsManager

All Known Implementing Classes:
BranchPermissionsManager, CachedBranchPermissionsManager, ContentServiceBranchPermissionsManager
public interface IBranchPermissionsManager
A service which keeps track of branch permissions: owner and reader rights.

In the context of what-if scenarios, ActivePivot may be configured to only allow a subset of users to create branches, edit or simply read the content of the datastore on specific branches. This applies to ReST calls (for create-write-read permissions) and MDX queries (for read permissions).

Author:
ActiveViam

  • Method Details

    • canCreateBranch

      boolean canCreateBranch(Set<String> userNameAndRoles)
      Given their username and their roles, returns true if the current user can create a branch, false otherwise.
      Parameters:
      userNameAndRoles - the current user's set of roles/name
      Returns:
      true if the current user can create a branch, false otherwise

    • canEditBranch

      default boolean canEditBranch(Set<String> userNameAndRoles, String branchName)
      Given their username and their roles, returns true if the current user can edit the given branch, false otherwise.
      Parameters:
      userNameAndRoles - the current user's set of roles/name
      branchName - the branch the user wants to edit
      Returns:
      true if the current user can edit the branch, false otherwise

    • canReadBranch

      default boolean canReadBranch(Set<String> userNameAndRoles, String branchName)
      Given their username and their roles, returns true if the current user can read the given branch, false otherwise. A user with write access has, by default, read access as well.
      Parameters:
      userNameAndRoles - the current user's set of roles/name
      branchName - the branch the user wants to read
      Returns:
      true if the current user can read the branch, false otherwise

    • hasAccess

      static boolean hasAccess(Set<String> userNameAndRoles, Set<String> authorizedUsers)
      Helper method to be used when checking user permissions outside of the canEditBranch(Set, String), canDeleteBranch(Set, String) and canReadBranch(Set, String) methods. It takes care of the possible edge cases with special constants (see IBranchPermissions.ALL_USERS_ALLOWED).
      Parameters:
      userNameAndRoles - the given user's set of roles/name
      authorizedUsers - the roles/names which are allowed for the permission we wish to check
      Returns:
      true if the user complies with the user restrictions described with the authorizations, false otherwise

    • canDeleteBranch

      default boolean canDeleteBranch(Set<String> userNameAndRoles, String branchName)
      Given their username and their roles, returns true if the current user can delete the given branch, false otherwise.
      Parameters:
      userNameAndRoles - the current user's set of roles/name
      branchName - the branch the user wants to delete
      Returns:
      true if the current user can delete the branch, false otherwise

    • removeBranchPermissions

      void removeBranchPermissions(String branchName)
      Removes the branch's permissions from the service. The default permissions for this manager will become the new permissions of this branch.
      Parameters:
      branchName - the name of the branch which will be removed

    • getBranchPermissions

      IBranchPermissions getBranchPermissions(String branchName)
      Gets the permissions of a specific branch.
      Parameters:
      branchName - the name of the branch of which we want to know the permissions
      Returns:
      the permissions for this branch

    • getOwnedBranches

      Set<String> getOwnedBranches(Set<String> userRoles)
      Gets the set of branches (registered in this service) that the user with the given roles own.
      Parameters:
      userRoles - the given user's authorized roles
      Returns:
      the set of branches (registered in this service) that the user with the given roles owns

    • getReadableBranches

      Set<String> getReadableBranches(Set<String> userRoles)
      Gets the set of branches (registered in this service) that the given roles can read.
      Parameters:
      userRoles - the given user's authorized roles
      Returns:
      the set of branches (registered in this service) that the given user can read

    • setBranchPermissions

      void setBranchPermissions(String branchName, IBranchPermissions permissions)
      Sets the permissions of a specific branch.
      Parameters:
      branchName - the name of the branch of which we want to edit the permissions
      permissions - the updated permissions for this branch

    • registerBranchPermissionsListener

      void registerBranchPermissionsListener(IBranchPermissionsListener branchPermissionsListener)
      Registers a listener for the permissions of a set of branches.
      Parameters:
      branchPermissionsListener - the listener which should be registered

    • unregisterBranchPermissionsListener

      void unregisterBranchPermissionsListener(IBranchPermissionsListener branchPermissionsListener)
      Unregisters a listener for the permissions of a set of branches.
      Parameters:
      branchPermissionsListener - the listener which should be unregistered