org.apereo.portal.security.provider

Class AnyUnblockedGrantPermissionPolicy

java.lang.Object

org.apereo.portal.security.provider.AnyUnblockedGrantPermissionPolicy

All Implemented Interfaces:

org.apereo.portal.security.IPermissionPolicy

@Service(value="anyUnblockedGrantPermissionPolicy")
public class AnyUnblockedGrantPermissionPolicy
extends java.lang.Object
implements org.apereo.portal.security.IPermissionPolicy

If there exists a GRANT explicitly for the Principal for the Activity under consideration, this permission policy will GRANT permission.

If there exists a GRANT for a group containing the Principal for the Activity under consideration, and there is a path up the groups tree from the Principal to that GRANTed group that is not interrupted by a Deny for an intervening group in the tree, then this permission policy will GRANT permission.

Otherwise, this permission policy will DENY permission.

Examples: Principal (GRANT) -- Small group -- Bigger group -- Huge group Results in GRANT because the Principal has an explicit permission.

Principal -- Small group -- Bigger group (GRANT) -- Huge group Results in GRANT because there is an unblocked path to a containing group with GRANT.

Principal -- Small group (DENY) -- Bigger group (GRANT) -- Huge group Results in DENY because there is no unblocked path to a grant -- the "Bigger group"'s GRANT does not apply because of the intervening DENY.

Principal -- Small group (DENY) -- Bigger group -- Huge group Principal -- Some other group -- Bigger other group (GRANT) -- Huge group Results in GRANT because there is an unblocked path to a GRANT.

Field Summary

Fields

Modifier and Type	Field and Description
protected org.slf4j.Logger	log

Constructor Summary

Constructors

Constructor and Description
AnyUnblockedGrantPermissionPolicy()

Method Summary

Modifier and Type	Method and Description
boolean	doesPrincipalHavePermission(org.apereo.portal.security.IAuthorizationService service, org.apereo.portal.security.IAuthorizationPrincipal principal, org.apereo.portal.permission.IPermissionOwner owner, org.apereo.portal.permission.IPermissionActivity activity, org.apereo.portal.permission.target.IPermissionTarget target)
protected org.apereo.portal.utils.cache.CacheKey	getCacheKey(org.apereo.portal.security.IAuthorizationPrincipal principal, org.apereo.portal.permission.IPermissionOwner owner, org.apereo.portal.permission.IPermissionActivity activity, org.apereo.portal.permission.target.IPermissionTarget target)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

protected final org.slf4j.Logger log

Constructor Detail

AnyUnblockedGrantPermissionPolicy

public AnyUnblockedGrantPermissionPolicy()

Method Detail

doesPrincipalHavePermission

public boolean doesPrincipalHavePermission(org.apereo.portal.security.IAuthorizationService service,
                                           org.apereo.portal.security.IAuthorizationPrincipal principal,
                                           org.apereo.portal.permission.IPermissionOwner owner,
                                           org.apereo.portal.permission.IPermissionActivity activity,
                                           org.apereo.portal.permission.target.IPermissionTarget target)
                                    throws org.apereo.portal.AuthorizationException

Specified by:

doesPrincipalHavePermission in interface org.apereo.portal.security.IPermissionPolicy

Throws:

org.apereo.portal.AuthorizationException

getCacheKey

protected org.apereo.portal.utils.cache.CacheKey getCacheKey(org.apereo.portal.security.IAuthorizationPrincipal principal,
                                                             org.apereo.portal.permission.IPermissionOwner owner,
                                                             org.apereo.portal.permission.IPermissionActivity activity,
                                                             org.apereo.portal.permission.target.IPermissionTarget target)