org.dspace.app.rest.security

Class RestObjectPermissionEvaluatorPlugin

java.lang.Object

org.dspace.app.rest.security.RestObjectPermissionEvaluatorPlugin

All Implemented Interfaces:

RestPermissionEvaluatorPlugin

Direct Known Subclasses:

AdminRestPermissionEvaluatorPlugin, AuthorizeServicePermissionEvaluatorPlugin, ClaimedTaskRestPermissionEvaluatorPlugin, EPersonRestPermissionEvaluatorPlugin, GroupRestPermissionEvaluatorPlugin, PoolTaskRestPermissionEvaluatorPlugin, WorkflowRestPermissionEvaluatorPlugin

public abstract class RestObjectPermissionEvaluatorPlugin
extends Object
implements RestPermissionEvaluatorPlugin

Abstract RestPermissionEvaluatorPlugin class that contains utility methods to evaluate permissions for a Rest Object.

Constructor Summary

Constructors

Constructor and Description
RestObjectPermissionEvaluatorPlugin()

Method Summary

Modifier and Type	Method and Description
abstract boolean	hasDSpacePermission(org.springframework.security.core.Authentication authentication, Serializable targetId, String targetType, DSpaceRestPermission restPermission) Plugins must implement this method to receive RestPermissionEvaluatorPlugin hasPermission requests.
boolean	hasPatchPermission(org.springframework.security.core.Authentication authentication, Serializable targetId, String targetType, Patch patch) Checks permissions for Patch requests.
boolean	hasPermission(org.springframework.security.core.Authentication authentication, Object targetDomainObject, Object permission) Utility implementation to make the implementation of Rest Object Permission evaluator plugins more easy.
boolean	hasPermission(org.springframework.security.core.Authentication authentication, Serializable targetId, String targetType, Object permission) Check in the authenticated user (provided by the Authentication object) has the specified permission on the target object with the provided identifier.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RestObjectPermissionEvaluatorPlugin

public RestObjectPermissionEvaluatorPlugin()

Method Detail

hasPermission

public boolean hasPermission(org.springframework.security.core.Authentication authentication,
                             Object targetDomainObject,
                             Object permission)

Utility implementation to make the implementation of Rest Object Permission evaluator plugins more easy.

Specified by:

hasPermission in interface RestPermissionEvaluatorPlugin

Parameters:

authentication - represents the user in question. Should not be null.

targetDomainObject - the domain object for which permissions should be checked. May be null in which case implementations should return false, as the null condition can be checked explicitly in the expression.

permission - a representation of the DSpace action as supplied by the expression system. This corresponds to the DSpace action. Not null.

Returns:

true if the permission is granted by one of the plugins, false otherwise

hasPermission

public boolean hasPermission(org.springframework.security.core.Authentication authentication,
                             Serializable targetId,
                             String targetType,
                             Object permission)

Description copied from interface: RestPermissionEvaluatorPlugin

Check in the authenticated user (provided by the Authentication object) has the specified permission on the target object with the provided identifier.

Specified by:

hasPermission in interface RestPermissionEvaluatorPlugin

Parameters:

authentication - Authentication object providing user details of the authenticated user

targetId - Unique identifier of the target object the user wants to view or manipulate

targetType - Type of the target object the users wants to view or manipulate

permission - Permission object that describes the action the user wants to perform on the target object

Returns:

true if the user is allowed to perform the action described by the permission. False otherwise.

hasPatchPermission

public boolean hasPatchPermission(org.springframework.security.core.Authentication authentication,
                                  Serializable targetId,
                                  String targetType,
                                  Patch patch)

Checks permissions for Patch requests. Override the default implementation in plugins that require this capability.

Parameters:

authentication - Authentication object providing user details of the authenticated user

targetId - Unique identifier of the target object the user wants to view or manipulate

targetType - Type of the target object the users wants to view or manipulate

patch - The Patch instance

Returns:

true if the user is allowed to perform the action described by the permission. False otherwise

hasDSpacePermission

public abstract boolean hasDSpacePermission(org.springframework.security.core.Authentication authentication,
                                            Serializable targetId,
                                            String targetType,
                                            DSpaceRestPermission restPermission)

Plugins must implement this method to receive RestPermissionEvaluatorPlugin hasPermission requests.

Parameters:

authentication - Authentication object providing user details of the authenticated user

targetId - Unique identifier of the target object the user wants to view or manipulate

targetType - Type of the target object the users wants to view or manipulate

restPermission - Permission object that describes the action the user wants to perform on the target object

Returns:

true if the user is allowed to perform the action described by the permission. False otherwise.