Interface ObjectSecurityConstraints
- All Superinterfaces:
DebugDumpable
Extracted relevant security constraints related to given object.
Unlike
PrismEntityOpConstraints
, this one covers all operations (represented by action URLs).-
Field Summary
Fields inherited from interface com.evolveum.midpoint.util.DebugDumpable
INDENT_STRING
-
Method Summary
Modifier and TypeMethodDescriptiondefault AuthorizationDecisionType
computeItemDecision
(@NotNull ItemPath nameOnlyItemPath, @NotNull String[] actionUrls, @Nullable AuthorizationDecisionType defaultDecision, @Nullable AuthorizationPhaseType phase) @Nullable AuthorizationDecisionType
findAllItemsDecision
(@NotNull String[] actionUrls, @Nullable AuthorizationPhaseType phase) A variant offindAllItemsDecision(String, AuthorizationPhaseType)
that considers several equivalent action URLs, e.g.@Nullable AuthorizationDecisionType
findAllItemsDecision
(@NotNull String actionUrl, @Nullable AuthorizationPhaseType phase) Returns the explicit allow-deny decision (if present) that is common to all items in the object.@Nullable AuthorizationDecisionType
findItemDecision
(@NotNull ItemPath nameOnlyItemPath, @NotNull String[] actionUrls, @Nullable AuthorizationPhaseType phase) Returns the explicit allow-deny decision (if present) for the particular item and all its sub-items, relevant to the actions (considered equivalent) and phase(s).@Nullable AuthorizationDecisionType
findItemDecision
(@NotNull ItemPath nameOnlyItemPath, @NotNull String actionUrl, @Nullable AuthorizationPhaseType phase) Returns the explicit allow-deny decision (if present) for the particular item and all its sub-items, relevant to the action and phase(s).boolean
isEmpty()
Are there any constraints defined?Methods inherited from interface com.evolveum.midpoint.util.DebugDumpable
debugDump, debugDump, debugDumpLazily, debugDumpLazily
-
Method Details
-
isEmpty
boolean isEmpty()Are there any constraints defined? -
findAllItemsDecision
@Nullable @Nullable AuthorizationDecisionType findAllItemsDecision(@NotNull @NotNull String[] actionUrls, @Nullable @Nullable AuthorizationPhaseType phase) A variant offindAllItemsDecision(String, AuthorizationPhaseType)
that considers several equivalent action URLs, e.g. "read" and "get" actions. If any of them is denied, operation is denied. If any of them is allowed, operation is allowed. -
findAllItemsDecision
@Nullable @Nullable AuthorizationDecisionType findAllItemsDecision(@NotNull @NotNull String actionUrl, @Nullable @Nullable AuthorizationPhaseType phase) Returns the explicit allow-deny decision (if present) that is common to all items in the object. If there is no universally-applicable decision then null is returned. In that case there may still be fine-grained decisions for individual items. UsefindItemDecision(ItemPath, String, AuthorizationPhaseType)
to get them. -
findItemDecision
@Nullable @Nullable AuthorizationDecisionType findItemDecision(@NotNull @NotNull ItemPath nameOnlyItemPath, @NotNull @NotNull String[] actionUrls, @Nullable @Nullable AuthorizationPhaseType phase) Returns the explicit allow-deny decision (if present) for the particular item and all its sub-items, relevant to the actions (considered equivalent) and phase(s). A variant offindItemDecision(ItemPath, String, AuthorizationPhaseType)
. -
findItemDecision
@Nullable @Nullable AuthorizationDecisionType findItemDecision(@NotNull @NotNull ItemPath nameOnlyItemPath, @NotNull @NotNull String actionUrl, @Nullable @Nullable AuthorizationPhaseType phase) Returns the explicit allow-deny decision (if present) for the particular item and all its sub-items, relevant to the action and phase(s). See alsoItemSecurityConstraints.findItemDecision(ItemPath)
. -
computeItemDecision
@Contract("_, _, !null, _ -> !null") default AuthorizationDecisionType computeItemDecision(@NotNull @NotNull ItemPath nameOnlyItemPath, @NotNull @NotNull String[] actionUrls, @Nullable @Nullable AuthorizationDecisionType defaultDecision, @Nullable @Nullable AuthorizationPhaseType phase)
-