org.pentaho.platform.api.engine
Interface IAclVoter

All Known Implementing Classes:
AbstractPentahoAclVoter, PentahoAllowAllAclVoter, PentahoAllowAnonymousAclVoter, PentahoBasicAclVoter, PentahoUserOverridesVoter

public interface IAclVoter


Method Summary
 GrantedAuthority getAdminRole()
          Gets the role used to determine whether someone is the system-manager.
 IPentahoAclEntry getEffectiveAcl(IPentahoSession session, IAclHolder holder)
          This returns the effective ACL for the piece of content for the given user.
 AclEntry[] getEffectiveAcls(IPentahoSession session, IAclHolder holder)
          Returns an array of the authorities from the IAclHolder that apply to the provided authentication object.
 boolean hasAccess(IPentahoSession session, IAclHolder holder, int mask)
          Determines whether the user (auth) has the requested authority (mask) based on the list of effective authorities from the holder.
 boolean isGranted(IPentahoSession session, GrantedAuthority role)
          Returns true if the user is a member of the specified role
 boolean isPentahoAdministrator(IPentahoSession session)
          Determines whether the user is a super-manager of Pentaho.
 void setAdminRole(GrantedAuthority value)
          Sets the role used to determine whether someone is the system-manager.
 

Method Detail

hasAccess

boolean hasAccess(IPentahoSession session,
                  IAclHolder holder,
                  int mask)
Determines whether the user (auth) has the requested authority (mask) based on the list of effective authorities from the holder.

Parameters:
auth -
holder -
mask -
Returns:
true if the user has the requested access.

getEffectiveAcls

AclEntry[] getEffectiveAcls(IPentahoSession session,
                            IAclHolder holder)
Returns an array of the authorities from the IAclHolder that apply to the provided authentication object. mlowery In practice this method does not do the same thing as EffectiveAclsResolver.

Parameters:
auth -
holder -
Returns:
The array of authorities from the IAclHolder that apply to the person in question

isPentahoAdministrator

boolean isPentahoAdministrator(IPentahoSession session)
Determines whether the user is a super-manager of Pentaho. Uses the Manager Role.

Parameters:
session -
Returns:
true if the user is a super-manager

getAdminRole

GrantedAuthority getAdminRole()
Gets the role used to determine whether someone is the system-manager.

Returns:
GrantedAuthority of the role someone must be in to be the system manager.

setAdminRole

void setAdminRole(GrantedAuthority value)
Sets the role used to determine whether someone is the system-manager.

Parameters:
value - The GrantedAuthority which someone must be a considered a system manager

isGranted

boolean isGranted(IPentahoSession session,
                  GrantedAuthority role)
Returns true if the user is a member of the specified role

Parameters:
session -
role -
Returns:
true if the user is a member of the specified role

getEffectiveAcl

IPentahoAclEntry getEffectiveAcl(IPentahoSession session,
                                 IAclHolder holder)
This returns the effective ACL for the piece of content for the given user. Ideally, this will look at all the effective ACLs returned for this user for this piece of content, and return an ACL that encapsulates all the users' access to that content. The returning PentahoAclEntry will represent the ACL that the user has to the content. This method should NEVER return null. If the user has no access to the object, it needs to return a PentahoAclEntry with nothing (mask of 0).

Parameters:
session -
holder -
Returns:
PentahoAclEntry holding the access to the object.