com.zphinx.spine.security
Class SpinePermission

java.lang.Object
  extended by java.security.Permission
      extended by java.security.BasicPermission
          extended by com.zphinx.spine.security.SpinePermission
All Implemented Interfaces:
Serializable, Cloneable, Guard
Direct Known Subclasses:
MemberPermission

public class SpinePermission
extends BasicPermission
implements Cloneable

SpinePermission declares a set of rules for a Spine managed object.

It possesses unix like ACL attributes i.e the permission can be read write or execute. It also defines access control on the premise of a "belongs to" relationship.

Since a principal can belong to one of three primary roles i.e

In this manner, A group login is a superuser who allows its listed administrators to manipulate information usually belonging to or relating to users registered with that group.

An administrator can administer several groups of registered users, as defined by the groupNames registered to it. A user can belong to several groups, there by making it possible for several administrators to amend data belonging to that user. The group superuser can administer adminstrators registered to it, but can only edit data relating or belonging to a user in it's primary group and sub groups.

Developers using this object can call its checkGuard(Object) and getPermit(String) methods to find out if a Member has access to an object or they can query the permission for read write or execute permissions.

Version:
$1.0

Copyright ©Zphinx Software Solutions

Author:
David Ladapo
See Also:
Serialized Form

Field Summary
static int PERMISSION_ADMINISTRATOR
          An int representing the Administrator
static int PERMISSION_GROUP
          An int representing the Groups
static int PERMISSION_PUBLIC_USER
          An int representing an ordinary user
static int PERMISSION_USER
          An int representing the User
 
Constructor Summary
SpinePermission(String name)
          Defualt Constructor - Accepts a string name argument used to identify this permission
SpinePermission(String name, PermissionLevel pLevel, List<StringAttributeBean> adminNames, List<StringAttributeBean> groupNames)
          A constructor which is used to preset the name,permissionLevel,admin names, and group names of this permission.
SpinePermission(String name, SpinePermission permission)
          A constructor which uses the properties of the input permission as it's default properties.
SpinePermission(String name, String action, String id)
          Constructor which assigns the names, action and id of this permission.
 
Method Summary
 void checkGuard(Object obj)
          Checks if the specified member permission object can access this resource, this will throw a SecurityException if a SpinePermission is queried.
 Object clone()
          Performs a deep clone of this object.Safely replicates all object attributes without imposing lose references.
 String getActions()
           
 List<StringAttributeBean> getAdminNames()
          Get The ArrayList of StringAttributeBeans containing the names and Ids of Administrators of this member
 boolean getExecuteFlag(SpinePermission permission)
          Gets the executeFlag for this SpinePermission
 List<StringAttributeBean> getGroupNames()
          Get The ArrayList of StringAttributeBeans containing the names and Ids of Groups of this member
 String getIdTag()
          Get the new idTag of this SpinePermission.
 String getOwnerObjectType()
          Gets the full class name of the object which owns this permission
 PermissionLevel getPermissionLevel()
          Gets the permissionLevel of this object
 boolean getPermit(String permitId)
          Calculate if the member whose id is given as the permitId has possible access to this resource
 boolean getReadFlag(SpinePermission permission)
          Gets the readFlag for this SpinePermission
 boolean getWriteFlag(SpinePermission permission)
          Gets the writeFlag of this SpinePermission with respect to the principal making the call.
 void setAdminNames(List<StringAttributeBean> adminNames)
          Sets the list of administrator StringAttributeBeans in this permission
 void setGroupNames(List<StringAttributeBean> groupNames)
          Sets the ArrayList of group StringAttributeBeans in this permission
 void setIdTag(String idTag)
          Set the idTag of this SpinePermission.
 void setOwnerObjectType(String ownerObjectType)
          Sets the full class name of the object which owns this permission
 void setPermissionLevel(PermissionLevel permissionLevel)
          Sets the permissionLevel of this object,this method must not be called directly if we need to check the callers ability to modify permissionLevel
 void setPermissionLevel(PermissionLevel permissionLevel, SpinePermission permission)
          Checks the user can modify the permissionLevel before modification
 
Methods inherited from class java.security.BasicPermission
equals, hashCode, implies, newPermissionCollection
 
Methods inherited from class java.security.Permission
getName, toString
 
Methods inherited from class java.lang.Object
finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

PERMISSION_ADMINISTRATOR

public static final int PERMISSION_ADMINISTRATOR
An int representing the Administrator

See Also:
Constant Field Values

PERMISSION_USER

public static final int PERMISSION_USER
An int representing the User

See Also:
Constant Field Values

PERMISSION_GROUP

public static final int PERMISSION_GROUP
An int representing the Groups

See Also:
Constant Field Values

PERMISSION_PUBLIC_USER

public static final int PERMISSION_PUBLIC_USER
An int representing an ordinary user

See Also:
Constant Field Values
Constructor Detail

SpinePermission

public SpinePermission(String name)
Defualt Constructor - Accepts a string name argument used to identify this permission

Parameters:
name - The identifier of this object

SpinePermission

public SpinePermission(String name,
                       SpinePermission permission)
A constructor which uses the properties of the input permission as it's default properties.

Parameters:
name - A string used to identify this permission
permission - A permission from which this permission inherits it's properties

SpinePermission

public SpinePermission(String name,
                       PermissionLevel pLevel,
                       List<StringAttributeBean> adminNames,
                       List<StringAttributeBean> groupNames)
A constructor which is used to preset the name,permissionLevel,admin names, and group names of this permission.

Parameters:
name - A string used to identify this permission
pLevel - The permission level to assign to the newly create permission
adminNames - The names|ids of the administrators of the owner of this permission
groupNames - The names|ids of the groups of the owner of this permission

SpinePermission

public SpinePermission(String name,
                       String action,
                       String id)
Constructor which assigns the names, action and id of this permission. The action parameter is currently unused.

Parameters:
name - A string used to identify this permission
action - Currently passed to the suoer class unused
id - The idTag to assign to this permission
Method Detail

getPermit

public boolean getPermit(String permitId)
Calculate if the member whose id is given as the permitId has possible access to this resource

Parameters:
permitId - An id used to check if this administrator or group has access to the permissions owner object
Returns:
true if we have permission to perform this activity

setAdminNames

public void setAdminNames(List<StringAttributeBean> adminNames)
Sets the list of administrator StringAttributeBeans in this permission

Parameters:
adminNames - The StringAttributeBeans ArrayList of Administrators

getAdminNames

public List<StringAttributeBean> getAdminNames()
Get The ArrayList of StringAttributeBeans containing the names and Ids of Administrators of this member

Returns:
ArrayList The StringAttributeBeans ArrayList of Administrators

setGroupNames

public void setGroupNames(List<StringAttributeBean> groupNames)
Sets the ArrayList of group StringAttributeBeans in this permission

Parameters:
groupNames - The StringAttributeBeans ArrayList of Groups

getGroupNames

public List<StringAttributeBean> getGroupNames()
Get The ArrayList of StringAttributeBeans containing the names and Ids of Groups of this member

Returns:
ArrayList The StringAttributeBeans ArrayList of Groups.

getReadFlag

public boolean getReadFlag(SpinePermission permission)
Gets the readFlag for this SpinePermission

Parameters:
permission - The permission of the principal making this request
Returns:
boolean The new readFlag of this SpinePermission.

getWriteFlag

public boolean getWriteFlag(SpinePermission permission)
Gets the writeFlag of this SpinePermission with respect to the principal making the call.

Parameters:
permission - The permission of the principal making this request
Returns:
boolean The writeFlag of this SpinePermission.

getExecuteFlag

public boolean getExecuteFlag(SpinePermission permission)
Gets the executeFlag for this SpinePermission

Parameters:
permission - The permission of the principal making this request
Returns:
boolean The new executeFlag of this SpinePermission.

getIdTag

public String getIdTag()
Get the new idTag of this SpinePermission.

Returns:
A String representing the idTag of this permission

setIdTag

public void setIdTag(String idTag)
Set the idTag of this SpinePermission.

Parameters:
idTag - The idTag of this SpinePermission.

getActions

public String getActions()
Overrides:
getActions in class BasicPermission

getPermissionLevel

public PermissionLevel getPermissionLevel()
Gets the permissionLevel of this object

Returns:
Returns the permissionLevel.

setPermissionLevel

public void setPermissionLevel(PermissionLevel permissionLevel,
                               SpinePermission permission)
Checks the user can modify the permissionLevel before modification

Parameters:
permissionLevel - The permissionLevel to set.

setPermissionLevel

public void setPermissionLevel(PermissionLevel permissionLevel)
Sets the permissionLevel of this object,this method must not be called directly if we need to check the callers ability to modify permissionLevel

Parameters:
permissionLevel - The permissionLevel to set.

checkGuard

public void checkGuard(Object obj)
                throws SecurityException
Checks if the specified member permission object can access this resource, this will throw a SecurityException if a SpinePermission is queried.

Specified by:
checkGuard in interface Guard
Overrides:
checkGuard in class Permission
Parameters:
obj - The object which we check against
Throws:
SecurityException

clone

public Object clone()
             throws CloneNotSupportedException
Performs a deep clone of this object.Safely replicates all object attributes without imposing lose references.

Overrides:
clone in class Object
Returns:
A SpinePermission object
Throws:
CloneNotSupportedException

getOwnerObjectType

public String getOwnerObjectType()
Gets the full class name of the object which owns this permission

Returns:
the ownerObjectType

setOwnerObjectType

public void setOwnerObjectType(String ownerObjectType)
Sets the full class name of the object which owns this permission

Parameters:
ownerObjectType - the ownerObjectType to set