public class DynamoSecurityService
extends java.lang.Object
Constructor and Description |
---|
DynamoSecurityService() |
Modifier and Type | Method and Description |
---|---|
void |
checkPermission(java.lang.String ticket,
java.lang.String objectId,
int requestedPermit,
DynamoConfig dynamoConfig)
Permission check against the requested object for the requested permissions
level.
|
java.lang.String |
createLifeCycleACL(java.lang.String ticket,
java.lang.String aclName,
DynamoConfig dynamoConfig)
Create a new ACL in DynamoDB
|
java.lang.String |
determineLifeCycleAcl(java.lang.String ticket,
java.lang.String objectType,
java.lang.String state,
EnhancedCompleteObject eco)
Determine lifecycle acl
|
com.amazonaws.services.dynamodbv2.document.Item |
getAclItem(java.lang.String aclId,
DynamoConfig dynamoConfig)
Returns an acl item
|
java.util.List<java.util.Map<java.lang.String,com.amazonaws.services.dynamodbv2.model.AttributeValue>> |
getAclItems(DynamoConfig dynamoConfig)
Returns a list of all the acls
|
java.util.List<java.lang.String> |
getAclNames(java.lang.String ticket,
DynamoConfig dynamoConfig)
Return a list of ALL of the ACL names that exist in the repository
|
java.lang.String |
getObjectAclId(java.lang.String objectId,
DynamoConfig dynamoConfig)
Get the acl id of the given object
|
java.util.List<java.lang.String> |
getUserAcls(java.lang.String ticket,
int minPermit,
DynamoConfig dynamoConfig)
For the currently logged-in user, retrieve a list of the ids of all ACLs in
which the user has at least minimumPermission
|
int |
getUserPermission(java.lang.String ticket,
java.lang.String aclId,
java.lang.String userName,
DynamoConfig dynamoConfig)
Gets the permission level of the user for this specific ACL (which will be
the greater of the user's permit and the group_all permit) TODO: assumes
right now that the user only appears once in the ACL...
|
public void checkPermission(java.lang.String ticket, java.lang.String objectId, int requestedPermit, DynamoConfig dynamoConfig) throws OCForbiddenRuntimeException
{String}
- ticket{String}
- objectId{int}
- requestedPermitOCForbiddenRuntimeException
public java.lang.String getObjectAclId(java.lang.String objectId, DynamoConfig dynamoConfig)
{String}
- objectIdpublic int getUserPermission(java.lang.String ticket, java.lang.String aclId, java.lang.String userName, DynamoConfig dynamoConfig)
{String}
- ticket{String}
- aclId{String}
- userNameDynamoConstants
@Cacheable(value="dynamo-acl", key="#aclId", unless="#result == null") public com.amazonaws.services.dynamodbv2.document.Item getAclItem(java.lang.String aclId, DynamoConfig dynamoConfig)
{String}
- acl id{DynamoConfig}
- dynamoConfig@Cacheable(value="dynamo-acls", key="#root.methodName", unless="#result == null") public java.util.List<java.util.Map<java.lang.String,com.amazonaws.services.dynamodbv2.model.AttributeValue>> getAclItems(DynamoConfig dynamoConfig)
dynamoConfig
- public java.util.List<java.lang.String> getUserAcls(java.lang.String ticket, int minPermit, DynamoConfig dynamoConfig)
{String}
- ticket{int}
- minPermit - for example, 2 means the user must have at least
browse permission in the aclpublic java.util.List<java.lang.String> getAclNames(java.lang.String ticket, DynamoConfig dynamoConfig)
{String}
- ticketpublic java.lang.String createLifeCycleACL(java.lang.String ticket, java.lang.String aclName, DynamoConfig dynamoConfig)
{String}
- ticket an authentication ticket{String}
- aclName the name of the new ACLpublic java.lang.String determineLifeCycleAcl(java.lang.String ticket, java.lang.String objectType, java.lang.String state, EnhancedCompleteObject eco)
{String}
- ticket{String}
- object type{String}
- state{EnhancedCompleteObject}
- eco