Package org.opencms.security
Class CmsRoleManager
- java.lang.Object
-
- org.opencms.security.CmsRoleManager
-
public class CmsRoleManager extends java.lang.Object
This manager provide access to the role related operations.- Since:
- 6.5.6
-
-
Constructor Summary
Constructors Constructor Description CmsRoleManager(CmsSecurityManager securityManager)
Default constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addUserToRole(CmsObject cms, CmsRole role, java.lang.String username)
Adds a user to the given role.void
checkRole(CmsObject cms, CmsRole role)
Checks if the user of this OpenCms context is a member of the given role for the given organizational unit.void
checkRoleForResource(CmsObject cms, CmsRole role, java.lang.String resourceName)
Checks if the user of this OpenCms context is a member of the given role for the given resource.java.util.List<CmsGroup>
getManageableGroups(CmsObject cms, java.lang.String ouFqn, boolean includeSubOus)
Returns all groups of organizational units for which the current user has theCmsRole.ACCOUNT_MANAGER
role.java.util.List<CmsOrganizationalUnit>
getManageableOrgUnits(CmsObject cms, java.lang.String ouFqn, boolean includeSubOus, boolean includeWebusers)
Returns a list of those organizational units whose members can be managed by the current user.java.util.List<CmsResource>
getManageableResources(CmsObject cms, CmsRole role)
Returns all resources of organizational units for which the current user has the given role role.java.util.List<CmsUser>
getManageableUsers(CmsObject cms, java.lang.String ouFqn, boolean includeSubOus)
Returns all users of organizational units for which the current user has theCmsRole.ACCOUNT_MANAGER
role.java.util.List<CmsUser>
getManageableUsers(CmsObject cms, java.lang.String ouFqn, boolean includeSubOus, boolean includeWebusers)
Returns all users of organizational units for which the current user has theCmsRole.ACCOUNT_MANAGER
role.java.util.List<CmsOrganizationalUnit>
getOrgUnitsForRole(CmsObject cms, CmsRole role, boolean includeSubOus)
Returns all the organizational units for which the current user has the given role.java.util.Set<CmsGroup>
getRoleGroups(CmsObject cms, CmsRole role, boolean directUsersOnly)
Returns the groups which constitute a given role, i.e.java.util.List<CmsRole>
getRoles(CmsObject cms, java.lang.String ouFqn, boolean includeSubOus)
Returns all roles, in the given organizational unit.java.util.List<CmsRole>
getRolesForResource(CmsObject cms, java.lang.String userFqn, java.lang.String resourceName)
Returns all roles the given user has over the given resource.java.util.List<CmsRole>
getRolesForResource(CmsObject cms, CmsUser user, CmsResource resource)
Returns all roles the given user has over the given resource.java.util.List<CmsRole>
getRolesOfUser(CmsObject cms, java.lang.String username, java.lang.String ouFqn, boolean includeChildOus, boolean directRolesOnly, boolean recursive)
Returns all roles the given user belongs to, in the given organizational unit.java.util.List<CmsUser>
getUsersOfRole(CmsObject cms, CmsRole role, boolean includeOtherOuUsers, boolean directUsersOnly)
Returns all direct users of a given role, in the given organizational unit.boolean
hasRole(CmsObject cms, java.lang.String userName, CmsRole role)
Checks if the given user has the given role in the given organizational unit.boolean
hasRole(CmsObject cms, CmsRole role)
Checks if the given context user has the given role in the given organizational unit.boolean
hasRoleForResource(CmsObject cms, java.lang.String userName, CmsRole role, java.lang.String resourceName)
Checks if the given context user has the given role for the given resource.boolean
hasRoleForResource(CmsObject cms, CmsRole role, java.lang.String resourceName)
Checks if the given context user has the given role for the given resource.boolean
hasRoleForResource(CmsObject cms, CmsRole role, CmsResource resource)
Checks if the given context user has the given role for the given resource.void
removeUserFromRole(CmsObject cms, CmsRole role, java.lang.String username)
Removes a user from a role, in the given organizational unit.
-
-
-
Constructor Detail
-
CmsRoleManager
public CmsRoleManager(CmsSecurityManager securityManager)
Default constructor.- Parameters:
securityManager
- the security manager
-
-
Method Detail
-
addUserToRole
public void addUserToRole(CmsObject cms, CmsRole role, java.lang.String username) throws CmsException
Adds a user to the given role.- Parameters:
cms
- the opencms contextrole
- the roleusername
- the name of the user that is to be added to the role- Throws:
CmsException
- if something goes wrong
-
checkRole
public void checkRole(CmsObject cms, CmsRole role) throws CmsRoleViolationException
Checks if the user of this OpenCms context is a member of the given role for the given organizational unit.The user must have the given role in at least one parent organizational unit.
- Parameters:
cms
- the opencms contextrole
- the role to check- Throws:
CmsRoleViolationException
- if the user does not have the required role permissions
-
checkRoleForResource
public void checkRoleForResource(CmsObject cms, CmsRole role, java.lang.String resourceName) throws CmsException, CmsRoleViolationException
Checks if the user of this OpenCms context is a member of the given role for the given resource.The user must have the given role in at least one organizational unit to which this resource belongs.
- Parameters:
cms
- the opencms contextrole
- the role to checkresourceName
- the name of the resource to check the role for- Throws:
CmsRoleViolationException
- if the user does not have the required role permissionsCmsException
- if something goes wrong, while reading the resource
-
getManageableGroups
public java.util.List<CmsGroup> getManageableGroups(CmsObject cms, java.lang.String ouFqn, boolean includeSubOus) throws CmsException
Returns all groups of organizational units for which the current user has theCmsRole.ACCOUNT_MANAGER
role.- Parameters:
cms
- the current cms contextouFqn
- the fully qualified name of the organizational unitincludeSubOus
- if sub organizational units should be included in the search- Returns:
- a list of
CmsGroup
objects - Throws:
CmsException
- if something goes wrong
-
getManageableOrgUnits
public java.util.List<CmsOrganizationalUnit> getManageableOrgUnits(CmsObject cms, java.lang.String ouFqn, boolean includeSubOus, boolean includeWebusers) throws CmsException
Returns a list of those organizational units whose members can be managed by the current user.- Parameters:
cms
- the current CMS contextouFqn
- the fully qualified name of the organizational unitincludeSubOus
- if sub organizational units should be included in the searchincludeWebusers
- if webuser organizational units should be included in the search- Returns:
- a list of organizational units
- Throws:
CmsException
- if something goes wrong
-
getManageableResources
public java.util.List<CmsResource> getManageableResources(CmsObject cms, CmsRole role) throws CmsException
Returns all resources of organizational units for which the current user has the given role role.- Parameters:
cms
- the current cms contextrole
- the role to check- Returns:
- a list of
CmsResource
objects - Throws:
CmsException
- if something goes wrong
-
getManageableUsers
public java.util.List<CmsUser> getManageableUsers(CmsObject cms, java.lang.String ouFqn, boolean includeSubOus) throws CmsException
Returns all users of organizational units for which the current user has theCmsRole.ACCOUNT_MANAGER
role.- Parameters:
cms
- the current cms contextouFqn
- the fully qualified name of the organizational unitincludeSubOus
- if sub organizational units should be included in the search- Returns:
- a list of
CmsUser
objects - Throws:
CmsException
- if something goes wrong
-
getManageableUsers
public java.util.List<CmsUser> getManageableUsers(CmsObject cms, java.lang.String ouFqn, boolean includeSubOus, boolean includeWebusers) throws CmsException
Returns all users of organizational units for which the current user has theCmsRole.ACCOUNT_MANAGER
role.- Parameters:
cms
- the current cms contextouFqn
- the fully qualified name of the organizational unitincludeSubOus
- if sub organizational units should be included in the searchincludeWebusers
- if webuser organizational units should be included in the search- Returns:
- a list of
CmsUser
objects - Throws:
CmsException
- if something goes wrong
-
getOrgUnitsForRole
public java.util.List<CmsOrganizationalUnit> getOrgUnitsForRole(CmsObject cms, CmsRole role, boolean includeSubOus) throws CmsException
Returns all the organizational units for which the current user has the given role.- Parameters:
cms
- the current cms contextrole
- the role to checkincludeSubOus
- if sub organizational units should be included in the search- Returns:
- a list of
CmsOrganizationalUnit
objects - Throws:
CmsException
- if something goes wrong
-
getRoleGroups
public java.util.Set<CmsGroup> getRoleGroups(CmsObject cms, CmsRole role, boolean directUsersOnly) throws CmsException
Returns the groups which constitute a given role, i.e. the set of groups such that a member of any of them has the given role.- Parameters:
cms
- the CMS contextrole
- the roledirectUsersOnly
- if true, only the role's direct group will be returned- Returns:
- the groups constituting the given role
- Throws:
CmsException
- if something goes wrong
-
getRoles
public java.util.List<CmsRole> getRoles(CmsObject cms, java.lang.String ouFqn, boolean includeSubOus) throws CmsException
Returns all roles, in the given organizational unit.- Parameters:
cms
- the opencms contextouFqn
- the fully qualified name of the organizational unit of the roleincludeSubOus
- include roles of child organizational units- Returns:
- a list of all
objectsCmsRole
- Throws:
CmsException
- if operation was not successful
-
getRolesForResource
public java.util.List<CmsRole> getRolesForResource(CmsObject cms, CmsUser user, CmsResource resource) throws CmsException
Returns all roles the given user has over the given resource.- Parameters:
cms
- the current cms contextuser
- the userresource
- the resource- Returns:
- a list of
CmsRole
objects - Throws:
CmsException
- if something goes wrong
-
getRolesForResource
public java.util.List<CmsRole> getRolesForResource(CmsObject cms, java.lang.String userFqn, java.lang.String resourceName) throws CmsException
Returns all roles the given user has over the given resource.- Parameters:
cms
- the current cms contextuserFqn
- the user name to checkresourceName
- the resource name- Returns:
- a list of
CmsRole
objects - Throws:
CmsException
- if something goes wrong
-
getRolesOfUser
public java.util.List<CmsRole> getRolesOfUser(CmsObject cms, java.lang.String username, java.lang.String ouFqn, boolean includeChildOus, boolean directRolesOnly, boolean recursive) throws CmsException
Returns all roles the given user belongs to, in the given organizational unit.- Parameters:
cms
- the opencms contextusername
- the name of the user to get all roles forouFqn
- the fully qualified name of the organizational unit to restrict the search toincludeChildOus
- include roles of child organizational unitsdirectRolesOnly
- if set only the direct assigned roles will be returned, if not also indirect rolesrecursive
- if this is set, also roles of higher organizational unit are considered- Returns:
- a list of
objectsCmsRole
- Throws:
CmsException
- if operation was not successful
-
getUsersOfRole
public java.util.List<CmsUser> getUsersOfRole(CmsObject cms, CmsRole role, boolean includeOtherOuUsers, boolean directUsersOnly) throws CmsException
Returns all direct users of a given role, in the given organizational unit.Users that are "indirectly" in the role are not returned in the result.
- Parameters:
cms
- the opencms contextrole
- the role to get all users forincludeOtherOuUsers
- include users of other organizational unitsdirectUsersOnly
- if set only the direct assigned users will be returned, if not also indirect users, ie. members of child groups- Returns:
- all
objects in the groupCmsUser
- Throws:
CmsException
- if operation was not successful
-
hasRole
public boolean hasRole(CmsObject cms, CmsRole role)
Checks if the given context user has the given role in the given organizational unit.- Parameters:
cms
- the opencms contextrole
- the role to check- Returns:
true
if the given context user has the given role in the given organizational unit
-
hasRole
public boolean hasRole(CmsObject cms, java.lang.String userName, CmsRole role)
Checks if the given user has the given role in the given organizational unit.- Parameters:
cms
- the opencms contextuserName
- the name of the user to check the role forrole
- the role to check- Returns:
true
if the given user has the given role in the given organizational unit
-
hasRoleForResource
public boolean hasRoleForResource(CmsObject cms, CmsRole role, CmsResource resource)
Checks if the given context user has the given role for the given resource.- Parameters:
cms
- the opencms contextrole
- the role to checkresource
- the resource to check- Returns:
true
if the given context user has the given role for the given resource
-
hasRoleForResource
public boolean hasRoleForResource(CmsObject cms, CmsRole role, java.lang.String resourceName)
Checks if the given context user has the given role for the given resource.- Parameters:
cms
- the opencms contextrole
- the role to checkresourceName
- the name of the resource to check- Returns:
true
if the given context user has the given role for the given resource
-
hasRoleForResource
public boolean hasRoleForResource(CmsObject cms, java.lang.String userName, CmsRole role, java.lang.String resourceName)
Checks if the given context user has the given role for the given resource.- Parameters:
cms
- the opencms contextuserName
- the name of the user to check the role forrole
- the role to checkresourceName
- the name of the resource to check- Returns:
true
if the given context user has the given role for the given resource
-
removeUserFromRole
public void removeUserFromRole(CmsObject cms, CmsRole role, java.lang.String username) throws CmsException
Removes a user from a role, in the given organizational unit.- Parameters:
cms
- the opencms contextrole
- the role to remove the user fromusername
- the name of the user that is to be removed from the group- Throws:
CmsException
- if operation was not successful
-
-