Package org.opencms.security

Class CmsRoleManager

java.lang.Object
org.opencms.security.CmsRoleManager
public class CmsRoleManager extends Object
This manager provide access to the role related operations.

Since:
6.5.6

  • Constructor Details

  • Method Details

    • addUserToRole

      public void addUserToRole(CmsObject cms, CmsRole role, String username) throws CmsException
      Adds a user to the given role.

      Parameters:
      cms - the opencms context
      role - the role
      username - the name of the user that is to be added to the role
      Throws:
      CmsException - if something goes wrong

    • checkRole

      public void checkRole(CmsObject cms, CmsRole role) throws CmsRoleViolationException
      Checks if the user of this OpenCms context is a member of the given role for the given organizational unit.

      The user must have the given role in at least one parent organizational unit.

      Parameters:
      cms - the opencms context
      role - the role to check
      Throws:
      CmsRoleViolationException - if the user does not have the required role permissions

    • checkRoleForResource

      public void checkRoleForResource(CmsObject cms, CmsRole role, String resourceName) throws CmsException, CmsRoleViolationException
      Checks if the user of this OpenCms context is a member of the given role for the given resource.

      The user must have the given role in at least one organizational unit to which this resource belongs.

      Parameters:
      cms - the opencms context
      role - the role to check
      resourceName - the name of the resource to check the role for
      Throws:
      CmsRoleViolationException - if the user does not have the required role permissions
      CmsException - if something goes wrong, while reading the resource

    • getManageableGroups

      public List<CmsGroup> getManageableGroups(CmsObject cms, String ouFqn, boolean includeSubOus) throws CmsException
      Returns all groups of organizational units for which the current user has the CmsRole.ACCOUNT_MANAGER role.

      Parameters:
      cms - the current cms context
      ouFqn - the fully qualified name of the organizational unit
      includeSubOus - if sub organizational units should be included in the search
      Returns:
      a list of CmsGroup objects
      Throws:
      CmsException - if something goes wrong

    • getManageableOrgUnits

      public List<CmsOrganizationalUnit> getManageableOrgUnits(CmsObject cms, String ouFqn, boolean includeSubOus, boolean includeWebusers) throws CmsException
      Returns a list of those organizational units whose members can be managed by the current user.

      Parameters:
      cms - the current CMS context
      ouFqn - the fully qualified name of the organizational unit
      includeSubOus - if sub organizational units should be included in the search
      includeWebusers - if webuser organizational units should be included in the search
      Returns:
      a list of organizational units
      Throws:
      CmsException - if something goes wrong

    • getManageableResources

      public List<CmsResource> getManageableResources(CmsObject cms, CmsRole role) throws CmsException
      Returns all resources of organizational units for which the current user has the given role role.

      Parameters:
      cms - the current cms context
      role - the role to check
      Returns:
      a list of CmsResource objects
      Throws:
      CmsException - if something goes wrong

    • getManageableUsers

      public List<CmsUser> getManageableUsers(CmsObject cms, String ouFqn, boolean includeSubOus) throws CmsException
      Returns all users of organizational units for which the current user has the CmsRole.ACCOUNT_MANAGER role.

      Parameters:
      cms - the current cms context
      ouFqn - the fully qualified name of the organizational unit
      includeSubOus - if sub organizational units should be included in the search
      Returns:
      a list of CmsUser objects
      Throws:
      CmsException - if something goes wrong

    • getManageableUsers

      public List<CmsUser> getManageableUsers(CmsObject cms, String ouFqn, boolean includeSubOus, boolean includeWebusers) throws CmsException
      Returns all users of organizational units for which the current user has the CmsRole.ACCOUNT_MANAGER role.

      Parameters:
      cms - the current cms context
      ouFqn - the fully qualified name of the organizational unit
      includeSubOus - if sub organizational units should be included in the search
      includeWebusers - if webuser organizational units should be included in the search
      Returns:
      a list of CmsUser objects
      Throws:
      CmsException - if something goes wrong

    • getOrgUnitsForRole

      public List<CmsOrganizationalUnit> getOrgUnitsForRole(CmsObject cms, CmsRole role, boolean includeSubOus) throws CmsException
      Returns all the organizational units for which the current user has the given role.

      Parameters:
      cms - the current cms context
      role - the role to check
      includeSubOus - if sub organizational units should be included in the search
      Returns:
      a list of CmsOrganizationalUnit objects
      Throws:
      CmsException - if something goes wrong

    • getRoleGroups

      public Set<CmsGroup> getRoleGroups(CmsObject cms, CmsRole role, boolean directUsersOnly) throws CmsException
      Returns the groups which constitute a given role, i.e. the set of groups such that a member of any of them has the given role.

      Parameters:
      cms - the CMS context
      role - the role
      directUsersOnly - if true, only the role's direct group will be returned
      Returns:
      the groups constituting the given role
      Throws:
      CmsException - if something goes wrong

    • getRoles

      public List<CmsRole> getRoles(CmsObject cms, String ouFqn, boolean includeSubOus) throws CmsException
      Returns all roles, in the given organizational unit.

      Parameters:
      cms - the opencms context
      ouFqn - the fully qualified name of the organizational unit of the role
      includeSubOus - include roles of child organizational units
      Returns:
      a list of all CmsRole objects
      Throws:
      CmsException - if operation was not successful

    • getRolesForResource

      public List<CmsRole> getRolesForResource(CmsObject cms, CmsUser user, CmsResource resource) throws CmsException
      Returns all roles the given user has over the given resource.

      Parameters:
      cms - the current cms context
      user - the user
      resource - the resource
      Returns:
      a list of CmsRole objects
      Throws:
      CmsException - if something goes wrong

    • getRolesForResource

      public List<CmsRole> getRolesForResource(CmsObject cms, String userFqn, String resourceName) throws CmsException
      Returns all roles the given user has over the given resource.

      Parameters:
      cms - the current cms context
      userFqn - the user name to check
      resourceName - the resource name
      Returns:
      a list of CmsRole objects
      Throws:
      CmsException - if something goes wrong

    • getRolesOfUser

      public List<CmsRole> getRolesOfUser(CmsObject cms, String username, String ouFqn, boolean includeChildOus, boolean directRolesOnly, boolean recursive) throws CmsException
      Returns all roles the given user belongs to, in the given organizational unit.

      Parameters:
      cms - the opencms context
      username - the name of the user to get all roles for
      ouFqn - the fully qualified name of the organizational unit to restrict the search to
      includeChildOus - include roles of child organizational units
      directRolesOnly - if set only the direct assigned roles will be returned, if not also indirect roles
      recursive - if this is set, also roles of higher organizational unit are considered
      Returns:
      a list of CmsRole objects
      Throws:
      CmsException - if operation was not successful

    • getUsersOfRole

      public List<CmsUser> getUsersOfRole(CmsObject cms, CmsRole role, boolean includeOtherOuUsers, boolean directUsersOnly) throws CmsException
      Returns all direct users of a given role, in the given organizational unit.

      Users that are "indirectly" in the role are not returned in the result.

      Parameters:
      cms - the opencms context
      role - the role to get all users for
      includeOtherOuUsers - include users of other organizational units
      directUsersOnly - if set only the direct assigned users will be returned, if not also indirect users, ie. members of child groups
      Returns:
      all CmsUser objects in the group
      Throws:
      CmsException - if operation was not successful

    • hasRole

      public boolean hasRole(CmsObject cms, CmsRole role)
      Checks if the given context user has the given role in the given organizational unit.

      Parameters:
      cms - the opencms context
      role - the role to check
      Returns:
      true if the given context user has the given role in the given organizational unit

    • hasRole

      public boolean hasRole(CmsObject cms, String userName, CmsRole role)
      Checks if the given user has the given role in the given organizational unit.

      Parameters:
      cms - the opencms context
      userName - the name of the user to check the role for
      role - the role to check
      Returns:
      true if the given user has the given role in the given organizational unit

    • hasRoleForResource

      public boolean hasRoleForResource(CmsObject cms, CmsRole role, CmsResource resource)
      Checks if the given context user has the given role for the given resource.

      Parameters:
      cms - the opencms context
      role - the role to check
      resource - the resource to check
      Returns:
      true if the given context user has the given role for the given resource

    • hasRoleForResource

      public boolean hasRoleForResource(CmsObject cms, CmsRole role, String resourceName)
      Checks if the given context user has the given role for the given resource.

      Parameters:
      cms - the opencms context
      role - the role to check
      resourceName - the name of the resource to check
      Returns:
      true if the given context user has the given role for the given resource

    • hasRoleForResource

      public boolean hasRoleForResource(CmsObject cms, String userName, CmsRole role, String resourceName)
      Checks if the given context user has the given role for the given resource.

      Parameters:
      cms - the opencms context
      userName - the name of the user to check the role for
      role - the role to check
      resourceName - the name of the resource to check
      Returns:
      true if the given context user has the given role for the given resource

    • removeUserFromRole

      public void removeUserFromRole(CmsObject cms, CmsRole role, String username) throws CmsException
      Removes a user from a role, in the given organizational unit.

      Parameters:
      cms - the opencms context
      role - the role to remove the user from
      username - the name of the user that is to be removed from the group
      Throws:
      CmsException - if operation was not successful