Package com.complexible.stardog.security
Interface PermissionManager
public interface PermissionManager
API for managing permissions in Stardog
- Since:
- 0.9
- Version:
- 3.1
- Author:
- Blazej Bulka, Michael Grove
-
Method Summary
Modifier and TypeMethodDescriptionvoidaddRolePerm(com.complexible.stardog.security.Permission thePermission) Grants a permission to a role.voidaddUserPerm(com.complexible.stardog.security.Permission thePermission) Grants a permission to a user.booleancheckUserPerm(ActionType theAction, String theResourceType, String theResourceName) Check if the currently authenticated user has permission to perform an action on a resource, taking into account wildcards and inherited permissions from roles.voiddeleteRolePerm(com.complexible.stardog.security.Permission thePermission) Revokes a permission from a role.voiddeleteUserPerm(com.complexible.stardog.security.Permission thePermission) Revokes a permission from a user.Collection<com.complexible.stardog.security.Permission> getEffectiveUserPerms(String theUsername) Return the effective permissions, explicit and inferred, for the specified userCollection<com.complexible.stardog.security.Permission> getRolePerms(String theRole) Return the permissions associated with the specified roleCollection<com.complexible.stardog.security.Permission> getUserPerms(String theUsername) Gets the current user permissions (explicit only)Return the regex pattern used to validate resource names
-
Method Details
-
addRolePerm
void addRolePerm(com.complexible.stardog.security.Permission thePermission) throws com.complexible.stardog.security.StardogSecurityException, com.complexible.stardog.security.ResourceNotFoundException, com.complexible.stardog.security.ResourceExistsException, StardogAuthorizationException Grants a permission to a role.- Parameters:
thePermission- the permission to grant- Throws:
com.complexible.stardog.security.ResourceNotFoundException- if the resource referenced in the operation does not existcom.complexible.stardog.security.ResourceExistsException- if there is already such a permission for this roleStardogAuthorizationException- if the current user is not authorized to grant the permissioncom.complexible.stardog.security.StardogSecurityException- if the operation should fail for any other reason
-
deleteRolePerm
void deleteRolePerm(com.complexible.stardog.security.Permission thePermission) throws com.complexible.stardog.security.StardogSecurityException, com.complexible.stardog.security.ResourceNotFoundException, StardogAuthorizationException Revokes a permission from a role.- Parameters:
thePermission- the permission to revoke- Throws:
com.complexible.stardog.security.ResourceNotFoundException- if the resource referenced in the operation does not exist or the role does not have the permissionStardogAuthorizationException- if the current user is not authorized to revoke the permissioncom.complexible.stardog.security.StardogSecurityException- if the operation should fail for any other reason
-
addUserPerm
void addUserPerm(com.complexible.stardog.security.Permission thePermission) throws com.complexible.stardog.security.StardogSecurityException, com.complexible.stardog.security.ResourceNotFoundException, com.complexible.stardog.security.ResourceExistsException, StardogAuthorizationException Grants a permission to a user.- Parameters:
thePermission- the permission to grant- Throws:
com.complexible.stardog.security.ResourceNotFoundException- if the resource referenced in the operation does not existcom.complexible.stardog.security.ResourceExistsException- if there is already such a permission for this userStardogAuthorizationException- if the current user is not authorized to grant the permissioncom.complexible.stardog.security.StardogSecurityException- if the operation should fail for any other reason
-
deleteUserPerm
void deleteUserPerm(com.complexible.stardog.security.Permission thePermission) throws com.complexible.stardog.security.StardogSecurityException, com.complexible.stardog.security.ResourceNotFoundException, StardogAuthorizationException Revokes a permission from a user.- Parameters:
thePermission- the permission to revoke- Throws:
com.complexible.stardog.security.ResourceNotFoundException- if the resource referenced in the operation does not exist (or the user does not have the permission to be revoked)StardogAuthorizationException- if the current user is not authorized to revoke the permissioncom.complexible.stardog.security.StardogSecurityException- if the operation should fail for any other reason
-
getUserPerms
Collection<com.complexible.stardog.security.Permission> getUserPerms(String theUsername) throws com.complexible.stardog.security.StardogSecurityException, com.complexible.stardog.security.ResourceNotFoundException, StardogAuthorizationException Gets the current user permissions (explicit only)- Parameters:
theUsername- the user name whose permissions should be retrieved- Returns:
- a collection of string representations of permissions
- Throws:
com.complexible.stardog.security.ResourceNotFoundException- if there is no user with the specified nameStardogAuthorizationException- if the current user does not have a permission to retrieve the permission information for the specified usercom.complexible.stardog.security.StardogSecurityException- if the operation should fail for any other reason
-
getEffectiveUserPerms
Collection<com.complexible.stardog.security.Permission> getEffectiveUserPerms(String theUsername) throws com.complexible.stardog.security.StardogSecurityException, com.complexible.stardog.security.ResourceNotFoundException, StardogAuthorizationException Return the effective permissions, explicit and inferred, for the specified user- Parameters:
theUsername- the user- Returns:
- the effective permissions of the user
- Throws:
com.complexible.stardog.security.StardogSecurityException- if the operation should fail for any other reasoncom.complexible.stardog.security.ResourceNotFoundException- if the user is not foundStardogAuthorizationException- if the current user cannot perform this operation
-
getRolePerms
Collection<com.complexible.stardog.security.Permission> getRolePerms(String theRole) throws com.complexible.stardog.security.StardogSecurityException, com.complexible.stardog.security.ResourceNotFoundException, StardogAuthorizationException Return the permissions associated with the specified role- Parameters:
theRole- the name of the role- Returns:
- the permissions for the role
- Throws:
com.complexible.stardog.security.StardogSecurityException- if the operation should fail for any other reasoncom.complexible.stardog.security.ResourceNotFoundException- if the role is not foundStardogAuthorizationException- if the current user cannot perform the operation
-
getValidResourceNamePattern
Pattern getValidResourceNamePattern() throws com.complexible.stardog.security.StardogSecurityExceptionReturn the regex pattern used to validate resource names- Throws:
com.complexible.stardog.security.StardogSecurityException
-
checkUserPerm
boolean checkUserPerm(ActionType theAction, String theResourceType, String theResourceName) throws com.complexible.stardog.security.StardogSecurityException, StardogAuthorizationException Check if the currently authenticated user has permission to perform an action on a resource, taking into account wildcards and inherited permissions from roles.- Parameters:
theAction- the action to check (READ, WRITE, CREATE, etc.)theResourceType- the type of resource (db, named-graph, user, etc.) or wildcard (*)theResourceName- the specific resource name- Returns:
- true if the authenticated user has the permission (directly or through roles), false otherwise
- Throws:
StardogAuthorizationException- if there is no authenticated usercom.complexible.stardog.security.StardogSecurityException- if the operation should fail for any other reason
-