com.orientechnologies.orient.core.metadata.security

Interface OSecurityInternal

All Known Implementing Classes:

OSecurityExternal, OSecurityRemote, OSecurityServerExternal, OSecurityShared, OSymmetricKeySecurity

public interface OSecurityInternal

Method Summary

Modifier and Type	Method and Description
OIdentifiable	allowIdentity(ODatabaseSession session, ODocument iDocument, String iAllowFieldName, OIdentifiable iId)
OIdentifiable	allowRole(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperationType, String iRoleName)
OIdentifiable	allowUser(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperationType, String iUserName)
OUser	authenticate(ODatabaseSession session, OToken authToken)
OUser	authenticate(ODatabaseSession session, String iUsername, String iUserPassword)
boolean	canCreate(ODatabaseSession session, ORecord record)
boolean	canDelete(ODatabaseSession session, ORecord record)
boolean	canExecute(ODatabaseSession session, OFunction function)
boolean	canRead(ODatabaseSession session, ORecord record)
boolean	canUpdate(ODatabaseSession session, ORecord record)
void	close()
OUser	create(ODatabaseSession session)
void	createClassTrigger(ODatabaseSession session)
ORole	createRole(ODatabaseSession session, String iRoleName, ORole iParent, OSecurityRole.ALLOW_MODES iAllowMode)
ORole	createRole(ODatabaseSession session, String iRoleName, OSecurityRole.ALLOW_MODES iAllowMode)
OSecurityPolicy	createSecurityPolicy(ODatabaseSession session, String name) creates and saves an empty security policy
OUser	createUser(ODatabaseSession session, String iUserName, String iUserPassword, ORole[] iRoles)
OUser	createUser(ODatabaseSession session, String iUserName, String iUserPassword, String[] iRoles)
void	deleteSecurityPolicy(ODatabaseSession session, String name)
OIdentifiable	denyRole(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperationType, String iRoleName)
OIdentifiable	denyUser(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperationType, String iUserName)
OIdentifiable	disallowIdentity(ODatabaseSession session, ODocument iDocument, String iAllowFieldName, OIdentifiable iId)
boolean	dropRole(ODatabaseSession session, String iRoleName)
boolean	dropUser(ODatabaseSession session, String iUserName)
Set<OSecurityResourceProperty>	getAllFilteredProperties(ODatabaseDocumentInternal database) returns the list of all the filtered properties (for any role defined in the db)
List<ODocument>	getAllRoles(ODatabaseSession session)
List<ODocument>	getAllUsers(ODatabaseSession session)
Set<String>	getFilteredProperties(ODatabaseSession session, ODocument document) For property-level security.
ORole	getRole(ODatabaseSession session, OIdentifiable iRoleRid)
ORole	getRole(ODatabaseSession session, String iRoleName)
Map<String,OSecurityPolicy>	getSecurityPolicies(ODatabaseSession session, OSecurityRole role)
OSecurityPolicy	getSecurityPolicy(ODatabaseSession session, OSecurityRole role, String resource) Returns the security policy policy assigned to a role for a specific resource (not recursive on superclasses, nor on role hierarchy)
OSecurityPolicy	getSecurityPolicy(ODatabaseSession session, String name)
OUser	getUser(ODatabaseSession session, ORID userId)
OUser	getUser(ODatabaseSession session, String iUserName)
long	getVersion(ODatabaseSession session)
void	incrementVersion(ODatabaseSession session)
boolean	isAllowed(ODatabaseSession session, Set<OIdentifiable> iAllowAll, Set<OIdentifiable> iAllowOperation)
boolean	isAllowedWrite(ODatabaseSession session, ODocument document, String propertyName) For property-level security
boolean	isReadRestrictedBySecurityPolicy(ODatabaseSession session, String resource) checks if for current session a resource is restricted by security resources (ie.
void	load(ODatabaseSession session)
void	removeSecurityPolicy(ODatabaseSession session, ORole role, String resource) Removes security policy bound to a role for a specific resource
void	saveSecurityPolicy(ODatabaseSession session, OSecurityPolicy policy)
void	setSecurityPolicy(ODatabaseSession session, OSecurityRole role, String resource, OSecurityPolicy policy) Sets a security policy for a specific resource on a role

Method Detail

isAllowed

boolean isAllowed(ODatabaseSession session,
                  Set<OIdentifiable> iAllowAll,
                  Set<OIdentifiable> iAllowOperation)

allowUser

OIdentifiable allowUser(ODatabaseSession session,
                        ODocument iDocument,
                        ORestrictedOperation iOperationType,
                        String iUserName)

allowRole

OIdentifiable allowRole(ODatabaseSession session,
                        ODocument iDocument,
                        ORestrictedOperation iOperationType,
                        String iRoleName)

denyUser

OIdentifiable denyUser(ODatabaseSession session,
                       ODocument iDocument,
                       ORestrictedOperation iOperationType,
                       String iUserName)

denyRole

OIdentifiable denyRole(ODatabaseSession session,
                       ODocument iDocument,
                       ORestrictedOperation iOperationType,
                       String iRoleName)

allowIdentity

OIdentifiable allowIdentity(ODatabaseSession session,
                            ODocument iDocument,
                            String iAllowFieldName,
                            OIdentifiable iId)

disallowIdentity

OIdentifiable disallowIdentity(ODatabaseSession session,
                               ODocument iDocument,
                               String iAllowFieldName,
                               OIdentifiable iId)

authenticate

OUser authenticate(ODatabaseSession session,
                   String iUsername,
                   String iUserPassword)

createUser

OUser createUser(ODatabaseSession session,
                 String iUserName,
                 String iUserPassword,
                 String[] iRoles)

createUser

OUser createUser(ODatabaseSession session,
                 String iUserName,
                 String iUserPassword,
                 ORole[] iRoles)

authenticate

OUser authenticate(ODatabaseSession session,
                   OToken authToken)

createRole

ORole createRole(ODatabaseSession session,
                 String iRoleName,
                 ORole iParent,
                 OSecurityRole.ALLOW_MODES iAllowMode)

createRole

ORole createRole(ODatabaseSession session,
                 String iRoleName,
                 OSecurityRole.ALLOW_MODES iAllowMode)

getUser

OUser getUser(ODatabaseSession session,
              String iUserName)

getUser

OUser getUser(ODatabaseSession session,
              ORID userId)

getRole

ORole getRole(ODatabaseSession session,
              String iRoleName)

getRole

ORole getRole(ODatabaseSession session,
              OIdentifiable iRoleRid)

getAllUsers

List<ODocument> getAllUsers(ODatabaseSession session)

getAllRoles

List<ODocument> getAllRoles(ODatabaseSession session)

getSecurityPolicies

Map<String,OSecurityPolicy> getSecurityPolicies(ODatabaseSession session,
                                                OSecurityRole role)

getSecurityPolicy

OSecurityPolicy getSecurityPolicy(ODatabaseSession session,
                                  OSecurityRole role,
                                  String resource)

Returns the security policy policy assigned to a role for a specific resource (not recursive on superclasses, nor on role hierarchy)

Parameters:

session - an active DB session

role - the role

resource - the string representation of the security resource, eg. "database.class.Person"

Returns:

setSecurityPolicy

void setSecurityPolicy(ODatabaseSession session,
                       OSecurityRole role,
                       String resource,
                       OSecurityPolicy policy)

Sets a security policy for a specific resource on a role

Parameters:

session - a valid db session to perform the operation (that has permissions to do it)

role - The role

resource - the string representation of the security resource, eg. "database.class.Person"

policy - The security policy

createSecurityPolicy

OSecurityPolicy createSecurityPolicy(ODatabaseSession session,
                                     String name)

creates and saves an empty security policy

Parameters:

session - the session to a DB where the policy has to be created

name - the policy name

Returns:

getSecurityPolicy

OSecurityPolicy getSecurityPolicy(ODatabaseSession session,
                                  String name)

saveSecurityPolicy

void saveSecurityPolicy(ODatabaseSession session,
                        OSecurityPolicy policy)

deleteSecurityPolicy

void deleteSecurityPolicy(ODatabaseSession session,
                          String name)

removeSecurityPolicy

void removeSecurityPolicy(ODatabaseSession session,
                          ORole role,
                          String resource)

Removes security policy bound to a role for a specific resource

Parameters:

session - A valid db session to perform the operation

role - the role

resource - the string representation of the security resource, eg. "database.class.Person"

dropUser

boolean dropUser(ODatabaseSession session,
                 String iUserName)

dropRole

boolean dropRole(ODatabaseSession session,
                 String iRoleName)

createClassTrigger

void createClassTrigger(ODatabaseSession session)

getVersion

long getVersion(ODatabaseSession session)

incrementVersion

void incrementVersion(ODatabaseSession session)

create

OUser create(ODatabaseSession session)

load

void load(ODatabaseSession session)

close

void close()

getFilteredProperties

Set<String> getFilteredProperties(ODatabaseSession session,
                                  ODocument document)

For property-level security. Returns the list of the properties that are hidden (ie. not allowed to be read) for current session, regarding a specific document

Parameters:

session - the db session

document - the document to filter

Returns:

the list of the properties that are hidden (ie. not allowed to be read) on current document for current session

isAllowedWrite

boolean isAllowedWrite(ODatabaseSession session,
                       ODocument document,
                       String propertyName)

For property-level security

Parameters:

session -

document - current document to check for proeprty-level security

propertyName - the property to check for write access

Returns:

canCreate

boolean canCreate(ODatabaseSession session,
                  ORecord record)

canRead

boolean canRead(ODatabaseSession session,
                ORecord record)

canUpdate

boolean canUpdate(ODatabaseSession session,
                  ORecord record)

canDelete

boolean canDelete(ODatabaseSession session,
                  ORecord record)

canExecute

boolean canExecute(ODatabaseSession session,
                   OFunction function)

isReadRestrictedBySecurityPolicy

boolean isReadRestrictedBySecurityPolicy(ODatabaseSession session,
                                         String resource)

checks if for current session a resource is restricted by security resources (ie. READ policies exist, with predicate different from "TRUE", to access the given resource

Parameters:

session - The session to check for the existece of policies

resource - a resource string, eg. "database.class.Person"

Returns:

true if a restriction of any type exists for this session and this resource. False otherwise

getAllFilteredProperties

Set<OSecurityResourceProperty> getAllFilteredProperties(ODatabaseDocumentInternal database)

returns the list of all the filtered properties (for any role defined in the db)

Parameters:

database -

Returns: