org.proteios.core
Class Role

java.lang.Object
  org.proteios.core.BasicItem<RoleData>
      org.proteios.core.Role

All Implemented Interfaces:

AccessControlled, Identifiable, Nameable, Removable, SystemItem

public class Role
extends BasicItem<RoleData>
implements Nameable, Removable, SystemItem

This class is used to represent roles. A role is used in the permission system to give users access to various parts of Proteios. A permission given to a role is global, ie. it applies to all items of a spcific type on the entire server, and not only within a group or project. For example it is possible to give READ access to all SAMPLE:s, no matter if the owner has shared them to other users or not.

Proteios comes with a predefined set of roles, for example ADMINISTRATOR and GUEST, which have been configured with what we think is an appropriate combination of privileges. If you wish, you may create more roles. Use roles only for functional grouping of the users, and not for organisational grouping. If you wish to do that you should use a Group or Project instead.

Version:

2.0

Author:

Nicklas

See Also:

Group, Project, Default permissions

Last modified

$Date: 2009-04-09 08:48:11 +0200 (Thu, 09 Apr 2009) $

Field Summary

static String	ADMINISTRATOR The id for the Role item representing adminstrators.
static String	GUEST The id for the Role item representing guests.
static String	POWER_USER The id for the Role item representing power users.
static String	SUPERVISOR The id for the Role item representing supervisors.
static Item	TYPE The type of item represented by this class.
static String	USER The id for the Role item representing regular users.

Fields inherited from interface org.proteios.core.Nameable

MAX_DESCRIPTION_LENGTH, MAX_NAME_LENGTH

Method Summary

void	addUser(User user) Assign this Role to a user.
static Role	getById(DbControl dc, int id) Get a Role item when you know the ID.
String	getDescription() Get the description for the item.
String	getName() Get the name of the item.
static ItemQuery<Role>	getQuery() Get a ItemQuery object configured to retrieve Role items.
String	getSystemId() Get the system id for the item.
Item	getType() Get the type of item represented by the object.
ItemQuery<User>	getUsers() Get a query that returns the users that are members of this role.
boolean	isMember(User user) Check if the given user is member of this role or not.
boolean	isRemoved() Check if the removed flag is set for this item.
boolean	isSystemItem() Check if the item is a system item or not.
boolean	isUsed() Always return FALSE.
void	removeUser(User user) Revoke this Role from a user.
void	setDescription(String description) Set the description for the item.
void	setName(String name) Set the name of the item.
void	setRemoved(boolean removed) Set the removed flag for this item.

Methods inherited from class org.proteios.core.BasicItem

checkPermission, equals, getDbControl, getId, getPermissions, getSessionControl, getVersion, hashCode, hasPermission, isDetached, isInDatabase, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.proteios.core.Identifiable

getId, getVersion

Methods inherited from interface org.proteios.core.AccessControlled

checkPermission, hasPermission

Field Detail

TYPE

public static final Item TYPE

The type of item represented by this class.

See Also:

Item.ROLE, getType()

ADMINISTRATOR

public static final String ADMINISTRATOR

The id for the Role item representing adminstrators. By default administrators have full privileges on the server.

See Also:

Constant Field Values

SUPERVISOR

public static final String SUPERVISOR

The id for the Role item representing supervisors. A supervisor have READ permission to everything in Proteios.

See Also:

Constant Field Values

POWER_USER

public static final String POWER_USER

The id for the Role item representing power users. A power user have less permissions than an administrator but may do some things that an ordinary user may not.

See Also:

Constant Field Values

USER

public static final String USER

The id for the Role item representing regular users. This role should be sufficient for most regular users of Proteios.

See Also:

Constant Field Values

GUEST

public static final String GUEST

The id for the Role item representing guests. Guests have very limited access to the server.

See Also:

Constant Field Values

Method Detail

getById

public static Role getById(DbControl dc,
                           int id)
                    throws ItemNotFoundException,
                           PermissionDeniedException,
                           BaseException

Get a Role item when you know the ID.

Parameters:

dc - The DbControl which will be used for permission checking and database access.

id - The ID of the item to load

Returns:

The Role item

Throws:

ItemNotFoundException - If an item with the specified ID is not found

PermissionDeniedException - If the logged in user doesn't have Permission.READ permission to the item

BaseException - If there is another error

getQuery

public static ItemQuery<Role> getQuery()

Get a ItemQuery object configured to retrieve Role items. If the logged in user doesn't have generic permission to all roles, only roles where that user is a member are included in the list.

Returns:

A ItemQuery object

getType

public Item getType()

Description copied from interface: Identifiable

Get the type of item represented by the object. The returned value is one of the values defined in the Item enumeration.

Specified by:

getType in interface Identifiable

Returns:

A value indicating the type of item

getName

public String getName()

Description copied from interface: Nameable

Get the name of the item.

Specified by:

getName in interface Nameable

Returns:

A String with the name of the item

setName

public void setName(String name)
             throws PermissionDeniedException,
                    InvalidDataException

Description copied from interface: Nameable

Set the name of the item. The name cannot be null and mustn't be longer than the value specified by the Nameable.MAX_NAME_LENGTH constant.

Specified by:

setName in interface Nameable

Parameters:

name - The new name for the item

Throws:

PermissionDeniedException - If the logged in user doesn't have write permission

InvalidDataException - If the name is null or longer than specified by the Nameable.MAX_NAME_LENGTH constant

getDescription

public String getDescription()

Description copied from interface: Nameable

Get the description for the item.

Specified by:

getDescription in interface Nameable

Returns:

A String with a description of the item

setDescription

public void setDescription(String description)
                    throws PermissionDeniedException,
                           InvalidDataException

Description copied from interface: Nameable

Set the description for the item. The description can be null but mustn't be longer than the value specified by the Nameable.MAX_DESCRIPTION_LENGTH constant.

Specified by:

setDescription in interface Nameable

Parameters:

description - The new description for the item

Throws:

PermissionDeniedException - If the logged in user doesn't have write permission

InvalidDataException - If the description longer than specified by the Nameable.MAX_DESCRIPTION_LENGTH constant

isRemoved

public boolean isRemoved()

Description copied from interface: Removable

Check if the removed flag is set for this item.

Specified by:

isRemoved in interface Removable

Returns:

TRUE if the item is flagged as removed, FALSE otherwise

setRemoved

public void setRemoved(boolean removed)
                throws PermissionDeniedException

Description copied from interface: Removable

Set the removed flag for this item.

Specified by:

setRemoved in interface Removable

Parameters:

removed - TRUE if the item should be flagged as removed, FALSE otherwise

Throws:

PermissionDeniedException - If the logged in user doesn't have Permission.DELETE permission for setting the flag to TRUE or Permission.WRITE permission for setting the flag to FALSE

getSystemId

public String getSystemId()

Description copied from interface: SystemItem

Get the system id for the item.

Specified by:

getSystemId in interface SystemItem

Returns:

The id of the item or null if it is not a system item

isSystemItem

public boolean isSystemItem()

Description copied from interface: SystemItem

Check if the item is a system item or not. A system item have a non-null value for the system id.

Specified by:

isSystemItem in interface SystemItem

Returns:

TRUE if this item is a system item, FALSE otherwise

isUsed

public boolean isUsed()
               throws BaseException

Always return FALSE. A role can be referenced from users and role keys but those references are automatically deleted if the role is deleted and aren't inclued in this check.

Specified by:

isUsed in class BasicItem<RoleData>

Returns:

TRUE if this item is used, FALSE otherwise

Throws:

BaseException

addUser

public void addUser(User user)
             throws PermissionDeniedException,
                    InvalidDataException

Assign this Role to a user.

Parameters:

user - The user to be assigned this role

Throws:

PermissionDeniedException - If the logged in user doesn't have Permission.WRITE permission for the role and Permission.USE permission for the user

InvalidDataException - If the user is null

removeUser

public void removeUser(User user)
                throws PermissionDeniedException,
                       InvalidDataException

Revoke this Role from a user.

Parameters:

user - The user that should be removed from this role

Throws:

PermissionDeniedException - If the logged in user doesn't have Permission.WRITE permission for the role and Permission.USE permission for the user

InvalidDataException - If the user is null

isMember

public boolean isMember(User user)

Check if the given user is member of this role or not.

Parameters:

user - The user to check

Returns:

TRUE if the user is member, FALSE otherwise

getUsers

public ItemQuery<User> getUsers()

Get a query that returns the users that are members of this role. This query excludes users that the logged in user doesn't have permission to read.

See Also:

User.getQuery()