org.sakaiproject.service.legacy.authzGroup
Interface AuthzGroup

All Superinterfaces:
Comparable, Edit, Entity, Serializable
All Known Subinterfaces:
Group, Site
All Known Implementing Classes:
BaseAuthzGroup, BaseGroup, BaseSite

public interface AuthzGroup
extends Edit, Comparable, Serializable

AuthzGroup is a authorization group; a group of users, each with a role, and a set of permissions of functions made to each role.

AuthzGroups can related to Entities in Sakai; The entity reference forms the AuthzGroup id.

Special AuthzGroups not related to an entity have ids that begin with a "!".

Author:
Sakai Software Development Team

Field Summary
 
Fields inherited from interface org.sakaiproject.service.legacy.entity.Entity
SEPARATOR
 
Method Summary
 void addMember(String userId, String roleId, boolean active, boolean provided)
          Add a member to the AuthzGroup.
 Role addRole(String id)
          Create a new Role within this AuthzGroup.
 Role addRole(String id, Role other)
          Create a new Role within this AuthzGroup, as a copy of this other role
 User getCreatedBy()
           
 Time getCreatedTime()
           
 String getDescription()
           
 String getMaintainRole()
          Access the name of the role to use for giving a user membership with "maintain" access.
 Member getMember(String userId)
          Access the user's membership record for this AuthzGroup; the role, and status flags.
 Set getMembers()
          Access all Membership records defined for this AuthzGroup.
 User getModifiedBy()
           
 Time getModifiedTime()
           
 String getProviderGroupId()
          Access the group id for the GroupProvider for this AuthzGroup.
 Role getRole(String id)
          Access a Role defined in this AuthzGroup.
 Set getRoles()
          Access all Roles defined for this AuthzGroup.
 Set getRolesIsAllowed(String function)
          Access all roles that have been granted permission to this function.
 Role getUserRole(String userId)
          Access the active role for this user's membership.
 Set getUsers()
          Access all users who have active role membership in the AuthzGroup.
 Set getUsersHasRole(String role)
          Access all users who have an active role membership with this role.
 Set getUsersIsAllowed(String function)
          Access all users who have an active role membership to a role that is allowed this function.
 boolean hasRole(String userId, String role)
          Test if this user has a membership in this AuthzGroup that has this role and is active.
 boolean isAllowed(String userId, String function)
          Test if this user is allowed to perform the function in this AuthzGroup.
 boolean isEmpty()
          Is this AuthzGroup empty of any roles or membership?
 boolean keepIntersection(AuthzGroup other)
          Adjust membership so that active members are all active in other, and inactive members are all defined in other
 void removeMember(String userId)
          Remove membership for for this user from the AuthzGroup.
 void removeMembers()
          Remove all membership from this AuthzGroup.
 void removeRole(String role)
          Remove this Role from this AuthzGroup.
 void removeRoles()
          Remove all Roles from this AuthzGroup.
 void setMaintainRole(String role)
          Set the role name to use for "maintain" access.
 void setProviderGroupId(String id)
          Set the external group id for the GroupProvider for this AuthzGroup (set to null to have none).
 
Methods inherited from interface org.sakaiproject.service.legacy.entity.Edit
getPropertiesEdit, isActiveEdit
 
Methods inherited from interface org.sakaiproject.service.legacy.entity.Entity
getId, getProperties, getReference, getReference, getUrl, getUrl, toXml
 
Methods inherited from interface java.lang.Comparable
compareTo
 

Method Detail

addMember

public void addMember(String userId,
                      String roleId,
                      boolean active,
                      boolean provided)
Add a member to the AuthzGroup.

Parameters:
userId - The user.
active - The active flag.
provided - If true, from an external provider.

addRole

public Role addRole(String id)
             throws IdUsedException
Create a new Role within this AuthzGroup.

Parameters:
id - The role id.
Returns:
the new Role.
Throws:
IdUsedException - if the id is already a Role in this AuthzGroup.

addRole

public Role addRole(String id,
                    Role other)
             throws IdUsedException
Create a new Role within this AuthzGroup, as a copy of this other role

Parameters:
id - The role id.
other - The role to copy.
Returns:
the new Role.
Throws:
IdUsedException - if the id is already a Role in this AuthzGroup.

getCreatedBy

public User getCreatedBy()
Returns:
the user who created this.

getCreatedTime

public Time getCreatedTime()
Returns:
the time created.

getDescription

public String getDescription()
Returns:
a description of the item this realm applies to.

getMaintainRole

public String getMaintainRole()
Access the name of the role to use for giving a user membership with "maintain" access.

Returns:
The name of the "maintain" role.

getMember

public Member getMember(String userId)
Access the user's membership record for this AuthzGroup; the role, and status flags.

Parameters:
userId - The user id.
Returns:
The Membership record for the user in this AuthzGroup, or null if the use is not a member.

getMembers

public Set getMembers()
Access all Membership records defined for this AuthzGroup.

Returns:
The set of Membership records (Membership) defined for this AuthzGroup.

getModifiedBy

public User getModifiedBy()
Returns:
the user who last modified this.

getModifiedTime

public Time getModifiedTime()
Returns:
the time last modified.

getProviderGroupId

public String getProviderGroupId()
Access the group id for the GroupProvider for this AuthzGroup.

Returns:
The the group id for the GroupProvider for this AuthzGroup, or null if none defined.

getRole

public Role getRole(String id)
Access a Role defined in this AuthzGroup.

Parameters:
id - The role id.
Returns:
The Role, if found, or null, if not.

getRoles

public Set getRoles()
Access all Roles defined for this AuthzGroup.

Returns:
The set of roles (Role) defined for this AuthzGroup.

getRolesIsAllowed

public Set getRolesIsAllowed(String function)
Access all roles that have been granted permission to this function.

Parameters:
function - The function to check.
Returns:
The Set of role names (String) that have been granted permission to this function.

getUserRole

public Role getUserRole(String userId)
Access the active role for this user's membership.

Parameters:
userId - The user id.
Returns:
The Role for this user's membership, or null if the user has no active membership.

getUsers

public Set getUsers()
Access all users who have active role membership in the AuthzGroup.

Returns:
The Set of users ids (String) who have active role membership in the AuthzGroup.

getUsersHasRole

public Set getUsersHasRole(String role)
Access all users who have an active role membership with this role.

Returns:
The Set of user ids (String) who have an active role membership with this role.

getUsersIsAllowed

public Set getUsersIsAllowed(String function)
Access all users who have an active role membership to a role that is allowed this function.

Parameters:
function - The function to check.
Returns:
The Set of user ids (String) who have an active role membership to a role that is allowed this function.

hasRole

public boolean hasRole(String userId,
                       String role)
Test if this user has a membership in this AuthzGroup that has this role and is active.

Parameters:
userId - The user id.
role - The role name.
Returns:
true if the User has has a membership in this AuthzGroup that has this role and is active.

isAllowed

public boolean isAllowed(String userId,
                         String function)
Test if this user is allowed to perform the function in this AuthzGroup.

Parameters:
userId - The user id.
function - The function to open.
Returns:
true if this user is allowed to perform the function in this AuthzGroup, false if not.

isEmpty

public boolean isEmpty()
Is this AuthzGroup empty of any roles or membership?

Returns:
true if the AuthzGroup is empty, false if not.

removeMember

public void removeMember(String userId)
Remove membership for for this user from the AuthzGroup.

Parameters:
userId - The user.

removeMembers

public void removeMembers()
Remove all membership from this AuthzGroup.


removeRole

public void removeRole(String role)
Remove this Role from this AuthzGroup. Any grants of this Role in the AuthzGroup are also removed.

Parameters:
role - The role name.

removeRoles

public void removeRoles()
Remove all Roles from this AuthzGroup.


setMaintainRole

public void setMaintainRole(String role)
Set the role name to use for "maintain" access.

Parameters:
role - The name of the "maintain" role.

setProviderGroupId

public void setProviderGroupId(String id)
Set the external group id for the GroupProvider for this AuthzGroup (set to null to have none).

Parameters:
id - The external group id for the GroupProvider, or null if there is to be none.

keepIntersection

public boolean keepIntersection(AuthzGroup other)
Adjust membership so that active members are all active in other, and inactive members are all defined in other

Parameters:
other - The other azg to adjust to.
Returns:
true if any changes were made, false if not.