Package org.rapidcontext.core.type

Class Role

java.lang.Object
org.rapidcontext.core.storage.StorableObject
org.rapidcontext.core.type.Role
public class Role extends StorableObject
A user access role. Each role contains an access rule list for declaring which objects that the role provides access to.
Version:
1.0

  • Field Details

    • KEY_NAME

      public static final String KEY_NAME
      The dictionary key for the role name.
      See Also:

    • KEY_DESCRIPTION

      public static final String KEY_DESCRIPTION
      The dictionary key for the role description.
      See Also:

    • KEY_AUTO

      public static final String KEY_AUTO
      The dictionary key for automatic user match.
      See Also:

    • KEY_ACCESS

      public static final String KEY_ACCESS
      The dictionary key for the role access array. The value stored is an array of access rules.
      See Also:

    • ACCESS_PATH

      public static final String ACCESS_PATH
      The dictionary key for the path in the access dictionary. The value stored is an absolute path to an object, with optional glob characters ('*', '**' or '?').
      See Also:

    • ACCESS_REGEX

      public static final String ACCESS_REGEX
      The dictionary key for the regex path in the access dictionary. The value stored is a regular expression matching an absolute path to an object (without leading '/' chars).
      See Also:

    • ACCESS_PERMISSION

      public static final String ACCESS_PERMISSION
      The dictionary key for the permission list in the access dictionary. The value stored is a string with permissions separated by comma (',').
      See Also:

    • PERM_NONE

      public static final String PERM_NONE
      The permission key for no access.
      See Also:

    • PERM_INTERNAL

      public static final String PERM_INTERNAL
      The permission key for internal access.
      See Also:

    • PERM_READ

      public static final String PERM_READ
      The permission key for read access.
      See Also:

    • PERM_WRITE

      public static final String PERM_WRITE
      The permission key for write access.
      See Also:

    • PERM_ALL

      public static final String PERM_ALL
      The permission key for full access.
      See Also:

    • PATH

      public static final Path PATH
      The role object storage path.

  • Constructor Details

    • Role

      public Role(String id, String type, Dict dict)
      Creates a new role from a serialized representation.
      Parameters:
      id - the object identifier
      type - the object type name
      dict - the serialized representation

  • Method Details

    • all

      public static Stream<Role> all(Storage storage)
      Returns a stream of all roles found in the storage.
      Parameters:
      storage - the storage to search
      Returns:
      a stream of role instances found

    • normalize

      public static Dict normalize(String id, Dict dict)
      Normalizes a role data object if needed. This method will modify legacy data into the proper keys and values.
      Parameters:
      id - the object identifier
      dict - the storage data
      Returns:
      the storage data (possibly modified)

    • name

      public String name()
      Returns the role name.
      Returns:
      the role name.

    • description

      public String description()
      Returns the role description.
      Returns:
      the role description.

    • auto

      public String auto()
      Returns the automatic role attachment type. The values "all" and "auth" are the only ones with defined meaning.
      Returns:
      the automatic role attachment type

    • hasUser

      public boolean hasUser(User user)
      Checks if the specified user has this role. The user may be null, in which case only automatic roles for "all" will be considered a match.
      Parameters:
      user - the user to check, or null
      Returns:
      true if the user has this role, or false otherwise

    • hasAccess

      public boolean hasAccess(String path, String permission)
      Checks if the role has access permission for a storage path. The access list is processed from top to bottom to find a matching path entry. If a matching path with the PERM_NONE permission is encountered, false will be returned. Otherwise true will be returned only if the permission matches the requested one.
      Parameters:
      path - the object storage path
      permission - the requested permission
      Returns:
      true if the role provides access, or false otherwise