Package org.rapidcontext.core.type
Class Role
java.lang.Object
org.rapidcontext.core.storage.StorableObject
org.rapidcontext.core.type.Role
A user access role. Each role contains an access rule list for
declaring which objects that the role provides access to.
- Version:
- 1.0
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The dictionary key for the path in the access dictionary.static final String
The dictionary key for the permission list in the access dictionary.static final String
The dictionary key for the regex path in the access dictionary.static final String
The dictionary key for the role access array.static final String
The dictionary key for automatic user match.static final String
The dictionary key for the role description.static final String
The dictionary key for the role name.static final Path
The role object storage path.static final String
The permission key for full access.static final String
The permission key for internal access.static final String
The permission key for no access.static final String
The permission key for read access.static final String
The permission key for search access.static final String
The permission key for write access.Fields inherited from class org.rapidcontext.core.storage.StorableObject
dict, KEY_ACTIVATED_TIME, KEY_CLASSNAME, KEY_ID, KEY_TYPE, PREFIX_COMPUTED, PREFIX_HIDDEN
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionReturns a stream of all roles found in the storage.auto()
Returns the automatic role attachment type.Returns the role description.boolean
Checks if the role has access permission for a storage path.boolean
Checks if the specified user has this role.name()
Returns the role name.static Dict
Normalizes a role data object if needed.Methods inherited from class org.rapidcontext.core.storage.StorableObject
activate, activatedTime, destroy, id, init, isActive, isModified, passivate, path, serialize, sterilize, toString, type
-
Field Details
-
KEY_NAME
The dictionary key for the role name.- See Also:
-
KEY_DESCRIPTION
The dictionary key for the role description.- See Also:
-
KEY_AUTO
The dictionary key for automatic user match.- See Also:
-
KEY_ACCESS
The dictionary key for the role access array. The value stored is an array of access rules.- See Also:
-
ACCESS_PATH
The dictionary key for the path in the access dictionary. The value stored is an absolute path to an object, with optional glob characters ('*', '**' or '?').- See Also:
-
ACCESS_REGEX
The dictionary key for the regex path in the access dictionary. The value stored is a regular expression matching an absolute path to an object (without leading '/' chars).- See Also:
-
ACCESS_PERMISSION
The dictionary key for the permission list in the access dictionary. The value stored is a string with permissions separated by comma (',').- See Also:
-
PERM_NONE
The permission key for no access.- See Also:
-
PERM_INTERNAL
The permission key for internal access.- See Also:
-
PERM_READ
The permission key for read access.- See Also:
-
PERM_SEARCH
The permission key for search access.- See Also:
-
PERM_WRITE
The permission key for write access.- See Also:
-
PERM_ALL
The permission key for full access.- See Also:
-
PATH
The role object storage path.
-
-
Constructor Details
-
Role
Creates a new role from a serialized representation.- Parameters:
id
- the object identifiertype
- the object type namedict
- the serialized representation
-
-
Method Details
-
all
Returns a stream of all roles found in the storage.- Parameters:
storage
- the storage to search- Returns:
- a stream of role instances found
-
normalize
Normalizes a role data object if needed. This method will modify legacy data into the proper keys and values.- Parameters:
id
- the object identifierdict
- the storage data- Returns:
- the storage data (possibly modified)
-
name
Returns the role name.- Returns:
- the role name.
-
description
Returns the role description.- Returns:
- the role description.
-
auto
Returns the automatic role attachment type. The values "all" and "auth" are the only ones with defined meaning.- Returns:
- the automatic role attachment type
-
hasUser
Checks if the specified user has this role. The user may be null, in which case only automatic roles for "all" will be considered a match.- Parameters:
user
- the user to check, or null- Returns:
- true if the user has this role, or false otherwise
-
hasAccess
Checks if the role has access permission for a storage path. The access list is processed from top to bottom to find a matching path entry. If a matching path with the PERM_NONE permission is encountered, false will be returned. Otherwise true will be returned only if the permission matches the requested one.- Parameters:
path
- the object storage pathpermission
- the requested permission- Returns:
- true if the role provides access, or false otherwise
-