com.redhat.rhn.common.security.acl
Class Access

java.lang.Object
  com.redhat.rhn.common.security.acl.BaseHandler
      com.redhat.rhn.common.security.acl.Access

All Implemented Interfaces:

AclHandler

public class Access
extends BaseHandler
implements AclHandler

Access is a concrete implementation of an AclHandler. This is default implementation which is always included when evaluating Acls.

Field Summary

protected static Logger

log

Constructor Summary

Access()
Constructor for Access object

Method Summary

boolean	aclCanAccessChannel(java.lang.Object ctx, java.lang.String[] params) returns true or false ifthe user has access to a channel
boolean	aclIs(java.lang.Object ctx, java.lang.String[] params) Returns true if the given value in the param is found in the global configuration.
boolean	aclIsSolaris(java.lang.Object ctx, java.lang.String[] params) returns true if sid is a solaris system
boolean	aclNeedFirstUser(java.lang.Object ctx, java.lang.String[] p) Returns true if the system is a satellite and has any users.
boolean	aclOrgChannelFamily(java.lang.Object ctx, java.lang.String[] params) TODO: Right now this method calls a small little query very similar to how the perl code decides this acl.
boolean	aclOrgEntitlement(java.lang.Object ctx, java.lang.String[] params) Checks if their Org has the entitlement.
boolean	aclOrgIsPayingCustomer(java.lang.Object ctx, java.lang.String[] params) Checks if this user is a paying customer.
boolean	aclOrgProxyEvrAtLeast(java.lang.Object ctx, java.lang.String[] params) FIXME not implemented.
boolean	aclOrgRole(java.lang.Object ctx, java.lang.String[] params) Checks if the User's Org has the requested Role.
boolean	aclProbeSuiteAccess(java.lang.Object ctx, java.lang.String[] p) Check that the current user has access to the probe suite.
boolean	aclSystemFeature(java.lang.Object ctx, java.lang.String[] params) Check if a System has a feature
boolean	aclSystemHasManagementEntitlement(java.lang.Object ctx, java.lang.String[] params) Check if a system has a management entitlement
boolean	aclSystemHasVirtualizationEntitlement(java.lang.Object ctx, java.lang.String[] params) Check if a system has virtualization entitlements.
boolean	aclSystemIsInSSM(java.lang.Object ctx, java.lang.String[] params) Check if a system has a management entitlement
boolean	aclUidRole(java.lang.Object ctx, java.lang.String[] params) Returns true if the User whose uid matches the given uid, is in the given Role.
boolean	aclUserAuthenticated(java.lang.Object ctx, java.lang.String[] params) Returns true if the User has been authenticated by the system.
boolean	aclUserCanManageChannels(java.lang.Object ctx, java.lang.String[] params) Returns true is the user is either a channel administrator or an org administrator
boolean	aclUserRole(java.lang.Object ctx, java.lang.String[] params) Returns true if current User is in the Role.

Methods inherited from class com.redhat.rhn.common.security.acl.BaseHandler

checkMonitoring, getAsLong

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

protected static Logger log

Constructor Detail

Access

public Access()

Constructor for Access object

Method Detail

aclUidRole

public boolean aclUidRole(java.lang.Object ctx,
                          java.lang.String[] params)

Returns true if the User whose uid matches the given uid, is in the given Role. Requires a uid String in the Context.

Parameters:

ctx - Context Map to pass in

params - Parameters to use to fetch from Context

Returns:

true if access is granted, false otherwise

aclUserRole

public boolean aclUserRole(java.lang.Object ctx,
                           java.lang.String[] params)

Returns true if current User is in the Role. Requires a User in the Context.

Parameters:

ctx - Context Map to pass in

params - Parameters to use to fetch from Context

Returns:

true if access is granted, false otherwise

aclIs

public boolean aclIs(java.lang.Object ctx,
                     java.lang.String[] params)

Returns true if the given value in the param is found in the global configuration.

Parameters:

ctx - Context Map to pass in

params - Parameters to use to fetch from Context

Returns:

true if access is granted, false otherwise

aclOrgChannelFamily

public boolean aclOrgChannelFamily(java.lang.Object ctx,
                                   java.lang.String[] params)

TODO: Right now this method calls a small little query very similar to how the perl code decides this acl. IMO, there is a better way, and we should fix this when we migrate the channels tab.

Parameters:

ctx - Context Map to pass in

params - Parameters to use to fetch from Context

Returns:

true if access is granted, false otherwise

aclSystemFeature

public boolean aclSystemFeature(java.lang.Object ctx,
                                java.lang.String[] params)

Check if a System has a feature

Parameters:

ctx - Context Map to pass in

params - Parameters to use to fetch from Context

Returns:

true if access is granted, false otherwise

aclSystemHasVirtualizationEntitlement

public boolean aclSystemHasVirtualizationEntitlement(java.lang.Object ctx,
                                                     java.lang.String[] params)

Check if a system has virtualization entitlements.

Parameters:

ctx - Context map to pass in.

params - Parameters to use to fetch from context.

Returns:

True if system has virtualization entitlement, false otherwise.

aclSystemHasManagementEntitlement

public boolean aclSystemHasManagementEntitlement(java.lang.Object ctx,
                                                 java.lang.String[] params)

Check if a system has a management entitlement

Parameters:

ctx - Context map to pass in.

params - Parameters to use to fetch from context.

Returns:

True if system has management entitlement, false otherwise.

aclSystemIsInSSM

public boolean aclSystemIsInSSM(java.lang.Object ctx,
                                java.lang.String[] params)

Check if a system has a management entitlement

Parameters:

ctx - Context map to pass in.

params - Parameters to use to fetch from context.

Returns:

True if system has management entitlement, false otherwise.

aclOrgIsPayingCustomer

public boolean aclOrgIsPayingCustomer(java.lang.Object ctx,
                                      java.lang.String[] params)

Checks if this user is a paying customer. Requires a User in the Context object.

Parameters:

ctx - Context Map to pass in

params - Parameters to use to fetch from Context. Not used for this method.

Returns:

true if access is granted, false otherwise

aclOrgEntitlement

public boolean aclOrgEntitlement(java.lang.Object ctx,
                                 java.lang.String[] params)

Checks if their Org has the entitlement. Requires a User in the Context object

Parameters:

ctx - Context Map to pass in

params - Used to specify the Role label

Returns:

true if access is granted, false otherwise

aclOrgRole

public boolean aclOrgRole(java.lang.Object ctx,
                          java.lang.String[] params)

Checks if the User's Org has the requested Role. Requires a User in the Context object.

Parameters:

ctx - Context Map to pass in

params - Used to specify the Role label

Returns:

true if access is granted, false otherwise

aclUserAuthenticated

public boolean aclUserAuthenticated(java.lang.Object ctx,
                                    java.lang.String[] params)

Returns true if the User has been authenticated by the system.

Parameters:

ctx - Context Map to pass in

params - Not used

Returns:

true if access is granted, false otherwise

aclIsSolaris

public boolean aclIsSolaris(java.lang.Object ctx,
                            java.lang.String[] params)

returns true if sid is a solaris system

Parameters:

ctx - Context Map to pass in

params - Parameters to use to fetch from Context

Returns:

true if access is granted, false otherwise

aclOrgProxyEvrAtLeast

public boolean aclOrgProxyEvrAtLeast(java.lang.Object ctx,
                                     java.lang.String[] params)

FIXME not implemented. Currently this method is unimplemented and ALWAYS returns false

Parameters:

ctx - Context Map to pass in

params - Parameters to use to fetch from Context

Returns:

true if access is granted, false otherwise

aclProbeSuiteAccess

public boolean aclProbeSuiteAccess(java.lang.Object ctx,
                                   java.lang.String[] p)

Check that the current user has access to the probe suite. The id of the suite must be in the parameter suite_id

Parameters:

ctx - acl context

p - parameters for acl (ignored)

Returns:

true if the user has access to the suite

aclNeedFirstUser

public boolean aclNeedFirstUser(java.lang.Object ctx,
                                java.lang.String[] p)

Returns true if the system is a satellite and has any users. NOTE: this is an expensive call with many many users. It is intended to be called from the installer.

Parameters:

ctx - acl context

p - parameters for acl (ignored)

Returns:

true if the system is a satellite and has any users.

aclCanAccessChannel

public boolean aclCanAccessChannel(java.lang.Object ctx,
                                   java.lang.String[] params)

returns true or false ifthe user has access to a channel

Parameters:

ctx - acl context

params - params need the channel id as param 0

Returns:

true if has read access false otherwise

aclUserCanManageChannels

public boolean aclUserCanManageChannels(java.lang.Object ctx,
                                        java.lang.String[] params)

Returns true is the user is either a channel administrator or an org administrator

Parameters:

ctx - acl context

params - parameters for acl (ignored)

Returns:

true if the user is either a channel admin or org admin