Package org.apache.jackrabbit.api.security.authorization

Interface PrivilegeCollection

All Known Implementing Classes:

PrivilegeCollection.Default

@ProviderType
public interface PrivilegeCollection

Wrapper around a set of Privileges that allows to test if a given list of privilege names in included. This avoids repeated calls to AccessControlManager.hasPrivileges(String, Privilege[]) or having to manually resolve the privilege aggregation when using AccessControlManager.getPrivileges(String). While a default is available for backwards compatibility, it uses regular JCR API. Therefore it is recommended to provide custom implementations of JackrabbitAccessControlManager.getPrivilegeCollection(String) and JackrabbitAccessControlManager.getPrivilegeCollection(String, Set) with efficient implementations of the PrivilegeCollection.

Since:

Oak 1.42.0

See Also:

JackrabbitAccessControlManager.getPrivilegeCollection(String), JackrabbitAccessControlManager.getPrivilegeCollection(String, Set)

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static class	PrivilegeCollection.Default	Default implementation of the PrivilegeCollection interface.

Method Summary

Modifier and Type	Method	Description
Privilege[]	getPrivileges()	Return the underlying privilege array.
boolean	includes(@NotNull String... privilegeNames)	Tests whether the given JCR privilegeNames are contained in the privileges for which this instance of PrivilegeEvaluation has been created such as e.g.

Method Detail

getPrivileges

Privilege[] getPrivileges()
                   throws RepositoryException

Return the underlying privilege array.

Returns:

the privilege array for which this instance has been created.

Throws:

RepositoryException - If an error occurs.

includes

boolean includes(@NotNull
                 @NotNull String... privilegeNames)
          throws RepositoryException

Tests whether the given JCR privilegeNames are contained in the privileges for which this instance of PrivilegeEvaluation has been created such as e.g. through JackrabbitAccessControlManager.getPrivilegeCollection(String) or JackrabbitAccessControlManager.getPrivilegeCollection(String, Set). The inclusion can either be direct or through privilege aggregation.

Parameters:

privilegeNames - The JCR names of privileges to be tested. They can be passed in expanded form (like e.g. Privilege.JCR_READ) or in qualified form (i.e. 'jcr:read' if 'jcr' was the prefixed defined for the 'http://www.jcp.org/jcr/1.0' namespace.

Returns:

true if the underlying privileges include all specified privilege names either directly or by means of aggregation; false if one or multiple privileges are not included. If jcr:all privilege is part of this collection or if no privilege names are specified this method will return true. If no privileges are granted false is returned.

Throws:

AccessControlException - If any of the given privilege names is invalid i.e. no such privilege exists.

RepositoryException - If another error occurs.

Since:

Oak 1.42.0