Interface RolePermissionEvaluator
public interface RolePermissionEvaluator
- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
Method Summary
Modifier and TypeMethodDescriptionbooleancanList(RoleContainerModel container) booleancanManage(RoleContainerModel container) If the role is a realm role, it returnstrueifRealmPermissionEvaluator.canManageRealm()returnstrue.booleanIf the role is a realm role, it returnstrueifRealmPermissionEvaluator.canManageRealm()returnstrue.booleancanMapClientScope(RoleModel role) ReturnstrueifClientPermissions.canManageClientsDefault()returnstrue.booleancanMapComposite(RoleModel role) ReturnstrueifRolePermissions.canManageDefault(RoleModel)andRolePermissions.checkAdminRoles(RoleModel)returnstrue.booleancanMapRole(RoleModel role) Returnstrueif the caller hasAdminRoles.MANAGE_USERSrole andRolePermissions.checkAdminRoles(RoleModel)returnstrue.booleancanView(RoleContainerModel container) If the role is a realm role, it returnstrueifRealmPermissionEvaluator.canViewRealm()returnstrue.booleanIf the role is a realm role, it returnstrueifRealmPermissionEvaluator.canViewRealm()returnstrue.getRoleIdsByScope(String scope) Returns the IDs of the roles that the current user can perform based onscope.voidrequireList(RoleContainerModel container) Throws ForbiddenException ifcanList(RoleContainerModel)returnsfalse.voidrequireManage(RoleContainerModel container) Throws ForbiddenException ifcanManage(RoleContainerModel)returnsfalse.voidrequireManage(RoleModel role) Throws ForbiddenException ifcanManage(RoleModel)returnsfalse.voidThrows ForbiddenException ifcanMapClientScope(RoleModel)returnsfalse.voidrequireMapComposite(RoleModel role) Throws ForbiddenException ifcanMapComposite(RoleModel)returnsfalse.voidrequireMapRole(RoleModel role) Throws ForbiddenException ifcanMapRole(RoleModel)returnsfalse.voidrequireView(RoleContainerModel container) Throws ForbiddenException ifcanView(RoleContainerModel)returnsfalse.voidrequireView(RoleModel role) Throws ForbiddenException ifcanView(RoleModel)returnsfalse.
-
Method Details
-
canList
ReturnstrueifcanView(RoleContainerModel)returnstrue. Or if the role is a realm role, then it returnstrueifRealmPermissionEvaluator.canViewRealm()returns true or if the caller has at least one of theAdminRoles.QUERY_USERS,AdminRoles.QUERY_USERS,AdminRoles.QUERY_CLIENTS,AdminRoles.QUERY_REALMS,AdminRoles.QUERY_GROUPSroles. -
requireList
Throws ForbiddenException ifcanList(RoleContainerModel)returnsfalse. -
canMapRole
Returnstrueif the caller hasAdminRoles.MANAGE_USERSrole andRolePermissions.checkAdminRoles(RoleModel)returnstrue. Or if the role is a client role andClientPermissionEvaluator.canMapRoles(ClientModel)returnstrue. Or if the caller has permission toRolePermissionManagement.MAP_ROLE_SCOPEandRolePermissions.checkAdminRoles(RoleModel)returnstrue. For V2 only: Also if the caller has a permission toRolePermissionManagement.MAP_ROLE_SCOPEall roles. -
requireMapRole
Throws ForbiddenException ifcanMapRole(RoleModel)returnsfalse. -
canManage
If the role is a realm role, it returnstrueifRealmPermissionEvaluator.canManageRealm()returnstrue. If the role is a client role, it returnstrueifClientPermissionEvaluator.canConfigure(ClientModel)returnstrue. -
requireManage
Throws ForbiddenException ifcanManage(RoleModel)returnsfalse. -
canView
If the role is a realm role, it returnstrueifRealmPermissionEvaluator.canViewRealm()returnstrue. If the role is a client role, it returnstrueifClientPermissionEvaluator.canView(ClientModel)returnstrue. -
requireView
Throws ForbiddenException ifcanView(RoleModel)returnsfalse. -
canMapClientScope
ReturnstrueifClientPermissions.canManageClientsDefault()returnstrue. Or if the role is a client role andClientPermissionEvaluator.canMapClientScopeRoles(ClientModel)returnstrue. Or if the caller has permission toRolePermissionManagement.MAP_ROLE_CLIENT_SCOPE_SCOPE. For V2 only: Also if the caller has a permission toRolePermissionManagement.MAP_ROLE_CLIENT_SCOPE_SCOPEall roles. -
requireMapClientScope
Throws ForbiddenException ifcanMapClientScope(RoleModel)returnsfalse. -
canMapComposite
ReturnstrueifRolePermissions.canManageDefault(RoleModel)andRolePermissions.checkAdminRoles(RoleModel)returnstrue. Or if the role is a client role andClientPermissionEvaluator.canMapCompositeRoles(ClientModel)returnstrue. Or if the caller has permission toRolePermissionManagement.MAP_ROLE_COMPOSITE_SCOPEandRolePermissions.checkAdminRoles(RoleModel)returnstrue. For V2 only: Also if the caller has a permission toRolePermissionManagement.MAP_ROLE_COMPOSITE_SCOPEall roles. -
requireMapComposite
Throws ForbiddenException ifcanMapComposite(RoleModel)returnsfalse. -
canManage
If the role is a realm role, it returnstrueifRealmPermissionEvaluator.canManageRealm()returnstrue. If the role is a client role, it returnstrueifClientPermissionEvaluator.canConfigure(ClientModel)returnstrue. -
requireManage
Throws ForbiddenException ifcanManage(RoleContainerModel)returnsfalse. -
canView
If the role is a realm role, it returnstrueifRealmPermissionEvaluator.canViewRealm()returnstrue. If the role is a client role, it returnstrueifClientPermissionEvaluator.canView(ClientModel)returnstrue. -
requireView
Throws ForbiddenException ifcanView(RoleContainerModel)returnsfalse. -
getRoleIdsByScope
Returns the IDs of the roles that the current user can perform based onscope.- Returns:
- Stream of IDs of roles with
scopepermission.
-