Security

Verifying permissions

To check rights on an object, you just have to recover the security controller then to test the return of the method checkPermission functions of a user,a group,a role and a joker (EVERYONE).

public void security_checkRights( IDirectoryModule directoryModule, IOrganization entity, IGroup managers ) throws DirectoryModuleException 
{ 
        // Adjusting rights 
        ISecurityController entitySecurity = directoryModule.getSecurityController( entity ); 
        // The group "Managers" has the right to manage organizations of the created entity.
        if ( entitySecurity.checkPermission( managers, new Object[] 
        { 
                null, "read,write" 
        } ) ) 
        System.out.println( "yes" ); 
        else System.out.println( "no" ); 
}

Adding a permission

From the directory module, you may add new permissions. The following example shows how to give the right to modify an organization "entity" into a a group "Managers". It shows also how to place rights on the elements managed by this organization.

public void security_AddRights( IDirectoryModule directoryModule, IOrganization entity, IGroup managers ) throws DirectoryModuleException 
{ 
        // Adjusting rights 
        ISecurityController entitySecurity = directoryModule.getSecurityController( entity ); 
        // The group "Managers" has the right to manage organizations of the created entity. 
        entitySecurity.addPermission( managers, new Object[] 
        { 
                null, "read,write" 
        } ); 
        // The group "Managers" has the right to manage groups of the created entity. 
        entitySecurity.addPermission( managers, new Object[] 
        { 
                directoryModule.findNativeClass( IGroup.class ), "read,write" 
        } ); 
}

Deleting a permission

By using a security controller you may remove the rights of a user,a group on an object. The following example shows how to remove the modifications rights on the object "entity" of the group "users".

public void security_removeRights( IDirectoryModule directoryModule, IOrganization entity, IGroup users ) throws DirectoryModuleException 
{ 
        // Adjusting rights ISecurityController entitySecurity = directoryModule.getSecurityController( entity ); 
        // The group "Users" should not have the right to manage organizations of the entity. 
        entitySecurity.removePermission( users, new Object[] 
        { 
                null, "read,write" 
        } ); 
}