Manage security on objects

Verifying permissions

To check rights on an object, you just have to recover the security controller then to test the return of the method checkPermission functions of a user,a group,a role and a joker (EVERYONE).

public void security_checkRights( IDirectoryModule directoryModule, IOrganization entity, IGroup managers ) throws DirectoryModuleException 
{ 
        // Adjusting rights 
        ISecurityController entitySecurity = directoryModule.getSecurityController( entity ); 
        // The group "Managers" has the right to manage organizations of the created entity.
        if ( entitySecurity.checkPermission( managers, new Object[] 
        { 
                null, "read,write" 
        } ) ) 
        System.out.println( "yes" ); 
        else System.out.println( "no" ); 
}

Adding a permission

From the directory module, you may add new permissions. The following example shows how to give the right to modify an organization "entity" into a a group "Managers". It shows also how to place rights on the elements managed by this organization.

public void security_AddRights( IDirectoryModule directoryModule, IOrganization entity, IGroup managers ) throws DirectoryModuleException 
{ 
        // Adjusting rights 
        ISecurityController entitySecurity = directoryModule.getSecurityController( entity ); 
        // The group "Managers" has the right to manage organizations of the created entity. 
        entitySecurity.addPermission( managers, new Object[] 
        { 
                null, "read,write" 
        } ); 
        // The group "Managers" has the right to manage groups of the created entity. 
        entitySecurity.addPermission( managers, new Object[] 
        { 
                directoryModule.findNativeClass( IGroup.class ), "read,write" 
        } ); 
}

Deleting a permission

By using a security controller you may remove the rights of a user,a group on an object. The following example shows how to remove the modifications rights on the object "entity" of the group "users".

public void security_removeRights( IDirectoryModule directoryModule, IOrganization entity, IGroup users ) throws DirectoryModuleException 
{ 
        // Adjusting rights ISecurityController entitySecurity = directoryModule.getSecurityController( entity ); 
        // The group "Users" should not have the right to manage organizations of the entity. 
        entitySecurity.removePermission( users, new Object[] 
        { 
                null, "read,write" 
        } ); 
}