org.opencms.security
Class CmsRole

java.lang.Object
  extended byorg.opencms.security.CmsRole

public final class CmsRole
extends java.lang.Object

A role is used in the OpenCms security system to check if a user has access to a certain system function.

Roles are used to ensure access permissions to system function that are not file based. For example, roles are used to check permissions to functions like "the user can schedule a job in the CmsScheduleManager" or "the user can export (or import) the OpenCms database".

All roles are based on CmsGroup. This means to have access to a role, the user has to be a member in a certain predefined system group. Each role has exactly one group that contains all "direct" members of this role.

All roles have (optional) parent roles. If a user not a member of the role group of a role, but he is a member of at last one of the parent role groups, he/she also has full access to this role. This is called "indirect" membership to the role.

Please note that "indirect" membership does grant the user the same full access to a role that "direct" membership does. For example, the ADMINISTRATOR role is a parent group of all other roles. So all users that are members of ADMINISTRATOR have access to the functions of all other roles.

Please do not perform automated sorting of members on this compilation unit. That leads to NPE's

Since:
6.0.0
Version:
$Revision: 1.11 $
Author:
Alexander Kandzior

Field Summary
static CmsRole ACCOUNT_MANAGER
          The "ACCOUNT_MANAGER" role.
static CmsRole ADMINISTRATOR
          The "ADMINISTRATOR" role, which is a parent to all other roles.
static CmsRole DEVELOPER
          The "DEVELOPER" role.
static CmsRole EXPORT_DATABASE
          The "EXPORT_DATABASE" role.
static CmsRole HISTORY_MANAGER
          The "HISTORY_MANAGER" role.
static CmsRole IMPORT_DATABASE
          The "IMPORT_DATABASE" role.
static CmsRole MODULE_MANAGER
          The "MODULE_MANAGER" role.
static CmsRole PROJECT_MANAGER
          The "PROJECT_MANAGER" role.
static CmsRole PROPERTY_MANAGER
          The "PROPERTY_MANAGER" role.
static CmsRole RESOURCE_TYPE_MANAGER
          The "RESOURCE_TYPE_MANAGER" role.
static CmsRole ROOT_FOLDER_ACCESS
          The "ROOT_FOLDER_ACCESS" role.
static CmsRole SCHEDULER_MANAGER
          The "SCHEDULER_MANAGER" role.
static CmsRole SEARCH_MANAGER
          The "SEARCH_MANAGER" role.
static CmsRole SYSTEM_USER
          The "SYSTEM_USER" role.
static CmsRole VFS_MANAGER
          The "VFS_MANAGER" role.
static CmsRole WORKPLACE_MANAGER
          The "WORKPLACE_MANAGER" role.
static CmsRole WORKPLACE_USER
          The "WORKPLACE_USER" role.
 
Constructor Summary
CmsRole(java.lang.String roleName, java.lang.String groupName, CmsRole[] parentRoles)
          Creates a user defined role.
 
Method Summary
 boolean checkDirectAccess(java.util.List groups)
          Returns true if the role group of this role (not the groups from the parent roles) matches a name of one of the given groups.
 CmsRoleViolationException createRoleViolationException(CmsRequestContext context)
          Returns a role violation exception configured with a localized, role specific message for this role.
 boolean equals(java.lang.Object obj)
           
 java.lang.String getGroupName()
          Returns the name of the group this role is mapped to in the OpenCms database.
 java.util.List getParentRoles()
          Returns the (unmodifialble) List of parent roles of this role (instances of CmsRole.
 java.lang.String getRoleName()
          Returns the name of the role.
static java.util.List getSystemRoles()
          Returns the list of system defined roles (instances of CmsRole).
 int hashCode()
           
 boolean hasRole(java.util.List groups)
          Returns true if at last one of the given CmsGroup instances is equal to a group of this role.
 boolean hasRole(java.lang.String[] groupNames)
          Returns true if at last one of the given group names is equal to a group name of this role.
static void initialize(CmsDefaultUsers defaultUsers)
          Initializes the system roles with the configured OpenCms system group names.
 java.lang.String toString()
           
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

ADMINISTRATOR

public static final CmsRole ADMINISTRATOR
The "ADMINISTRATOR" role, which is a parent to all other roles.


DEVELOPER

public static final CmsRole DEVELOPER
The "DEVELOPER" role.


EXPORT_DATABASE

public static final CmsRole EXPORT_DATABASE
The "EXPORT_DATABASE" role.


HISTORY_MANAGER

public static final CmsRole HISTORY_MANAGER
The "HISTORY_MANAGER" role.


IMPORT_DATABASE

public static final CmsRole IMPORT_DATABASE
The "IMPORT_DATABASE" role.


MODULE_MANAGER

public static final CmsRole MODULE_MANAGER
The "MODULE_MANAGER" role.


PROJECT_MANAGER

public static final CmsRole PROJECT_MANAGER
The "PROJECT_MANAGER" role.


PROPERTY_MANAGER

public static final CmsRole PROPERTY_MANAGER
The "PROPERTY_MANAGER" role.


RESOURCE_TYPE_MANAGER

public static final CmsRole RESOURCE_TYPE_MANAGER
The "RESOURCE_TYPE_MANAGER" role.

Additional parent: MODULE_MANAGER.


ROOT_FOLDER_ACCESS

public static final CmsRole ROOT_FOLDER_ACCESS
The "ROOT_FOLDER_ACCESS" role.


SCHEDULER_MANAGER

public static final CmsRole SCHEDULER_MANAGER
The "SCHEDULER_MANAGER" role.


SEARCH_MANAGER

public static final CmsRole SEARCH_MANAGER
The "SEARCH_MANAGER" role.


ACCOUNT_MANAGER

public static final CmsRole ACCOUNT_MANAGER
The "ACCOUNT_MANAGER" role.


VFS_MANAGER

public static final CmsRole VFS_MANAGER
The "VFS_MANAGER" role.


WORKPLACE_MANAGER

public static final CmsRole WORKPLACE_MANAGER
The "WORKPLACE_MANAGER" role.

Additional parents: MODULE_MANAGER, DEVELOPER.


WORKPLACE_USER

public static final CmsRole WORKPLACE_USER
The "WORKPLACE_USER" role.


SYSTEM_USER

public static final CmsRole SYSTEM_USER
The "SYSTEM_USER" role.

Additional parents: WORKPLACE_USER, PROJECT_MANAGER, DEVELOPER.

Constructor Detail

CmsRole

public CmsRole(java.lang.String roleName,
               java.lang.String groupName,
               CmsRole[] parentRoles)
Creates a user defined role.

Parameters:
roleName - the name of this role
groupName - the name of the group the members of this role are stored in
parentRoles - the parent roles of this role
Method Detail

getSystemRoles

public static java.util.List getSystemRoles()
Returns the list of system defined roles (instances of CmsRole).

Returns:
the list of system defined roles

initialize

public static void initialize(CmsDefaultUsers defaultUsers)
                       throws CmsSecurityException
Initializes the system roles with the configured OpenCms system group names.

This is done automatically during the system startup phase, any manual calls later will result in an Exception.

Parameters:
defaultUsers - the OpenCms default users
Throws:
CmsSecurityException - if called outside the system startup phase

checkDirectAccess

public boolean checkDirectAccess(java.util.List groups)
Returns true if the role group of this role (not the groups from the parent roles) matches a name of one of the given groups.

This check is required only to find out if a user is a direct member of the role group of this role. It should never be used for permission checks. For all permission checks, use hasRole(List).

Parameters:
groups - a List of CmsGroup instances to match this role group against
Returns:
true if the role group of this role (not the groups from the parent roles) matches a name of one of the given groups

createRoleViolationException

public CmsRoleViolationException createRoleViolationException(CmsRequestContext context)
Returns a role violation exception configured with a localized, role specific message for this role.

Parameters:
context - the current users OpenCms request context
Returns:
a role violation exception configured with a localized, role specific message for this role

equals

public boolean equals(java.lang.Object obj)
See Also:
Object.equals(java.lang.Object)

getGroupName

public java.lang.String getGroupName()
Returns the name of the group this role is mapped to in the OpenCms database.

Returns:
the name of the group this role is mapped to in the OpenCms database

getParentRoles

public java.util.List getParentRoles()
Returns the (unmodifialble) List of parent roles of this role (instances of CmsRole.

Returns:
the (unmodifialble) List of parent roles of this role

getRoleName

public java.lang.String getRoleName()
Returns the name of the role.

Returns:
the name of the role

hashCode

public int hashCode()
See Also:
Object.hashCode()

hasRole

public boolean hasRole(java.util.List groups)
Returns true if at last one of the given CmsGroup instances is equal to a group of this role.

This checks the given list against the role group of this role as well as against the role group of all parent roles.

Parameters:
groups - a List of CmsGroup instances to match the role groups against
Returns:
true if at last one of the given group names is equal to a group name of this role

hasRole

public boolean hasRole(java.lang.String[] groupNames)
Returns true if at last one of the given group names is equal to a group name of this role.

This checks the given list against the role group of this role as well as against the role group of all parent roles.

Parameters:
groupNames - the group names to match the role groups against
Returns:
true if at last one of the given group names is equal to a group name of this role

toString

public java.lang.String toString()
See Also:
Object.toString()