Package uk.ac.manchester.spinnaker.alloc.security

Class Permit

java.lang.Object
uk.ac.manchester.spinnaker.alloc.security.Permit
public final class Permit extends Object
Encodes what a user is permitted to do. Abstracts over several types of security context.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    final boolean
    admin
    Is the user an admin?
    final String
    name
    What is the name of the user?
    final boolean
    nmpiexec
    Is the user an nmpi exec user?

  • Constructor Summary

    Constructors
    Constructor
    Description
    Permit(jakarta.ws.rs.core.SecurityContext context)
    Build a permit.
    Permit(String serviceUser)
    Build a permit for a service user.
    Permit(SecurityContext context)
    Build a permit.
    Permit(WebSocketSession session)
    The permit used for web socket handling.

  • Method Summary

    Modifier and Type
    Method
    Description
    <T> T
    authorize(Supplier<T> inContext)
    Push our special temporary authentication object for the duration of the inner code.
    boolean
    unveilFor(String owner)
    Can something owned by a given user can be shown to the user that this permit is for?

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • admin

      public final boolean admin
      Is the user an admin?

    • nmpiexec

      public final boolean nmpiexec
      Is the user an nmpi exec user?

    • name

      public final String name
      What is the name of the user?

  • Constructor Details

    • Permit

      public Permit(jakarta.ws.rs.core.SecurityContext context)
      Build a permit.
      Parameters:
      context - The originating security context.

    • Permit

      public Permit(SecurityContext context)
      Build a permit.
      Parameters:
      context - The originating security context.

    • Permit

      public Permit(String serviceUser)
      Build a permit for a service user. The service user can create jobs and read job details, but cannot do much with jobs owned by other users. Only used by the legacy interface.
      Parameters:
      serviceUser - The user name. Must exist in order to be actually used.

    • Permit

      public Permit(WebSocketSession session)
      The permit used for web socket handling. Note that websockets never have access to admin facilities (and shouldn't ever need them), even if their creating user does.
      Parameters:
      session - The originating websocket context.

  • Method Details

    • unveilFor

      public boolean unveilFor(String owner)
      Can something owned by a given user can be shown to the user that this permit is for?
      Parameters:
      owner - The owner of the object.
      Returns:
      True exactly if the object (or subset of properties) may be shown.

    • authorize

      public <T> T authorize(Supplier<T> inContext)
      Push our special temporary authentication object for the duration of the inner code. Used to satisfy Spring method security.
      Type Parameters:
      T - The type of the result
      Parameters:
      inContext - The inner code to run with an authentication object applied.
      Returns:
      Whatever the inner code returns