Package uk.ac.manchester.spinnaker.alloc.security

Class Permit

java.lang.Object

uk.ac.manchester.spinnaker.alloc.security.Permit

public final class Permit
extends Object

Encodes what a user is permitted to do. Abstracts over several types of security context.

Field Summary

Fields

Modifier and Type	Field	Description
boolean	admin	Is the user an admin?
String	name	What is the name of the user?
boolean	nmpiexec	Is the user an nmpi exec user?

Constructor Summary

Constructors

Constructor	Description
Permit(String serviceUser)	Build a permit for a service user.
Permit(SecurityContext context)	Build a permit.
Permit(SecurityContext context)	Build a permit.
Permit(WebSocketSession session)	The permit used for web socket handling.

Method Summary

Modifier and Type	Method	Description
<T> T	authorize(Supplier<T> inContext)	Push our special temporary authentication object for the duration of the inner code.
boolean	unveilFor(String owner)	Can something owned by a given user can be shown to the user that this permit is for?

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

admin

public final boolean admin

Is the user an admin?

nmpiexec

public final boolean nmpiexec

Is the user an nmpi exec user?

name

public final String name

What is the name of the user?

Constructor Details

Permit

public Permit(SecurityContext context)

Build a permit.

Parameters:

context - The originating security context.

Permit

public Permit(SecurityContext context)

Build a permit.

Parameters:

context - The originating security context.

Permit

public Permit(String serviceUser)

Build a permit for a service user. The service user can create jobs and read job details, but cannot do much with jobs owned by other users. Only used by the legacy interface.

Parameters:

serviceUser - The user name. Must exist in order to be actually used.

Permit

public Permit(WebSocketSession session)

The permit used for web socket handling. Note that websockets never have access to admin facilities (and shouldn't ever need them), even if their creating user does.

Parameters:

session - The originating websocket context.

Method Details

unveilFor

public boolean unveilFor(String owner)

Can something owned by a given user can be shown to the user that this permit is for?

Parameters:

owner - The owner of the object.

Returns:

True exactly if the object (or subset of properties) may be shown.

authorize

public <T> T authorize(Supplier<T> inContext)

Push our special temporary authentication object for the duration of the inner code. Used to satisfy Spring method security.

Type Parameters:

T - The type of the result

Parameters:

inContext - The inner code to run with an authentication object applied.

Returns:

Whatever the inner code returns