senselogic.sitevision.api.security

Interface PermissionUtil

@Requireable(value="PermissionUtil")
public interface PermissionUtil

Permissions utilities interface for checking permissions.

An instance of the Sitevision class implementing this interface can be obtained via Utils.getPermissionUtil(). See Utils for how to obtain an instance of the Utils interface.

Since:

Sitevision 2.6

Author:

Magnus Lövgren

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static class	PermissionUtil.Permission The named permission demarcation, used by PermissionUtil.

Method Summary

Modifier and Type	Method and Description
boolean	hasAnonymousReadPermission() Checks if a non-authenticated user has read permission on current page.
boolean	hasAnonymousReadPermission(Node aTreeNode) Checks if a non-authenticated user has read permission on a certain tree node.
boolean	hasCreateArchivePermission(Node aParentNode, Node aUserNode) Checks if a certain user has create archive permission on a certain page tree node.
boolean	hasCreateArticlePermission(Node aParentNode, Node aUserNode) Checks if a certain user has create article permission on a certain page tree node.
boolean	hasCreateFolderPermission(Node aParentNode, Node aUserNode) Checks if a certain user has create folder permission on a certain tree node.
boolean	hasCreatePagePermission(Node aParentNode, Node aUserNode) Checks if a certain user has create page permission on a certain page tree node.
boolean	hasDeletePermission(Node aTreeNode, Node aUserNode) Checks if a certain user has delete permission on a certain tree node.
boolean	hasEffectiveDeletePermission(Node aTreeNode, Node aUserNode) Checks if a certain user has effective delete permission on a certain tree node.
boolean	hasEffectivePublishPermission(Node aPageNode, Node aUserNode) Checks if a certain user has effective publish permission on a certain page tree node.
boolean	hasEffectiveWritePermission(Node aTreeNode, Node aUserNode) Checks if a certain user has effective write permission on a certain tree node.
boolean	hasPermission(Node aTreeNode, Node aUserNode, PermissionUtil.Permission aPermission) Checks if a certain user has a certain permission on a certain tree node.
boolean	hasPermission(Node aTreeNode, PermissionUtil.Permission aPermission) Checks if current user has certain permission on a certain tree node.
boolean	hasPermission(PermissionUtil.Permission aPermission) Checks if current user has a certain permission on current page.
boolean	hasPermissions(Node aTreeNode, Node aUserNode, PermissionUtil.Permission... aPermissions) Checks if a certain user has certain permissions on a certain tree node.
boolean	hasPermissions(Node aTreeNode, PermissionUtil.Permission... aPermissions) Checks if current user has certain permissions on a certain tree node.
boolean	hasPermissions(PermissionUtil.Permission... aPermissions) Checks if current user has certain permissions on current page.
boolean	hasPublishPermission(Node aPageNode, Node aUserNode) Checks if a certain user has publish permission on a certain page tree node.
boolean	hasReadPermission() Checks if current user has read permission on current page.
boolean	hasReadPermission(Node aTreeNode, Node aUserNode) Checks if a certain user has read permission on a certain tree node.
boolean	hasWritePermission() Checks if current user has write permission on current page.
boolean	hasWritePermission(Node aTreeNode, Node aUserNode) Checks if a certain user has write permission on a certain tree node.
boolean	hasWriteSubscriptionPermission(Node aTreeNode, Node aUserNode) Checks if a certain user has write subscription permission on a certain page tree node.

Method Detail

hasAnonymousReadPermission

boolean hasAnonymousReadPermission()

Checks if a non-authenticated user has read permission on current page.

This is a convenience method for hasAnonymousReadPermission(Node) that uses PortletContextUtil to get current page.

Note! RESTApps has no "current page" concept whatsoever. A RESTApp should therefore typically never use any convenience method that relies on "current page". This method uses the site page as "current page" for best effort when invoked from a RESTApp. Beware of unexpected results and also note that RESTApps has its own complementary restrictions (e.g. only some users can call certain http methods, incoming http requests can be completely blocked etc).

Returns:

true if an anonymous user has read permission on current page (e.g. "page is public"), false if not or if indeterminable (i.e. current page can not be determined)

Since:

Sitevision 2.6.2_05

See Also:

hasAnonymousReadPermission(Node)

hasAnonymousReadPermission

boolean hasAnonymousReadPermission(Node aTreeNode)

Checks if a non-authenticated user has read permission on a certain tree node.

Parameters:

aTreeNode - a node in the page/template/file/image tree

Returns:

true if an anonymous user has read permission on aTreeNode (e.g. "page is public"), false if not or if indeterminable (i.e. aTreeNode is not a tree node)

Since:

Sitevision 2.6.2_05

See Also:

hasAnonymousReadPermission()

hasReadPermission

boolean hasReadPermission()

Checks if current user has read permission on current page.

This is a convenience method for hasReadPermission(Node, Node) that uses PortletContextUtil to get current page and current user.

Note! RESTApps has no "current page" concept whatsoever. A RESTApp should therefore typically never use any convenience method that relies on "current page". This method uses the site page as "current page" for best effort when invoked from a RESTApp. Beware of unexpected results and also note that RESTApps has its own complementary restrictions (e.g. only some users can call certain http methods, incoming http requests can be completely blocked etc).

Returns:

true if current user has read permission on current page, false if not or if indeterminable (i.e. current user or current page can not be determined)

See Also:

hasReadPermission(Node, Node)

hasReadPermission

boolean hasReadPermission(Node aTreeNode,
                          Node aUserNode)

Checks if a certain user has read permission on a certain tree node.

Parameters:

aTreeNode - a node in the page/template/file/image tree

aUserNode - a user node (or a user identity node)

Returns:

true if aUserNode has read permission on aTreeNode, false if not or if indeterminable (i.e. aTreeNode is not a tree node or aUserNode is not a user)

See Also:

hasReadPermission()

hasWritePermission

boolean hasWritePermission()

Checks if current user has write permission on current page.

This is a convenience method for hasWritePermission(Node, Node) that uses PortletContextUtil to get current page and current user.

Note! RESTApps has no "current page" concept whatsoever. A RESTApp should therefore typically never use any convenience method that relies on "current page". This method uses the site page as "current page" for best effort when invoked from a RESTApp. Beware of unexpected results and also note that RESTApps has its own complementary restrictions (e.g. only some users can call certain http methods, incoming http requests can be completely blocked etc).

Returns:

true if current user has write permission on current page, false if not or if indeterminable

See Also:

hasWritePermission(Node, Node)

hasWritePermission

boolean hasWritePermission(Node aTreeNode,
                           Node aUserNode)

Checks if a certain user has write permission on a certain tree node.

Parameters:

aTreeNode - a node in the page/template/file/image tree

aUserNode - a user node (or a user identity node)

Returns:

true if aUserNode has write permission on aTreeNode, false if not or if indeterminable (i.e. aTreeNode is not a tree node or aUserNode is not a user)

See Also:

hasEffectiveWritePermission(Node, Node)

hasEffectiveWritePermission

boolean hasEffectiveWritePermission(Node aTreeNode,
                                    Node aUserNode)

Checks if a certain user has effective write permission on a certain tree node.

This is a extended version of hasWritePermission(Node, Node) that delivers a more accurate runtime result.

Even though a User strict formally has PermissionUtil.Permission.WRITE permission on a Node, some additional state might in practice prohibit actual write operations anyway. This method also checks such cases. For example:

• The Node is Locked
  • This method will return false if the Node is locked by another User
• The Node is part of a Publishing project
  • This method will return false if the Node is in the "ready/done" state
  • This method will return false if the User isn't a project member or have PermissionUtil.Permission.MANAGE_PUBLISHING_PROJECT
• The Node is in a pending Publishing flow
  • This method will return false

Note! This method is more reliable than its static "hasWritePermission" sibling, but in a runtime environment anything can happen at any given time! Hence, even if this method returns true - there are absolutely no guarantee that the true state will remain when an actual mutating operation is performed shortly after.

Parameters:

aTreeNode - a node in the page/template/file/image tree

aUserNode - a user node (or a user identity node)

Returns:

true if aUserNode has effective write permission on aTreeNode, false if not or if indeterminable

Since:

Sitevision 2022.05.1

See Also:

hasWritePermission(Node, Node)

hasPublishPermission

boolean hasPublishPermission(Node aPageNode,
                             Node aUserNode)

Checks if a certain user has publish permission on a certain page tree node.

Parameters:

aPageNode - a publishable node in the page tree

aUserNode - a user node (or a user identity node)

Returns:

true if aUserNode has publish permission on aPageNode, false if not or if indeterminable (i.e. aPageNode is not a publishable page tree node or aUserNode is not a user)

Since:

Sitevision 2.6.1_04

See Also:

hasEffectivePublishPermission(Node, Node)

hasEffectivePublishPermission

boolean hasEffectivePublishPermission(Node aPageNode,
                                      Node aUserNode)

Checks if a certain user has effective publish permission on a certain page tree node.

This is a extended version of hasPublishPermission(Node, Node) that delivers a more accurate runtime result.

Even though a User strict formally has PermissionUtil.Permission.PUBLISH permission on a Node, some additional state might in practice prohibit actual publish operations anyway. This method also checks such cases. For example:

• The Node is Locked
  • This method will return false if the Node is locked by another User
• The Node is part of a Publishing project
  • This method will return false
• The Node is in a pending Publishing flow
  • This method will return false

Note! This method is more reliable than its static "hasPublishPermission" sibling, but in a runtime environment anything can happen at any given time! Hence, even if this method returns true - there are absolutely no guarantee that the true state will remain when an actual publish operation is performed shortly after.

Parameters:

aPageNode - a publishable node in the page/template/decorations tree

aUserNode - a user node (or a user identity node)

Returns:

true if aUserNode has effective publish permission on aTreeNode, false if not or if indeterminable

Since:

Sitevision 2022.05.1

See Also:

hasPublishPermission(Node, Node)

hasWriteSubscriptionPermission

boolean hasWriteSubscriptionPermission(Node aTreeNode,
                                       Node aUserNode)

Checks if a certain user has write subscription permission on a certain page tree node.

Parameters:

aTreeNode - a subscriptionable node in the page tree

aUserNode - a user node (or a user identity node)

Returns:

true if aUserNode has write subscription permission on aTreeNode, false if not or if indeterminable (i.e. aTreeNode is not a subscriptionable page tree node or aUserNode is not a user)

Since:

Sitevision 2.6.2_05

hasDeletePermission

boolean hasDeletePermission(Node aTreeNode,
                            Node aUserNode)

Checks if a certain user has delete permission on a certain tree node.

Parameters:

aTreeNode - a node in the page/template/file/image tree

aUserNode - a user node (or a user identity node)

Returns:

true if aUserNode has delete permission on aTreeNode, false if not or if indeterminable (i.e. aTreeNode is not a tree node or aUserNode is not a user)

Since:

Sitevision 2.6.1_04

See Also:

hasEffectiveDeletePermission(Node, Node)

hasEffectiveDeletePermission

boolean hasEffectiveDeletePermission(Node aTreeNode,
                                     Node aUserNode)

Checks if a certain user has effective delete permission on a certain tree node.

This is a extended version of hasDeletePermission(Node, Node) that delivers a more accurate runtime result.

Even though a User strict formally has PermissionUtil.Permission.DELETE and PermissionUtil.Permission.WRITE permission on a Node, some additional state might in practice prohibit actual delete operations anyway. This method also checks such cases. For example:

• The Node is part of a Publishing project
  • This method will return false if the Node is in the "ready/done" state
  • This method will return false if the User isn't a project member or have PermissionUtil.Permission.MANAGE_PUBLISHING_PROJECT
• The Node is in a pending Publishing flow
  • This method will return false

Note! This method is more reliable than its static "hasDeletePermission" sibling, but in a runtime environment anything can happen at any given time! Hence, even if this method returns true - there are absolutely no guarantee that the true state will remain when an actual delete operation is performed shortly after.

Parameters:

aTreeNode - a node in the page/template/file/image tree

aUserNode - a user node (or a user identity node)

Returns:

true if aUserNode has effective delete permission on aTreeNode, false if not or if indeterminable

Since:

Sitevision 2022.05.1

See Also:

hasDeletePermission(Node, Node)

hasCreatePagePermission

boolean hasCreatePagePermission(Node aParentNode,
                                Node aUserNode)

Checks if a certain user has create page permission on a certain page tree node.

Parameters:

aParentNode - a parent node (the parent of the page that should be created)

aUserNode - a user node (or a user identity node)

Returns:

true if aUserNode has create page permission on aParentNode, false if not or if indeterminable (i.e. aParentNode is not a page tree node that can have a page as child or aUserNode is not a user)

Since:

Sitevision 2.6.1_04

hasCreateArticlePermission

boolean hasCreateArticlePermission(Node aParentNode,
                                   Node aUserNode)

Checks if a certain user has create article permission on a certain page tree node.

Parameters:

aParentNode - a parent node (the parent of the article that should be created)

aUserNode - a user node (or a user identity node)

Returns:

true if aUserNode has create article permission on aParentNode, false if not or if indeterminable (i.e. aParentNode is not a page tree node that can have a article as child or aUserNode is not a user)

Since:

Sitevision 2.6.1_04

hasCreateArchivePermission

boolean hasCreateArchivePermission(Node aParentNode,
                                   Node aUserNode)

Checks if a certain user has create archive permission on a certain page tree node.

Parameters:

aParentNode - a parent node (the parent of the archive that should be created)

aUserNode - a user node (or a user identity node)

Returns:

true if aUserNode has create archive permission on aParentNode, false if not or if indeterminable (i.e. aParentNode is not a page tree node that can have an archive as child or aUserNode is not a user)

Since:

Sitevision 2.6.1_04

hasCreateFolderPermission

boolean hasCreateFolderPermission(Node aParentNode,
                                  Node aUserNode)

Checks if a certain user has create folder permission on a certain tree node.

Parameters:

aParentNode - a parent node (the parent of the folder that should be created)

aUserNode - a user node (or a user identity node)

Returns:

true if aUserNode has create folder permission on aParentNode, false if not or if indeterminable (i.e. aParentNode is not a tree node that can have a folder as child or aUserNode is not a user)

Since:

Sitevision 2.6.1_04

hasPermission

boolean hasPermission(PermissionUtil.Permission aPermission)

Checks if current user has a certain permission on current page.

This is a convenience method for hasPermission(Node, Node, Permission) that uses PortletContextUtil to get current page and current user.

Note! RESTApps has no "current page" concept whatsoever. A RESTApp should therefore typically never use any convenience method that relies on "current page". This method uses the site page as "current page" for best effort when invoked from a RESTApp. Beware of unexpected results and also note that RESTApps has its own complementary restrictions (e.g. only some users can call certain http methods, incoming http requests can be completely blocked etc).

Parameters:

aPermission - the permission to check

Returns:

true if current user has aPermission on current page, false if not or if indeterminable (e.g. current user or current page can not be determined)

Since:

Sitevision 3.6

See Also:

hasPermission(Node, Permission), hasPermission(Node, Node, Permission)

hasPermissions

boolean hasPermissions(PermissionUtil.Permission... aPermissions)

Checks if current user has certain permissions on current page.

This is a convenience method for hasPermissions(Node, Node, Permission...) that uses PortletContextUtil to get current page and current user.

Note! RESTApps has no "current page" concept whatsoever. A RESTApp should therefore typically never use any convenience method that relies on "current page". This method uses the site page as "current page" for best effort when invoked from a RESTApp. Beware of unexpected results and also note that RESTApps has its own complementary restrictions (e.g. only some users can call certain http methods, incoming http requests can be completely blocked etc).

Parameters:

aPermissions - the permissions to check

Returns:

true if current user has aPermissions on current page, false if not or if indeterminable (e.g. current user or current page can not be determined)

Since:

Sitevision 3.6

See Also:

hasPermissions(Node, Permission...), hasPermissions(Node, Node, Permission...)

hasPermission

boolean hasPermission(Node aTreeNode,
                      PermissionUtil.Permission aPermission)

Checks if current user has certain permission on a certain tree node.

Parameters:

aTreeNode - a node in the page/template/file/image tree

aPermission - the permission to check

Returns:

true if current user has aPermission on aTreeNode, false if not or if indeterminable (e.g. aTreeNode is not a tree node or current user can not be determined)

Since:

Sitevision 3.6

See Also:

hasPermission(Permission), hasPermission(Node, Node, Permission)

hasPermissions

boolean hasPermissions(Node aTreeNode,
                       PermissionUtil.Permission... aPermissions)

Checks if current user has certain permissions on a certain tree node.

Parameters:

aTreeNode - a node in the page/template/file/image tree

aPermissions - the permissions to check

Returns:

true if current user has aPermissions on aTreeNode, false if not or if indeterminable (e.g. aTreeNode is not a tree node or current user can not be determined)

Since:

Sitevision 3.6

See Also:

hasPermissions(Permission...), hasPermissions(Node, Node, Permission...)

hasPermission

boolean hasPermission(Node aTreeNode,
                      Node aUserNode,
                      PermissionUtil.Permission aPermission)

Checks if a certain user has a certain permission on a certain tree node.

Parameters:

aTreeNode - a node in the page/template/file/image tree

aUserNode - a user node (or a user identity node)

aPermission - the permission to check

Returns:

true if aUserNode has aPermission on aTreeNode, false if not or if indeterminable (e.g. aTreeNode is not a tree node or aUserNode is not a user)

Since:

Sitevision 3.6

See Also:

hasPermission(Permission), hasPermission(Node, Permission)

hasPermissions

boolean hasPermissions(Node aTreeNode,
                       Node aUserNode,
                       PermissionUtil.Permission... aPermissions)

Checks if a certain user has certain permissions on a certain tree node.

Parameters:

aTreeNode - a node in the page/template/file/image tree

aUserNode - a user node (or a user identity node)

aPermissions - the permissions to check

Returns:

true if aUserNode has aPermissions on aTreeNode, false if not or if indeterminable (e.g. aTreeNode is not a tree node or aUserNode is not a user)

Since:

Sitevision 3.6

See Also:

hasPermissions(Permission...), hasPermissions(Node, Permission...)