Package io.deephaven.enterprise.acl.impl

Class AclHelper

java.lang.Object
io.deephaven.enterprise.acl.impl.AclHelper
public class AclHelper extends Object

  • Constructor Details

    • AclHelper

      public AclHelper()

  • Method Details

    • setAclsApplied

      public static void setAclsApplied()
      Note that ACLs have been applied and our return policy has changed. This cannot be undone

    • requireAclsToExport

      public static boolean requireAclsToExport()
      If any ACLs have been applied, then any exported table must have ACLs applied.

      When no ACLs are defined, the behavior of the system is controlled by the "PersistentQuery.openSharingDefault" property. If set to true, then persistent queries that are shared without specifying table ACLs fail open, making it simple to shared PQ work product with others. If set to false, then they fail closed and ACLs must be added to permit any sharing.

      Returns:
      true if an object must have ACLs defined to be exported

    • setPermissionFilterProvider

      public static void setPermissionFilterProvider(@NotNull @NotNull io.deephaven.shadow.enterprise.com.illumon.iris.db.v2.permissions.PermissionFilterProvider pfp)
      Set the Enterprise PermissionFilterProvider to be used when calling enterprise acl code
      Parameters:
      pfp - the permission filter provider

    • permissionFilterProvider

      @NotNull public static @NotNull io.deephaven.shadow.enterprise.com.illumon.iris.db.v2.permissions.PermissionFilterProvider permissionFilterProvider()
      Get the PermissionFilterProvider to use for Enterprise integration
      Returns:
      the permission filter provider

    • setDatabaseWrapper

      public static void setDatabaseWrapper(@NotNull @NotNull io.deephaven.shadow.enterprise.com.illumon.iris.db.tables.databases.Database enterpriseDatabase)
      Set the Enterprise Database to use for integrating with Enterprise classes
      Parameters:
      enterpriseDatabase - - The Database

    • databaseWrapper

      @NotNull public static @NotNull io.deephaven.shadow.enterprise.com.illumon.iris.db.tables.databases.Database databaseWrapper()
      Get the Database wrapper to use for Enterprise integration
      Returns:
      the database wrapper

    • convertFilterGenerator

      @NotNull public static @NotNull AclFilterGenerator convertFilterGenerator(io.deephaven.shadow.enterprise.com.illumon.iris.db.v2.permissions.FilterGenerator fg)
      Convert the specified Enterprise FilterGenerator into a DnD AclFilterGenerator
      Parameters:
      fg - the generator to convert
      Returns:
      the converted filter generator

    • convertFilterGeneratorObject

      @NotNull public static @NotNull AclFilterGenerator convertFilterGeneratorObject(@NotNull @NotNull String filterString)
      Convert the specified Enterprise FilterGenerator into a DnD AclFilterGenerator
      Parameters:
      filterString - the string to convert to an AclFilterGenerator
      Returns:
      the converted filter generator

    • generateFilters

      @Nullable public static @Nullable Collection<WhereFilter>[] generateFilters(@NotNull @NotNull Collection<AclFilterGenerator> generators, @NotNull @NotNull UserContext userContext, @NotNull @NotNull AclSupport aclSupport, @Nullable @Nullable String namespace, @Nullable @Nullable String tableName, boolean refreshing)
      Generate filters for the specified user from the input set of AclFilterGenerator. Namespace and tableName may be null, for example, when applying edge Acls.
      Parameters:
      generators - the generators that will create the filter
      userContext - the user to generate acls for
      aclSupport - the AclSupport object
      namespace - the namespace of the table, if applying ACLs to source tables, null otherwise
      tableName - the table name of the table, if applying ACLs to source tables, null otherwise
      refreshing - if the filter should be refreshing.
      Returns:
      an array of ACLs to apply. A null return value indicates the user has no access to the table.

    • generateFilters

      @Nullable public static @Nullable Collection<WhereFilter>[] generateFilters(@NotNull @NotNull UserContext userContext, @NotNull @NotNull AclSupport aclSupport, @Nullable @Nullable String namespace, @Nullable @Nullable String tableName, boolean refreshing)
      Generate filters for the specified user, namespace, and table
      Parameters:
      userContext - the user to generate acls for
      aclSupport - the AclSupport object
      namespace - the namespace of the table, if applying ACLs to source tables, null otherwise
      tableName - the table name of the table, if applying ACLs to source tables, null otherwise
      refreshing - if the filter should be refreshing.
      Returns:
      an array of ACLs to apply. A null return value indicates the user has no access to the table. An empty array indicates full access.

    • getPermissionAnalyzerData

      public static io.deephaven.shadow.enterprise.com.illumon.iris.db.v2.permissions.PermissionAndGroupData getPermissionAnalyzerData(@NotNull @NotNull UserContext userContext, @NotNull @NotNull AclSupport aclSupport, @Nullable @Nullable String namespace, @Nullable @Nullable String tableName)
      Get the permission analyzer data for the specified user, namespace, and table
      Parameters:
      userContext - User to get the permission data for
      aclSupport - The AclSupport object (usually the database)
      namespace - Namespace to get the permissions data for
      tableName - Table to get the permissions data for
      Returns:
      The permission analyzer data

    • createDisjunctiveFilter

      public static WhereFilter createDisjunctiveFilter(@NotNull @NotNull Collection<WhereFilter>[] filtersToApply)
      Create single where filter in Disjunctive Normal Form of the input filter collections
      Parameters:
      filtersToApply - the filters
      Returns:
      a single Filter combining the inputs in Disjunctive Normal Form

    • splitAndLinearizeAndFilters

      public static List<Filter> splitAndLinearizeAndFilters(@NotNull @NotNull Filter filterArg)
      If a filter is a conjunction of filters (an "and" of filters), decompose it in a list of element filters.
      Parameters:
      filterArg - The filter to break down in componets
      Returns:
      A list of filters whose conjunction represent the passed filter.

    • isNullOrTrueFilter

      public static boolean isNullOrTrueFilter(Filter filter)

    • hasFullTableAccess

      public static boolean hasFullTableAccess(@NotNull @NotNull UserContext userContext, @NotNull @NotNull String namespace, @NotNull @NotNull String tableName)