Package org.yamcs.security

Class User

java.lang.Object
org.yamcs.security.Account
org.yamcs.security.User
public class User extends Account
A user contains identifying information and a convenient set of methods to perform access control.

Users may be assigned two kinds of different privileges:

  • System privileges that grant the user the right to perform an action on any object.
  • Object privileges that grant the user the right to perform an action on a specific object.
Additionally a special attribute superuser may have been granted to a user. Users with this attribute are not subjected to privilege checking (i.e. they are allowed everything, even without being assigned privileges).

  • Constructor Details

    • User

      public User(String username, User createdBy)

  • Method Details

    • getEmail

      public String getEmail()

    • getHash

      public String getHash()

    • isExternallyManaged

      public boolean isExternallyManaged()

    • addIdentity

      public void addIdentity(String provider, String identity)

    • getIdentityEntrySet

      public Set<Map.Entry<String,String>> getIdentityEntrySet()

    • deleteIdentity

      public void deleteIdentity(String provider)

    • getClearance

      public Clearance getClearance()

    • setClearance

      public void setClearance(Clearance clearance)

    • getRoles

      public Set<String> getRoles()

    • setRoles

      public void setRoles(Collection<String> roles)

    • addRole

      public void addRole(String role, boolean external)
      Add a role to this user. If marked as external, this role assignment is not persisted to Yamcs DB.

    • deleteRole

      public void deleteRole(String role)

    • isSuperuser

      public boolean isSuperuser()

    • setSuperuser

      public void setSuperuser(boolean superuser)

    • setEmail

      public void setEmail(String email)

    • setHash

      public void setHash(String hash)

    • getSystemPrivileges

      public Set<SystemPrivilege> getSystemPrivileges()

    • getObjectPrivileges

      public Map<ObjectPrivilegeType,Set<ObjectPrivilege>> getObjectPrivileges()

    • getObjectPrivileges

      public Set<ObjectPrivilege> getObjectPrivileges(ObjectPrivilegeType type)

    • addSystemPrivilege

      public void addSystemPrivilege(SystemPrivilege systemPrivilege, boolean external)

    • addObjectPrivilege

      public void addObjectPrivilege(ObjectPrivilege objectPrivilege, boolean external)

    • clearDirectoryPrivileges

      public void clearDirectoryPrivileges()
      Resets user privileges to only those that are externally defined.

    • hasSystemPrivilege

      public boolean hasSystemPrivilege(SystemPrivilege systemPrivilege)

    • hasObjectPrivilege

      public boolean hasObjectPrivilege(ObjectPrivilegeType type, String object)

    • hasParameterPrivilege

      public boolean hasParameterPrivilege(ObjectPrivilegeType type, Parameter parameter)
      Special privilege check helper method for parameter permissions, allowing to check against both the qualified name of a parameter and its OPS name (if any), returning true when the user has the privilege (OPS name: in XTCE defined as alias for namespace "MDB:OPS Name")
      Parameters:
      type - parameter privilege type (either ObjectPrivilegeType.ReadParameter or ObjectPrivilegeType.WriteParameter)
      parameter - parameter to check against
      Returns:
      whether the user has the given privilege type for the parameter

    • addClearanceListener

      public void addClearanceListener(ClearanceListener listener)

    • removeClearanceListener

      public void removeClearanceListener(ClearanceListener listener)

    • toTuple

      public Tuple toTuple(boolean forUpdate)
      Overrides:
      toTuple in class Account