Module: UU::OS::Permission

Extended by:: Permission
Included in:: Permission
Defined in:: uu_os-0.29.16/lib/uu/os/permission.rb,
uu_os-0.29.16/lib/uu/os/permission/permission_grant.rb,
uu_os-0.29.16/lib/uu/os/permission/permission_level.rb,
uu_os-0.29.16/lib/uu/os/permission/permission_revoke.rb,
uu_os-0.29.16/lib/uu/os/permission/permission_authorize.rb,
uu_os-0.29.16/lib/uu/os/permission/permission_get_mask_list.rb,
uu_os-0.29.16/lib/uu/os/permission/permission_authorize_result.rb,
uu_os-0.29.16/lib/uu/os/permission/permission_get_authority_list.rb,
uu_os-0.29.16/lib/uu/os/permission/permission_get_authority_data.rb,
uu_os-0.29.16/lib/uu/os/permission/permission_get_mask_attributes.rb,
uu_os-0.29.16/lib/uu/os/permission/permission_get_system_group_list.rb,
uu_os-0.29.16/lib/uu/os/permission/permission_get_authority_list_item.rb,
uu_os-0.29.16/lib/uu/os/permission/permission_get_system_group_attributes.rb

Overview

Module Permission.

Defined Under Namespace

Classes: PermissionAuthorize, PermissionAuthorizeResult, PermissionGetAuthorityData, PermissionGetAuthorityList, PermissionGetAuthorityListItem, PermissionGetMaskAttributes, PermissionGetMaskList, PermissionGetSystemGroupAttributes, PermissionGetSystemGroupList, PermissionGrant, PermissionLevel, PermissionRevoke

Constant Summary

PATH = REST service url path.

'ues/core/security/UESPermission'

Instance Method Summary (collapse)

- (UU::OS::Permission::PermissionAuthorizeResult) authorize(entity_uri, options)

Checks whether the logged user is authorized to the specific use case over the specific entity.
- (UU::OS::REST::BinaryValue) get_authority_data(entity_uri, options)

Returns data about permissions granted to the given authority (Role, Group or System Group) on object (only Artifacts in current version).
- (Array) get_authority_list(entity_uri, criteria = nil)

Returns a list of authorities (Roles, Groups or System Groups) who have been granted permissions on a object (only Artifacts in current version).
- (Array) get_mask_list(artifact_uri, criteria = nil)

Returns a list of permission masks for an Artifact.
- (Array) get_system_group_list(entity_uri, criteria = nil)

Returns a list of System Groups of an entity (object or pack).
- (Object) grant(entity_uri, permission)

Grants permissions on objects (only Artifacts in current version) according to given Permission Mask or according to detailed permission specification (defined access level for chosen use cases).
- (Object) revoke(entity_uri, permission)

Revokes permissions on an object (only Artifact in current version) for given Use Cases.

Instance Method Details

- (`UU::OS::Permission::PermissionAuthorizeResult`) authorize(entity_uri, options)

Checks whether the logged user is authorized to the specific use case over the specific entity. If the user is not authorized to run the specified use case, the authorization exception (UU::OS::Security::AuthorizationException: E05401.M08) is thrown.

Note that authorization entities may differ from main entities of specific uuCommands. For example the uuCommand UU::OS::Property.create uses an artifact as the main entity, but it is authorized over the property group where the property is to be created.

Examples:

# Checks whether the logged user is authorized to the use case with code AU_101010 over the given entity.
UU::OS::Permission.authorize('ues:TERRITORY:ENTITY', :use_case_code => 'AU_101010')

Parameters:

entity_uri (String, UU::OS::UESURI) —

Not nil. URI of the entity (artifact, object) over which the logged user will be authorized.
options (UU::OS::Permission::PermissionAuthorize) —

Specific options.

Options Hash (options):

:use_case_code (String) —

Not nil. Code of the specific use case for which it will be checked whether the logged user is authorized. Codes of system use cases can be obtained by exporting the access right settings template of the given meta artifact. Note that codes for specific use cases may differ in some uuCommon Apps.

Returns:

(UU::OS::Permission::PermissionAuthorizeResult) —

Object containing the permission authorization attributes.

# File 'uu_os-0.29.16/lib/uu/os/permission.rb', line 222

def authorize(entity_uri, options)
  svc = UU::OS::REST::RemoteClient.new(Permission)
  dto = Permission::PermissionAuthorize.new(options)

  svc.add_parameter('useCaseCode', dto.use_case_code)

  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get('authorize', entity_uri)
    return Permission::PermissionAuthorizeResult.new(res)
  end
end

- (`UU::OS::REST::BinaryValue`) get_authority_data(entity_uri, options)

Returns data about permissions granted to the given authority (Role, Group or System Group) on object (only Artifacts in current version).
To list all authorities with granted permissions use uuCommand #get_authority_list.

Examples:

# Get permissions granted to Group or Role in JSON format.
UU::OS::Permission.get_authority_data('ues:TERRITORY:ARTIFACT', :authority_uri => 'ues:TERRITORY:ROLE')

# Get permissions granted to System Group in JSON format.
UU::OS::Permission.get_authority_data('ues:TERRITORY:ARTIFACT', :authority_uri => 'ues:${system}:COMPETENT_FOR_ART_IFC')

# Get permissions granted to Group or Role in CSV format.
UU::OS::Permission.get_authority_data('ues:TERRITORY:ARTIFACT', :authority_uri => 'ues:TERRITORY:ROLE', :requested_mime_type => 'text/csv')

Parameters:

entity_uri (String, UU::OS::UESURI) —

URI of the object for which the data about permission settings will be returned.
options (UU::OS::Permission::PermissionGetAuthorityData) —

Specific options.

Options Hash (options):

:authority_uri (String, UU::OS::UESURI) —

URI of the authority whose granted permission settings will be returned. Must not be nil.
:requested_mime_type (String) —

MIME type of the returned value. Possible values are ‘application/json’ for JSON and ‘text/csv’ for CSV. JSON is returned by default.

Returns:

(UU::OS::REST::BinaryValue) —

Data about permission settings for given object and authority.

# File 'uu_os-0.29.16/lib/uu/os/permission.rb', line 151

def get_authority_data(entity_uri, options)
  svc = UU::OS::REST::RemoteClient.new(Permission)
  dto = UU::OS::Permission::PermissionGetAuthorityData.new(options)
  svc.add_parameter('authorityUri', dto.authority_uri)
  if dto.requested_mime_type
    svc.add_parameter('requestedMimeType', dto.requested_mime_type)
  end

  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get('getAuthorityData', entity_uri)
    return UU::OS::REST::BinaryValue.new(res, true)
  end
end

- (`Array`) get_authority_list(entity_uri, criteria = nil)

Returns a list of authorities (Roles, Groups or System Groups) who have been granted permissions on a object (only Artifacts in current version).

Examples:

# Get a list of all authorities which have been granted permissions for a Artifact.
UU::OS::Permission.get_authority_list('ues:TERRITORY:ARTIFACT')

# Get a list of all authorities with authorityName that starts with string John.
UU::OS::Permission.get_authority_list('ues:TERRITORY:ARTIFACT', :query => "authorityName='John%'")

=> { "UU::OS::REST::ResultList" : {
   "total_size" : "1" ,
   ...
   "page_entries" : [ {
      "UU::OS::Permission::PermissionGetAuthorityListItem" : {
         "authorityName" : "John Role" ,
         "authorityUri" : "ues:TERRITORY:JOHN_ROLE",
         ...
         "maskName" : "Read",
         "maskUri" : "ues:TERRITORY:META_ARTIFACT:MASK"
      }
   } ]
} }

Parameters:

entity_uri (String, UU::OS::UESURI) —

URI of the object for which to list all authorities with granted permissions.
criteria (UU::OS::Permission::PermissionGetAuthorityList) (defaults to: nil) —

Specific options.

Options Hash (criteria):

:query (String) —

Query for filtering and ordering of the result list (more information in uuQuery - Guideline). It is possible to filter the result list by authorityUri and authorityName.

Returns:

(Array) —

An Array with the command result. Contains instances of PermissionGetAuthorityListItem.

# File 'uu_os-0.29.16/lib/uu/os/permission.rb', line 120

def get_authority_list(entity_uri, criteria = nil)
  svc = UU::OS::REST::RemoteClient.new(Permission)
  dto = Permission::PermissionGetAuthorityList.new(criteria)
  svc.add_parameter('pageIndex', dto.page_index)
  svc.add_parameter('pageSize', dto.page_size)
  svc.add_parameter('query', dto.query)
  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get('getAuthorityList', entity_uri)
    return UU::OS::REST::ResultList.new(Permission::PermissionGetAuthorityList, Permission::PermissionGetAuthorityListItem, res)
  end
end

- (`Array`) get_mask_list(artifact_uri, criteria = nil)

Returns a list of permission masks for an Artifact.

Examples:

# Get a list of all permission masks whose name starts with string "Create" and code starts with string "CREATE".
UU::OS::Permission.get_mask_list('ues:TERRITORY:ARTIFACT', :query => "name='Create%' AND code='CREATE%'")

Parameters:

artifact_uri (String, UU::OS::UESURI) —

URI of the artifact whose permission masks will be listed.
criteria (UU::OS::Permission::PermissionGetMaskList) (defaults to: nil) —

Specific options.

Options Hash (criteria):

:query (String) —

Query for filtering and ordering of the result list (more information in uuQuery - Guideline). It is possible to filter the result list by name and code.

Returns:

(Array) —

An Array with the command result. Contains instances of PermissionGetMaskAttributes.

# File 'uu_os-0.29.16/lib/uu/os/permission.rb', line 176

def get_mask_list(artifact_uri, criteria = nil)
  svc = UU::OS::REST::RemoteClient.new(Permission)
  dto = Permission::PermissionGetMaskList.new(criteria)
  svc.add_parameter('pageIndex', dto.page_index)
  svc.add_parameter('pageSize', dto.page_size)
  svc.add_parameter('query', dto.query)
  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get('getMaskList', artifact_uri)
    return UU::OS::REST::ResultList.new(Permission::PermissionGetMaskList, Permission::PermissionGetMaskAttributes, res)
  end
end

- (`Array`) get_system_group_list(entity_uri, criteria = nil)

Returns a list of System Groups of an entity (object or pack). It may be used to set permissions for these groups.

Examples:

# Get a list of all System Groups for given entity.
UU::OS::Permission.get_system_group_list('ues:TERRITORY:ARTIFACT')

Parameters:

entity_uri (String, UU::OS::UESURI) —

URI of the object. Must not be nil.

Returns:

(Array) —

An Array with the command result. Contains instances of PermissionGetSystemGroupAttributes.

# File 'uu_os-0.29.16/lib/uu/os/permission.rb', line 197

def get_system_group_list(entity_uri, criteria = nil)
  svc = UU::OS::REST::RemoteClient.new(Permission)
  dto = Permission::PermissionGetSystemGroupList.new(criteria)

  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get('getSystemGroupList', entity_uri)
    return UU::OS::REST::ResultList.new(Permission::PermissionGetSystemGroupList, Permission::PermissionGetSystemGroupAttributes, res)
  end
end

- (`Object`) grant(entity_uri, permission)

Grants permissions on objects (only Artifacts in current version) according to given Permission Mask or according to detailed permission specification (defined access level for chosen use cases). It is possible to grant permission on objects for any allowed authority (Role, Group or System Group).
To list all allowed system groups use uuCommand #get_system_group_list.
All possible levels may be found as constants in PermissionLevel class.

Examples:

# Prepare data for the permission in JSON format.
grant_data = '[{"useCaseCode":"AU_103129","castLevel":"$GUEST"}]'

# Grant permissions for Group or Role according to detailed permission specification.
UU::OS::Permission.grant('ues:TERRITORY:ARTIFACT', :authority_uri => 'ues:TERRITORY:ROLE', :data => grant_data)

# Grant permissions for System Group according to Permission mask.
UU::OS::Permission.grant('ues:TERRITORY:ARTIFACT', :authority_uri => 'ues:${system}:COMPETENT_FOR_ART_IFC', :mask_uri => "ues:TERRITORY:ARTIFACT:MASK")

=> nil

Parameters:

entity_uri (String, UU::OS::UESURI) —

URI of the object for which permissions will be granted. Must not be nil.
permission (UU::OS::Permission::PermissionGrant) —

Specific options.

Options Hash (permission):

:authority_uri (String, UU::OS::UESURI) —

URI of the authority for which permissions will be granted. Must not be nil.
:data (String, File, UU::OS::REST::BinaryValue) —

Deprecated. Information about permission settings in JSON format. The permission is specified by the use case and the level.
:mask_uri (String, UU::OS::UESURI) —

URI of the Permission mask according that the permission will be set. Option :data has higher priority than this one.

# File 'uu_os-0.29.16/lib/uu/os/permission.rb', line 53

def grant(entity_uri, permission)
  svc = UU::OS::REST::RemoteClient.new(Permission)
  payload = UU::OS::Permission::PermissionGrant.new(permission).to_json

  UU::OS::QoS::QoSHandler.auto_retry do
    svc.post('grant', entity_uri, payload)
  end
end

- (`Object`) revoke(entity_uri, permission)

Revokes permissions on an object (only Artifact in current version) for given Use Cases. It is possible to revoke permissions on objects for any allowed authority (Role, Group or System Group).
To list all allowed system groups use uuCommand #get_system_group_list.

Examples:

# Revoke permissions on all Use Cases (e.g. Permission mask) for System Group.
UU::OS::Permission.revoke('ues:TERRITORY:ARTIFACT', :authority_uri => 'ues:${system}:COMPETENT_FOR_ART_IFC', :all => true)

# Revoke permissions on all Use Cases (e.g. Permission mask) for Group or Role.
UU::OS::Permission.revoke('ues:TERRITORY:ARTIFACT', :authority_uri => 'ues:TERRITORY:ROLE', :all => true)

# Revoke permissions on specified Use Cases for Group or Role.
revoke_data = '[{"useCaseCode":"AU_103129"},{"useCaseCode":"AU_103300"}]'
UU::OS::Permission.revoke('ues:TERRITORY:ARTIFACT', :authority_uri => 'ues:TERRITORY:ROLE', :data => revoke_data)

=> nil

Parameters:

entity_uri (String, UU::OS::UESURI) —

URI of the object for which the permissions will be revoked. Must not be nil.
permission (UU::OS::Permission::PermissionRevoke) —

Specific options.

Options Hash (permission):

:authority_uri (String, UU::OS::UESURI) —

URI of the authority for which the permissions will be revoked. Must not be nil.
:data (String, File, UU::OS::REST::BinaryValue) —

Deprecated. List of Use Cases (in JSON format) for which the permission will be revoked.
:all (Boolean) —

When true is set, permissions will be revoked for all Use Cases (e.g. whole Permission Mask). Default value is false. Option :data has higher priority than this one.

# File 'uu_os-0.29.16/lib/uu/os/permission.rb', line 83

def revoke(entity_uri, permission)
  svc = UU::OS::REST::RemoteClient.new(Permission)
  payload = UU::OS::Permission::PermissionRevoke.new(permission).to_json

  UU::OS::QoS::QoSHandler.auto_retry do
    svc.post('revoke', entity_uri, payload)
  end
end

Module: UU::OS::Permission

Overview

Defined Under Namespace

Constant Summary

Instance Method Summary (collapse)

Instance Method Details

- (UU::OS::Permission::PermissionAuthorizeResult) authorize(entity_uri, options)

- (UU::OS::REST::BinaryValue) get_authority_data(entity_uri, options)

- (Array) get_authority_list(entity_uri, criteria = nil)

- (Array) get_mask_list(artifact_uri, criteria = nil)

- (Array) get_system_group_list(entity_uri, criteria = nil)

- (Object) grant(entity_uri, permission)

- (Object) revoke(entity_uri, permission)

- (`UU::OS::Permission::PermissionAuthorizeResult`) authorize(entity_uri, options)

- (`UU::OS::REST::BinaryValue`) get_authority_data(entity_uri, options)

- (`Array`) get_authority_list(entity_uri, criteria = nil)

- (`Array`) get_mask_list(artifact_uri, criteria = nil)

- (`Array`) get_system_group_list(entity_uri, criteria = nil)

- (`Object`) grant(entity_uri, permission)

- (`Object`) revoke(entity_uri, permission)