Package com.identityworksllc.iiq.common

Class AuthUtilities

  • public class AuthUtilities
extends AbstractBaseUtility
    Utilities for authorization, e.g., whether a user can view a QuickLink.

    For the Common Security style of authorization, use ThingAccessUtils instead.

    • Constructor Detail

      • AuthUtilities

        public AuthUtilities​(sailpoint.api.SailPointContext c)
        Constructs a new instance of AuthUtilities
        Parameters:
        c -

    • Method Detail

      • canAccessQuicklink

        public boolean canAccessQuicklink​(sailpoint.object.Identity launcher,
                                  sailpoint.object.Identity target,
                                  sailpoint.object.QuickLink what)
                           throws sailpoint.tools.GeneralException
        Returns true if the given person could launch the given QuickLink against the given target.

        You may pass a null target or a target the same as the launcher to infer an access type of SELF. If the target is not null and does not match the launcher, an access type of OTHER will be inferred.

        Parameters:
        launcher - The person we’re testing for access
        target - The (optional) target against whom the QuickLink would be executed
        what - The QuickLink we’re testing
        Returns:
        true if the launcher could perform this QL operation
        Throws:
        sailpoint.tools.GeneralException - if any IIQ failure occurs

      • canAccessQuicklink

        public boolean canAccessQuicklink​(sailpoint.object.Identity launcher,
                                  sailpoint.object.Identity target,
                                  sailpoint.object.QuickLink what,
                                  AuthUtilities.QuickLinkAccessType accessType)
                           throws sailpoint.tools.GeneralException
        Returns true if the given person could launch the given QuickLink against the given target.

        Pass a null target to take the QuickLinkAccessType into account, e.g. if you just need a general “can see in any circumstance” answer.

        Parameters:
        launcher - The person we’re testing for access
        target - The (optional) target against whom the QuickLink would be executed
        what - The QuickLink we’re testing
        accessType - The access type we’re interested in
        Returns:
        true if the launcher could perform this QL operation
        Throws:
        sailpoint.tools.GeneralException - if any IIQ failure occurs

      • canViewQuicklink

        public boolean canViewQuicklink​(sailpoint.object.Identity launcher,
                                sailpoint.object.QuickLink what,
                                AuthUtilities.QuickLinkAccessType accessType)
                         throws sailpoint.tools.GeneralException
        Returns true if the user in question can view the QuickLink under any circumstances (i.e.

        if it would be displayed on their sidebar).

        Parameters:
        launcher - The user to query
        what - The QuickLink to check
        accessType - The access type to check for
        Returns:
        If the user would have access to this QuickLink, true, otherwise false
        Throws:
        sailpoint.tools.GeneralException - if any IIQ failure occurs

      • checkAuthorization

        public void checkAuthorization​(sailpoint.object.Identity who,
                               String what,
                               boolean allowAdmins)
                        throws sailpoint.authorization.UnauthorizedAccessException
        Throws an exception if the given Identity does not have the given right (optionally also allowing sysadmins).
        Parameters:
        who - The identity to test
        what - The SPRight to test for
        allowAdmins - If true, SystemAdministrators will also be allowed, even without the SPRight
        Throws:
        sailpoint.authorization.UnauthorizedAccessException - if the user does not have access