Package com.identityworksllc.iiq.common
Class AuthUtilities
- java.lang.Object
-
- com.identityworksllc.iiq.common.AbstractBaseUtility
-
- com.identityworksllc.iiq.common.AuthUtilities
-
public class AuthUtilities extends AbstractBaseUtility
Utilities for authorization, e.g., whether a user can view a QuickLink.For the Common Security style of authorization, use
AccessCheck
orThingAccessUtils
instead.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
AuthUtilities.QuickLinkAccessType
Indicates the type of access to a QuickLink we are checking
-
Field Summary
-
Fields inherited from class com.identityworksllc.iiq.common.AbstractBaseUtility
context, debug, log
-
-
Constructor Summary
Constructors Constructor Description AuthUtilities(sailpoint.api.SailPointContext c)
Constructs a new instance of AuthUtilities
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
canAccessQuicklink(sailpoint.object.Identity launcher, sailpoint.object.Identity target, sailpoint.object.QuickLink what)
Returns true if the given person could launch the given QuickLink against the given target.boolean
canAccessQuicklink(sailpoint.object.Identity launcher, sailpoint.object.Identity target, sailpoint.object.QuickLink what, AuthUtilities.QuickLinkAccessType accessType)
Returns true if the given person could launch the given QuickLink against the given target.boolean
canViewQuicklink(sailpoint.object.Identity launcher, sailpoint.object.QuickLink what, AuthUtilities.QuickLinkAccessType accessType)
Returns true if the user in question can view the QuickLink under any circumstances (i.e.void
checkAuthorization(sailpoint.object.Identity who, String what, boolean allowAdmins)
Throws an exception if the given Identity does not have the given right (optionally also allowing sysadmins).-
Methods inherited from class com.identityworksllc.iiq.common.AbstractBaseUtility
inject, isDebug, setDebug
-
-
-
-
Constructor Detail
-
AuthUtilities
public AuthUtilities(sailpoint.api.SailPointContext c)
Constructs a new instance of AuthUtilities- Parameters:
c
-
-
-
Method Detail
-
canAccessQuicklink
public boolean canAccessQuicklink(sailpoint.object.Identity launcher, sailpoint.object.Identity target, sailpoint.object.QuickLink what) throws sailpoint.tools.GeneralException
Returns true if the given person could launch the given QuickLink against the given target.You may pass a null target or a target the same as the launcher to infer an access type of SELF. If the target is not null and does not match the launcher, an access type of OTHER will be inferred.
- Parameters:
launcher
- The person we’re testing for accesstarget
- The (optional) target against whom the QuickLink would be executedwhat
- The QuickLink we’re testing- Returns:
- true if the launcher could perform this QL operation
- Throws:
sailpoint.tools.GeneralException
- if any IIQ failure occurs
-
canAccessQuicklink
public boolean canAccessQuicklink(sailpoint.object.Identity launcher, sailpoint.object.Identity target, sailpoint.object.QuickLink what, AuthUtilities.QuickLinkAccessType accessType) throws sailpoint.tools.GeneralException
Returns true if the given person could launch the given QuickLink against the given target.Pass a null target to take the QuickLinkAccessType into account, e.g. if you just need a general “can see in any circumstance” answer.
- Parameters:
launcher
- The person we’re testing for accesstarget
- The (optional) target against whom the QuickLink would be executedwhat
- The QuickLink we’re testingaccessType
- The access type we’re interested in- Returns:
- true if the launcher could perform this QL operation
- Throws:
sailpoint.tools.GeneralException
- if any IIQ failure occurs
-
canViewQuicklink
public boolean canViewQuicklink(sailpoint.object.Identity launcher, sailpoint.object.QuickLink what, AuthUtilities.QuickLinkAccessType accessType) throws sailpoint.tools.GeneralException
Returns true if the user in question can view the QuickLink under any circumstances (i.e.if it would be displayed on their sidebar).
- Parameters:
launcher
- The user to querywhat
- The QuickLink to checkaccessType
- The access type to check for- Returns:
- If the user would have access to this QuickLink, true, otherwise false
- Throws:
sailpoint.tools.GeneralException
- if any IIQ failure occurs
-
checkAuthorization
public void checkAuthorization(sailpoint.object.Identity who, String what, boolean allowAdmins) throws sailpoint.authorization.UnauthorizedAccessException
Throws an exception if the given Identity does not have the given right (optionally also allowing sysadmins).- Parameters:
who
- The identity to testwhat
- The SPRight to test forallowAdmins
- If true, SystemAdministrators will also be allowed, even without the SPRight- Throws:
sailpoint.authorization.UnauthorizedAccessException
- if the user does not have access
-
-