com.netscape.pm.model
Interface IAccessControlManager

public interface IAccessControlManager

Defines an object that is able to resolve the form access permissions for a user or role given a particular node element. Form Access in the Process Manager engine associates forms with specific users and roles at certain steps in the process. These associations are established from the builder by the process designer. This object is the run-time representation of those associations.

Using this object, a developer can determine which form to display to the end-user when the process is positioned at a particular node. They can also check if a particular user has the permission to search the data dictionary.

The object that implements IAccessControlManager is part of the application's process definition; a handle to the access control manager can be obtained via the IProcessDefinition interface.

See Also:

IFormElement, INodeElement, IProcessDefinition, IProcessInstance

Method Summary

boolean	areRolesAllowed(INodeElement node, java.util.Enumeration roleNames, IFormElement form) Returns true if any of the given role names is permitted to see the given form from the given node.
boolean	canSearch(java.util.Enumeration roleNames) Returns true if any of the given role names are permitted to search.
boolean	canSearch(java.lang.String roleName) Returns true if the given role name is permitted to search.
java.util.Enumeration	getEntryNodes(IParticipant p) Returns an enumeration of entry point nodes that the given user is allowed to use.
IFormElement	getFormElement(INodeElement node, IParticipant p) Returns the form element the specified user has access to at the given node element.
IFormElement	getFormElement(INodeElement node, IParticipant p, IProcessInstance pi) Returns the form element the specified user has access to at the given node element, given the context of the process instance.
IFormElement	getFormElement(INodeElement node, java.lang.String roleName) Returns the form element the specified role has access to at the given node element.
boolean	isAssigneeAllowed(INodeElement node, IFormElement form) Returns true if the assignee role is permitted to see the given form from the given node.
boolean	isRoleAllowed(INodeElement node, java.lang.String roleName, IFormElement form) Returns true if the given role is permitted to see the given form from the given node.

Method Detail

getFormElement

public IFormElement getFormElement(INodeElement node,
                                   java.lang.String roleName)
                            throws PMException

Returns the form element the specified role has access to at the given node element. The process designer associates forms with specific users and activities at certain steps in the process. This method is the run-time resolution of that design-time association.

 // Determine if the assignee has a view on the form
 //
 IAccessControlManager acl = app.getProcessDefinition()
                                .getAccessControlManager();
 IFormElement fe = acl.getFormElement( node, IRole.ASSIGNEE );
     
 if( fe == null )
     throw new Exception( "Assignee has no view" );
 

Parameters:

node - a node element

roleName - a name of the role

Returns:

the form element that the given role has access to from the given node.

Throws:

PMException - if there is no association between the given role and node with a form.

Since:

PAE 4.0

See Also:

IFormElement, INodeElement

getFormElement

public IFormElement getFormElement(INodeElement node,
                                   IParticipant p,
                                   IProcessInstance pi)
                            throws PMException

Returns the form element the specified user has access to at the given node element, given the context of the process instance. The process designer associates forms with specific users and activities at certain steps in the process. This method is the run-time resolution of that design-time association.

 // Determine what form should be used for rendering the process
 // instance data
 //
 ICorporateDirectory cd = cluster.getCorporateDirectory();
 IParticipant u = cd.getUserById( "joe" );
 IAccessControlManager acl = app.getProcessDefinition()
                                .getAccessControlManager();
 IFormElement fe = acl.getFormElement( node, u, pi );
 

Parameters:

node - a node element

p - a corporate directory user

pi - the current process instance

Returns:

the form element that the given participant has access to from the given node, given the context of the process instance.

Throws:

PMException - if there is no association between the given role/node and a form.

Since:

PAE 4.0

See Also:

IFormElement, INodeElement, IParticipant, IProcessInstance, IRoleManager.resolveRoles( IParticipant, IProcessInstance )

getFormElement

public IFormElement getFormElement(INodeElement node,
                                   IParticipant p)
                            throws PMException

Returns the form element the specified user has access to at the given node element. This method differs from the method getFormElement( INodeElement, IParticipant, IProcessInstance ) in that this method should be called where there is no process instance to establish context, such as at an entry point node.

The process designer associates forms with specific users and activities at certain steps in the process. This method is the run-time resolution of that design-time association.

 // Which form should be used to display this entry point?
 //
 ICorporateDirectory cd = cluster.getCorporateDirectory();
 IParticipant u = cd.getUserById( "joe" );
 IAccessControlManager acl = app.getProcessDefinition()
                                .getAccessControlManager();
 IFormElement fe = acl.getFormElement( node, u );
 

Parameters:

node - a node element

p - a corporate directory user

Returns:

the form element that the given participant has access to from the given node

Throws:

PMException - if there is no association between the given role/node and a form.

Since:

PAE 4.0

See Also:

IFormElement, INodeElement, IParticipant, IRoleManager.resolveRoles( IParticipant )

getEntryNodes

public java.util.Enumeration getEntryNodes(IParticipant p)
                                    throws PMException

Returns an enumeration of entry point nodes that the given user is allowed to use. The enumeration contains INodeElement objects, not the names of the nodes.

The process designer associates forms with specific users and activities at certain steps in the process. This method is the run-time resolution of that design-time association.

 // What are the entry points that this user is allowed to access?
 //
 ICorporateDirectory cd = cluster.getCorporateDirectory();
 IParticipant u = cd.getUserById( "joe" );
 for( Enumeration eps = app.getProcessDefinition()
                           .getAccessControlManager()
                           .getEntryNodes( u );
      eps.hasMoreElements(); )
 {
     INodeElement ne = (INodeElement) eps.nextElement();
     System.out.println( "entry point: " + ne.getName() );
 }
 

Parameters:

p - a corporate directory user

Returns:

java.util.Enumeration of INodeElement objects

Throws:

PMException - if there is a problem resolving the roles that the user belongs to.

Since:

PAE 4.0

See Also:

INodeElement, IParticipant

isRoleAllowed

public boolean isRoleAllowed(INodeElement node,
                             java.lang.String roleName,
                             IFormElement form)
                      throws PMException

Returns true if the given role is permitted to see the given form from the given node.

Parameters:

node -

roleName -

form -

Returns:

true if the given role is permitted to see the given form from the given node; false otherwise.

Throws:

PMException - if there is no association between the given role and node with a form.

Since:

PAE 4.0

See Also:

IFormElement, INodeElement

areRolesAllowed

public boolean areRolesAllowed(INodeElement node,
                               java.util.Enumeration roleNames,
                               IFormElement form)
                        throws PMException

Returns true if any of the given role names is permitted to see the given form from the given node.

 ICorporateDirectory cd = cluster.getCorporateDirectory();
 IParticipant u = cd.getUserById( "joe" );

 IProcessDefinition pd = app.getProcessDefinition();
 INodeElement en = pd.getProcessMap().getNodeElement( "EntryPoint1" ); 
 IFormElement fe = pd.getFormDictionary()
                     .getFormElement( formName );

 // What are the roles of this user?
 //
 if( ! pd.getAccessControlManager()
         .areRolesAllowed( en,
                           pd.getRoleManager().resolveRoles( u ),
                           fe ) )
 {
     System.out.println( "user has no view" );
 }
 

Parameters:

node - a node element

roleNames - a list of role names

form - a form element

Returns:

true if the any of the given roles are permitted to see the given form from the given node; false otherwise.

Throws:

PMException - if there is no association between the given role and node with a form.

Since:

PAE 4.0

See Also:

isRoleAllowed(com.netscape.pm.model.INodeElement, java.lang.String, com.netscape.pm.model.IFormElement), IFormElement, INodeElement

isAssigneeAllowed

public boolean isAssigneeAllowed(INodeElement node,
                                 IFormElement form)
                          throws PMException

Returns true if the assignee role is permitted to see the given form from the given node. This method is a convenience form of the method isRoleAllowed( INodeElement, IRole.ASSIGNEE, IFormElement ).

Parameters:

node - a node element

form - a form element

Returns:

true if the assignee role is permitted to see the given form from the given node; false otherwise.

Throws:

PMException - if there is no association between the given role and node with a form.

Since:

PAE 4.0

See Also:

isRoleAllowed(com.netscape.pm.model.INodeElement, java.lang.String, com.netscape.pm.model.IFormElement), IFormElement, INodeElement

canSearch

public boolean canSearch(java.lang.String roleName)

Returns true if the given role name is permitted to search. Roles defined in Process Manager are permitted to search if the can search flag has been checked from the role's inspector window from the builder.

Parameters:

roleName - a role name

Returns:

true if the given role is permitted to search; false otherwise.

Since:

PAE 4.0

canSearch

public boolean canSearch(java.util.Enumeration roleNames)

Returns true if any of the given role names are permitted to search. Roles defined in Process Manager are permitted to search if the can search flag has been checked from the role's inspector window from the builder.

Parameters:

roleNames - a list of role names

Returns:

true if any of the given roles are permitted to search; false otherwise.

Since:

PAE 4.0

See Also:

canSearch( String )