Class SecurityChecker

  • All Implemented Interfaces:
    OBProvidable, OBSingleton

    public class SecurityChecker
    extends Object
    implements OBSingleton
    This class combines all security checks which are performed on entity level:
    • Delete: is the entity deletable (@see Entity.isDeletable()) and does the user have write access to the entity.
    • Write: is done in case of create and update actions. The following checks are performed: is the organization writable, is the client of the object the same as is the entity writable (@see EntityAccessChecker#isWritable(Entity))
    • Constructor Detail

      • SecurityChecker

        public SecurityChecker()
    • Method Detail

      • checkDeleteAllowed

        public void checkDeleteAllowed​(Object o)
      • isWritable

        public boolean isWritable​(Object obj)
        Performs several write access checks when an object is created or updated:
        • is the organization writable (@see OBContext#getWritableOrganizations())
        • is the client of the object the same as the client of the user (@see OBContext#getCurrentClient())
        • is the Entity writable for this user (@see EntityAccessChecker#isWritable(Entity))
        • are the client and organization correct from an access level perspective (@see AccessLevelChecker).
        obj - the object to check
        true if writable, false otherwise
        See Also:
      • checkWriteAccess

        public void checkWriteAccess​(Object obj)
        Performs the same checks as isWritable(Object). Does not return true/false but throws a OBSecurityException if the object is not writable.
        obj - the object to check
      • checkReadableAccess

        public void checkReadableAccess​(OrganizationEnabled organizationEnabledObject)
        Checks if there is access to the entity and if the organization is readable. If not, it throws an OBSecurityException.
        organizationEnabledObject - a BaseOBObject that implements the OrganizationEnabled interface. This method will check if the user has read access to the provided object