ARoad0.AcsAddon.Accbee.Ubuntu.gWork
Class NodeRightsUbuntuImpl

java.lang.Object
  extended by ARoad0.gWork.NodeRightsImpl
      extended by ARoad0.AcsAddon.Accbee.Ubuntu.gWork.NodeRightsUbuntuImpl
All Implemented Interfaces:
NodeRights

public class NodeRightsUbuntuImpl
extends NodeRightsImpl

This class is responsible for getting the rights for an Ubuntu node in a view, for the AcsAddon Ubuntu. It adds to its superclass the handling of Linux AGO Other rights. It adds also the search of the 2 Linux Ubuntu capacity groups that are simulated in this Access Road version. To provide these tasks, the methods detectAddon2Nodes() and detectAddon3Nodes() of the superclass are overridden.

For the AGO rights, the AccessControlLink.GLOBAL comments use in this Addon the constant ACLINK_C_AGO_OTHER to comment the AGO Other rights.

The paths search covers fully the ACL rights, even if in Ubuntu for this version, there is no management of the Linux Access Control Lists. An ACL transmits the direct Account/Group context of its source to its target if they are from the same ACS. It does not transmit the indirect like an alias relation. The Account/Group context is never propagated for a privilege (not managed in Ubuntu) or a bridge, for which the target has its proper AG context, even if sometimes this context is empty.

For the Linux/Unix ACS only, there are AGO Other rights on resources and actors, but no privileges nor virtual folders to handle. Some 3-nodes paths are specific to the Linux/Unix ACS, and they are listed hereinafter:

- ep/acl/actor/other-ridden resource in Linux-Unix,

- actor started from xid/run under/account or group or secondary group/other-ridden resource in Linux-Unix,

- actor started from xid/other-executed actor/acl/resource,

- actor started from xid/other-executed actor/bridge/actor,

- groupidmember/group/other-ridden resource in Linux-Unix,

- NO PRI, so no: ep/pri/actor/other-ridden resource in Linux-Unix,

- actor/bridge/actor/other-ridden resource in Linux-Unix,

- NO VF, so no: ep virtual folder/virtual member/actor/other-ridden resource in Linux-Unix,

- groupidmember/other-executed actor in Linux-Unix/acl/resource,

- groupidmember/other-executed actor in Linux-Unix/bridge/actor,

- NO PRI, so no: groupidmember/other-executed actor in Linux-Unix/pri/resource or virtual folder,

Here are the 2 Linux Ubuntu capacity groups which are simulated: - '<CAP_DAC_OVERRIDE>': overrides all read/write/execute AGO rights, including ACL execute access if [_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. The executing permission is set only when at least one of the file's three AGO execute permission bits is set.

- '<CAP_DAC_READ_SEARCH>': overrides all read/write/execute AGO rights regarding read and search on files and directories, including ACL restrictions if [_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.

The following comments are about all the NodeRights in the AcsAddon framework. The specialized methods of an AcsAddon are in a NodeRightsImpl subclass, and they are called by an overriden NodeRights AcsAddon method; there is no name pattern for these methods; they use the generic properties of a node and its environment, but they also handle the original properties of the AcsAddon node. Since an AcsAddon may be based on another AcsAddon, a NodeRightsImpl subclass may have another NodeRightsImpl subclass has super class.

The direct calls to the Ubuntu ACS in this class are calls to getEorL_FromOtherInCurrentContextActors() and getEorM_EligibleParties(). Upper-level methods begin by get...(), with...() and detect...(), middle-level methods begin by select...().

See Also:
NodeRightsImpl

Field Summary
static java.lang.String ACLINK_C_AGO_OTHER
          For the AGO types, this is a specialized comment for Ubuntu to say that a resource is targeted through Linux AGO Other rights.
protected  AgoRightsFactoryImpl ago_
           
protected  DisplayableLinkUtilities linkUtil_
           
protected  UtilityImpl util_
           
 
Fields inherited from class ARoad0.gWork.NodeRightsImpl
aclFact_, interpreter_, link_, priFact_, utility_
 
Fields inherited from interface ARoad0.gWorkInterface.NodeRights
INITIAL_CAPACITY
 
Constructor Summary
NodeRightsUbuntuImpl(AlgorithmInterpreter _interpreter, LinkRightsImpl _utility)
          Only one constructor, called by RightsMediatorImpl.
 
Method Summary
protected  DisplayableLinkImpl addCapacityRightsToDisplayableLink(DisplayableLinkImpl _dLink)
          This specialized AcsAddon method updates a DisplayableLinkImpl with capacity rights, for the '<files_tree>' resources only.
protected  AccessControlLinkImpl addOtherRightsToAccessControlLink(ImmutableGroupIDMember _gm, ResourceUbuntu _node)
          This specialized AcsAddon method defines the effective applicable 'other' rights for any pair of nodes in a DisplayableLink.
protected  DisplayableLinkImpl addOtherRightsToExtendDisplayableLink(ResourceUbuntu _target, DisplayableLinkImpl _dLink, java.util.Set<ImmutableGroupIDMember> _l_epContext)
          Defines the AGO other rights to apply to a Resource to extend a DisplayableLink.
 java.util.Map detectAddon2Nodes(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks, BaseObject _center)
          Detects the capacity groups '' and '' in Linux Ubuntu for the DisplayableLinks of 2 nodes.
 java.util.Map detectAddon3Nodes(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks)
          For an AcsAddon, filters the incompatible rights, if any, for a node, and adds the AcsAddon specific rights, if any.
 void finalizeForProcess()
          Finalizes the instance.
 boolean getDetectAddon2Nodes()
          Called by RightsFactory_Facade.
 boolean getDetectAddon3Nodes()
          Called by RightsFactory_Facade.
 AccessControlLinkImpl getL_accessRightsThroughNodesTree(ImmutableLeaf _res, ImmutableEligibleParty _ep, ImmutableGroupID _grp)
          Returns the inherited rights given by the directory tree, as AGO rights.
 boolean getSelectAddonLastViewNodeAfterActor()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by detectOneHiddenNodeCompoundRights().
 boolean getSelectAddonLastViewNodeAfterGroupIDMember()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by detectOneHiddenNodeCompoundRights().
 boolean getSelectAddonNewHiddenNodeForActor()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes.
 boolean getSelectAddonNewHiddenNodeForGroupIDMember()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes.
protected  java.util.Map select2NodesCapacityRights(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks, BaseObject _center)
          This specialized AcsAddon method defines the capacity groups '' and '' in Linux Ubuntu for the DisplayableLinks of 2 nodes.
protected  java.util.Map select3NodesCapacityRights(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks)
          This specialized AcsAddon method defines the capacity groups '' and '' in Linux Ubuntu for the DisplayableLinks of 3 nodes where the intermediate node is a capacity group.
 DisplayableLinkImpl selectAddonLastViewNodeAfterActor(EPRViewInBase _viewInBase, ImmutableTarget _target, DisplayableLinkImpl _dLink, java.util.Map _m_l_DisplayableLinks)
          Detects the view target that is linked to an Ubuntu Actor, to extend the current DisplayableLinks ended by this actor.
 DisplayableLinkImpl selectAddonLastViewNodeAfterGroupIDMember(EPRViewInBase _viewInBase, ImmutableTarget _target, DisplayableLinkImpl _dLink, java.util.Map _m_l_DisplayableLinks)
          Detects the view target that is linked to an Ubuntu GroupIDMember, to extend the current DisplayableLink ended by this GroupIDMember.
 java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForActor(EPRViewInBase _viewInBase, ImmutableActor _node, java.util.Set<DisplayableLinkImpl> _l_dLinks, java.util.Map _m_l_DisplayableLinks, java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
          Detects the hidden actors that are linked to an Ubuntu Actor as access source, to extend the current DisplayableLinks ended by this actor.
 java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForGroupIDMember(EPRViewInBase _viewInBase, ImmutableGroupIDMember _node, java.util.Set<DisplayableLinkImpl> _l_dLinks, java.util.Map _m_l_DisplayableLinks, java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
          Detects the hidden nodes that are linked to an Ubuntu GroupIDMember as access source, to extend the current DisplayableLinks ended by this GroupIDMember.
protected  java.util.Set selectDirectOwnerContainForTarget(ImmutableResource _res)
          Detects the UserID and the GroupID in the _res ACS, that owns or contains _res directly, and that are in _viewInBase or not.
protected  java.util.Map selectOtherRights(EPRViewInBase _viewInBase, ResourceUbuntu _node, java.util.Map _m_l_DisplayableLinks, BaseObject _center)
          UNUSED This specialized AcsAddon method defines the effective applicable 'other' rights for any view Resource from a view EligibleParty.
 java.lang.String toString()
           
protected  boolean withAgoAccessThroughNodesTree(ImmutableResource _res, ImmutableUserID _acc, ImmutableGroupID _grp)
          Returns true if the directory tree or the virtual folder tree allows to access to the leaf.
 
Methods inherited from class ARoad0.gWork.NodeRightsImpl
detectAddonFinal2Nodes, detectAddonFinal3Nodes, detectAddonFinalAllNodes, detectL_aclEntryRights, detectL_linkedPrivilegeRights, getDetectAddonFinal2Nodes, getDetectAddonFinal3Nodes, getDetectAddonFinalAllNodes, getMergedInheritedAclPriRightsAndComments, getSelectAddonLastViewNodeAfterVirtualFolder, getSelectAddonNewHiddenNodeForVirtualFolder, selectAddonLastViewNodeAfterVirtualFolder, selectAddonNewHiddenNodeForVirtualFolder, selectDirectOwnerContainGlobalForActorAsEP, selectForGroupIDMemberItsHiddenActorsWithNextLinks, selectHiddenButNoDirectGroupLinks, selectHiddenDirectGroupIDForGroupIDMember, selectHiddenDirectOwnerContainForActorAsResource, selectHiddenDirectOwnerContainForTarget, selectHiddenDirectOwnerContainGlobalForActorAsEP, withAccessThroughNodesTreeFromEP, withAclAccessThroughNodesTree, withPriAccessThroughNodesTree
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

ACLINK_C_AGO_OTHER

public static final java.lang.String ACLINK_C_AGO_OTHER
For the AGO types, this is a specialized comment for Ubuntu to say that a resource is targeted through Linux AGO Other rights. It is an addition to the ARoad0.CNot.AccessControlLink constants. It is used only by the AcsAddon Ubuntu classes, like LinkRightsUbuntuImpl for example.

See Also:
Constant Field Values

ago_

protected AgoRightsFactoryImpl ago_

util_

protected UtilityImpl util_

linkUtil_

protected DisplayableLinkUtilities linkUtil_
Constructor Detail

NodeRightsUbuntuImpl

public NodeRightsUbuntuImpl(AlgorithmInterpreter _interpreter,
                            LinkRightsImpl _utility)
Only one constructor, called by RightsMediatorImpl. Calls the superclass constructor.

Parameters:
_interpreter - algorithm interpreter of this view
_utility - LinkRightsImpl or one of its subclass, to use for processing this node
Method Detail

getDetectAddon2Nodes

public boolean getDetectAddon2Nodes()
Called by RightsFactory_Facade. Overrides the superclass.

Specified by:
getDetectAddon2Nodes in interface NodeRights
Overrides:
getDetectAddon2Nodes in class NodeRightsImpl
Returns:
true if the detectAddon2Nodes method provides some work in this class.

getDetectAddon3Nodes

public boolean getDetectAddon3Nodes()
Called by RightsFactory_Facade. Overrides the superclass.

Specified by:
getDetectAddon3Nodes in interface NodeRights
Overrides:
getDetectAddon3Nodes in class NodeRightsImpl
Returns:
true if the detectAddon3Nodes method provides some work in this class.

getSelectAddonLastViewNodeAfterActor

public boolean getSelectAddonLastViewNodeAfterActor()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by detectOneHiddenNodeCompoundRights(). Overrides the superclass.

Specified by:
getSelectAddonLastViewNodeAfterActor in interface NodeRights
Overrides:
getSelectAddonLastViewNodeAfterActor in class NodeRightsImpl
Returns:
true if the selectAddonLastViewNodeAfterActor method provides some work in this class.

getSelectAddonLastViewNodeAfterGroupIDMember

public boolean getSelectAddonLastViewNodeAfterGroupIDMember()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by detectOneHiddenNodeCompoundRights(). Overrides the superclass.

Specified by:
getSelectAddonLastViewNodeAfterGroupIDMember in interface NodeRights
Overrides:
getSelectAddonLastViewNodeAfterGroupIDMember in class NodeRightsImpl
Returns:
true if the selectAddonLastViewNodeAfterGroupIDMember method provides some work in this class.

getSelectAddonNewHiddenNodeForActor

public boolean getSelectAddonNewHiddenNodeForActor()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes. Overrides the supersubclass.

Specified by:
getSelectAddonNewHiddenNodeForActor in interface NodeRights
Overrides:
getSelectAddonNewHiddenNodeForActor in class NodeRightsImpl
Returns:
true if the selectAddonNewHiddenNodeForActor method provides some work in this class.

getSelectAddonNewHiddenNodeForGroupIDMember

public boolean getSelectAddonNewHiddenNodeForGroupIDMember()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes. Overrides the supersubclass.

Specified by:
getSelectAddonNewHiddenNodeForGroupIDMember in interface NodeRights
Overrides:
getSelectAddonNewHiddenNodeForGroupIDMember in class NodeRightsImpl
Returns:
true if the selectAddonNewHiddenNodeForGroupIDMember method provides some work in this class.

detectAddon2Nodes

public java.util.Map detectAddon2Nodes(EPRViewInBase _viewInBase,
                                       ImmutableTarget _node,
                                       java.util.Map _m_l_DisplayableLinks,
                                       BaseObject _center)
Detects the capacity groups '' and '' in Linux Ubuntu for the DisplayableLinks of 2 nodes. Analyzes the AGO Other rights of the view Actors, UserIDs and GroupIDs on _node. For a sketch view, this method returns the DisplayableLink from _center to _node, if any, but also, all the DisplayableLinks from _node to _center. Called by RightsFactory_Facade. Calls select2NodesCapacityRights() and addOtherRightsToAccessControlLink(). Synchronized to _viewInBase by RightsFactory_Facade.

Specified by:
detectAddon2Nodes in interface NodeRights
Overrides:
detectAddon2Nodes in class NodeRightsImpl
Parameters:
_viewInBase - EPRViewInBase
_node - is the node to analyze, as node of this instance
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update.
_center - is the central object of a sketch view. Null if it is not a sketch view.
Returns:
Map of DisplayableLinks, with 'other' links associated to every pair (EP, Resource).
See Also:
select2NodesCapacityRights(ARoad0.gBaseInterface.EPRViewInBase, ARoad0.gBaseInterface.ImmutableTarget, java.util.Map, ARoad0.gBaseInterface.BaseObject)

detectAddon3Nodes

public java.util.Map detectAddon3Nodes(EPRViewInBase _viewInBase,
                                       ImmutableTarget _node,
                                       java.util.Map _m_l_DisplayableLinks)
                                throws java.lang.InterruptedException
For an AcsAddon, filters the incompatible rights, if any, for a node, and adds the AcsAddon specific rights, if any. The specific rights are searching for any source in the view. Analyzes the capacity groups '' and '' in Linux Ubuntu for the DisplayableLinks of 3 nodes. Called by RightsFactory_Facade. Synchronized to _viewInBase by RightsFactory_Facade.

Specified by:
detectAddon3Nodes in interface NodeRights
Overrides:
detectAddon3Nodes in class NodeRightsImpl
Parameters:
_viewInBase - EPRViewInBase
_node - is the node to analyze, as node of this instance
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update.
Returns:
Map of DisplayableLinks
Throws:
java.lang.InterruptedException
See Also:
NodeRightsImpl.detectAddonFinal3Nodes(ARoad0.gBaseInterface.EPRViewInBase, ARoad0.gBaseInterface.ImmutableTarget, java.util.Map)

withAgoAccessThroughNodesTree

protected boolean withAgoAccessThroughNodesTree(ImmutableResource _res,
                                                ImmutableUserID _acc,
                                                ImmutableGroupID _grp)
Returns true if the directory tree or the virtual folder tree allows to access to the leaf. If the leaf is a resource, it is true if the parent UserID/GroupID are the leaf UserID/GroupID, and if the parent rights allow the access to children. If the AG rights inheritance is applicable for the ImmutableSource ACS, this method applies the following generic rules:

'AGO right inheritance 1: if no access from the inherited rights, no AGO access to the child if and only if the account or the group is not null'

'AGO right: A rights overlay G rights'

and the Ubuntu rule:

'AGO right: AG rights overlay O rights'

Called only by super.withAccessThroughNodesTreeFromEP(), to follow the AcsAddon pattern. Overrides the super method, to add the AGO Other rights analysis when the super method returns false. Does not call the super method.

Overrides:
withAgoAccessThroughNodesTree in class NodeRightsImpl
Parameters:
_res - ResourceUbuntu which may be accessed or not through its parent tree
_acc - the _res userID. May be null. If null and if all the _res parents have no UserID, returns true.
_grp - the _res groupID. May be null. If null and if all the _res parents have no GroupID, returns true.
Returns:
true if the resource parent tree allows to go through down to the resource.
Throws:
java.lang.InternalError - if _res is not a ResourceUbuntu
See Also:
BaseUtilityImpl.withAcrossToDirectoryAGRights(ARoad0.gBaseInterface.StringRight[])

getL_accessRightsThroughNodesTree

public AccessControlLinkImpl getL_accessRightsThroughNodesTree(ImmutableLeaf _res,
                                                               ImmutableEligibleParty _ep,
                                                               ImmutableGroupID _grp)
Returns the inherited rights given by the directory tree, as AGO rights. Returns null if _res is null, if the _res parent is null, if _acc and _grp are null. Called by addOtherRightsToAccessControlLink() and AgoRightsFactoryImpl.detectAGRights(), and by the unused selectOtherRights(). Overrides the super method, calls it first, and adds a complementary process to set the inherited AGO Other rights in the GLOBAL type. The comment AccessControlLink.ACLINK_C_AGO_OTHER is added on the GLOBAL type if necessary.

Specified by:
getL_accessRightsThroughNodesTree in interface NodeRights
Overrides:
getL_accessRightsThroughNodesTree in class NodeRightsImpl
Parameters:
_res - Resource of this instance; may be accessed or not through its parent tree. May be null.
_ep - the _res userID. May be null.
_grp - the _res groupID. May be null.
Returns:
link with the rights given by the parent in the GLOBAL type. May be null but not empty.
See Also:
NodeRightsImpl.withAccessThroughNodesTreeFromEP(ARoad0.gBaseInterface.ImmutableSource, ARoad0.gBaseInterface.ImmutableLeaf, ARoad0.gBaseInterface.ImmutableGroupIDMember), NodeRightsImpl.getMergedInheritedAclPriRightsAndComments(ARoad0.gBaseInterface.ImmutableSource, ARoad0.gBaseInterface.ImmutableLeaf, ARoad0.CNot.AccessControlLinkImpl, ARoad0.gBaseInterface.StringRight[])

selectAddonLastViewNodeAfterActor

public DisplayableLinkImpl selectAddonLastViewNodeAfterActor(EPRViewInBase _viewInBase,
                                                             ImmutableTarget _target,
                                                             DisplayableLinkImpl _dLink,
                                                             java.util.Map _m_l_DisplayableLinks)
Detects the view target that is linked to an Ubuntu Actor, to extend the current DisplayableLinks ended by this actor. Adds the AGO Other rights if the actor has no AGO context. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by detectOneHiddenNodeCompoundRights(). Calls LinkRights.updateAGrunningContext() and addOtherRightsToExtendDisplayableLink().

Specified by:
selectAddonLastViewNodeAfterActor in interface NodeRights
Overrides:
selectAddonLastViewNodeAfterActor in class NodeRightsImpl
Parameters:
_viewInBase - EPRViewInBase. Never null.
_target - ResourceUbuntu to analyze. Never null.
_dLink - with an actor as second end and node of this instance. Never null.
_m_l_DisplayableLinks - immutable Map of DisplayableLinks lists (one per pair) to never update in this method.
Returns:
new DisplayableLinkImpl that is an extension of _dlink with _target as the second node, or null. Never empty.

selectAddonLastViewNodeAfterGroupIDMember

public DisplayableLinkImpl selectAddonLastViewNodeAfterGroupIDMember(EPRViewInBase _viewInBase,
                                                                     ImmutableTarget _target,
                                                                     DisplayableLinkImpl _dLink,
                                                                     java.util.Map _m_l_DisplayableLinks)
Detects the view target that is linked to an Ubuntu GroupIDMember, to extend the current DisplayableLink ended by this GroupIDMember. Adds the Linux AGO Other rights and, if the groupIDMember is a capacity group, adds the specific capacity rights. Does not add the AGO Other rights to the capacity groups. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by ThreeNodesRighsFactoryImpl.endsPathsFromGroupIDMemberWithAclPrivilegeAlias(). Calls selectDirectOwnerContainForTarget(), addOtherRightsToExtendDisplayableLink(), addCapacityRightsToDisplayableLink(), LinkRightsUbuntuImpl.getLinuxCapacityGroups(). Overrides the superclass.

Specified by:
selectAddonLastViewNodeAfterGroupIDMember in interface NodeRights
Overrides:
selectAddonLastViewNodeAfterGroupIDMember in class NodeRightsImpl
Parameters:
_viewInBase - EPRViewInBase. Never null.
_target - view node to analyze. Never null.
_dLink - with a groupIDMember as second end and node of this instance. Never null.
_m_l_DisplayableLinks - immutabke Map of DisplayableLinks lists (one per pair) to never update in this method.
Returns:
new DisplayableLinkImpl that is an extension of _dlink with _target as the second node, or null. Never empty.

selectAddonNewHiddenNodeForActor

public java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForActor(EPRViewInBase _viewInBase,
                                                                            ImmutableActor _node,
                                                                            java.util.Set<DisplayableLinkImpl> _l_dLinks,
                                                                            java.util.Map _m_l_DisplayableLinks,
                                                                            java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
Detects the hidden actors that are linked to an Ubuntu Actor as access source, to extend the current DisplayableLinks ended by this actor. Two lists are returned to separate the executing right-proxy nodes. The last argument may be updated to provide the second returned value, and it contains only the nodes on which the property changes have to be listened. Adds two forms of links:

- actor _node with Linux setuid or setgid, that enforces in its Account/Groups context of execution, its current account and/or current group, and new pathes to them are added to each link in _l_dLinks

- actor _node started from xid/AGO Other rights/actor 'B', IF there is some B/acl/actor, B/bridge/actor or B/privilege/actor links; these AGO Other rights imply that _node has no AG running context that matches to the 'B' Account and Group (otherwise, it is not other-executed).

Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes and in the starting search, and by ThreeNodesRightsFactoryImpl.addPathsFromActorAcsAddonRelationActor(), addPathsFromActorAcsAddonRelationNoActor(). Overrides and calls first the super method. Calls addOtherRightsToExtendDisplayableLink(), LinkRights.updateAGrunningContext() and ACSUbuntuImpl.getEorL_FromOtherInCurrentContextActors().

Specified by:
selectAddonNewHiddenNodeForActor in interface NodeRights
Overrides:
selectAddonNewHiddenNodeForActor in class NodeRightsImpl
Parameters:
_viewInBase - EPRViewInBase. Never null.
_node - actor to analyze. Never null.
_l_dLinks - list of links with _node as second end and node of this instance. May be null.
_m_l_DisplayableLinks - immutable Map of DisplayableLinks lists (one per pair) to never update in this method.
_upd_l_NoProxyOrNoExecuteNodes - updated by the adding of the hidden nodes without executing right or which are not right-proxy nodes, if any. A RUN_UNDER relation on a GroupIDMember is considered there as an executing right on a right-proxy node. This list is only extended if necessary, as a complement of the returned value of the method. This argument is usually empty at the call of this method, but this is not mandatory. Never null.
Returns:
new DisplayableLinkImpls that are extensions or updatings of some DisplayableLinkImpls in _l_dLinks with a GroupIDMember or an Actor as the second end, or null. If _l_dLinks is null, returns only simple links. May be null but never empty.
Throws:
java.lang.InternalError - if _l_dLinks contains a link where _node is not the second end

selectAddonNewHiddenNodeForGroupIDMember

public java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForGroupIDMember(EPRViewInBase _viewInBase,
                                                                                    ImmutableGroupIDMember _node,
                                                                                    java.util.Set<DisplayableLinkImpl> _l_dLinks,
                                                                                    java.util.Map _m_l_DisplayableLinks,
                                                                                    java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
Detects the hidden nodes that are linked to an Ubuntu GroupIDMember as access source, to extend the current DisplayableLinks ended by this GroupIDMember. Two lists are returned to separate the executing right-proxy nodes. The last argument may be updated to provide the second returned value, and it contains only the nodes on which the property changes have to be listened.

Adds the links:

- groupidmember/other-executed actor 'B', IF there is some B/acl/resource or an B/bridge/actor links, and IF groupidmember is not a capacity group nor in the AG running context that matches to the 'B' Account and Group (otherwise, it is not other-executed).

- capacity group ''/executed actor 'B', IF there is some B/acl/resource or an B/bridge/actor links.

Does not add the AGO Other rights to the capacity groups. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes. Overridden by the subclasses. Overrides and calls first the super method. Calls addOtherRightsToExtendDisplayableLink() and addOtherRightsToAccessControlLink(), LinkRightsImpl.withAccessThroughNodesTreeFromEP(), UtilityImpl.withExecuteRight(), ACS.getEorL_FromOtherInCurrentContextActors(), AgoRightsFactoryImpl.addOwnerContainRightsToDisplayableLink().

Specified by:
selectAddonNewHiddenNodeForGroupIDMember in interface NodeRights
Overrides:
selectAddonNewHiddenNodeForGroupIDMember in class NodeRightsImpl
Parameters:
_viewInBase - EPRViewInBase. Never null.
_node - groupIDMember to analyze. Never null.
_l_dLinks - list of links with _node as second end and node of this instance. May be null.
_m_l_DisplayableLinks - immutabke Map of DisplayableLinks lists (one per pair) to never update in this method.
_upd_l_NoProxyOrNoExecuteNodes - updated by the adding of the hidden nodes without executing right or which are not right-proxy nodes, if any. This list is only extended if necessary, as a complement of the returned value of the method. This argument is usually empty at the call of this method, but this is not mandatory. Never null.
Returns:
new DisplayableLinkImpls that are extensions or updatings of some DisplayableLinkImpls in _l_dLinks with an Actor or a GroupIDMember as the second end, or null. If _l_dLinks is null, returns only simple links. May be null but never empty.

selectDirectOwnerContainForTarget

protected java.util.Set selectDirectOwnerContainForTarget(ImmutableResource _res)
Detects the UserID and the GroupID in the _res ACS, that owns or contains _res directly, and that are in _viewInBase or not. The link type is given in that order:

- the userID that owns the resource,

- the groupID that contains the resource.

Called by detectAddon2Nodes().

Parameters:
_res - node of this instance; is in _viewInBase
Returns:
Set of UserID and GroupIDs that owns/contain _res and are not in the view. May be null but not empty.

select2NodesCapacityRights

protected java.util.Map select2NodesCapacityRights(EPRViewInBase _viewInBase,
                                                   ImmutableTarget _node,
                                                   java.util.Map _m_l_DisplayableLinks,
                                                   BaseObject _center)
This specialized AcsAddon method defines the capacity groups '' and '' in Linux Ubuntu for the DisplayableLinks of 2 nodes. For a sketch view, if _center is a capacity group, this method does not return the DisplayableLink from _center to _node since the targets are too numerous, and it does not return the links from _node as GroupIDMember that is member of the capacity group, since this is the work of another method. If _center is a Resource, this method returns the DisplayableLinks from each _node that is a view capacity group to _center. Called by detectAddon2Nodes(). Calls addCapacityRightsToDisplayableLink(). If _center is not null but is not a Resource, there is no operation.

Parameters:
_viewInBase - EPRViewInBase
_node - is the node to analyze
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update.
_center - is the central object of a sketch view. Null if it is not a sketch view.
Returns:
Map of DisplayableLinks

select3NodesCapacityRights

protected java.util.Map select3NodesCapacityRights(EPRViewInBase _viewInBase,
                                                   ImmutableTarget _node,
                                                   java.util.Map _m_l_DisplayableLinks)
                                            throws java.lang.InterruptedException
This specialized AcsAddon method defines the capacity groups '' and '' in Linux Ubuntu for the DisplayableLinks of 3 nodes where the intermediate node is a capacity group. Called by detectAddon3Nodes().

Parameters:
_viewInBase - EPRViewInBase
_node - is not used
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update
Returns:
Map of DisplayableLinks
Throws:
java.lang.InterruptedException

addOtherRightsToExtendDisplayableLink

protected DisplayableLinkImpl addOtherRightsToExtendDisplayableLink(ResourceUbuntu _target,
                                                                    DisplayableLinkImpl _dLink,
                                                                    java.util.Set<ImmutableGroupIDMember> _l_epContext)
Defines the AGO other rights to apply to a Resource to extend a DisplayableLink. In the AG context, the UserID is used to get the AGO inherited rights. If the UserID is not found, the first GroupID is taken. Called by selectAddonLastViewNodeForActor() for ThreeNodesRightsFactoryImpl, and by selectAddonNewHiddenNodeForActor() for CompoundRightsFactoryImpl.detectHiddenCompoundEpRights(). Does not filter the capacity groups, so it has to be done by the caller. Calls addOtherRightsToAccessControlLink().

Parameters:
_target - node to analyze. Never null.
_dLink - simple link with ACL rights and an EligibleParty as second end. Never null.
_l_epContext - AG context of the _dLink second end. Never null nor empty.
Returns:
new DisplayableLinkImpl that are an extension of _dlink with _target as the second node, or null. Never empty.

selectOtherRights

protected java.util.Map selectOtherRights(EPRViewInBase _viewInBase,
                                          ResourceUbuntu _node,
                                          java.util.Map _m_l_DisplayableLinks,
                                          BaseObject _center)
UNUSED This specialized AcsAddon method defines the effective applicable 'other' rights for any view Resource from a view EligibleParty. Does not set these rights if the first node does not belong to the same ACS, or if the userID or groupID rights are already applied on the resource. Removes the previous 'other' rights if there is a own/contain right, following the rules 'AGO right: A rights overlay G rights' and 'AGO right: AG rights overlay O rights'. Calls getL_accessRightsThroughNodesTree().

Parameters:
_viewInBase - EPRViewInBase
_node - view node to analyze
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update.
_center - is the central object of a sketch view. Null if it is not a sketch view.
Returns:
Map of DisplayableLinks, with 'other' links associated to every pair (EligibleParty, Resource).

addOtherRightsToAccessControlLink

protected AccessControlLinkImpl addOtherRightsToAccessControlLink(ImmutableGroupIDMember _gm,
                                                                  ResourceUbuntu _node)
This specialized AcsAddon method defines the effective applicable 'other' rights for any pair of nodes in a DisplayableLink. Does not control if the previous node does not belong to the same ACS, or if the userID or groupID rights are applicable. No adding of AGO Other rights if there are no AGO inherited rights. Caution: the 'other' Linux/Unix rights have to be applied when 'owner' and 'contain' relations are not set. This is the responsability of the calling method. If there are non-null 'other' rights, any actor of the same Linux/Unix have these rights on these numerous objects. It should be necessary to track the 'other' rights on actors when the right 'executable' is applicable. That defines numerous access paths, but it adds no more rights when the actor is executed in the account/group context of the caller. So theses cases are not searched. However, there is a most useful case, when an actor has a non-null 'other' rights, and when it is executed under a current account/group, since it is then executable from any eligible party and may open new paths and new righs to its caller. Called by addOtherRightsToExtendDisplayableLink(), selectAddonNewHiddenNodeForActor(), selectAddonNewHiddenNodeForGroupIDMember(), detectAddon2Nodes().

Parameters:
_gm - first node of the returned AccessControlLinkImpl
_node - second node of the returned AccessControlLinkImpl
Returns:
a link with the AGO 'Other' rights or null if these rights are null

addCapacityRightsToDisplayableLink

protected DisplayableLinkImpl addCapacityRightsToDisplayableLink(DisplayableLinkImpl _dLink)
This specialized AcsAddon method updates a DisplayableLinkImpl with capacity rights, for the '<files_tree>' resources only. The rights on the last node are updated following the capacity connected to the resource as the previous node: '<CAP_DAC_OVERRIDE>' or '<CAP_DAC_READ_SEARCH>'. Other Linux capacities are not processed.

- '<CAP_DAC_OVERRIDE>': override all DAC access, including ACL execute access if [_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.

- '<CAP_DAC_READ_SEARCH>': overrides all DAC restrictions regarding read and search on files and directories, including ACL restrictions if [_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.

Called by select2NodesCapacityRights(), select3NodesCapacityRights(), AgoRightsFactoryImpl.getRootRights() and CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() through detectAcsAddonPriorityRightsOnTarget(), selectAddonLastViewNodeAfterGroupIDMember(), selectAddonNewHiddenNodeForGroupIDMember(). Calls UtilityImpl.withDirectExecuteRight().

Parameters:
_dLink - is a link having a Resource as second end, and a GroupID capacity as previous node. May be null.
Returns:
the updated _dLink, or null if the rights are not applicable

finalizeForProcess

public void finalizeForProcess()
Finalizes the instance. Called by RightsMediatorImpl.finalizeForProcess().

Specified by:
finalizeForProcess in interface NodeRights
Overrides:
finalizeForProcess in class NodeRightsImpl

toString

public java.lang.String toString()
Overrides:
toString in class NodeRightsImpl
Returns:
a descriptor