|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface ACSCatalog
This interface is responsible for delivering a catalog of the access control system (ACS) structure and its ACS objects.
Method Summary | |
---|---|
boolean |
containsAclEntry(ImmutableAclEntry _acl)
Test if an AclEntry is known. |
boolean |
containsEligiblePartyName(ImmutableName _name)
|
boolean |
containsOwnEligiblePartyName(ImmutableName _name)
|
boolean |
containsOwnResourceName(ImmutableName _name)
|
boolean |
containsOwnVirtualFolderName(ImmutableName _name)
Tests if the ACS owns the virtual folder. |
boolean |
containsPrivilegeName(ImmutableName _name)
Tests if a privilege is known. |
boolean |
containsResourceName(ImmutableName _name)
Test if the resource is opened, and owned or controlled by the ACS. |
boolean |
containsVirtualFolderName(ImmutableName _name)
Tests if a virtual folder is known. |
java.lang.String |
getEditorAndAddonNames()
The format is 'Editor: full_editor_name - AcsAddon: addon_name'. |
boolean |
getEmbeddedInParentACS()
Deprecated. |
ImmutableAclEntry[] |
getEorL_AclEntries()
Get the aclEntries managed by this ACS. |
java.util.List<VirtualFolder> |
getEorL_EPVirtualFolders()
Gets the virtual folders managed by this ACS and which contain only eligible parties. |
VirtualFolder[] |
getEorL_ExternalVirtualFolders()
Copy of the external virtual folders in a new array. |
java.util.List<ImmutableActor> |
getEorL_OwnActorBridgeSources()
Gets all the own actors which are bridge sources for external actors. |
java.util.List<ImmutableActor> |
getEorL_OwnActorBridgeTargets()
Gets all the own actors which are bridge targets for external actors. |
java.util.List<Privilege> |
getEorL_PrivilegeForLinks()
Gets all the privilegeForLinks of the ACS, not the privilegeForTypes. |
java.util.List<Privilege> |
getEorL_PrivilegeForTypes()
Gets all the privilegeForTypes of the ACS, not the PrivilegeForLinks. |
java.util.List<Privilege> |
getEorL_PrivilegeForTypesForSource(java.lang.String _type)
Gets all the PrivilegeForTypes which have the right source type. |
java.util.List<Privilege> |
getEorL_PrivilegeForTypesForTarget(java.lang.String _type)
Gets all the PrivilegeForTypes which have the right target type. |
Privilege[] |
getEorL_Privileges()
Gets the privileges managed by this ACS. |
java.util.List<VirtualFolder> |
getEorL_ResourceVirtualFolders()
Gets the virtual folders managed by this ACS and which contain only resources. |
VirtualFolder[] |
getEorL_VirtualFolders()
Gets the virtual folders managed by this ACS. |
java.util.SortedMap<ImmutableName,ImmutableActor> |
getEorM_Actors()
The actors here are the controlled ones, they are internal or external. |
java.util.SortedMap<ImmutableName,ImmutableEligibleParty> |
getEorM_EligibleParties()
|
java.util.SortedMap<ImmutableName,ImmutableEligibleParty> |
getEorM_ExternalEligibleParties()
Get the external eligible parties, which are defined as owned by another ACS. |
java.util.SortedMap<ImmutableName,ImmutableResource> |
getEorM_ExternalResources()
An external resource is owned by another ACS. |
java.util.SortedMap<ImmutableName,ImmutableActor> |
getEorM_OwnActors()
|
java.util.SortedMap<ImmutableName,ImmutableEligibleParty> |
getEorM_OwnEligibleParties()
|
java.util.SortedMap<ImmutableName,ImmutableResource> |
getEorM_OwnNoParentResources()
|
java.util.SortedMap<ImmutableName,ImmutableResource> |
getEorM_OwnResources()
|
java.util.SortedMap<ImmutableName,ImmutableResource> |
getEorM_Resources()
|
boolean |
getIncompleteBehaviorModeling()
The modeling of the behavior is incomplete when important constraints on ACSObjects are not modeled, for instance to set their allowed rights, or their effective default rights. |
boolean |
getIncompleteStructureModeling()
The modeling of the structure is incomplete when some ACSObjects miss while they participate to the decision for some important access controls, or simply when these missed ACSObjects are important for the overall ACS security, or when their important relations with some other ACSObjects are not set. |
boolean |
getIsAuthorizationServer()
|
ImmutableName[] |
getL_AcsControllers()
Get all the open ACS that have an external AclEntry or an external Linked Privilege for a resource or a virtual folder from this ACS. |
java.util.List<java.lang.String> |
getL_ImmutableRules()
|
StringRight[] |
getL_SelectedRights(java.lang.String _r1,
java.lang.String _r2,
java.lang.String _r3,
java.lang.String _r4,
java.lang.String _r5)
Gets the ACS or metarights having one of the arguments as nick name. |
java.util.SortedMap<java.lang.String,StringRight[]> |
getM_RightsOfInternalKey()
Gets the ACS rights and the metarights this ACS handles and for a given internal key value of the associated metaright. |
java.util.Map<java.lang.String,StringRight[]> |
getM_SpecializedRights()
Gets the specialized rights extending or constraining the allowed values which are defined for each right type set in getM_StandardRights(). |
java.util.Map<java.lang.String,StringRight[]> |
getM_StandardRights()
This map is initialized at the ACS creation to set the standard values for the ACSObject Right properties (for example, the Linux rights), but only when there is no matching specialized rights. |
java.util.SortedMap<java.lang.String,java.lang.Boolean> |
getM_Structure()
Gets the structure of this ACS. |
java.util.Map<java.lang.String,java.lang.String[]> |
getM_TypeOrientedPolicy()
Gets the ACS constraints on the allowed or forbidden ACSObject types to set the GroupID, Node, Resource, AclEntry and Privilege policies. |
java.util.Map<java.lang.String,java.lang.String[]> |
getM_TypesAndGUIPolicy()
Get the String values which define the allowed ACSObject types. |
boolean |
getManageAccounts()
|
boolean |
getManageACLRightsInheritance()
|
boolean |
getManageAcsRights()
|
boolean |
getManageActorInEPVirtualFolders()
|
boolean |
getManageActors()
|
boolean |
getManageAGORights()
|
boolean |
getManageAGORightsInheritance()
|
boolean |
getManageAuthorizationServerTypedPrivileges()
|
boolean |
getManageBridges()
|
boolean |
getManageClassedSpecificTypedPrivileges()
|
boolean |
getManageClassedTypedPrivileges()
|
boolean |
getManageDenyingRightPrivileges()
|
boolean |
getManageDenyRights()
|
boolean |
getManageDirectoryEPinEPVirtualFolders()
|
boolean |
getManageDirectoryEPs()
|
boolean |
getManageDirectoryInResourceVirtualFolders()
|
boolean |
getManageEPVirtualFolders()
|
boolean |
getManageExternalAcls()
|
boolean |
getManageExternalForOneToOneLinkedPrivileges()
May be true if the privileges are managed but all the other privilege features are not managed, to allow an own component in the privilege of another ACS. |
boolean |
getManageFlexibleConditionalAcls()
|
boolean |
getManageGrantingRightPrivileges()
|
boolean |
getManageGrantRights()
|
boolean |
getManageGroups()
|
boolean |
getManageGroupTrees()
Caution: the name of this method is confusing, because a collection of nested groups may be more than one single group tree. |
boolean |
getManageIfAllSourceLinkedPrivileges()
|
boolean |
getManageInternalAcls()
|
boolean |
getManageInternalForOneToOneLinkedPrivileges()
|
boolean |
getManageInternalHardAlias()
|
boolean |
getManageLPRIRightsInheritance()
|
boolean |
getManageMetaRights()
|
boolean |
getManageOneTimeInVirtualFolderTreeForMember()
|
boolean |
getManagePrivilegeRights()
|
boolean |
getManagePrivilegesInResources()
Caution: if getManageExternalForOneToOneLinkedPrivileges() returns true, the privilege of another ACS may always have as target a Resource of this ACS. |
boolean |
getManagePrivilegesInVirtualFolders()
Caution: if getManageExternalForOneToOneLinkedPrivileges() returns true, the privilege of another ACS may always have as target a VirtualFolder of this ACS. |
boolean |
getManageResources()
|
boolean |
getManageResourceTrees()
|
boolean |
getManageResourceVirtualFolders()
|
boolean |
getManageRightDefinedConditionalAcls()
|
boolean |
getManageSecGroupsForActor()
|
boolean |
getManageSimpleLinkedPrivileges()
|
boolean |
getManageSimpleResourceVirtualFolders()
|
boolean |
getManageSimpleTypedPrivileges()
|
boolean |
getManageSoftAlias()
|
boolean |
getManageVirtualFolderRightsPropagationToMembers()
|
boolean |
getManageVirtualFolders()
|
boolean |
getManageVirtualFolderTrees()
|
int |
getNumberOfEPs()
Get the number of own eligible parties in the ACS, excluding the external objects. |
int |
getNumberOfResources()
Get the number of own resources in the ACS, excluding the external objects. |
AclEntry |
getOneAclEntryFromDetailledName(java.lang.String _detailledName)
Get an AclEntry managed by this ACS from its detailled name. |
Privilege |
getOnePrivilegeFromDetailledName(java.lang.String _detailledName)
Gets a privilege that is managed by this ACS. |
VirtualFolder |
getOneVirtualFolder(ImmutableName _name)
Gets a virtual folder managed by this ACS. |
ImmutableName |
getOwnEPFoldersRootName()
The current root is the first non-finalized virtual folder for eligible parties, without parent which has been created. |
ImmutableName |
getOwnResourceFoldersRootName()
The current root is the first non-finalized virtual folder for resources without parent which has been created. |
boolean |
getRunningOnParentACS()
Deprecated. |
Method Detail |
---|
java.util.SortedMap<ImmutableName,ImmutableResource> getEorM_Resources()
java.util.SortedMap<ImmutableName,ImmutableResource> getEorM_OwnResources()
java.util.SortedMap<ImmutableName,ImmutableResource> getEorM_OwnNoParentResources()
java.util.SortedMap<ImmutableName,ImmutableResource> getEorM_ExternalResources()
java.util.SortedMap<ImmutableName,ImmutableEligibleParty> getEorM_EligibleParties()
java.util.SortedMap<ImmutableName,ImmutableEligibleParty> getEorM_OwnEligibleParties()
java.util.SortedMap<ImmutableName,ImmutableEligibleParty> getEorM_ExternalEligibleParties()
ImmutableAclEntry[] getEorL_AclEntries()
AclEntry getOneAclEntryFromDetailledName(java.lang.String _detailledName)
_detailledName
- detailled name
int getNumberOfResources()
int getNumberOfEPs()
boolean containsResourceName(ImmutableName _name)
_name
- ImmutableName of the resource to test in the ACS
boolean containsEligiblePartyName(ImmutableName _name)
_name
- ImmutableName of the eligible party to test
boolean containsOwnResourceName(ImmutableName _name)
_name
- ImmutableName of the own resource to test in the ACS
boolean containsOwnEligiblePartyName(ImmutableName _name)
_name
- ImmutableName of the own eligible party to test in the ACS
boolean containsAclEntry(ImmutableAclEntry _acl)
_acl
- AclEntry to test
java.util.SortedMap<ImmutableName,ImmutableActor> getEorM_Actors()
java.util.SortedMap<ImmutableName,ImmutableActor> getEorM_OwnActors()
java.util.List<ImmutableActor> getEorL_OwnActorBridgeSources()
java.util.List<ImmutableActor> getEorL_OwnActorBridgeTargets()
ImmutableName[] getL_AcsControllers()
boolean getIncompleteStructureModeling()
boolean getIncompleteBehaviorModeling()
boolean getManageResources()
boolean getManageResourceTrees()
boolean getManageAccounts()
boolean getManageGroups()
boolean getManageGroupTrees()
boolean getManageInternalAcls()
boolean getManageExternalAcls()
boolean getManageFlexibleConditionalAcls()
boolean getManageRightDefinedConditionalAcls()
boolean getManageACLRightsInheritance()
boolean getManageActors()
boolean getManageBridges()
boolean getManageSecGroupsForActor()
boolean getManageDirectoryEPs()
boolean getManageAGORights()
boolean getManageAGORightsInheritance()
boolean getManagePrivilegeRights()
boolean getManageVirtualFolders()
boolean getManageGrantRights()
boolean getManageDenyRights()
boolean getRunningOnParentACS()
boolean getEmbeddedInParentACS()
boolean getManagePrivilegesInResources()
boolean getManagePrivilegesInVirtualFolders()
boolean getManageSimpleLinkedPrivileges()
boolean getManageSimpleTypedPrivileges()
boolean getManageIfAllSourceLinkedPrivileges()
boolean getManageInternalForOneToOneLinkedPrivileges()
boolean getManageExternalForOneToOneLinkedPrivileges()
boolean getManageClassedTypedPrivileges()
boolean getManageClassedSpecificTypedPrivileges()
boolean getManageAuthorizationServerTypedPrivileges()
boolean getManageGrantingRightPrivileges()
boolean getManageDenyingRightPrivileges()
boolean getManageLPRIRightsInheritance()
boolean getManageResourceVirtualFolders()
boolean getManageEPVirtualFolders()
boolean getManageSimpleResourceVirtualFolders()
boolean getManageDirectoryInResourceVirtualFolders()
boolean getManageActorInEPVirtualFolders()
boolean getManageDirectoryEPinEPVirtualFolders()
boolean getManageVirtualFolderTrees()
boolean getManageOneTimeInVirtualFolderTreeForMember()
boolean getManageVirtualFolderRightsPropagationToMembers()
boolean getIsAuthorizationServer()
boolean getManageAcsRights()
boolean getManageMetaRights()
boolean getManageSoftAlias()
boolean getManageInternalHardAlias()
java.util.Map<java.lang.String,java.lang.String[]> getM_TypesAndGUIPolicy()
- 'Resource.ResourceType' defines the allowed types for the Resources
- 'Actor.ResourceType' defines the allowed types for the Actors
- 'EligibleParty.EPType' defines the allowed types for the Eligible Parties
- 'VirtualFolder.VirtualFolderType' defines the allowed String types for the VirtualFolders of the ACS
- 'PrivilegeForType.SecondType' defines the allowed String types for the PrivilegeForTypes of the ACS
- 'PrivilegeForLinks.SecondType' defines the allowed String types for the PrivilegeForLinks of the ACS
- 'Explorer.NoAcsNode', where the values have the format 'ACSTree.XXX', to forbid the display in the explorer, of some standard nodes like 'AclEntries...' or 'GroupIDs',
- 'Explorer.SubAcsNode' sets some subacs nodes in the explorer,
where the values have the format 'ResourceType.
- 'Explorer.AcsGroupTree' sets some group trees in the explorer,
where the values have the format 'GroupType.
- 'CreationByBeamer.NoType' where the values are some forbidden types,
to forbid the creation by the user and through the GUI,
of ACSObjects having these types for a given class.
With the key 'CreationByBeamer.NoType', the user can create some ACSObjects
only with the types the ACS authorizes. Typically, the types
'ResourceType.
java.util.Map<java.lang.String,java.lang.String[]> getM_TypeOrientedPolicy()
There are 29 forms for the key, presented hereinafter:
- 'GroupIDMember.NoMemberOf', where the values are the types of the groupmembers for which the role of member of another group is forbidden
- 'GroupIDMember.IsNotConditionalAclSource', where the values are the types of the GroupIDmembers for which the conditional ACL is forbidden as source
- 'GroupID.NoPrimaryGroup', where the values are the types of the groups for which the role of primary group for an account is forbidden
- 'GroupID.NoMainGroup' where the values are the types of the groups for which the role of main group of a resource is forbidden
- 'GroupID.NoSecondaryGroup' where the values are the types of the groups for which the role of secondary group of an actor is forbidden
- 'GroupID.MemberFromAdmin' where the values are the types of the groups where every member has to be an administrator
- 'GroupID.NoUserIDMember' where the values are the types of the groups where every member has to not be an UserID
- 'GroupID.NoGroupIDMember' where the values are the types of the groups where every member has to not be a GroupID
- 'GroupID.NoMoreThanOneMember' where the values are the types of the groups where only one member is allowed
- 'GroupID.ConditionalAclGroup' where the values are the types of the groups which may be condition groups in some conditional ACLs
- 'Resource.OneRightACL' where the values are the types of the resources which handled only AclEntries with no or one right
- 'Resource.NoAccount' where the values are the types of the resources which do not handle an account as owner (a group is possible from parent)
- 'Resource.NoConditionalACL' where the values are the types of the resources which never handle flexible or right-defined conditional AclEntries
- 'Resource.NoNonConditionalACL' where the values are the types of the resources for which an AclEntry without condition group(s) is never operational
- 'Resource.OneConditionGroupInACL' where the values are the types of the resources which handled only conditional AclEntries with no or one condition group
- 'Actor.NoCurrentAccount' where the values are the types of the actors for which a current account is forbidden
- 'Actor.NoNullCurrentAccount' where the values are the types of the actors for which a current account is mandatory
- 'Actor.NoCurrentGroup' where the values are the types of the actors for which a current group is forbidden
- 'Actor.IsNotBridgeTarget' where the values are the types of the actors which cannot be bridge targets
- 'Actor.IsNotBridgeSource' where the values are the types of the actors which cannot be bridge sources
- 'Actor.IsNotConditionalAclSource', where the values are the types of the Actors for which the conditional ACL is forbidden as source
The following keys include an ACSObject type, after the last point: - 'GroupID.TypesOfMemberFor.allowed_GroupID_type' where the values are the allowed types of the members for a group having this type
- 'GroupIDMember.NoMoreThanOneGroup.allowed_GroupIDMember_type' where the values are the GroupID types for which the groupIDmember may be member of one group of this type at most
- 'GroupIDMember.RecommandedGroupsAsMember.allowed_GroupIDMember_type'
where the values are the GroupID types for which a message
recommands to the user to put the groupIDMember as member;
there, it is possible to describe some alternatives
like 'group_type_one
- 'Directory.TypesOfChildFor.allowed_Directory_type' where the values are
the allowed types of the children for a Directory having this type,
or if the type is 'NULL', for a Resource without parent
- 'VirtualFolder.TypesOfMemberFor.allowed_VirtualFolder_type' where the values are
the allowed types of the members for a VirtualFolder having this type
- 'VirtualFolder.TypesOfChildFor.allowed_VirtualFolder_type' where the values are
the allowed types of the children for a VirtualFolder having this type,
or if the type is 'NULL', for a VirtualFolder without parent
- 'Resource.SecondTypesOfPrivilegeFor.allowed_Resource_type' where the values are
the allowed second types of the privileges for a Resource having this type
- 'EligibleParty.SecondTypesOfPrivilegeFor.allowed_EligibleParty_type' where the values are
the allowed second types of the privileges for an EligibleParty having this type
- 'VirtualFolder.SecondTypesOfPrivilegeFor.allowed_VirtualFolder_type' where the values are
the allowed second types of the privileges for a VirtualFolder having this type
- 'Resource.TypesOfSourceForConditionalACL.allowed_Resource_type' where the values
are the allowed EligibleParty types as source of a conditional ACL
in a Resource having this type
java.util.Map<java.lang.String,StringRight[]> getM_StandardRights()
- 'Resource.OwnerRights',
- 'Resource.GroupRights',
- 'Resource.OtherRights',
- 'Resource.AclRights',
- 'Actor.BridgeRights'.
An AcsAddon ACS may have complementary keys, like for instance 'Resource.OtherRights' in the ACSUbuntuImpl class. In all cases, these AcsAddon keys have to start with the name of an interface, to be detected by ACSFactoryUtilityImpl.getL_MapKeysForSpecializedRights(), and they have to end with a property change name containing 'Rights', to be detected by BaseUtilityImpl.getRestrictedValues().
getM_SpecializedRights()
java.util.Map<java.lang.String,StringRight[]> getM_SpecializedRights()
As map keys, examples of quartets (object.domain.key.subkey) are:
- 'Target.AclRightsSet.Interface.Directory', for ACL rights when the target is a Directory instance
- 'Target.AccRightsSet.Type.script', for Account rights when the target has the type 'script'
- 'Source.AclRightsSet.Type.group', for ACL rights when the source has the type 'group'
- 'PFType.PrvRightsSet.Type.role one', for PrivilegeForTypes having the second type 'role one'
The object is Target or Source to indicate that these rights are for the target (or source) which has the correct interface or type.
For Privileges only, PFType indicates rights for PrivilegeForTypes, and PFLink indicates that it is for PrivilegeForLinks.
The domain may be one of the right categories: 'AccRightsSet' for Target only, 'GpORightsSet' for Target only, 'AclRightsSet' for Target only, 'BdgRightsSet', 'RooRightsSet' for root. 'PrvRightsSet' for Privileges only.
The key is 'Interface' or 'Type' to indicate that the subkey belongs to one of these categories.
The subkey is an interface name or a Basic type (or second type for a Privilege), for which the specialized rights have to be used.
The value in the returned map is an array of StringRight which may have a lenght of 0.
java.util.List<java.lang.String> getL_ImmutableRules()
StringRight[] getL_SelectedRights(java.lang.String _r1, java.lang.String _r2, java.lang.String _r3, java.lang.String _r4, java.lang.String _r5)
_r1
- nick name of an ACS right. May be null._r2
- nick name of an ACS right. May be null._r3
- nick name of an ACS right. May be null._r4
- nick name of an ACS right. May be null._r5
- nick name of an ACS right. May be null.
ImmutableName getOwnResourceFoldersRootName()
ImmutableName getOwnEPFoldersRootName()
Privilege getOnePrivilegeFromDetailledName(java.lang.String _detailledName)
_detailledName
- privilege detailled name
Privilege[] getEorL_Privileges()
java.util.List<Privilege> getEorL_PrivilegeForLinks()
java.util.List<Privilege> getEorL_PrivilegeForTypes()
java.util.List<Privilege> getEorL_PrivilegeForTypesForSource(java.lang.String _type)
_type
- is the searched source type. No action if null.
java.util.List<Privilege> getEorL_PrivilegeForTypesForTarget(java.lang.String _type)
_type
- is the searched target type. No action if null.
VirtualFolder[] getEorL_VirtualFolders()
VirtualFolder getOneVirtualFolder(ImmutableName _name)
_name
- is the folder name
java.util.List<VirtualFolder> getEorL_ResourceVirtualFolders()
java.util.List<VirtualFolder> getEorL_EPVirtualFolders()
VirtualFolder[] getEorL_ExternalVirtualFolders()
boolean containsPrivilegeName(ImmutableName _name)
_name
- is an ImmutableName of the privilege to test
boolean containsVirtualFolderName(ImmutableName _name)
_name
- is an ImmutableName of the virtual folder to test
boolean containsOwnVirtualFolderName(ImmutableName _name)
_name
- of the virtual folder to test
java.util.SortedMap<java.lang.String,java.lang.Boolean> getM_Structure()
java.util.SortedMap<java.lang.String,StringRight[]> getM_RightsOfInternalKey()
java.lang.String getEditorAndAddonNames()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |