ARoad0.gBase
Class ACSFactoryUtilityImpl

java.lang.Object
  extended by ARoad0.gBase.ACSFactoryUtilityImpl
All Implemented Interfaces:
Singleton

public class ACSFactoryUtilityImpl
extends java.lang.Object
implements Singleton

This class is an important utility class for ACSFactoryImpl, with only static methods. It cannot be subclassed in an AcsAddon gBase package. Each static method is documented independently. This class contains also some important static properties which are presented hereinafter.

This class defines around 60 granting metarights, and their denying 'deny_' opposites. '|unknown_rights|' is the less powerful right, with a strenght at 1 and no opposite right. '|is_superadmin|' is the more powerful right, with a strenght at 90900 and no opposite right. The pattern 'directory/child' in names is used for the AGO inherited rights in BaseUtilityImpl.getChildRightsSetFromParentAGORights().

The generic names of the ACS upper nodes are in L_ACS_TREE_GENERIC_UPPER_NODES. They are used by a ARoad0.Gui2.ACSTreeBaseListener for adding or removing an ACSObject.

Some tree ACS upper node names may be replaced for a given AcsAddon ACS. Their default values are in L_ACS_TREE_UPPER_NODES_FOR_ONE_ACS. The getM_AcsVocabulary() method returns the effective values for an ACS. They are never replaced in the explorer ACS tree, in which the generic vocabulary of Access Road is mandatory to ensure a coherent view. They should be used in the internal frame of the ACS, to describe the ACS with its own public vocabulary. For instance, the node name 'Resources' should be replaced by the node name 'IP addresses' in the ACS tree of a firewall.

The AcsAddon framework is based on the following properties:

Some classes in the generic gBase package may be subclassed in an AcsAddon package, and being visible for all the generic packages. These subclasses are called classic AcsAddon gBase classes. They are accessible for all the Access Road program through the getM_AcsVocabulary() method of the ACS. The default values of these classes are the generic gBase classes, in M_GENERIC_ACS_VOCABULARY, with the editor name and the version. Other gBase classes like BaseUtilityImpl are not registered if they are subclassed in an AcsAddon, like in Ubuntu. In that case, only the classes of their AcsAddon gBase package, or a derived package, may call them. The classic classes do not include the embedded classes like CAliasImpl. They may be subclassed in the AcsAddons but are not used outside the AcsAddon gBase package.

An AcsAddon may have gBase classes which are not classic classes. They are called AcsAddon extension classes. For an AcsAddon vocabulary map, ACSADDON_EXTENSION_CLASSES is the key to define the extension classes in gBase. The extension class descriptions are separated by one space, like in 'Executable/is/ACTOR_CLASS XXX/is/RESOURCE_CLASS'. This says that there is a class Executable'AcsAddon_Name'Impl under the AcsAddon gBase package, and that this class is a direct subclass of the ACTOR_CLASS. This ACTOR_CLASS may be the generic ARoad0.gBase.Actor class, or may be the classic class in the same AcsAddon package that replaces the ARoad0.gBase.Actor class. For instance, in the AcsAddon Ubuntu, the classic class ActorUbuntuImpl replaces the generic ARoad0.gBase.ActorImpl class, and the extension class ExecutableUbuntuImpl is a subclass of the classic class ActorUbuntuImpl. ACSADDON_EXTENSION_CLASSES is used by Gui1.BaseObjectHandler and some gDMak classes to set the list of the allowed subclasses for creating an ACSObject in an AcsAddon.

The domain of a specialized right is one of the following categories: 'AccRightsSet' and 'GpORightsSet' for Target only, 'AclRightsSet', 'PrvRightsSet', 'BdgRightsSet', 'RooRightsSet' for Source and Target. It is not possible to change this set for an AcsAddon, while it is necessary sometimes to have specialized rights on a specific right property. In the AcsAddon vocabulary map, ACSADDON_SPECIALIZED_RIGHT_DOMAINS is the key to define the specialized right domains. The associated values set the non-generic rights in the ACSObjects on which the ACS constraints of the specialized rights are applicable, and in that case, what domain is applicable. For instance, the domain 'GpORightsSet' is applicable to the specific property 'OtherRights' in Ubuntu, to find the specialized rights on the 'OtherRights', if any. The value must have the format 'PropertyName.SpecializedRightDomainName', and it is ridden by the method getL_MapKeysForSpecializedRights(). Caution: the current version of Access Road has to be put into M_GENERIC_ACS_VOCABULARY.


Field Summary
static java.lang.String ACLENTRIES
           
static java.lang.String ACLENTRIES_FOR_THIS_ACS
           
static java.lang.String ACLENTRY_CLASS
           
static java.lang.String ACS_CLASS
           
static java.lang.String ACSADDON_EDITOR
           
static java.lang.String ACSADDON_EXTENSION_CLASSES
           
static java.lang.String ACSADDON_NAME
           
static java.lang.String ACSADDON_PACKAGE_EDITOR
           
static java.lang.String ACSADDON_SPECIALIZED_RIGHT_DOMAINS
           
static java.lang.String ACSADDON_VERSION
           
static java.lang.String ACSFACTORY_CLASS
           
static java.lang.String ACSRIGHTS
           
static java.lang.String ACSRIGHTS_FOR_THIS_ACS
           
static java.lang.String ACTOR_CLASS
           
static java.lang.String ACTORS
           
static java.lang.String ACTORS_FOR_THIS_ACS
           
static java.lang.String BASIC_CLASS
           
static java.lang.String DIRECTORY_CLASS
           
static java.lang.String DIRECTORYEP_CLASS
           
static java.lang.String ECACTORS
           
static java.lang.String ECACTORS_FOR_THIS_ACS
           
static java.lang.String ECOTHER_RESOURCES
           
static java.lang.String ECOTHER_RESOURCES_FOR_THIS_ACS
           
static java.lang.String ECRESOURCES
           
static java.lang.String ECRESOURCES_FOR_THIS_ACS
           
static java.lang.String EEACTORS
           
static java.lang.String EEACTORS_FOR_THIS_ACS
           
static java.lang.String EEPARTIES
           
static java.lang.String EEPARTIES_FOR_THIS_ACS
           
static java.lang.String EGROUPS
           
static java.lang.String EGROUPS_FOR_THIS_ACS
           
static java.lang.String ELIGIBLEPARTY_CLASS
           
static java.lang.String EPVFOLDERS
           
static java.lang.String EPVFOLDERS_FOR_THIS_ACS
           
static java.lang.String EUSERS
           
static java.lang.String EUSERS_FOR_THIS_ACS
           
static java.lang.String GROUP_CLASS
           
static java.lang.String GROUPMEMBER_CLASS
           
static java.lang.String GROUPS
           
static java.lang.String GROUPS_FOR_THIS_ACS
           
private static int INITIAL_CAPACITY
           
private static ACSFactoryUtilityImpl instance__
           
static java.util.List L_ACS_TREE_GENERIC_UPPER_NODES
           
static java.util.List L_ACS_TREE_UPPER_NODES_FOR_ONE_ACS
           
static java.util.List L_CLASSIC_CLASS_KEYS
           
static java.util.List L_SPECIALIZED_RIGHT_DOMAINS
           
static java.util.HashMap<java.lang.String,java.lang.String[]> M_GENERIC_ACS_VOCABULARY
          These are the default values for the classes in the generic gBase package that may be subclassed in an AcsAddon package, and are then accessible for all the Access Road program through ARoad0.gBaseInterface.ACSRun.getM_AcsVocabulary().
static java.lang.String PRIVILEGEABST_CLASS
           
static java.lang.String PRIVILEGEFORLINKS_CLASS
           
static java.lang.String PRIVILEGEFORTYPE_CLASS
           
static java.lang.String PRIVILEGES
           
static java.lang.String PRIVILEGES_FOR_THIS_ACS
           
static java.lang.String RESOURCE_CLASS
           
static java.lang.String RESOURCES
           
static java.lang.String RESOURCES_FOR_THIS_ACS
           
static java.lang.String RESVFOLDERS
           
static java.lang.String RESVFOLDERS_FOR_THIS_ACS
           
static java.lang.String USER_CLASS
           
static java.lang.String USERS
           
static java.lang.String USERS_FOR_THIS_ACS
           
static java.lang.String VIRTUALFOLDER_CLASS
           
 
Constructor Summary
private ACSFactoryUtilityImpl()
          with this private constructor, the compiler won't generate a default public constructor.
 
Method Summary
static java.lang.String controlAcsStructure(java.util.SortedMap<java.lang.String,java.lang.Boolean> _m_structure)
          This important method contains all the basic integrity rules the ACS structure has to comply with in all cases.
static java.lang.String controlAlternateValues(java.lang.String[] _l_values)
          Controls the alternate values policy.
static java.lang.String convertKeyOfPrivilegeRightsForNewACS(java.lang.String _privilegeKey)
          From a key from the standard rights map or from the specialized rights map of an ACS, this method returns the associated key to use to configure the privilege rights in a new ACS, through the call to ACSFactoryimpl.addPrivilegeRights().
static java.lang.String getAcsAddonExtensionSpecializedRightDomain(ImmutableACS _acs, java.lang.String _propertyName)
          Gets the specialized right domain when an AcsAddon defines a property right in its proper extension classes, if there are specific constraints on the allowed values through specialized rights.
static java.util.List<java.lang.String> getAcsImmutableRules(java.util.SortedMap<java.lang.String,java.lang.Boolean> _m_Structure, java.lang.String _acsType)
          Creates the set of rules which are derived from the ACS structure.
static java.lang.String[] getAcsStructureKeys()
          Deprecated.  
static java.util.SortedMap<java.lang.String,java.lang.Boolean> getDefaultAcsStructure()
          Gets the default structure for the ACS.
static ACSFactoryUtilityImpl getInstance()
          Only method to obtain the unique instance of ACSFactoryUtilityImpl.
static java.util.List<java.lang.String> getL_AcsAddonExtensionClassNames(java.util.Map _m_vocabulary, java.lang.String _superClassName)
          Returns the subclasses of a given super class, that are declared in the ACS vocabulary as extension classes in an AcsAddon gBase package.
static java.util.List getL_GroupTreesToDisplay(ACS _acs)
          Gets the types of the groups tree nodes, with the values from the key 'Explorer.AcsGroupTree' in the map of ACSImpl.getM_TypesAndGUIPolicy().
static java.util.List<java.lang.String> getL_LimitedValuesForAlternates()
          This method defines the alternate types, the right types for alternates and the options.
static java.util.List<java.lang.String> getL_LimitedValuesForComponentNodes(ACSFactoryImpl _acs, java.lang.String _key)
          This method defines the component nodes in the IS nametree: 'physical' and 'logical'.
static java.util.List<java.lang.String> getL_LimitedValuesForCompositeNodes()
          This method defines the 3 types of composite nodes in the IS nametree: 'acs', 'acs.authorization_server' and 'subacs'.
static java.util.List<java.lang.String> getL_LimitedValuesForSubAndGroupPolicy()
          This method defines the subacs and the group root nodes in the GUI explorer.
static java.util.List<java.lang.String> getL_LimitedValuesForTypesAndExplorer(ACSFactoryImpl _acs, java.lang.String _key)
          Gets the specialized types which are allowed for a key in the types-and-explorer map, from the current types in the type lists of the ACSFactory.
static java.util.List<java.lang.String> getL_MapKeysForPrivilegeRights(ACSFactoryImpl _factory)
          This method returns the allowed keys for the standard and for the specialized privilege rights: - 'MainType.main type' for each of the 6 PrivilegeAbst main types, which sets the 7 keys 'PrivilegeRights.MainType.main type' for the standard rights in ACSImpl, - 'PFType/PFLink.SecondType.second type' for the specialized rights, and there is a returned value for each typed privilege second type and each linked privilege second type.
static java.lang.String[] getL_MapKeysForSpecializedRights(ImmutableACS _acs, java.util.Collection _l_interfaces, java.lang.String _propertyName, java.lang.String _resourceType, java.lang.String _EPType)
          Gets the map keys in any ACS which should be used to defined the specialized rights associated to a given ACSObject right property.
static java.util.List<java.lang.String>[] getL_MapKeysStartsForSpecializedRights()
          This method returns the triplet (object.domain.key) of allowed values for the first three Strings in the quartet of Strings which is used as map key for specialized rights.
static java.util.List getL_SubAcsToDisplay(ACS _acs)
          Gets the types of the resources or groups subACS, with the values from the key 'Explorer.SubAcsNode' in the map of ACSImpl.getM_TypesAndGUIPolicy().
(package private) static java.util.Collection initializeBasicMetaRights()
          Called by BaseManagerImpl during the base initialization to create the immutable set of Access Road metarights.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

instance__

private static ACSFactoryUtilityImpl instance__

INITIAL_CAPACITY

private static final int INITIAL_CAPACITY
See Also:
Constant Field Values

ACTORS

public static final java.lang.String ACTORS
See Also:
Constant Field Values

USERS

public static final java.lang.String USERS
See Also:
Constant Field Values

GROUPS

public static final java.lang.String GROUPS
See Also:
Constant Field Values

RESOURCES

public static final java.lang.String RESOURCES
See Also:
Constant Field Values

ACLENTRIES

public static final java.lang.String ACLENTRIES
See Also:
Constant Field Values

EEPARTIES

public static final java.lang.String EEPARTIES
See Also:
Constant Field Values

EEACTORS

public static final java.lang.String EEACTORS
See Also:
Constant Field Values

EGROUPS

public static final java.lang.String EGROUPS
See Also:
Constant Field Values

EUSERS

public static final java.lang.String EUSERS
See Also:
Constant Field Values

ECRESOURCES

public static final java.lang.String ECRESOURCES
See Also:
Constant Field Values

ECACTORS

public static final java.lang.String ECACTORS
See Also:
Constant Field Values

ECOTHER_RESOURCES

public static final java.lang.String ECOTHER_RESOURCES
See Also:
Constant Field Values

ACSRIGHTS

public static final java.lang.String ACSRIGHTS
See Also:
Constant Field Values

RESVFOLDERS

public static final java.lang.String RESVFOLDERS
See Also:
Constant Field Values

EPVFOLDERS

public static final java.lang.String EPVFOLDERS
See Also:
Constant Field Values

PRIVILEGES

public static final java.lang.String PRIVILEGES
See Also:
Constant Field Values

L_ACS_TREE_GENERIC_UPPER_NODES

public static final java.util.List L_ACS_TREE_GENERIC_UPPER_NODES

ACTORS_FOR_THIS_ACS

public static final java.lang.String ACTORS_FOR_THIS_ACS
See Also:
Constant Field Values

USERS_FOR_THIS_ACS

public static final java.lang.String USERS_FOR_THIS_ACS
See Also:
Constant Field Values

GROUPS_FOR_THIS_ACS

public static final java.lang.String GROUPS_FOR_THIS_ACS
See Also:
Constant Field Values

RESOURCES_FOR_THIS_ACS

public static final java.lang.String RESOURCES_FOR_THIS_ACS
See Also:
Constant Field Values

ACLENTRIES_FOR_THIS_ACS

public static final java.lang.String ACLENTRIES_FOR_THIS_ACS
See Also:
Constant Field Values

EEPARTIES_FOR_THIS_ACS

public static final java.lang.String EEPARTIES_FOR_THIS_ACS
See Also:
Constant Field Values

EEACTORS_FOR_THIS_ACS

public static final java.lang.String EEACTORS_FOR_THIS_ACS
See Also:
Constant Field Values

EGROUPS_FOR_THIS_ACS

public static final java.lang.String EGROUPS_FOR_THIS_ACS
See Also:
Constant Field Values

EUSERS_FOR_THIS_ACS

public static final java.lang.String EUSERS_FOR_THIS_ACS
See Also:
Constant Field Values

ECRESOURCES_FOR_THIS_ACS

public static final java.lang.String ECRESOURCES_FOR_THIS_ACS
See Also:
Constant Field Values

ECACTORS_FOR_THIS_ACS

public static final java.lang.String ECACTORS_FOR_THIS_ACS
See Also:
Constant Field Values

ECOTHER_RESOURCES_FOR_THIS_ACS

public static final java.lang.String ECOTHER_RESOURCES_FOR_THIS_ACS
See Also:
Constant Field Values

ACSRIGHTS_FOR_THIS_ACS

public static final java.lang.String ACSRIGHTS_FOR_THIS_ACS
See Also:
Constant Field Values

RESVFOLDERS_FOR_THIS_ACS

public static final java.lang.String RESVFOLDERS_FOR_THIS_ACS
See Also:
Constant Field Values

EPVFOLDERS_FOR_THIS_ACS

public static final java.lang.String EPVFOLDERS_FOR_THIS_ACS
See Also:
Constant Field Values

PRIVILEGES_FOR_THIS_ACS

public static final java.lang.String PRIVILEGES_FOR_THIS_ACS
See Also:
Constant Field Values

L_ACS_TREE_UPPER_NODES_FOR_ONE_ACS

public static final java.util.List L_ACS_TREE_UPPER_NODES_FOR_ONE_ACS

ACTOR_CLASS

public static final java.lang.String ACTOR_CLASS
See Also:
Constant Field Values

USER_CLASS

public static final java.lang.String USER_CLASS
See Also:
Constant Field Values

GROUP_CLASS

public static final java.lang.String GROUP_CLASS
See Also:
Constant Field Values

RESOURCE_CLASS

public static final java.lang.String RESOURCE_CLASS
See Also:
Constant Field Values

ACLENTRY_CLASS

public static final java.lang.String ACLENTRY_CLASS
See Also:
Constant Field Values

DIRECTORY_CLASS

public static final java.lang.String DIRECTORY_CLASS
See Also:
Constant Field Values

GROUPMEMBER_CLASS

public static final java.lang.String GROUPMEMBER_CLASS
See Also:
Constant Field Values

BASIC_CLASS

public static final java.lang.String BASIC_CLASS
See Also:
Constant Field Values

ELIGIBLEPARTY_CLASS

public static final java.lang.String ELIGIBLEPARTY_CLASS
See Also:
Constant Field Values

ACS_CLASS

public static final java.lang.String ACS_CLASS
See Also:
Constant Field Values

ACSFACTORY_CLASS

public static final java.lang.String ACSFACTORY_CLASS
See Also:
Constant Field Values

VIRTUALFOLDER_CLASS

public static final java.lang.String VIRTUALFOLDER_CLASS
See Also:
Constant Field Values

PRIVILEGEABST_CLASS

public static final java.lang.String PRIVILEGEABST_CLASS
See Also:
Constant Field Values

PRIVILEGEFORTYPE_CLASS

public static final java.lang.String PRIVILEGEFORTYPE_CLASS
See Also:
Constant Field Values

PRIVILEGEFORLINKS_CLASS

public static final java.lang.String PRIVILEGEFORLINKS_CLASS
See Also:
Constant Field Values

DIRECTORYEP_CLASS

public static final java.lang.String DIRECTORYEP_CLASS
See Also:
Constant Field Values

L_CLASSIC_CLASS_KEYS

public static final java.util.List L_CLASSIC_CLASS_KEYS

ACSADDON_EXTENSION_CLASSES

public static final java.lang.String ACSADDON_EXTENSION_CLASSES
See Also:
Constant Field Values

ACSADDON_NAME

public static final java.lang.String ACSADDON_NAME
See Also:
Constant Field Values

ACSADDON_EDITOR

public static final java.lang.String ACSADDON_EDITOR
See Also:
Constant Field Values

ACSADDON_PACKAGE_EDITOR

public static final java.lang.String ACSADDON_PACKAGE_EDITOR
See Also:
Constant Field Values

ACSADDON_VERSION

public static final java.lang.String ACSADDON_VERSION
See Also:
Constant Field Values

ACSADDON_SPECIALIZED_RIGHT_DOMAINS

public static final java.lang.String ACSADDON_SPECIALIZED_RIGHT_DOMAINS
See Also:
Constant Field Values

L_SPECIALIZED_RIGHT_DOMAINS

public static final java.util.List L_SPECIALIZED_RIGHT_DOMAINS

M_GENERIC_ACS_VOCABULARY

public static final java.util.HashMap<java.lang.String,java.lang.String[]> M_GENERIC_ACS_VOCABULARY
These are the default values for the classes in the generic gBase package that may be subclassed in an AcsAddon package, and are then accessible for all the Access Road program through ARoad0.gBaseInterface.ACSRun.getM_AcsVocabulary(). Other gBase classes like BaseUtilityImpl are not registered if they are subclassed in an AcsAddon, and only the classes of their package or a derived package may call them.

Constructor Detail

ACSFactoryUtilityImpl

private ACSFactoryUtilityImpl()
with this private constructor, the compiler won't generate a default public constructor.

Method Detail

getInstance

public static ACSFactoryUtilityImpl getInstance()
Only method to obtain the unique instance of ACSFactoryUtilityImpl.

Returns:
ACSFactoryUtilityImpl

getAcsStructureKeys

public static java.lang.String[] getAcsStructureKeys()
Deprecated. 

Gets the structure keys for the creation of an ACS, to display to the user. Called by ActionNewACSyst.

Returns:
a 23-length array defining the acs structure keys.

getDefaultAcsStructure

public static java.util.SortedMap<java.lang.String,java.lang.Boolean> getDefaultAcsStructure()
Gets the default structure for the ACS. This is the reference method for the ACS structure, with 36 booleans. Almost all booleans are all set to false. Only 5 properties are activated by default. They are resources, metarights, granting rights, incomplete modelings of the ACS structure and behavior. Called by the ACSFactoryImpl constructor.

Returns:
the ACS structure as a map with standardized keys and default values.

getAcsImmutableRules

public static java.util.List<java.lang.String> getAcsImmutableRules(java.util.SortedMap<java.lang.String,java.lang.Boolean> _m_Structure,
                                                                    java.lang.String _acsType)
Creates the set of rules which are derived from the ACS structure. More than 50 rules may be added, and the AcsAddons may complement them. The order of the rules is not important, since the returned list is sorted in ACSFactoryImpl. Used by ACSFactoryImpl.

Parameters:
_m_Structure - is the ACS structure, including the values choosen by the user
_acsType - the ACS type, used for the Linux type
Returns:
the list of rules which are applied in the ACS.

controlAcsStructure

public static java.lang.String controlAcsStructure(java.util.SortedMap<java.lang.String,java.lang.Boolean> _m_structure)
This important method contains all the basic integrity rules the ACS structure has to comply with in all cases. It controls the ACS integrity by the mean of comparisons of the ACS properties, to validate the choices before the ACS creation. An user-friendly message is returned when an error is found. About 65 controls are provided, each with its user messsage. Used by the ACS constructor and by ACSFactoryImpl.

Parameters:
_m_structure - is the ACS structure, including the values choosen by the user. Never null.
Returns:
null if the integrity rules are followed, or an user message which explains the first integrity error.

getL_SubAcsToDisplay

public static final java.util.List getL_SubAcsToDisplay(ACS _acs)
Gets the types of the resources or groups subACS, with the values from the key 'Explorer.SubAcsNode' in the map of ACSImpl.getM_TypesAndGUIPolicy().

Parameters:
_acs - to process
Returns:
the types with the format 'ResourceType.byAcsCreator XXX' or 'GroupType.byAcsCreator XXX'. May be null but not empty.

getL_GroupTreesToDisplay

public static final java.util.List getL_GroupTreesToDisplay(ACS _acs)
Gets the types of the groups tree nodes, with the values from the key 'Explorer.AcsGroupTree' in the map of ACSImpl.getM_TypesAndGUIPolicy().

Parameters:
_acs - to process
Returns:
the types having the format 'GroupType.<byAcsCreator> XXX'. May be null but not empty.

initializeBasicMetaRights

static final java.util.Collection initializeBasicMetaRights()
Called by BaseManagerImpl during the base initialization to create the immutable set of Access Road metarights. Defines around 60 granting metarights, and their denying 'deny_' opposites, if any. '|unknown_rights|' is the less powerful right, with a strenght at 1 and no opposite right. '|is_superadmin|' is the more powerful right, with a strenght at 90900 and no opposite right.

The metaright strengths are from 10000 to 99999, excepted for '|unknown_rights|' with a strength of 1. Only AclEntries and Privileges may use negative rights. Then, the getPositive() or the getPositiveRight() method allows to know if the object grants or denies its rights. An alternative of the denying rights is the negative right management, like for instance the 'umask' function in a Linux Ubuntu AcsAddon.

The power and the field of each metaright are defined. The upper metarights have never a target class more restricted than the created right. Two metarights are never identical with different target classes. NFS4 SYNCHRONIZE right (it allows synchronous readings and writings) is not defined since it is not an access right.

The metarights list includes the six general 'do_action_xxx' with their denying rights. This method defines the administrative right |read_security_descriptor| and its opposite. The pattern 'deny_' for names is not followed for the 11 administrative right '|modify_from_parent_acs|', '|modify_security_descriptor|', '|read_from_parent_acs|', '|is_superadmin|', '|unknown_rights|', '|get_target_rights|', '|unverified_rights|', |transfer_all_rights_to_third_party|, |transfer_limited_rights_to_third_party|, |transfer_all_rights|, |transfer_limited_rights| which have no opposite rights, and for 'deny_all' that is the opposite of 'goto'.

BaseUtilityImpl.withAcrossToDirectoryAGORights() returns true if the Directory rights contain an equivalent to the metarights 'gothrough_for_directory', 'read_for_directory' or 'full_control'. In an AcsAddon, this method may be overriden.

Caution: gWork.FactoryUtilities.M_RIGHTS_ACRONYMS should be updated after any change in this list of administrative metarights, and gBase.BaseUtilityImpl.withAcrossToDirectoryAGORights() uses some metarights.

The pattern 'directory/child' in names is used for the AGO inherited rights in BaseUtilityImpl.getChildRightsSetFromParentAGORights(). The rules are:

- if a metaright is 'Rdirectory', this is a right for Nodes, and it must have an image 'Rchild',

- if the metaright 'Rchild' has the lower rights 'Achild' and 'Bchild' ending with 'child', then the metarights 'A' and 'B' must be defined.

- then, BaseUtilityImpl.getChildRightsSetFromParentAGORights() detects the rights 'A' and 'B' as AGO inherited rights of the leaf, if its parent has the right 'Rdirectory'.

- 'Rchild, 'Achild' and 'Bchild' have to be desactivated rights, and they cannot never be used directly in an ACS.

- if 'A' is a metaright having an ACS right, getChildRightsSetFromParentAGORights() returns this ACS right in place of 'A'. BaseUtilityImpl.getChildRightsSetFromParentAGORights() may be overriden in an AcsAddon.

Returns:
a set of granting and denying metarights

getL_MapKeysForSpecializedRights

public static java.lang.String[] getL_MapKeysForSpecializedRights(ImmutableACS _acs,
                                                                  java.util.Collection _l_interfaces,
                                                                  java.lang.String _propertyName,
                                                                  java.lang.String _resourceType,
                                                                  java.lang.String _EPType)
Gets the map keys in any ACS which should be used to defined the specialized rights associated to a given ACSObject right property.

As map keys, examples of quartets (object.domain.key.subkey) are:

- 'Target.AclRights.Interface.Directory', for ACL rights when the target is a Directory instance

- 'Target.AccRights.Type.script', for Account rights when the target has the type 'script'

- 'Source.AccRights.Type.script', for Account rights when the source has the type 'script'

The object is Target or Source to indicate that these rights are for the target (or source) which has the correct interface or type.

The domain is one specific right category: 'AccRightsSet' and 'GpORightsSet' for Target only, 'AclRightsSet', 'PrvRightsSet', 'BdgRightsSet', 'RooRightsSet' for Source and Target.

The key is 'Interface' or 'Type' to indicate that the subkey belongs to one of these categories.

The subkey is an interface name or an EligibleParty type (or Resource type if Target), for which the specialized rights have to be used.

The order of search is:

- 'Target' keys then 'Source' keys,

- one specific right category keys,

- resource type keys, then EP type keys, then all interfaces with an order setting by Class.getInterfaces().

Called by BaseUtilityImpl.getL_AcsSpecializedRights(). Calls getAcsAddonExtensionSpecializedRightDomain().

Parameters:
_acs - ACS which manages these specialized rights. Never null.
_l_interfaces - is the set of interfaces and super-interfaces of a BaseObject class. Never null.
_propertyName - the name of the property.Never null. Has to contain 'Rights' since it is a right property.
_resourceType - is the type of the BaseObject as Resource. May be null.
_EPType - is the type of the BaseObject as EligibleParty. May be null.
Returns:
the array of the restricted values for the property. Null if there is no restricted values in _acs for these arguments.

getAcsAddonExtensionSpecializedRightDomain

public static java.lang.String getAcsAddonExtensionSpecializedRightDomain(ImmutableACS _acs,
                                                                          java.lang.String _propertyName)
Gets the specialized right domain when an AcsAddon defines a property right in its proper extension classes, if there are specific constraints on the allowed values through specialized rights. The alternative is to set the constraints on rights in the standard rights map of the ACS. Otherwise, the ACS vocabulary map contains the key ACSADDON_SPECIALIZED_RIGHT_DOMAINS to get the specialized domain among the values in L_SPECIALIZED_RIGHT_DOMAINS. Called by getL_MapKeysForSpecializedRights().

Parameters:
_acs - ACS which manages these specialized rights. Never null.
_propertyName - the name of the property. Never null. Has to contain 'Rights' since it is a right property.
Returns:
the specialized right domain. Null if there is no matching value.
See Also:
ACSADDON_SPECIALIZED_RIGHT_DOMAINS

getL_MapKeysStartsForSpecializedRights

public static java.util.List<java.lang.String>[] getL_MapKeysStartsForSpecializedRights()
This method returns the triplet (object.domain.key) of allowed values for the first three Strings in the quartet of Strings which is used as map key for specialized rights. Examples of quartets (object.domain.key.subkey) are:

- 'Target.AclRightsSet.Interface.Directory', for ACL rights when the target is a Directory instance

- 'Target.AccRightsSet.Type.script', for Account rights when the target has the type 'script'

- 'Source.AclRightsSet.Type.group', for ACL rights when the source has the type 'group'

The object is Target or Source to indicate that these rights are for the target (or source) which has the correct interface or type.

The domain is one right category: 'AccRightsSet' for Target only, 'GpORightsSet' for Target only, 'AclRightsSet' for Target only, 'BdgRightsSet', 'RooRightsSet' for root.

The key is 'Interface' or 'Type' to indicate that the subkey belongs to one of these sets. The subkey is not defines in this method.

Note: specialized rights for privileges in ACSImpl have the format 'PFType/PFLink.PrvRightsSet.Type.second type', which is derived from the key 'PFType/Link.SecondType.second type' returned by getL_MapKeysForPrivilegeRights(). Called by ACSFactoryImpl.addSpecializedRights().

Returns:
an array of three Lists containing the allowed String values for respectivly, objects, domains and keys in a map key

getL_MapKeysForPrivilegeRights

public static java.util.List<java.lang.String> getL_MapKeysForPrivilegeRights(ACSFactoryImpl _factory)
This method returns the allowed keys for the standard and for the specialized privilege rights:

- 'MainType.main type' for each of the 6 PrivilegeAbst main types, which sets the 7 keys 'PrivilegeRights.MainType.main type' for the standard rights in ACSImpl,

- 'PFType/PFLink.SecondType.second type' for the specialized rights, and there is a returned value for each typed privilege second type and each linked privilege second type.

Note: for the specialized rights, the format is close to the format delivered by getL_MapKeysForSpecializedRights().

Called by the wrapper ACSFactoryImpl.getL_MapKeysForPrivilegeRights() and addPrivilegeRights().

Parameters:
_factory - the ACSFactoryImpl, for which the 2 sets of privilege types are known
Returns:
list of the keys for the privilege rights

convertKeyOfPrivilegeRightsForNewACS

public static java.lang.String convertKeyOfPrivilegeRightsForNewACS(java.lang.String _privilegeKey)
From a key from the standard rights map or from the specialized rights map of an ACS, this method returns the associated key to use to configure the privilege rights in a new ACS, through the call to ACSFactoryimpl.addPrivilegeRights().

Parameters:
_privilegeKey - key from a standard rights map or a specialized rights map
Returns:
the key to use as argument for ACSFactoryimpl.addPrivilegeRights(). May be null.

getL_LimitedValuesForTypesAndExplorer

public static java.util.List<java.lang.String> getL_LimitedValuesForTypesAndExplorer(ACSFactoryImpl _acs,
                                                                                     java.lang.String _key)
Gets the specialized types which are allowed for a key in the types-and-explorer map, from the current types in the type lists of the ACSFactory. The returned map depends on the current ACSFactory structure only for UserIDs, GroupIDs, GroupID trees, Resources, AclEntries, Directories, Actors, VirtualFolders, PrivilegeForTypes and PrivilegeForLinks. The default value is always all the possible values, when there is no key to match. Caution: the 'GroupID' and 'GroupIDMember' keys return the values from the current list of the EligibleParty types, where some values may be forbidden by the ACS type policy. The 35 possible keys and their associated values are:

- 'Explorer.NoAcsNode', where the values have the format 'ACSTree.XXX', to forbid the display in the explorer, of some standard nodes: AclEntries, ACS rights, UserIDs, GroupIDs, Resource Virtual Folders, Eligible Party Virtual Folders, Privileges

- 'Explorer.SubAcsNode' sets some subACS nodes in the explorer from any current type starting with '<byAcsCreator> XXX' for Resources or EligibleParties, where the values have the format 'ResourceType.<byAcsCreator> XXX' or 'GroupType.<byAcsCreator> XXX', to specify the display under a dedicated node '<XXX_subacs>', of all the resources or groups having this relevant type. This type starting is reserved to these children in the explorer.

- 'Explorer.AcsGroupTree' sets some group root nodes in the explorer from any current type starting with '<byAcsCreator> YYY' for EligibleParties, where the values have the format 'GroupType.<byAcsCreator> YYY', to specify the display directly under a dedicated node '<YYY_tree>' of all the groupIDs having the relevant type. This type starting is reserved to these children in the explorer.

- 'CreationByBeamer.NoType' where the values are the types, to forbid the creation through the GUI, of ACSObjects having these types when they are Resource, EligibleParty, Directory, Actor, UserID, GroupID, or VirtualFolder

- 'GroupIDMember.NoMemberOf', where the values are the types of the GroupIDmembers for which the role of member of another group is forbidden

- 'GroupIDMember.IsNotConditionalAclSource', where the values are the types of the GroupIDmembers for which the conditional ACL is forbidden as source

- 'GroupID.NoPrimaryGroup', where the values are the types of the groups for which the role of primary group for an account is forbidden

- 'GroupID.NoMainGroup' where the values are the types of the groups for which the role of main group of a resource is forbidden

- 'GroupID.NoSecondaryGroup' where the values are the types of the groups for which the role of secondary group of an actor is forbidden

- 'GroupID.MemberFromAdmin' where the values are the types of the groups where every member has to be an administrator

- 'GroupID.NoUserIDAsMember' where the values are the types of the groups where every member has to not be an UserID

- 'GroupID.NoGroupIDAsMember' where the values are the types of the groups where every member has to not be a GroupID

- 'GroupID.NoMoreThanOneMember' where the values are the types of the groups where only one member is allowed

- 'GroupID.ConditionalAclGroup' where the values are the types of the groups which may be condition groups in some flexible or right-defined conditional ACLs

- 'Resource.OneRightACL' where the values are the types of the resources which handled only AclEntries with no or one right

- 'Resource.NoAccount' where the values are the types of the resources which do not handle an account as owner (a group is possible from parent)

- 'Resource.NoConditionalACL' where the values are the types of the resources which never handle flexible or right-defined conditional AclEntries

- 'Resource.NoNonConditionalACL' where the values are the types of the resources for which an AclEntry without condition group(s) is never operational

- 'Resource.OneConditionGroupInACL' where the values are the types of the resources which handled only conditional AclEntries with no or one condition group

- 'Actor.NoCurrentAccount' where the values are the types of the actors for which a current account is forbidden

- 'Actor.NoCurrentGroup' where the values are the types of the actors for which a current group is forbidden

- 'Actor.NoNullCurrentAccount' where the values are the types of the actors for which a current account is mandatory

- 'Actor.IsNotBridgeTarget' where the values are the types of the actors which cannot be bridge targets

- 'Actor.IsNotBridgeSource' where the values are the types of the actors which cannot be bridge sources

- 'Actor.IsNotConditionalAclSource', where the values are the types of the Actors for which the conditional ACL is forbidden as source

The following keys are always ended by an allowed type, after the last point: - 'GroupID.TypesOfMemberFor.allowed_GroupID_type' where the values are the allowed types of the members for a group having this type

- 'GroupIDMember.NoMoreThanOneGroup.allowed_GroupIDMember_type' where the values are the GroupID types for which the groupIDmember may be member of one group of this type at most

- 'GroupIDMember.RecommandedGroupsAsMember.allowed_GroupIDMember_type' where the values are the GroupID types for which a message recommands to the user to put the groupIDmember as member; there, it is not possible to describe some alternatives like 'group_type_onegroup_type_two', although it may done by program in an ACSFactoryImpl initialization

- 'Directory.TypesOfChildFor.allowed_Directory_type' where the values are the allowed types of the children for a Directory having this type, or if the type is 'NULL', for a Resource without parent

- 'VirtualFolder.TypesOfMemberFor.allowed_VirtualFolder_type' where the values are the allowed types of the members for a VirtualFolder having this type

- 'VirtualFolder.TypesOfChildFor.allowed_VirtualFolder_type' where the values are the allowed types of the children for a VirtualFolder having this type, or if the type is 'NULL', for a VirtualFolder without parent

- 'Resource.SecondTypesOfPrivilegeFor.allowed_Resource_type' where the values are the allowed second types of the privileges for a Resource having this type

- 'EligibleParty.SecondTypesOfPrivilegeFor.allowed_EligibleParty_type' where the values are the allowed second types of the privileges for an EligibleParty having this type

- 'VirtualFolder.SecondTypesOfPrivilegeFor.allowed_VirtualFolder_type' where the values are the allowed second types of the privileges for a VirtualFolder having this type

- 'Resource.TypesOfSourceForConditionalACL.allowed_Resource_type' where the values are the allowed EligibleParty types as source of a conditional ACL in a Resource having this type

Called by ACSFactoryImpl.getL_LimitedValuesForTypesAndExplorer() at the request to the StringMapPropertyEditor from the value returned by ACSFactoryImplBeanInfo.

Parameters:
_acs - the acs factory for which this method is called
_key - for the constrained values
Returns:
list of the allowed values. Never empty nor null.

getL_LimitedValuesForComponentNodes

public static java.util.List<java.lang.String> getL_LimitedValuesForComponentNodes(ACSFactoryImpl _acs,
                                                                                   java.lang.String _key)
This method defines the component nodes in the IS nametree: 'physical' and 'logical'. The return of 'physical' depends on the key and the acs parent. The two values are returned if the arguments are null. Called by StringMapPropertyEditor from the value returned by ACSFactoryImplBeanInfo, and by ActionNewACSsyst.

Parameters:
_acs - the acs factory which calls this method. May be null.
_key - for the constrained values. May be null.
Returns:
list of the allowed values. Never empty nor null.

getL_LimitedValuesForCompositeNodes

public static java.util.List<java.lang.String> getL_LimitedValuesForCompositeNodes()
This method defines the 3 types of composite nodes in the IS nametree: 'acs', 'acs.authorization_server' and 'subacs'. Called by StringMapPropertyEditor from the value returned by ACSFactoryImplBeanInfo. Caution: any change in this list should update ACSFactoryImpl.getL_LimitedValuesForBelongsToComposite() and addAlternate() because they test the value 'subacs'.

Returns:
list of the allowed values. Never empty nor null.

getL_LimitedValuesForSubAndGroupPolicy

public static java.util.List<java.lang.String> getL_LimitedValuesForSubAndGroupPolicy()
This method defines the subacs and the group root nodes in the GUI explorer. Called by ACSFactoryImpl for StringMapPropertyEditor. '<ResourceSubACS>' means that a node for this subACS has to be displayed directly under the Resources node, in the explorer. '<GroupSubACS>' for a subACS means that a node has to be displayed directly under the Groups node, in the explorer. '<GroupTree>' for a groups tree means that a group root node has to be displayed directly under the Groups node, in the explorer.

Returns:
list of the allowed values. Never empty nor null.

getL_LimitedValuesForAlternates

public static java.util.List<java.lang.String> getL_LimitedValuesForAlternates()
This method defines the alternate types, the right types for alternates and the options. Call ISFactoryUtilityImpl.getAlternateTypes(), getRightTypesForAlternate() and getOptionsForAlternate(). Only one alternate type should be chosen by the user, and there is no other costraint. Called by ACSFactoryImpl for StringTwoKeysMapPropertyEditor, from the value returned by ACSFactoryImplBeanInfo.

Returns:
list of the allowed values. Never empty nor null.

controlAlternateValues

public static java.lang.String controlAlternateValues(java.lang.String[] _l_values)
Controls the alternate values policy. Does not check the argument length, since this method may be used to control a partial array. The rules are:

- the first value is among the types in ISFactoryUtilityImpl.getAlternateTypes(),

- then, one or several right types among the types in ISFactoryUtilityImpl.getRightTypesForAlternate(),

- then, as options, one or several options in ISFactoryUtilityImpl.getOptionsForAlternate().

The test of the SWITCHING_ALTERNATE unicity for each right type is done in ACSFactoryImpl.addAlternate(), not here. Used by ACSFactoryImpl.addAlternate().

Parameters:
_l_values - for alternates. Never null and may be empty.
Returns:
null if the integrity rules are followed or if _l_values is empty, or return a message which explains the first integrity error.

getL_AcsAddonExtensionClassNames

public static java.util.List<java.lang.String> getL_AcsAddonExtensionClassNames(java.util.Map _m_vocabulary,
                                                                                java.lang.String _superClassName)
Returns the subclasses of a given super class, that are declared in the ACS vocabulary as extension classes in an AcsAddon gBase package. The super class must be one of the constants in L_CLASSIC_CLASS_KEYS. The super class may be a key in the vocabulary map to define an AcsAddon classic class, or it may be a generic gBase class.

For instance, in the AcsAddon Ubuntu package, 'Executable' is returned by this method as a subclass of 'Actor'. Called by ActionNewResource, ActionNewEligibleParty.

Parameters:
_m_vocabulary - from an ACSRun.getM_AcsVocabulary()
_superClassName - is a class that may have subclasses as extension classes in an AcsAddon gBase package.
Returns:
the reduced names of the extension classes that are subclasses of _className. May be empty but never null.
Throws:
java.lang.InternalError - if an argument is null or if _superClassName is not in L_CLASSIC_CLASS_KEYS
See Also:
ACSADDON_EXTENSION_CLASSES