ARoad0.gWorkInterface
Interface LinkRights

All Known Implementing Classes:
LinkRightsImpl, LinkRightsMySQLImpl, LinkRightsUbuntuImpl

public interface LinkRights

This interface provides detection and filtering operations about links and privileges for a given ACS. It operates on or return DisplayableLinkImpls, on the inherited rights and the typed privileges. An important service is the application of priority rules to filter a link after a comparison with the other links. This service may be defined for the AGO, ACL or Privilege rights. An another service is the handling of the rules for going down to a leaf through a tree. There is also the analysis of the Account/Group context of an Actor in a given DisplayableLinkImpl. No direct call to the ACS methods.

Each node in a view and each intermediate node has one LinkRights instance for each view it belongs to. The implementation classes of this interface have properties that depend only on the class of the node ACS, then 2 nodes of the same view should use the same LinkRights instance, even if it is not the actual behavior in all cases. But there is an exception for the methods that detects the Account and Addon priorities over all the links. They use RightsMediatorImpl.getAllLinkRights() which returns only one LinkRights instance per implied gWork package, and not one instance per view node. This is why the equals method is overridden in this interface. Each instance of LinkRights is called by only one thread. A node may be in several DisplayableLinks of the same view, but it has only one LinkRights instance for the view. The association between a node and its LinkRights instance is managed by the RightsMediatorImpl of the view.

Note : since the AGO rights are only inner rights of an ACS, and since all the nodes of an ACS have NodeRight instances that have the same behavior, it is possible for the AGO rights, and only for them, to use for a node, the NodeRight instance of another node from the same ACS. This is also true for VirtualFolder memberships, but not for the Bridge and Privilege rights.

It is used by the gWork and Gui2 classes.

See Also:
AccessControlLinkImpl

Field Summary
static int INITIAL_CAPACITY
           
 
Method Summary
 DisplayableLinkImpl addDisplayableLink(DisplayableLinkImpl _dLink, java.util.Map _upd_m_l_DisplayableLinks)
          This important method adds a DisplayableLinkImpl in the map, if it does not exist, or adds the rights of each AccessControlLink in the link, to the matched link in the map.
 java.util.Collection detectAccountPriorityInAllLinksAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
          This heavy method removes any DisplayableLink which contains an Account/Group relation while there is an Account in another DisplayableLink.
 boolean detectAccountPriorityInLastLinkAGORights(DisplayableLinkImpl _dLink, java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
          Applies the rule 'AGO right: A rights delete G rights' to a DisplayableLink that ends with the sequence source/groupIDMember/resource, through the analysis of a list of DisplayableLinkImpls.
 java.util.Collection detectAddonPriorityInAllLinksAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
          This heavy method is overridden by the AcsAddon, to remove any DisplayableLink which has an AcsAddon object, and contains an AGO right while there is a superior right in another DisplayableLink, following the applicable ACS rules of the AcsAddon ACS.
 java.util.Collection detectAddonPriorityInAllLinksNonAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
          This heavy method is overridden by the AcsAddon, to remove any DisplayableLink which has an AcsAddon object and contains an ACL or Privilege right, while there is a superior right in another DisplayableLink, following the applicable ACS rules of the AcsAddon ACS.
 boolean detectAddonPriorityInLastLinkAGORights(DisplayableLinkImpl _dLink, java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
          This method is overridden by the AcsAddon, to apply the ACS priority rules to a DisplayableLink that ends with an access target, for a given Addon ACS that owns this target, through the analysis of a list of DisplayableLinkImpls.
 boolean detectAddonPriorityInLastLinkNonAGORights(DisplayableLinkImpl _dLink, java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
          This method is overridden by the AcsAddon, to apply any priority rules to a DisplayableLink, about an ACL right or a Privilege right in the last AccessControlLink, through the analysis of a list of DisplayableLinkImpls.
 void finalizeForProcess()
          Finalizes the instance.
 boolean getDetectAddonPriorityInAllLinksAGORights()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop, and by detectOneHiddenNodeCompoundRights().
 boolean getDetectAddonPriorityInAllLinksNonAGORights()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop, and by detectOneHiddenNodeCompoundRights().
 boolean getDetectAddonPriorityInLastLinksAGORights()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the starting and central loops, and by detectOneHiddenNodeCompoundRights().
 boolean getDetectAddonPriorityInLastLinksNonAGORights()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the starting and central loops, and by detectOneHiddenNodeCompoundRights().
 java.util.List<PrivilegeSource> getEorL_SourcesForPrivilegeForType(PrivilegeForType _priv, ImmutableACS _acs)
          Gets all the PrivilegeSources using a given PrivilegeForType.
 java.util.List<PrivilegeTarget> getEorL_TargetsForPrivilegeForType(PrivilegeForType _priv, ImmutableACS _acs)
          Gets all the PrivilegeTargets using a given PrivilegeForType.
 boolean isSourceForPrivilegeForType(PrivilegeForType _priv, ImmutablePrivilegeSource _ps)
          Returns true if a PrivilegeSource uses a given PrivilegeForType.
 boolean isTargetForPrivilegeForType(PrivilegeForType _priv, ImmutablePrivilegeTarget _pt)
          Returns true if a PrivilegeTarget uses a given PrivilegeForType.
 java.util.Set<ImmutableGroupIDMember> updateAGrunningContext(DisplayableLinkImpl _upd_dLink)
          This important method updates the Account/Groups context of a DisplayableLinkImpl, either from the AG context of the last node having one, or from one of the following nodes in the same ACS, or, if there is no current AG context, through all the connected nodes from the same ACS.
 

Field Detail

INITIAL_CAPACITY

static final int INITIAL_CAPACITY
See Also:
Constant Field Values
Method Detail

getDetectAddonPriorityInAllLinksAGORights

boolean getDetectAddonPriorityInAllLinksAGORights()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop, and by detectOneHiddenNodeCompoundRights().

Returns:
true if the detectAddonPriorityInAllLinksAGORights method provides some work in this class.

getDetectAddonPriorityInAllLinksNonAGORights

boolean getDetectAddonPriorityInAllLinksNonAGORights()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop, and by detectOneHiddenNodeCompoundRights().

Returns:
true if the detectAddonPriorityInAllLinksNonAGORights method provides some work in this class.

getDetectAddonPriorityInLastLinksAGORights

boolean getDetectAddonPriorityInLastLinksAGORights()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the starting and central loops, and by detectOneHiddenNodeCompoundRights().

Returns:
true if the detectAddonPriorityInLastLinksAGORights method provides some work in this class.

getDetectAddonPriorityInLastLinksNonAGORights

boolean getDetectAddonPriorityInLastLinksNonAGORights()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the starting and central loops, and by detectOneHiddenNodeCompoundRights().

Returns:
true if the detectAddonPriorityInLastLinksNonAGORights method provides some work in this class.

addDisplayableLink

DisplayableLinkImpl addDisplayableLink(DisplayableLinkImpl _dLink,
                                       java.util.Map _upd_m_l_DisplayableLinks)
This important method adds a DisplayableLinkImpl in the map, if it does not exist, or adds the rights of each AccessControlLink in the link, to the matched link in the map. This is the main method to add a DisplayableLinkImpl to the map of a view, and CompoundRightsFactoryImpl.detectAcsLinks() is the only method to not use it. The merging of rights is done by DisplayableLinkImpl.mergeRightsWithoutFiltering().

Caution: the rights and the comments are merging if there is in the map a DisplayableLinkImpl with the same nodes, and the result is then this previous link. But there is no merging of the _dLink properties since the merging algorithm depends on the semantic of the property.

This method may be subclassed by the AcsAddon subclasses for filtering the adding of a DisplayableLinkImpl following the previous DisplayableLinkImpls in the map. Called by AgoRightsFactoryImpl, AclRightsFactoryImpl, PrivilegeRightsFactoryImpl and CompoundRightsFactoryImpl. Calls DisplayableLinkImpl.mergeRightsWithoutFiltering() and mergeCommentsWithoutFiltering().

Parameters:
_dLink - is the new link including some rights and to add to _upd_m_l_DisplayableLinks
_upd_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) to update.
Returns:
DisplayableLinkImpl in _upd_m_l_DisplayableLinks, which may be _dLink, or the similar link in _upd_m_l_DisplayableLinks, after the rights merging but without merging of the properties
See Also:
getDisplayableLink()

detectAccountPriorityInLastLinkAGORights

boolean detectAccountPriorityInLastLinkAGORights(DisplayableLinkImpl _dLink,
                                                 java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
Applies the rule 'AGO right: A rights delete G rights' to a DisplayableLink that ends with the sequence source/groupIDMember/resource, through the analysis of a list of DisplayableLinkImpls. This is the LinkRights instance of the last resource.

If the last sequence is source/userID/resource in _dLink, this method removes any DisplayableLink in the list containing a sequence source/groupID/resource with the same source and resource, and the method returns false to say there is no priority that forbids the use of the argument _dLink as a valid link. Otherwise, with this last sequence, the method returns true.

If the last sequence is source/groupID/resource in _dLink, and if there is a DisplayableLink in the list containing a sequence source/userID/resource with the same source and resource, then the method returns true to say there is a priority that forbids the use of the argument _dLink as a valid link. Otherwise, with this last sequence, the method returns false.

The OWNER path may be without workable rights, since the account remains there the single applicable relation. Called by detectPriorityInLastLinkAllRights( and AgoRightsFactoryImpl.detectHiddenChainedGroupsRights().

Parameters:
_dLink - with a Resource as as node of this instance and as second end, and a groupIDMember just before the last node. Returns true if null, empty or with less than 3 nodes. Its AccessControlLinks are not analyzed.
_upd_l_dLinks - to analyze and update, all with the same two ends of _dLink. Returns false if it is null or empty. It may be updated only if _dLink contains an UserID as node before the last node. The last AccessControlLink of each DisplayableLinkImpl is analyzed for the types OWNER and CONTAIN. May contain the argument _dLink that is then ignored. May be null.
Returns:
true if _dLink is not a valid link
Throws:
java.lang.InternalError - with a list having links without the _dLink 2 ends, or _dLink does not have a groupIDMember as node just before the last one

detectAddonPriorityInAllLinksAGORights

java.util.Collection detectAddonPriorityInAllLinksAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
This heavy method is overridden by the AcsAddon, to remove any DisplayableLink which has an AcsAddon object, and contains an AGO right while there is a superior right in another DisplayableLink, following the applicable ACS rules of the AcsAddon ACS. Caution: a smaller DisplayableLink may be in a list after a longuer DisplayableLink. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final search if getDetectAddonPriorityInAllLinksAGORights() returns true.

Parameters:
_l_dLinks - DisplayableLinkImpls to analyze, all with the same two ends or not, where this LinkRights is for one of the node in at least one DisplayableLinkImpl. Not null.
Returns:
the updated argument

detectAddonPriorityInAllLinksNonAGORights

java.util.Collection detectAddonPriorityInAllLinksNonAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
This heavy method is overridden by the AcsAddon, to remove any DisplayableLink which has an AcsAddon object and contains an ACL or Privilege right, while there is a superior right in another DisplayableLink, following the applicable ACS rules of the AcsAddon ACS. Caution: a smaller DisplayableLink may be in a list after a longuer DisplayableLink. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final search if getDetectAddonPriorityInAllLinksNonAGORights() returns true.

Parameters:
_l_dLinks - DisplayableLinkImpls to analyze, all with the same two ends or not, where this LinkRights is for one of the node in at least one DisplayableLinkImpl. Not null.
Returns:
the updated argument

detectAddonPriorityInLastLinkNonAGORights

boolean detectAddonPriorityInLastLinkNonAGORights(DisplayableLinkImpl _dLink,
                                                  java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
This method is overridden by the AcsAddon, to apply any priority rules to a DisplayableLink, about an ACL right or a Privilege right in the last AccessControlLink, through the analysis of a list of DisplayableLinkImpls. The Privilege rights on a VirtualFolder is an exception, since there is no call to this method for them in the xxxRightsFactoryImpl generic methods. But the near method detectAddonPriorityInAllLinksNonAGORights() may be applied to the Privilege rights on a VirtualFolder. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop if getDetectAddonPriorityInLastLinksNonAGORights() returns true, for the central iteration and the final search, and for a collection of DisplayableLinkImpls having from 2 to N+2 nodes.

Parameters:
_dLink - where the second end is the node of this instance. Returns true if null, empty or with less than 3 nodes.
_upd_l_dLinks - to analyze and update, all with the same two ends of _dLink. Returns false if it is null or empty. It may be updated. May contain the argument _dLink that is then ignored. May be null.
Returns:
true if _dLink is not valid

detectAddonPriorityInLastLinkAGORights

boolean detectAddonPriorityInLastLinkAGORights(DisplayableLinkImpl _dLink,
                                               java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
This method is overridden by the AcsAddon, to apply the ACS priority rules to a DisplayableLink that ends with an access target, for a given Addon ACS that owns this target, through the analysis of a list of DisplayableLinkImpls. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop if getDetectAddonPriorityInLastLinksAGORights() returns true, for the central iteration and the final search, and for a collection of DisplayableLinkImpls having from 2 to N+2 nodes.

Parameters:
_dLink - where the second end is the node of this instance.
_upd_l_dLinks - to analyze and update, all with the same two ends of _dLink. Returns false if it is null or empty. It may be updated. May contain the argument _dLink that is then ignored. May be null.
Returns:
true if _dLink is not valid
Throws:
java.lang.InternalError - with some ACS-specific errors

detectAccountPriorityInAllLinksAGORights

java.util.Collection detectAccountPriorityInAllLinksAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
This heavy method removes any DisplayableLink which contains an Account/Group relation while there is an Account in another DisplayableLink. Applies the rule 'AGO right: A rights delete G rights' to a DisplayableLink that ends with the sequence source/groupIDMember/resource. The 'owner' path may be without workable rights. The DisplayableLinkImpl analysis is based on the identity of the nodes in 2 links ('==' operator). The 2 types of DisplayableLinkImpl to remove are listed hereafter:

- in dLink to remove, there is a node triplet (ep)-RUN_UNDER or IS_MEMBER- (groupid)-CONTAIN-(resource), and in some dLink2, there is a node triplet (same ep)-RUN_UNDER-(userid)-OWNER-(same resource);

- in dLink to remove, there is a node triplet (userid)-IS_MEMBER-(groupid)-CONTAIN-(resource), and in some dLink2, there is a node couple (same userid)-OWNER-(same resource).

Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop.

Parameters:
_l_dLinks - DisplayableLinkImpls to analyze, all items with the same two ends, where this LinkRights is for one of the node in at least one DisplayableLinkImpl. Not null.
Returns:
the updated argument.

updateAGrunningContext

java.util.Set<ImmutableGroupIDMember> updateAGrunningContext(DisplayableLinkImpl _upd_dLink)
                                                             throws ProcessError
This important method updates the Account/Groups context of a DisplayableLinkImpl, either from the AG context of the last node having one, or from one of the following nodes in the same ACS, or, if there is no current AG context, through all the connected nodes from the same ACS. For instance, this method allows to implement that for a 3-nodes path 'ep/privilege/actor started from xid/alias/virtual folder', if the intermediate actor runs under the account U and the group G, the generic rule is that the rights of 'ep' on the virtual folder members depend on the U and G rights, and does not depend on the 'ep' AG context. The AG context is a set of GroupIDMembers that may contain, first, an optional couple (UserID, GroupID), and, second, a list of optional GroupIDs.

This method has to be called before the use of the AG context of the second end. This means that it the DisplayableLinkImpl has to be updated each time the paths search finds an actor running under its own AG context, or if the context is no more propagated. It is recommanded because the AG context may be needed for analyzing the next nodes of the path. This calling rule is also true for the AcsAddon path search methods. If it is done, any AcsAddon paths search method may read the current AG context of a DisplayableLinkImpl passed in as argument. If it is not done in an AcsAddon, the AcsAddons of the next nodes should call the generic method DisplayableLinkUtilities.getSecondEndAGcontext() to set the AG context properly.

If the DisplayableLinkImpl contains only nodes from one ACS, there is one LinkRights instance to use. One call to this method provides a complete result. Otherwise, if the nodes are from different ACSs, the caller of this method has to define a sequence of calls to this method on different LinkRights instances. The aim is to process each node in the right instance and the proper order. In the returned DisplayablelinkImpl, the AG context current position is on the last node to have been analyzed. This position is ridden by the caller to define the next LinkRights instance on which this method has to be called, for the next node(s) to analyze. When this current position is the second end of the DisplayableLinkImpl, the work is completed.

Parameters:
_upd_dLink - the node after the node having the AG context, if any, is the node of this instance. Never null. Its properties may be updated by this method. The AG context position is set to the last node having been analyzed.
Returns:
set of one UserID and some GroupIDs, as the AG context of the second end of the argument. May be null but never empty.
Throws:
ProcessError - if a node is not an ACSObject, if an AccessControLink is applied to a node that has not the right class.

finalizeForProcess

void finalizeForProcess()
Finalizes the instance. Called by RightsMediatorImpl.finalizeForProcess().


isSourceForPrivilegeForType

boolean isSourceForPrivilegeForType(PrivilegeForType _priv,
                                    ImmutablePrivilegeSource _ps)
Returns true if a PrivilegeSource uses a given PrivilegeForType. The word 'immutable ' is never taken in account in the type comparison.

Parameters:
_priv - to test
_ps - to test
Returns:
true if _ps is a source for _priv

isTargetForPrivilegeForType

boolean isTargetForPrivilegeForType(PrivilegeForType _priv,
                                    ImmutablePrivilegeTarget _pt)
Returns true if a PrivilegeTarget uses a given PrivilegeForType. The word 'immutable ' is never taken in account in the type comparison.

Parameters:
_priv - to test. Not null.
_pt - to test. Not null.
Returns:
true if _ps is a target for _priv

getEorL_SourcesForPrivilegeForType

java.util.List<PrivilegeSource> getEorL_SourcesForPrivilegeForType(PrivilegeForType _priv,
                                                                   ImmutableACS _acs)
Gets all the PrivilegeSources using a given PrivilegeForType. This method may produce a heavy processing load if there are many EligibleParties in the ACS. The key word 'immutable' is never taken in account.

Parameters:
_priv - privilege. Returns an empty list if null, empty, from another ACS.
_acs - the privilege acs
Returns:
List of PrivilegeSources. May be empty, but never null.

getEorL_TargetsForPrivilegeForType

java.util.List<PrivilegeTarget> getEorL_TargetsForPrivilegeForType(PrivilegeForType _priv,
                                                                   ImmutableACS _acs)
Gets all the PrivilegeTargets using a given PrivilegeForType. This method may produce a heavy processing load if there are many resources in the ACS. The key word 'immutable' is never taken in account.

Parameters:
_priv - privilege. Returns an empty list if null, empty, from another ACS
_acs - the privilege acs
Returns:
List of PrivilegeTargets (Resources or VirtualFolders). May be empty, but never null.