|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.ObjectARoad0.gBase.AclEntryImpl
public class AclEntryImpl
This important class is responsible for modeling an access control entry which manages some access rights or some access restrictions from an eligible party to a resource. An AclEntry is external if its eligible party or its resource is from an ACS which is not the ACS of the AclEntry. It is possible to have a third ACS for the other end. It is not possible to have the same ACS for the two ends and another ACS for the ACL. For an internal ACL, the ACL ACS is the ACS of the two ends. An AclEntry is conditional when it uses some condition group(s). There are two types of conditional AclEntry, the simple-condition (or flexible) ACL and the right-condition ACL. A conditional ACL is for a GroupIDMember or an Actor (new in 0.7.1) as source. An external ACL may be conditional. Then, it cannot have more than one condition group, and this group has to belong to the ACS of one of the two ends (it may not be the ACL ACS). An ACS cannot manage both the external AclEntries and the external linked Privileges. A resource in an ACS addon may inherit the ACL of its (in)direct parent(s), following the inheritance rules of the ACS addon.
The condition group(s) belong to the ACL source ACS or to the ACL target ACS. In most of the cases, the rights activation may be handled internally by the conditional AclEntry, except for an Actor as source of a conditional ACL, because the Actor AG context drives the rights activation, and it depends then on the access path into which the Actor is currently considered.
An AclEntry is created and managed by its resource, and it is deleted when the eligible party or the resource is deleted, or the condition group if it is mandatory. A non-conditional AclEntry cannot become a conditional one, and a conditional AclEntry can become a non-conditional one only if it is a right-condition ACL. A simple-condition (or flexible) AclEntry is uniquely defined by the set (its ACS, its Resource, its EligibleParty, first condition GroupID, sens of the rights). The first condition GroupID is mandatory at the creation only if it is a simple conditional AclEntry. The other types of AclEntry are uniquely defined by the set (its ACS, its Resource, its EligibleParty, sens of the rights). This is why a right-condition AclEntry may change its condition groups if the ACS policy authorizes the operation. The sens of the rights is immutable after the creation of the AclEntry, and any right changing has to comply with this sens.
In a conditional ACL with a GroupIDMember source, the effective rights the ACL delivers through getL_Rights() are not empty only if the ACL source is a direct or indirect member of each condition group. In a conditional ACL with an Actor source (new in 0.7.1), the rights the ACL delivers through getL_Rights() are the internal rights, not the effective rights, since the ACL cannot know the AG context of its source. In that second case, the effective rights are set by the access paths search, outside this gBase package. For such a conditional ACL, the value of the property 'Enabled rights' is always 'true'.
An external AclEntry has only one condition group, while all the types of internal AclEntry may have several condition groups if the ACS policy permits it. An AclEntry is simple-condition (or flexible) simply when the user selects one first condition group at the creation of the AclEntry. An AclEntry is right-defined conditional (or right-condition) when it uses a conditional right at the creation. Such a right includes the reference to one or several groups like in the Linux right 'authorize<IF><Console><IF><ActiveSession>'.
The ACL source (an EligibleParty) is implied in the ACL-rights policy only if it is internal, that is, if it belongs to the ACL ACS. Otherwise, only the resource type is taken in account for getting the allowed rights by the ACL ACS, not by the resource ACS. As these rights depend on the resource type (and sometimes the EP type), and since these objects may be external to the ACL ACS, the ACL-rights policy in the ACL ACS has to be defined in accordance to these external types. If the ACL ACS right policy define no rights, the AclEntry cannot have any right. For a conditional ACL, it is also true if a condition group cannot, through the policy types, have the ACL source as member, or an item of the ACL Actor AG context.
Performance limitation: if the AclEntry GroupIDMember source is not a member of one condition group, it is necessary to listen the changes in the membership relations to update the effective rights, if the source becomes an indirect member of the condition group. This listening along a chain of groups is applied to all the groups for which the source is indirect member. However, the distance of these listened groups to the source, that is the number of intermediate groups, has to be inferior to 5. Otherwise, a new indirect membership is not detected immediately by Access Road, and the view cannot be updated. The indirect membership detection is always correct at the opening of a view, whatever the distance source/condition group. This performance limitation is not applicable when the source is an Actor, because the AG context of the acccess path is then updated at each relevant property change.
The right-defined conditional AclEntry defines its condition group(s) through the single StringRight of the AclEntry. This right has to contain the word 'IF' before the name(s) of the condition group(s). Such a right is not a metaright. It is an ACS right which is created at the ACS construction. In this case, the condition groups may be changed by the user after the ACS creation, if the ACS has other conditional rights. The flexible conditional (simple-condition) AclEntry has its first condition group selected by the user at the creation of the AclEntry. Other condition group(s) may be added to a flexible AclEntry if the AclEntry is not external.
To process the inherited AclEntry, it is mandatory to code in an AcsAddon how the Directory creates and removes the inherited AclEntry in its direct children. This may include the choice of the ACL and the child, and the definition of an order to select them in each target. The default behavior, in this generic class, is to inherit all the applicable AclEntries, and to sum up all the rights. After the inherited object creation to code in an AcsAddon, the right updating of the inherited object is handled by the generic DirectoryImpl class, at every change on the AclEntry rights or on the condition groups.
An AclEntry has no type, so it is not possible to set it immutable for the user, contrary of a Privilege. But the AclEntry instance and its rights are immutable if its Resource or its EligibleParty is immutable. The condition groups may be edited, even with an immutable group, but not the first condition group in a flexible conditional AclEntry. The right-condition AclEntry is used in the RBAC application. The flexible conditional AclEntry is managed for example in the MySQL ACS, for handling the database and the host MySQL rights. It is an alternative to the LINKED_IF_ALL_SOURCES privilege. The main differences are (1) the ACL rights may be changed by the user, (2) the conditional AclEntry is focused to deliver rights to one source which has to be member of all the condition groups, and through its AG context if it is an Actor.
The use of conditional AclEntries may be reserved to some types of Resource by the ACS type policy. For the GroupIDMember or Actor, the use of AclEntries may be constrained only through the specialized rights, not by the type policy. About the ACL targets, a conditional ACL may be forbidden or set mandatory for some resource types. A given type of resource may have constraints on the allowed sources of its conditional AclEntries. If the ACS type policy enforces it, the resource may have only conditional ACLs. A StringRight may be controled by the ACS specialized rights on AclEntries.
All these rules on the ACSObject type policy are handled through keys as followings:
- 'GroupID.ConditionalAclGroup' where the values are the types of the groups which may be condition groups in some flexible or right-defined conditional ACLs
- 'Resource.OneRightACL' where the values are the types of the resources which handled only AclEntries with no or one right
- 'Resource.NoConditionalACL' where the values are the types of the resources which never handle flexible or right-defined conditional AclEntries
- 'Resource.NoNonConditionalACL' where the values are the types of the resources for which an AclEntry without condition group(s) is never operational
- 'Resource.OneConditionGroupInACL' where the values are the types of the resources which handled only conditional AclEntries with no or one condition group
- 'GroupIDMember.IsNotConditionalAclSource', where the values are the types of the GroupIDmembers for which the conditional ACL is forbidden as source
- 'Actor.IsNotConditionalAclSource', where the values are the types of the Actors for which the conditional ACL is forbidden as source
- 'Resource.TypesOfSourceForConditionalACL.allowed_Resource_type' where the values are the allowed EligibleParty types as source of a conditional ACL in a Resource having this type
If the ACS type policy 'Resource.NoNonConditionalACL' enforces the resource to have only conditional ACLs and if there is no conditional right and no condition group at the creation of the AclEntry, the constructor assumes it is a right-defined conditional ACL, or, if it is not allowed, throws an exception. For a right-defined conditional ACL, the constructor sets then an empty array of rights and no exception is thrown. After the creation of the AclEntry, the user may set directly the conditional right to produce the derived condition group(s).
This class is a javabean with the following bound properties: 'Comment', 'AclRights', 'ConditionSourceGroups'.
The listeners are proper to this instance. Excepting for EPRViewInBaseImpl, they are outside gBase, they are transient (not serialized in this instance backup). They are called in any order. They receive only a copy of the new value, to protect the property. All the exceptions from the listeners are catched, and a dialog box is displayed to inform the user.
This class has several subclasses in the AcsAddon packages. Most of the variables are protected.
Resource.addAclEntry(ARoad0.gBaseInterface.ImmutableACS, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.StringRight[], java.lang.Boolean, ARoad0.gBaseInterface.ImmutableGroupID)
,
Serialized FormField Summary | |
---|---|
protected ImmutableACS |
aCS_
|
protected ImmutableName |
acsName_
|
private java.beans.PropertyChangeSupport |
changeSupport_
manage all the property change listeners |
protected java.lang.String |
comment_
|
protected java.lang.String |
detailledName_
|
static AclEntryImpl |
EMPTY_INSTANCE
A reusable empty instance for initialization, to avoid the use of 'new' for temporary values. |
protected ImmutableEligibleParty |
ep_
|
protected ImmutableName |
epName_
|
protected static int |
INITIAL_CAPACITY
|
protected java.util.ArrayList<ImmutableGroupID> |
l_ConditionSourceGroups_
To activate the ACL rights, the EP has to be member of the GroupIDs in this list. |
protected StringRight[] |
l_right_
|
protected ImmutableName |
nameOfEpAcs_
|
protected ImmutableName |
nameOfResAcs_
|
protected boolean |
positiveRight_
|
private static int |
PRIME
|
protected ImmutableACS |
resACS_
|
protected ImmutableName |
resName_
|
protected java.lang.String |
resType_
|
static java.io.ObjectStreamField[] |
serialPersistentFields
variable for the JDK 2 serialization "aCS_",ACSImpl.class, "resACS_",ACSImpl.class, "resName_",NameImpl.class, "resType_",String.class, "acsName_",NameImpl.class, "nameOfResAcs_",NameImpl.class, "epName_",NameImpl.class, "nameOfEpAcs_",NameImpl.class, "ep_",EligiblePartyImpl.class, "l_right_",String[].class, "positiveRight_",Boolean.TYPE, "comment_",String.class, "l_ConditionSourceGroups_",ArrayList.class "detailledName_",String.class |
private static long |
serialVersionUID__
|
Constructor Summary | |
---|---|
|
AclEntryImpl()
Constructor to use only as a transient value for initialization, or used from ARoad0.gBase.AclEntryImplBeanInfo.getPropertyDescriptors() in ARoad0.Gui1.CollectionPropertyEditor.getValue(). |
protected |
AclEntryImpl(ImmutableACS _aCS,
ImmutableResource _res,
ImmutableEligibleParty _ep,
StringRight[] _l_right,
boolean _positiveRight,
ImmutableGroupID _conditionGroup)
This is the standard way to create an instance, only from a resource in gBase. |
Method Summary | |
---|---|
protected void |
addConditionSourceGroup(ImmutableGroupID _grp)
Adds a condition group without controls. |
void |
addForUserConditionSourceGroup(ImmutableGroupID _grp)
This method is to use only for the flexible conditional ACL, and if there is alrady a non-null first condition group set by the constructor. |
void |
addPropertyChangeListener(java.beans.PropertyChangeListener _l)
Add a listener to the bean. |
void |
addPropertyChangeListener(java.lang.String _propertyName,
java.beans.PropertyChangeListener _l)
Add a listener to the bean. |
static java.lang.String |
buildUpDetailledName(ImmutableName _epName,
ImmutableName _resName,
boolean _positiveRight,
java.lang.String _conditionGroupName)
This method creates the detailled name of an internal AclEntry, that is unique in its ACS, and it provides the preprocessing of the detailled name for an external AclEntry. |
java.lang.Object |
clone()
Called by removeEorAclEntry() in the events firing. |
int |
compareTo(java.lang.Object o)
Based on the AclEntry name comparisons on the EP first, and then on the Resource, if the EP names are equals. |
AclEntry |
copy(Resource _newRes)
Copy the AclEntry for a resource of the same ACS. |
protected AclEntry |
copyForExternal()
Called by ACSImpl.closeAclEntriesTo() only for the external ACLs, when the links to other ACS have to be cut and cloned. |
boolean |
equals(java.lang.Object _obj)
This method returns true for a clone, even if it has no direct references to its ACS, resource or EP. |
protected void |
finalizeClosedAcl()
This method allows the detection by the garbage collector of unused closed ACLs, or copied ACLs through copyForExternal(), after the closing of their ACS, or after the deleting of their resource or eligible party. |
void |
finalizeForBase()
Currently unused method, that is from the DetailledName interface. |
void |
finalizeForUser()
Currently unused method, that is from the DetailledName interface. |
protected void |
finalizeForUser(short _epCount)
Replacing finalizeForBase() and finalizeForUser(), this method removes the AclEntry from the aclConnectedResources map of its EligibleParty, and from the list of its ACS. |
protected void |
firePropertyChange(java.lang.String _propertyName,
java.lang.Object _oldValue,
java.lang.Object _newValue)
Fire an event to every registered listener, in any order. |
ImmutableName |
getAcsName()
Caution: does not return a clone. |
java.lang.String |
getComment()
|
java.lang.String |
getDetailledName()
This method returns the detailled name for the explorer, which gives the key components of the object, without the acs name. |
java.lang.String |
getDetailledNameFromName(ImmutableName _name)
Gets the detailled name from the AclEntry name, like a static method since the AclEntry properties are not used. |
boolean |
getEnabledRights()
Gets false only for a conditional AclEntry where the GroupIDMember source is not (in)direct member of a condition group. |
ImmutableACS |
getEorACS()
Returns null for a clone or a finalized instance. |
ImmutableEligibleParty |
getEorEP()
Returns null for a clone or a finalized instance. |
ImmutableACS |
getEorResACS()
|
ImmutableResource |
getEorResource()
Gets the resource through a call to the ACS map, so quite slow. |
ImmutableName |
getEpName()
Caution: does not return a clone. |
ImmutableName |
getFullName()
The full name is unique for the Access Road program. |
ImmutableName[] |
getKeyPropertiesFromDetailledName(java.lang.String _displayedName)
Extracts the resource name first, and the EligibleParty name in the detailled name of an AclEntry, then the right sens and, if not null, the first condition group name. |
static ImmutableName[] |
getKeyPropertiesFromName(ImmutableName _aclName)
Gets the component names from the AclEntry name. |
static java.lang.Object[] |
getKeyReferencesFromName(ImmutableName _aclName)
Gets the 4 or 5 AclEntry main components from the AclEntry name. |
java.util.List<ImmutableGroupID> |
getL_ConditionSourceGroups()
To activate the ACL rights in a conditional AclEntry, the EP is a GroupIDMember, and it has to be a member of each condition GroupID. |
StringRight[] |
getL_Rights()
Gets the effective rights for the eligible party upon the resource. |
ImmutableName |
getName()
Gets the BaseObject name of the AclEntry from getNameFromDetailledName(). |
ImmutableName |
getNameFromDetailledName(ImmutableACS _acs,
java.lang.String _detailledName)
Extracts the BaseObject name from the detailled name of an AclEntry. |
ImmutableName |
getNameOfEpACS()
Caution: does not return a clone. |
ImmutableName |
getNameOfResACS()
Caution: does not return a clone. |
java.lang.String |
getNickName()
This short name is NOT unique for the Access Road program nor the ACS if it is an ACS object. |
StringRight[] |
getNoConditionalRight()
Gets the list of the internal conditional or no-conditional rights for the EligibleParty upon the Resource, whatever the compliance to the conditions if there are some conditional groups. |
boolean |
getPositiveRight()
|
java.beans.PropertyChangeListener[] |
getPropertyChangeListeners(java.lang.String _propertyName)
Returns the change listeners for a property. |
static ImmutableName[] |
getPropertyNamesFromName(java.lang.String _aclName)
Gets the main components names from the aclEntry name as a string, returned by toString(). |
ImmutableName |
getResName()
Caution: does not return a clone. |
java.lang.String |
getResType()
To use when it is possible to replace getEorResource(). |
long |
getSerialVersionUID()
Return long value for serialization |
java.lang.String |
getSource()
Gets the access source displayed in the beamer. |
java.lang.String |
getTarget()
Gets the access target displayed in the beamer. |
int |
hashCode()
|
boolean |
isConditionalAclEntry()
Gets true for a right-defined or a flexible conditional AclEntry. |
boolean |
isEmpty()
|
boolean |
isExternalAclEntry()
An external ACL has the source or the target from another ACS than the ACL ACS. |
boolean |
isRightDefinedConditionalAclEntry()
Gets true for a right-defined conditional AclEntry. |
protected void |
removeConditionSourceGroup(ImmutableGroupID _grp)
Removes a condition group. |
void |
removeForUserConditionSourceGroup(ImmutableGroupID _grp)
To activate the ACL rights, the EP has to be member of the condition GroupIDs, if it is a GroupIDMember. |
void |
removePropertyChangeListener(java.beans.PropertyChangeListener _l)
remove a listener to the bean. |
void |
removePropertyChangeListener(java.lang.String _propertyName,
java.beans.PropertyChangeListener _l)
remove a listener to the bean. |
protected void |
resetRightsAsInheritedAclEntry()
If the target is a Directory in an ACS that manages the ACL inheritance, calls Directory.resetInheritedAclEntryRightsOfChildren(), to reset the effective rights in the inherited AclEntry map of each Directory child. |
void |
setComment(java.lang.String _s)
Set any comment related to this AclEntry. |
protected int |
setConditionSourceGroupsFromRights()
Main method to update the right-defined condition group at every rights updating. |
protected void |
setL_Rights(StringRight[] _st)
Sets the rights of the AclEntry, from which the effective rights given by getRight() are derived. |
void |
setL_RightsForUser(StringRight[] _st)
Sets the rights of the AclEntry, from which the effective rights given by getRight() are derived. |
java.lang.String |
toString()
The form is 'Eligible party: KKKK+ , ACL ACS: GGG + ; Resource: DDDD+ Right(s): bbbb| vvvv| nnnn + positive right: true/false"+ Condition groups: UUUU| OOOO| . |
Methods inherited from class java.lang.Object |
---|
finalize, getClass, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
private static final long serialVersionUID__
private static final int PRIME
protected static final int INITIAL_CAPACITY
protected java.lang.String detailledName_
protected ImmutableACS aCS_
protected ImmutableACS resACS_
protected ImmutableName resName_
protected java.lang.String resType_
protected ImmutableEligibleParty ep_
protected ImmutableName acsName_
protected ImmutableName epName_
protected ImmutableName nameOfResAcs_
protected ImmutableName nameOfEpAcs_
protected StringRight[] l_right_
protected boolean positiveRight_
protected java.lang.String comment_
protected java.util.ArrayList<ImmutableGroupID> l_ConditionSourceGroups_
public static final AclEntryImpl EMPTY_INSTANCE
private transient java.beans.PropertyChangeSupport changeSupport_
public static final java.io.ObjectStreamField[] serialPersistentFields
Constructor Detail |
---|
public AclEntryImpl()
protected AclEntryImpl(ImmutableACS _aCS, ImmutableResource _res, ImmutableEligibleParty _ep, StringRight[] _l_right, boolean _positiveRight, ImmutableGroupID _conditionGroup) throws CreateError
An AclEntry is right-defined conditional when it uses a conditional right. An AclEntry is simple (or flexible) conditional when the user set an immutable condition group as argument of the AclEntry constructor. A simple-condition AclEntry is uniquely defined by the set (its ACS, its Resource, its EligibleParty, first condition GroupID, sens of the rights). The first condition GroupID is mandatory at the creation only if it is a simple conditional AclEntry. The other types of AclEntry are uniquely defined by the set (its ACS, its Resource, its EligibleParty, sens of the rights).
The constructor calls the method setL_Rights() to control and setup the rights. If the ACL source is not external, it is used for getting the rights policy from the ACL ACS. In all cases, the ACL target is used to get them. In a right-defined conditional ACL, the method setL_Rights() sets the condition groups. The error messages for the user are as following:
- An external conditional AclEntry must have its Eligible Party ACS or its Resource ACS being its condition group ACS.
- This ACS does not manage the simple-condition AclEntries, into which the rights are activated only if the right user is member of all the condition group(s);
- A condition group has to be from the source ACS or from the target ACS.
- With the type policy 'Resource.NoConditionalACL', the ACS forbids this Resource type as target of a simple-condition AclEntry.
- With the type policy 'GroupIDMember.IsNotConditionalAclSource', the ACS forbids this UserID or GroupID type as source of a simple-condition AclEntry.
- No conditional right in a simple-condition AclEntry, since the condition groups are directly set.
Called only by ResourceImpl.
_aCS
- open controller which owns this AclEntry. May be the main ACS
of _res, or not. If not, is recorded as ACS controller of this main ACS._res
- External Object Reference to the resource._ep
- External Object Reference to the EligibleParty, which
may belong to another ACS. Has to be a GroupIDMember if it is a conditional AclEntry._l_right
- is an array of rights for _ep on _res. Create an empty array
with a length of 1 if the argument is null or if its first element is null
(even if there is a second non-null element). Controls if the rights are
allowed by the ACS and if not, the rights are not set. For a right-defined
conditional AclEntry, only one right is allowed._positiveRight
- is true if the rights are oriented to grant,
and false if they are oriented to deny. _l_right is checked._conditionGroup
- first condition group. May be null. If null, no condition
group may be added directly after the AclEntry creation. If not null, _l_right
cannot contain a conditional right.
CreateError
- if (_res or _ep).getName() or (_res or _ep).getEorACS() is null,
if _ep is not an EligiblePartyImpl nor an ActorImpl, if _right has not the sens
of _positiveRight, or if they are conditional and more than one, or more than
one right when the acs forbids it, or external.Method Detail |
---|
public static final java.lang.String buildUpDetailledName(ImmutableName _epName, ImmutableName _resName, boolean _positiveRight, java.lang.String _conditionGroupName) throws CreateError
- incomplete Eligible Party name >> incomplete Resource name || grant OR deny || first condition group last component.
For an external ACL, the format of the detailled name is as following:
- ACS: ACS_name | (full or incomplete) Eligible Party name >> (full or incomplete) Resource name || grant OR deny || <Source ACS group> OR <Target ACS group> || first condition group last component.
An Eligible Party or Resource name is incomplete if it belongs to the AclEntry ACS. The condition group is put in the name or the detailled name only for a flexible conditional AclEntry. '<XXXX ACS group>' is used only for an external ACL, when the condition group belongs to the Source or Target (XXXX) ACS.
_epName
- name of the EligibleParty, without its ACS name. Never null nor empty._resName
- name of the Resource, without its ACS name. Never null nor empty._positiveRight
- is true for a granting right, false for a denying one_conditionGroupName
- first condition group name last component. May be null.
CreateError
- if a name is null or emptypublic java.lang.String getDetailledName()
(full or incomplete) Eligible Party name >> (full or incomplete) Resource name || grant/deny || first condition group last component.
The condition group is put in the name or the detailled name only for a flexible conditional AclEntry. The EP and Resource names may be incomplete because the detailled name includes the ACS names of the Resource/EP only if the ACL is external, and it means that at least one of the two EP/Resource ACS is not the ACL ACS. Works on cloned aclEntries.
getDetailledName
in interface DetailledName
getKeyPropertiesFromDetailledName(java.lang.String)
public ImmutableResource getEorResource()
getEorResource
in interface ImmutableAclEntry
public java.lang.String getSource()
getSource
in interface ImmutableAclEntry
public java.lang.String getTarget()
getTarget
in interface ImmutableAclEntry
public final ImmutableEligibleParty getEorEP()
getEorEP
in interface ImmutableAclEntry
public final ImmutableACS getEorACS()
getEorACS
in interface ACSObject
getEorACS
in interface ImmutableAclEntry
public final ImmutableACS getEorResACS()
getEorResACS
in interface ImmutableAclEntry
public void setL_RightsForUser(StringRight[] _st) throws CreateError
setL_RightsForUser
in interface AclEntry
_st
- array of non-null, non-empty rights
for the couple (resource, EligibleParty) in the AclEntry ACS.
The authorized rights depend on the AclEntry ACS. May be null.
CreateError
- if the resource or the eligible party is immutable,
or from setL_Rights()public final StringRight[] getL_Rights()
getL_Rights
in interface ImmutableAclEntry
public final StringRight[] getNoConditionalRight()
getNoConditionalRight
in interface ImmutableAclEntry
public final boolean isRightDefinedConditionalAclEntry()
isRightDefinedConditionalAclEntry
in interface ImmutableAclEntry
public final boolean isConditionalAclEntry()
isConditionalAclEntry
in interface ImmutableAclEntry
public final boolean getEnabledRights()
getEnabledRights
in interface ImmutableAclEntry
public final boolean getPositiveRight()
getPositiveRight
in interface ImmutableAclEntry
public ImmutableName getNameOfResACS()
getNameOfResACS
in interface ImmutableAclEntry
public ImmutableName getResName()
getResName
in interface ImmutableAclEntry
public java.lang.String getResType()
getResType
in interface ImmutableAclEntry
public ImmutableName getAcsName()
getAcsName
in interface ACSObject
public ImmutableName getNameOfEpACS()
getNameOfEpACS
in interface ImmutableAclEntry
public ImmutableName getEpName()
getEpName
in interface ImmutableAclEntry
public void setComment(java.lang.String _s)
setComment
in interface AclEntry
_s
- comment which is associated to the AclEntrypublic java.lang.String getComment()
public java.util.List<ImmutableGroupID> getL_ConditionSourceGroups()
getL_ConditionSourceGroups
in interface ImmutableAclEntry
public void addPropertyChangeListener(java.lang.String _propertyName, java.beans.PropertyChangeListener _l)
addPropertyChangeListener
in interface BoundBean
_propertyName
- String is the name of the property_l
- PropertyChangeListener to addpublic void addPropertyChangeListener(java.beans.PropertyChangeListener _l)
addPropertyChangeListener
in interface BoundBean
_l
- PropertyChangeListener to addpublic void removePropertyChangeListener(java.lang.String _propertyName, java.beans.PropertyChangeListener _l)
removePropertyChangeListener
in interface BoundBean
_propertyName
- String is the name of the property_l
- PropertyChangeListener to removepublic void removePropertyChangeListener(java.beans.PropertyChangeListener _l)
removePropertyChangeListener
in interface BoundBean
_l
- PropertyChangeListener to removepublic java.beans.PropertyChangeListener[] getPropertyChangeListeners(java.lang.String _propertyName)
getPropertyChangeListeners
in interface ImmutableAclEntry
_propertyName
- name of the listened property.
public int compareTo(java.lang.Object o) throws java.lang.ClassCastException
compareTo
in interface java.lang.Comparable
o
- to compare must be an ImmutableAclEntry
java.lang.ClassCastException
- - if the specified object's type
prevents it from being compared to this current Objectpublic java.lang.Object clone()
clone
in interface ImmutableAclEntry
clone
in class java.lang.Object
public boolean equals(java.lang.Object _obj)
equals
in interface BaseObject
equals
in interface ImmutableAclEntry
equals
in class java.lang.Object
_obj
- is the object to compare.
public int hashCode()
hashCode
in interface BaseObject
hashCode
in interface ImmutableAclEntry
hashCode
in class java.lang.Object
public long getSerialVersionUID()
getSerialVersionUID
in interface ImmutableAclEntry
public boolean isExternalAclEntry()
isExternalAclEntry
in interface ImmutableAclEntry
public boolean isEmpty()
isEmpty
in interface ImmutableAclEntry
public AclEntry copy(Resource _newRes) throws CreateError
copy
in interface ImmutableAclEntry
_newRes
- is a resource belonging to the same ACS
java.lang.InternalError
- if _newRes is null.
CreateError
- if _ep is already recorded in this resource
with the same ACS and sens, or thrown by the ACS.newEorAclEntry().protected void firePropertyChange(java.lang.String _propertyName, java.lang.Object _oldValue, java.lang.Object _newValue)
_propertyName
- name of the changing property_oldValue
- of the property_newValue
- of the property. No operation if equal to _oldValue
and not null.public void finalizeForBase() throws UpDateError
finalizeForBase
in interface FinalizedObject
no
- UpDateError throwing
UpDateError
- if the resource is unknown of the main ACS (if
it is a clone without setName(), typically)public void finalizeForUser() throws UpDateError
finalizeForUser
in interface FinalizedObjectForUser
no
- UpDateError throwing
UpDateError
- for instance if the object is immutableprotected void finalizeForUser(short _epCount) throws UpDateError
_epCount
- is the number of references to ep_ in the AclEntries list
of its Resource. If it is equal to '1', the aclConnectedResources map
of ep_ is updated.
UpDateError
- if the Resource is unknown of the main ACS,
or if this AclEntry is recorded more than once.protected void finalizeClosedAcl()
public ImmutableName getFullName()
getFullName
in interface BaseObject
public java.lang.String getNickName()
EligibleParty Name last component >> first right nick name >> Resource Name last component
getNickName
in interface BaseObject
public ImmutableName getName()
ACS:: acsName:: ELIGIBLEPARTY:: epName:: >> RESOURCE:: resName || grant/deny || CONDITIONS:: first condition group name
(here, ':: ' is added by gBase.NameImpl.toString()), where epName is the eligible Party full name, and resName is the Resource full name.
The condition group is put in the name or the detailled name only for a flexible conditional AclEntry. If _acsName, _epName or _resName is null, like in an empty instance, they are not put in the name. This method works for a clone. This name is used only outside gBase, following BaseObject interface. The IS name is in the first components of the ACS name.
getName
in interface BaseObject
public void addForUserConditionSourceGroup(ImmutableGroupID _grp) throws UpDateError
addForUserConditionSourceGroup
in interface AclEntry
_grp
- condition group from the AclEntry ACS. Never null.
UpDateError
- if the AclEntry ACS does not manage the flexible
conditional group, if the first condition group is null, already known,
if the argument is null or not from the AclEntry ACS, if it is an external AclEntrypublic void removeForUserConditionSourceGroup(ImmutableGroupID _grp) throws UpDateError
removeForUserConditionSourceGroup
in interface AclEntry
_grp
- conditionnal group to remove
UpDateError
- if the AclEntry uses static condition group, or the argument
is not from the AclEntry ACS or it is the first condition grouppublic ImmutableName getNameFromDetailledName(ImmutableACS _acs, java.lang.String _detailledName) throws BaseError
- incomplete Eligible Party name >> incomplete Resource name || grant OR deny || first condition group last component.
For an external ACL, the form of the detailled name is:
- ACS: ACS_name | (full or incomplete) Eligible Party name >> (full or incomplete) Resource name || grant OR deny || <Source ACS group> OR <Target ACS group> || first condition group last component.
An Eligible Party or Resource name is incomplete if it belongs to the AclEntry ACS. The condition group is put in the name or the detailled name only for a flexible conditional AclEntry. '<XXXX ACS group>' is used only for an external ACL, when the condition group belongs to the XXXX ACS.
The AclEntry name is composed of:
ACS:: acsName:: ELIGIBLEPARTY:: epName:: >> RESOURCE:: resName || grant/deny || CONDITIONS:: first condition group name
(here, ':: ' is added by gBase.NameImpl.toString()), where epName is the Eligible Party full name, and resName is the Resource full name.
The condition group is put in the name or the detailled name only for a flexible conditional AclEntry. This is a pseudo-static method, since it does not depend on the instance. Calls BaseUtilityImpl.getEorBaseObject(). Called by getName(), TreeManager.analyzeSelectedNodeInExplorer() and SimplePropertyEditor.viewOneElement().
getNameFromDetailledName
in interface DetailledName
_detailledName
- is the viewable name of the object in the explorer_acs
- ACS of the BaseObject
BaseError
- if an argument is null, or if _detailledName is not well formedpublic ImmutableName[] getKeyPropertiesFromDetailledName(java.lang.String _displayedName) throws BaseError
- incomplete Eligible Party name >> incomplete Resource name || grant OR deny || first condition group last component.
For an external ACL, the form of the detailled name is as following:
- ACS: ACS_name | (full or incomplete) Eligible Party name >> (full or incomplete) Resource name || grant OR deny || <Source ACS group> OR <Target ACS group> || first condition group last component.
An Eligible Party or Resource name is incomplete if it belongs to the AclEntry ACS. The condition group is put in the name or the detailled name only for a flexible conditional AclEntry. '<XXXX ACS group>' is used only for an external ACL, when the condition group belongs to the XXXX ACS.
This is a pseudo-static method, since it does not depend on the instance. Used by the method getNameFromDetailledName.
getKeyPropertiesFromDetailledName
in interface DetailledName
_displayedName
- is the short viewable name of an AclEntry
BaseError
- if the argument is not an AclEntry name string,
or if a main component string is not provided by NameImpl.toString().getDetailledName()
public java.lang.String getDetailledNameFromName(ImmutableName _name) throws BaseError
- incomplete Eligible Party name >> incomplete Resource name || grant OR deny || first condition group last component.
For an external ACL, the form of the detailled name is as following:
- ACS: ACS_name | (full or incomplete) Eligible Party name >> (full or incomplete) Resource name || grant OR deny || <Source ACS group> OR <Target ACS group> || first condition group last component.
The AclEntry name is composed of:
ACS:: acsName:: ELIGIBLEPARTY:: epName:: >> RESOURCE:: resName || grant/deny || CONDITIONS:: first condition group name
Note: the detailled name is not unique in the base. Calls BaseManagerImpl.getEorM_OpenACS() and knowsACS() to find the ACS name. Calls getKeyPropertiesFromName() and buildUpDetailledName().
getDetailledNameFromName
in interface DetailledName
_name
- name of an AclEntry
BaseError
- if the argument has a wrong formatPrivilegeAbst.buildUpDetailledName(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)
,
buildUpDetailledName(ARoad0.gBaseInterface.ImmutableName, ARoad0.gBaseInterface.ImmutableName, boolean, java.lang.String)
public java.lang.String toString()
toString
in interface ImmutableAclEntry
toString
in class java.lang.Object
public static ImmutableName[] getKeyPropertiesFromName(ImmutableName _aclName) throws BaseError
ACS:: acsName:: ELIGIBLEPARTY:: epName:: >> RESOURCE:: resName || grant/deny || CONDITIONS:: first condition group name
(here, ':: ' is added by gBase.NameImpl.toString()), where epName is the EligibleParty full name, and resName is the Resource full name. The condition group is put in the name or the detailled name only for a flexible conditional AclEntry. Called by the methods getKeyReferencesFromName, getDetailledNameFromName, getPropertyNamesFromName.
_aclName
- name of the AclEntry.
- the ACS full name at index 0,
- the EligibleParty full name at index 1,
- the Resource full name at index 2,
- the 'grant' or 'deny' string in a one-component name,
- the first condition group name at index 4, or no index 4.
BaseError
- the argument is not an AclEntry name with the key words.public static java.lang.Object[] getKeyReferencesFromName(ImmutableName _aclName) throws BaseError
ACS:: acsName:: ELIGIBLEPARTY:: epName:: >> RESOURCE:: resName || grant/deny || CONDITIONS:: first condition group name
where epName is the EligibleParty full name, and resName is the Resource full name. The condition group is put in the name or the detailled name only for a flexible conditional AclEntry. To have names rather than instances, use getKeyPropertiesFromName(). This method is used by Gui1.PropertyEditor to remove an AclEntry from a list displaying the AclEntry name in the beamer. This method is returned by the PropertyDescriptor value 'removeArgumentsFromName' in ResourceImplBeanInfo, for CollectionPropertyEditor.
_aclName
- the AclEntry name, get through getName()
- index 0: ACS which manages this AclEntry
- index 1: AclEntry EligibleParty
- index 2: AclEntry Resource
- index 3: Boolean for the right sens - index 4: the first condition group
BaseError
- if the argument is not an AclEntry name string,
or if a main component string is not provided by NameImpl.toString()public static ImmutableName[] getPropertyNamesFromName(java.lang.String _aclName) throws BaseError
ACS:: acsName:: ELIGIBLEPARTY:: epName:: >> RESOURCE:: resName || grant/deny || CONDITIONS:: first condition group name
The condition group is put in the name or the detailled name only for a flexible conditional AclEntry.
_aclName
- the AclEntry name, get through getName().toString()
- index 0: name of the ACS which manages this AclEntry
- index 1: name of the EligibleParty
- index 2: name of the Resource
- index 3: the 'grant' or 'deny' string in a one-component name - index 4: the first condition group
BaseError
- if the argument is not an AclEntry name string,
or if a main component string is not provided by NameImpl.toString().protected void setL_Rights(StringRight[] _st) throws CreateError
Only non-null, non-empty rights are set as new rights. Creates a 0-size array if the argument is null. Controls if each right has the correct sens. Controls the ACS type policy on 'Resource.OneRightACL', 'Resource.NoConditionalACL', 'Resource.NoNonConditionalACL', 'GroupIDMember.IsNotConditionalAclSource' and 'Actor.IsNotConditionalAclSource'.
A right-defined conditional AclEntry must have a single non-null right. It may be be external. For a conditional AclEntry, _ep is a GroupIDMember, and the right is workable only if _ep is a member of each of these condition groups (or the _ep AG context). Otherwise, the resulting effective right from getRight() is a 0-size array. Calls BaseUtilityImpl.getL_AcsRestrictedRights() and UtilityImpl.selectHeaders().
Note: 'AclRights' is also the bound property name of the ACLs in ResourceImpl, to allow the work of the Gui1 package. For Gui2.GraphicViewBaseListenerImpl that listens the 'AclRights' events both from the Resource and the AclEntry, the source and the value types in the event allows to process the event properly.
No action if this instance is a clone or has been finalized. Called by the constructor and setRightsForUser().
_st
- array of non-null, non-empty rights
for the couple (resource, EligibleParty) in the AclEntry ACS.
The authorized rights depend on the AclEntry ACS. May be null.
CreateError
- if a right is null, empty,
if a right is not allowed, has not the sens of getPositiveRight(),
or does not fulfil with the ACL constraints.BaseUtilityImpl.getL_AcsRestrictedRights(ARoad0.Pattern.BeanInfoPattern, ARoad0.gBaseInterface.BaseObject, java.lang.String, ARoad0.gBaseInterface.ImmutableACS, java.lang.String)
protected int setConditionSourceGroupsFromRights() throws CreateError
CreateError
- if the ACS does not manage right-condition ACL while
the first right contains 'IF', or the ACS of the condition group is not the AclEntry ACS.protected void addConditionSourceGroup(ImmutableGroupID _grp)
_grp
- conditionnal group to add. Never null.protected void removeConditionSourceGroup(ImmutableGroupID _grp) throws CreateError
_grp
- conditionnal group to remove
CreateError
- if _grp is not registered or it is the first condition groupprotected void resetRightsAsInheritedAclEntry()
protected AclEntry copyForExternal()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |