|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface PrivilegeForLinks
This interface is responsible for modeling the privileges which manages some access rights from a privilege sources list (or only one GroupID) to a privilege targets list (or only one target). There are three types of PrivilegeForLinks: LINKED, LINKED_IF_ALL_SOURCES and LINKED_FOR_ONE_TO_ONE. This privilege is usable by any couple (all sources set, one of the target) from the privilege ACS, or from two external ACS for LINKED_FOR_ONE_TO_ONE privileges. A linked privilege may be inherited from the (in)direct parents of the target, except the LINKED_IF_ALL_SOURCES privilege.
Eligible Party and Resource classes are never used, on the contrary of PrivilegeForTypes, and the linked sources and targets types are used to register and unregister them in the privilege. So, it is possible to modify the privilege links to sources and targets on the fly.
This is a javabean with the following bound properties: - 'OneLinkedSource' - 'OneLinkedTarget'
The LINKED type allows to define in one privilege, a generic set of rights, and each EligibleParty which is source has all the rights on all the targets. With LINKED_IF_ALL_SOURCES, the rights on the targets are used by any EligibleParty which belongs to ALL the source containers, which are GroupIDMembers or DirectoryEPs. For instance, if there are a GroupID and an UserID as privilege sources, any Actor which is a member of the GroupID AND belongs to the UserID, has the rights of the privilege. If an actor belongs to the GroupID but is not under the UserID, it has not the privilege. To have an OR relation between the GroupID and the UserID, rather than AND, let's use 2 LINKED_FOR_ONE_TO_ONE privileges or two AclEntries. The number of privilege sources is limited to 4. In its principle, a LINKED_IF_ALL_SOURCES privilege is close to a conditional AclEntry, where the effective rights are conditioned by the groups of the source.
With LINKED_FOR_ONE_TO_ONE, there is at most one source, and it is an EligibleParty, and at most one target, which is a PrivilegeForLinksTarget. A LINKED_FOR_ONE_TO_ONE privilege is like an ACL from an EP to a resource or a virtual folder. A LINKED_FOR_ONE_TO_ONE PrivilegeForLink is an alternative to an AclEntry because both have one (external) access source and one (external) access target, but the differences are that AclEntry cannot change its source and target, it is deleted when its source or its target is deleted, it can change dynamically its rights, and:
- on sources, it is as powerfull as a LINKED_FOR_ONE_TO_ONE PrivilegeForLinks.
- on targets, it is less powerfull since it cannot be applied to Resource or EligibleParty VirtualFolders, whereas a LINKED_FOR_ONE_TO_ONE PrivilegeForLink can do it. In a one-to-one privilege, the target may be added once but it cannot be removed.
The rights are applicable to external (other ACS than the privilege ACS) objects only for LINKED_FOR_ONE_TO_ONE privileges, and isExternal() is true when the source or the target is from another ACS. The target ACS cannot manage the PRI inheritance in a LINKED_IF_ALL_SOURCES privilege. For the other types, only one target is authorized if the first target is from an ACS that manages the PRI inheritance.
The privilege key is used by the ACS to find a privilege. The key is the couple (privilege type, short privilege description). The main privilege value is an unmodifiable list of rights. The privilege gets positive or negative rights: it grants or denies accesses. The rights and the key CANNOT be updated after the privilege creation, nor the rights sens (grant or deny). There is a long privilege description associated to the short one.
See the Copyright.
Privilege
,
PrivilegeSource
,
PrivilegeTarget
Method Summary | |
---|---|
java.util.List<PrivilegeSource> |
getEorLinkedSources()
Get the sources set which have this privilege. |
java.util.List<PrivilegeTarget> |
getEorLinkedTargets()
Get the targets which use this privilege. |
java.util.List<java.lang.String> |
getL_InternalAllowedSourceTypes()
Caution: the list is from the privilege ACS, and an external privilege may accept types from another ACS. |
java.util.List<java.lang.String> |
getL_InternalAllowedTargetTypes()
Caution: the list is from the privilege ACS, and an external privilege may accept types from another ACS. |
ImmutableName |
getNameOfSingleSourceACS()
|
ImmutableName |
getNameOfSingleTargetACS()
|
boolean |
getOneRoleOneTarget()
|
ImmutableName |
getSingleSourceName()
|
ImmutableName |
getSingleTargetName()
|
Methods inherited from interface ARoad0.gBaseInterface.Privilege |
---|
setComment, setSecondType, setSeeWhy |
Methods inherited from interface ARoad0.gBaseInterface.ImmutablePrivilege |
---|
getAcsFromName, getComment, getEmptyInstance, getEorACS, getKeyReferencesFromName, getL_Rights, getMainType, getName, getPositiveRight, getPropertyChangeListeners, getSecondType, getSeeWhy, isEmpty, isExternalPrivilege |
Methods inherited from interface ARoad0.gBaseInterface.ACSObject |
---|
getAcsName |
Methods inherited from interface ARoad0.gBaseInterface.BaseObject |
---|
equals, getFullName, getNickName, hashCode |
Methods inherited from interface ARoad0.gBaseInterface.BoundBean |
---|
addPropertyChangeListener, addPropertyChangeListener, removePropertyChangeListener, removePropertyChangeListener |
Methods inherited from interface ARoad0.gBaseInterface.DetailledName |
---|
getDetailledName, getDetailledNameFromName, getKeyPropertiesFromDetailledName, getNameFromDetailledName |
Methods inherited from interface ARoad0.gBaseInterface.FinalizedObjectForUser |
---|
finalizeForUser |
Methods inherited from interface ARoad0.gBaseInterface.FinalizedObject |
---|
finalizeForBase |
Methods inherited from interface java.lang.Comparable |
---|
compareTo |
Method Detail |
---|
boolean getOneRoleOneTarget()
java.util.List<PrivilegeSource> getEorLinkedSources()
java.util.List<PrivilegeTarget> getEorLinkedTargets()
ImmutableName getSingleSourceName()
ImmutableName getSingleTargetName()
ImmutableName getNameOfSingleSourceACS()
ImmutableName getNameOfSingleTargetACS()
java.util.List<java.lang.String> getL_InternalAllowedSourceTypes()
java.util.List<java.lang.String> getL_InternalAllowedTargetTypes()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |