ARoad0.gBaseInterface
Interface AclEntry

All Superinterfaces:
ACSObject, BaseObject, BoundBean, java.lang.Cloneable, java.lang.Comparable, DetailledName, FinalizedObject, FinalizedObjectForUser, ImmutableAclEntry
All Known Implementing Classes:
AclEntryImpl

public interface AclEntry
extends ImmutableAclEntry, BoundBean

This interface is responsible for modeling the access control list entry which manages some access grantings or some access denyings from an EligibleParty to a Resource. An AclEntry is conditional when it uses condition group(s) for which the source has to be member for activating the AclEntry rights. There are two types of conditional AclEntry, the simple-condition and the right-condition AclEntry. The AclEntry, the EligibleParty and the Resource may belong to three different access control systems, or, in the simplest case, to only one ACS. An AclEntry is created by the resource, that specifies an eligible party as argument for the constructor.

An AclEntry may be conditioned by the groups of the source, and then, the returned rights are null if the source is not member of all the condition group(s). The conditional AclEntry is an alternative to the LINKED_IF_ALL_SOURCES privilege, but it is focused to deliver rights to one source which has to be member of condition groups. A conditional AclEntry has the same ACS for managing both the AclEntry, the condition group and the eligible party. Thus, a conditional AclEntry has never an external eligible party.

An AclEntry is created and managed by its resource, and it is deleted when the resource is deleted. An AclEntry is uniquely defined by the set (ACS, Resource, EligibleParty, first condition GroupID, sens of the right) where the first condition GroupID is null if it is not a conditional AclEntry. The AclEntry identity changes for a conditional AclEntry when its first condition GroupID changes, and this is why the first condition group is immutable after the creation of the AclEntry.

This interface manages the following ACS constraints on the ACSObject type policy:

- 'GroupID.ConditionalAclGroup' where the values are the types of the groups which may be condition groups in some flexible or right-defined conditional ACLs

- 'Resource.OneRightACL' where the values are the types of the resources which handled only AclEntries with no or one right

- 'Resource.NoConditionalACL' where the values are the types of the resources which never handle flexible or right-defined conditional AclEntries

- 'Resource.NoNonConditionalACL' where the values are the types of the resources for which an AclEntry without condition group(s) is never operational

- 'Resource.OneConditionGroupInACL' where the values are the types of the resources which handled only conditional AclEntries with no or one condition group

- 'Resource.TypesOfSourceForConditionalACL.allowed_Resource_type' where the values are the allowed EligibleParty types as source of a conditional ACL in a Resource having this type

It is a javabean with the following bound properties: 'Comment', 'AclRights', 'ConditionSourceGroups'.

See Also:
EligibleParty, Resource

Method Summary
 void addForUserConditionSourceGroup(ImmutableGroupID _grp)
          To activate the ACL rights, the EP has to be member of the conditionnal GroupIDs.
 void removeForUserConditionSourceGroup(ImmutableGroupID _grp)
          To activate the ACL rights, the EP has to be member of the conditionnal GroupIDs, if it is a GroupIDMember.
 void setComment(java.lang.String _s)
          Sets any comment related to this resource.
 void setL_RightsForUser(StringRight[] _st)
          Sets the rights of the AclEntry, from which the effective rights given by getRight() are derived.
 
Methods inherited from interface ARoad0.gBaseInterface.ImmutableAclEntry
clone, copy, equals, getEnabledRights, getEorACS, getEorEP, getEorResACS, getEorResource, getEpName, getL_ConditionSourceGroups, getL_Rights, getNameOfEpACS, getNameOfResACS, getNoConditionalRight, getPositiveRight, getPropertyChangeListeners, getResName, getResType, getSerialVersionUID, getSource, getTarget, hashCode, isConditionalAclEntry, isEmpty, isExternalAclEntry, isRightDefinedConditionalAclEntry, toString
 
Methods inherited from interface ARoad0.gBaseInterface.ACSObject
getAcsName
 
Methods inherited from interface ARoad0.gBaseInterface.BaseObject
getFullName, getName, getNickName
 
Methods inherited from interface ARoad0.gBaseInterface.DetailledName
getDetailledName, getDetailledNameFromName, getKeyPropertiesFromDetailledName, getNameFromDetailledName
 
Methods inherited from interface ARoad0.gBaseInterface.FinalizedObjectForUser
finalizeForUser
 
Methods inherited from interface ARoad0.gBaseInterface.FinalizedObject
finalizeForBase
 
Methods inherited from interface java.lang.Comparable
compareTo
 
Methods inherited from interface ARoad0.gBaseInterface.BoundBean
addPropertyChangeListener, addPropertyChangeListener, removePropertyChangeListener, removePropertyChangeListener
 

Method Detail

setL_RightsForUser

void setL_RightsForUser(StringRight[] _st)
                        throws CreateError
Sets the rights of the AclEntry, from which the effective rights given by getRight() are derived. Only header rights are used. The ACS constraints on 'AclRights' are applied even if they are null, and they depend on both the EligibleParty and the Resource. This is not like for AGO rights. To explain the result, an exception is thrown as an user message when the ACS constraints are no fullfilled. Controls the ACL rights constraints in the ACS from the resource, and also from the EP only if the AclEntry is not external (that is, the ACS is the same for the AclEntry and the EP).

Only non-null, non-empty rights are set as new rights. Creates a 0-size array if the argument is null. Controls if each right has the correct sens. Controls the ACS type policy on 'Resource.OneRightACL', 'Resource.NoConditionalACL', 'Resource.NoNonConditionalACL'.

A right-defined conditional AclEntry must have a single non-null right. For a conditinal AclEntry, _ep is a GroupIDMember, and the right is workable only if _ep is a member of each of these condition groups. Otherwise, the resulting effective right from getRight() is a 0-size array. Calls BaseUtilityImpl.getL_AcsRestrictedRights() and UtilityImpl.selectHeaders().

Fires a PropertyChangeEvent "AclRights" to the listeners. Note: 'AclRights' is also the bound property name of the ACLs in ResourceImpl, to allow the work of the Gui1 package. For Gui2.GraphicViewBaseListenerImpl that listens the 'AclRights' events both from the Resource and the AclEntry, the source and the value types in the event allows to process the event properly.

Parameters:
_st - is an array of non-null, non-empty rights for the couple (resource, EligibleParty) in the AclEntry ACS. The authorized rights depend on the AclEntry ACS. May be null.
Throws:
CreateError - if a right is null, empty, if the resource or the eligible party is immutable, if a right is not allowed, has not the sens of getPositiveRight(), or does not fulfil with the ACL constraints.

setComment

void setComment(java.lang.String _s)
Sets any comment related to this resource. It is a bound property.

Parameters:
_s - comment which is associated to the resource.

addForUserConditionSourceGroup

void addForUserConditionSourceGroup(ImmutableGroupID _grp)
                                    throws UpDateError
To activate the ACL rights, the EP has to be member of the conditionnal GroupIDs. If the EP is not a GroupIDMember while there is at least one conditional group, the rights are empty. If the AclEntry uses static conditional group(s), it is not possible to update them directly. If a conditional group is finalized, this AclEntry does not listen the event but the method getRight() returns empty.

Parameters:
_grp - conditionnal group to add
Throws:
UpDateError - if the AclEntry ACS does not manage the flexible conditional group, or the argument is null or not from the AclEntry ACS

removeForUserConditionSourceGroup

void removeForUserConditionSourceGroup(ImmutableGroupID _grp)
                                       throws UpDateError
To activate the ACL rights, the EP has to be member of the conditionnal GroupIDs, if it is a GroupIDMember. If the AclEntry uses static conditional group(s), it is not possible to update them directly. If a conditional group is finalized, this AclEntry does not listen the event but the method getRight() returns empty.

Parameters:
_grp - conditionnal group to remove. Never null.
Throws:
UpDateError - if the AclEntry uses static conditional group, or the argument is null or not from the AclEntry ACS