|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.ObjectARoad0.gWork.AgoRightsFactoryImpl
public final class AgoRightsFactoryImpl
This class is responsible for all the core algorithms about Account/Group and Bridge rights. These rights are based mainly on UserID rights, GroupID rights in operating systems. This class is stateless, and RightsMediatorImpl at its creation setups an instance for its ViewInBase. The unique direct call to ACS is for ACS.getManageSecGroupsForActor(). The upper-level methods begin by detect...(), The middle-level methods begin by select...(), The lower-level methods begin by add...(). Reads the ACS structure for the property:
'AGO right inheritance 2: at each access, if the real account is not the parent account, it uses first its primary group inherited rights, if it is the parent group'.
Field Summary | |
---|---|
private AlgorithmInterpreter |
interpreter_
|
private DisplayableLinkUtilities |
linkUtil_
|
Fields inherited from interface ARoad0.gWorkInterface.CoreAlgorithm |
---|
INITIAL_CAPACITY |
Constructor Summary | |
---|---|
protected |
AgoRightsFactoryImpl(AlgorithmInterpreter _interpreter)
only one protected constructor |
Method Summary | |
---|---|
DisplayableLinkImpl |
addOwnerContainRightsToDisplayableLink(DisplayableLinkImpl _dLink)
Updates a DisplayableLinkImpl with group and user rights, including for 'root'. |
DisplayableLinkImpl |
addOwnerContainRightsToLastLinkInDisplayableLink(DisplayableLinkImpl _dLink)
Updates a DisplayableLinkImpl with group and user rights, including for 'root'. |
protected java.util.Map |
detectAGRights(EPRViewInBase _viewInBase,
java.util.Map _m_l_DisplayableLinks)
Gets all the Account and Group links to Resource and Actors, but only when all the objects are in the view. |
protected java.util.Map |
detectGroupRights(EPRViewInBase _viewInBase,
java.util.Map _m_l_DisplayableLinks,
BaseObject _center)
Defines all types of effective applicable direct group rights. |
java.util.Map |
detectHiddenChainedGroupsRights(GraphicView _gview,
EPRViewInBase _viewInBase,
java.util.Map _upd_m_l_DisplayableLinks)
Defines the effective applicable rights of an EligibleParty for a Resource in _viewInBase, when there are several UserID or GroupID external to the view, which may define specific access control links based on relations (EligibleParty to UserID/GroupID), (Actor to BridgeTarget to UserID/GroupID), (GroupIDMember to GroupID), (UserID/GroupID to Resource) and (EligibleParty to Actor in another access context). |
java.util.Map |
detectOneHiddenNodeWithCommonAGORights(GraphicView _gview,
EPRViewInBase _viewInBase,
java.util.Map _m_l_DisplayableLinks)
Defines the effective applicable rights of an EligibleParty to a Resource (not to a GroupIDMember or a VirtualFolder) in _viewInBase, when there is exactly one intermediate node, and only AGO rights. |
java.util.Map |
detectOwnerContainRights(EPRViewInBase _viewInBase,
java.util.Map _m_l_DisplayableLinks,
boolean _forUser,
BaseObject _center)
Defines the effective applicable rights of an UserID or a GroupID for a Resource which is its member, when the two objects are in the view. |
protected java.util.Map |
detectRootRights(EPRViewInBase _viewInBase,
java.util.Map _m_l_DisplayableLinks,
BaseObject _center)
Defines the effective applicable rights of the administrative account with an order at 0, and for every actor running under such an account, for any resource which is in the view. |
java.util.Map |
detectSecondaryGroupRights(EPRViewInBase _viewInBase,
java.util.Map _m_l_DisplayableLinks,
BaseObject _center)
Defines the effective applicable RUN_UNDER right through a secondary GroupID for an Actor as a rights user. |
protected java.util.Map |
detectUserRights(EPRViewInBase _viewInBase,
java.util.Map _m_l_DisplayableLinks,
BaseObject _center)
Defines the effective applicable rights of an UserID for a Resource which it owns (between an actor and its current userID) when they are in the view, defines the effective rights between an actor and a resource when their common userID and they are in the view, and defines the effective rights between an actor and its current userID. |
void |
finalizeForProcess()
Finalizes the instance. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
private AlgorithmInterpreter interpreter_
private DisplayableLinkUtilities linkUtil_
Constructor Detail |
---|
protected AgoRightsFactoryImpl(AlgorithmInterpreter _interpreter)
_interpreter
- algorithm interpreterMethod Detail |
---|
protected final java.util.Map detectUserRights(EPRViewInBase _viewInBase, java.util.Map _m_l_DisplayableLinks, BaseObject _center)
_viewInBase
- EPRViewInBase_m_l_DisplayableLinks
- Map of DisplayableLinks lists (one per pair)
associated to the view, and to update._center
- is the central object of a sketch view. Null if it is not a sketch view.
protected final java.util.Map detectGroupRights(EPRViewInBase _viewInBase, java.util.Map _m_l_DisplayableLinks, BaseObject _center)
_viewInBase
- EPRViewInBase_m_l_DisplayableLinks
- Map of DisplayableLinks lists (one per pair)
associated to the view, and to update._center
- is the central object of a sketch view. Null if it is not a sketch view.
public final java.util.Map detectOneHiddenNodeWithCommonAGORights(GraphicView _gview, EPRViewInBase _viewInBase, java.util.Map _m_l_DisplayableLinks) throws java.lang.InterruptedException
An Actor is an EligibleParty, but its processing is different. An actor has no proper AGO rights whether it does not run under a current UserID. Then, the current UserID, the current GroupID and the Actor secondary groups are processed. The path (actor started from xid/current account-group/actor started from other xid) is detected in CompoundRightsFactoryImpl. When there is a chain of hidden userID/groupID/bridges/ACLs which defines the rights, it is processed by detectHiddenChainedGroupsRights(). _m_l_DisplayableLinks is updated only with n DisplayableLinks, where n is the number of GroupID paths through which a _viewInBase EligibleParty has an indirect access right on a _viewInBase Resource. All the links are stored in _m_l_DisplayableLinks. Applies the rule 'AGO right: A rights overlay G rights'. A link is build up for the UserID that owns the target, even whithout rights. Called by RightsFactory_Facade.detectEPRRights() and detectNoThanRights(). Caution: called by detectNoThanRights(), _viewInBase is not the view of _gview, since this method uses transient EPRViewInBases with for each of them, a pair of nodes from the initial NoThanViewInBase. Calls addOwnerContainRightsToDisplayableLink(), NodeRights.selectHiddenDirectOwnerContainGlobalForActorAsEP(), selectHiddenDirectOwnerContainForActorAsResource(), selectHiddenDirectOwnerContainForTarget().
_gview
- is the graphic view to update_viewInBase
- EPRViewInBase to analyze_m_l_DisplayableLinks
- Map of DisplayableLinks lists (one per pair)
associated to the view, and to update.
java.lang.InterruptedException
public final java.util.Map detectHiddenChainedGroupsRights(GraphicView _gview, EPRViewInBase _viewInBase, java.util.Map _upd_m_l_DisplayableLinks) throws java.lang.InterruptedException
_upd_m_l_DisplayableLinks is updated only with n DisplayableLinks, where n is the number of GroupID paths through which a _viewInBase EligibleParty has an indirect access right on a _viewInBase Resource. All the contain, own and bridge relations are stored in _upd_m_l_DisplayableLinks. Called by RightsFactory_Facade.detectRights() and detectNoThanRights(). Caution: called by detectNoThanRights(), _viewInBase is not the view of _gview, since this method uses transient EPRViewInBases with for each of them, a pair of nodes from the initial NoThanViewInBase.
Calls NodeRightsImpl.selectHiddenButNoDirectGroupLinks() and selectHiddenDirectOwnerContainForTarget(), LinkRightsImpl.withAccessThroughNodesTreeFromEP() and detectAccountPriorityInLastLinkAGORights(), RightsFactoryUtilities.addOwnerContainRightsToDisplayableLink().
_gview
- is the graphic view to update_viewInBase
- EPRViewInBase to analyze_upd_m_l_DisplayableLinks
- Map of DisplayableLinks lists (one per pair)
associated to the view, and to update.
java.lang.InterruptedException
public final DisplayableLinkImpl addOwnerContainRightsToDisplayableLink(DisplayableLinkImpl _dLink)
When the first node is an actor and the next node is its current user or group, a RUN_UNDER relation is set. When the GLOBAL relation is get through the secondary group of the first node, it is put in a comment AccessControlLink.C_SECONDARY_GROUP in the link from the actor to its secondary group. This is also done when the actor is before the last node.
For all the intermediates nodes, the single operation is for the MEMBER relation from a GroupIDMember to a GroupID. In a chain of nodes, IS_INDIRECT_MEMBER replaces IS_MEMBER in the last link. This is to reply to the detectHiddenChainedGroupsRights() needs. Updates also root rights. Processes _dLink with a bridge, but does not add the BRIDGE type or any comment in the link.
Called by detectOneHiddenNodeWithCommonAGORights(), detectHiddenChainedGroupsRights(), ThreeNodesRightsFactoryImpl.endsPathsFromGroupIDMemberWithAclPrivilegeAlias(). Calls addOwnerContainRightsToLastLinkInDisplayableLink().
_dLink
- is a simple or not-simple link:
- with a Resource as second end, and a GroupID or UserID as previous node,
- or with a GroupID or UserID as second end, and a member or an actor as previous node,
- and/or an Actor as first end with its current user/group as next node.
public final DisplayableLinkImpl addOwnerContainRightsToLastLinkInDisplayableLink(DisplayableLinkImpl _dLink)
When the last node is the current user or group of the previous node, a RUN_UNDER relation is set. When it is the secondary group, a GLOBAL relation is set with a comment AccessControlLink.C_SECONDARY_GROUP.
Updates also root rights. Processes _dLink with a bridge, but does not add the BRIDGE type or any comment in the link.
If the method returns null, the argument is not updated. Called by addOwnerContainRightsToDisplayableLink(), NodeRightsImpl.selectHiddenButNoDirectGroupLinks(), CompoundRightsFactoryImpl.detectHiddenCompoundEpRights(), ThreeNodesrightsFactoryImpl.endsPathsFromGroupIDMemberWithAclPrivilegeMemberOwnContain(). Caution: does not call NodeRights.withAccessThroughNodesTreeFromEP(), and this is why it has to be called before, by the caller of this method, to be sure that there is a DisplayableLinkImpl to set. Calls LinkRights.getL_accessRightsThroughNodesTree() if the last link is from a GroupIDMember to a Resource, and throws an InternalError if these AGO inherited rights are null or empty.
_dLink
- is a simple or not-simple link:
- with a Resource as second end, and a GroupID or UserID as previous node,
- or with a GroupID or UserID as second end, and a member or an actor as previous node.
public final java.util.Map detectOwnerContainRights(EPRViewInBase _viewInBase, java.util.Map _m_l_DisplayableLinks, boolean _forUser, BaseObject _center)
For a sketch view (non-null _center), the own resources of an UserID or a GroupID are not detected to keep short the view size. Does NOT define the root rights for the resources when the UserID 'root', with the order equal to 0, is in the view. Does NOT define the IS_MEMBER relations. Does NOT define the group rights when user rights are applicable. Does NOT define the 'other' rights for Linux/Unix operating systems, since the user or group may be activated but hidden, outside the view. Does NOT define the secondary group rights, if the secondary groups are in the view. Process only the view objects.
Called by detectUserRights() and detectGroupRights(), only for RightsFactory_Facade.detectSketchRights(). Calls LinkRights.withAccessThroughNodesTreeFromEP() and getL_accessRightsThroughNodesTree(). Synchronized to _viewInBase in the calling GraphicView.
_viewInBase
- EPRViewInBase_m_l_DisplayableLinks
- Map of DisplayableLinks lists (one per pair)
associated to the view, and to update._forUser
- true if the user rights are to be detected, and false if
the group rights are to be detected_center
- is the central object of a sketch view. Null if it is not a sketch view.
protected final java.util.Map detectRootRights(EPRViewInBase _viewInBase, java.util.Map _m_l_DisplayableLinks, BaseObject _center)
_viewInBase
- EPRViewInBase_m_l_DisplayableLinks
- Map of DisplayableLinks lists (one per pair)
associated to the view, and to update._center
- is the central object of a sketch view. Null if it is not a sketch view.
public final java.util.Map detectSecondaryGroupRights(EPRViewInBase _viewInBase, java.util.Map _m_l_DisplayableLinks, BaseObject _center)
_viewInBase
- EPRViewInBase_m_l_DisplayableLinks
- Map of DisplayableLinks lists (one per pair)
associated to the view, and to update._center
- is the central object of a sketch view. Null if it is not a sketch view.
protected final java.util.Map detectAGRights(EPRViewInBase _viewInBase, java.util.Map _m_l_DisplayableLinks) throws java.lang.InterruptedException
- 2 links AG/own or contain/resource,
- 3 links actor/run under/current A, current G or secondary group,
- link groupidmember/member/groupID.
Does not apply the rules 'AGO right: A rights overlay G rights' since the group/resource direct link has to be displayed if the group is in the view. But this group/resource direct link is weak, and it is put in the link comment. Studying of this method is a good start to understand the AGO rights processing.
Called by RightsFactory_Facade.detectEPRRights() and detectNoThanRights(). Calls selectDirectOwnerContainGlobalForActorAsEP(), NodeRightsImpl.selectDirectOwnerContainGlobalForActorAsEP(), withAccessThroughNodesTreeFromEP() and getL_accessRightsThroughNodesTree().
_viewInBase
- EPRViewInBase_m_l_DisplayableLinks
- Map of DisplayableLinks lists (one per pair)
associated to the view, and to update.
java.lang.InterruptedException
public void finalizeForProcess()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |