ARoad0.gWork
Class PrivilegeRightsFactoryImpl

java.lang.Object
  extended by ARoad0.gWork.PrivilegeRightsFactoryImpl
All Implemented Interfaces:
CoreAlgorithm

public class PrivilegeRightsFactoryImpl
extends java.lang.Object
implements CoreAlgorithm

This class is responsible for all the core algorithms about Privilege rights analysis. These rights are direct or inherited access rights for a PrivilegeSource (the access user) about a PrivilegeTarget (the access target). They are typed or linked privileges. The inherited rights are only linked privileges. Caution: this class works for the TYPED and the TYPED_CLASSED privileges, but not for the TYPED_FOR_SEED and the TYPED_CLASSED_SPECIFIC privileges. This class is stateless, and RightsMediatorImpl at its creation setups an instance for its ViewInBase. There is an indirect call to the method ACS.getEorL_TargetsForPrivilegeForType(). Upper-level methods begin by detect...(), middle-level methods begin by select...(), lower-level methods begin by add...().

See Also:
PrivilegeAbst, PrivilegeForType, PrivilegeForLinks

Field Summary
private  UtilityImpl baseUtil_
           
private  FactoryUtilities factoryUtil_
           
private static int INITIAL_CAPACITY
           
private  AlgorithmInterpreter interpreter_
           
private  java.util.Set<PrivilegeTarget> l_targets_
           
private  DisplayableLinkUtilities linkUtil_
           
 
Constructor Summary
protected PrivilegeRightsFactoryImpl(AlgorithmInterpreter _interpreter)
          only one protected constructor
 
Method Summary
 AccessControlLinkImpl addPrivilegeInAccessControlLink(ImmutablePrivilegeTarget _pt, ImmutablePrivilegeSource _ps, AccessControlLinkImpl _upd_acLink)
          Adds the privilege rights to an AccessControlLinkImpl.
 DisplayableLinkImpl addPrivilegeRightsInSimpleDisplayableLink(ImmutablePrivilegeSource _ps, ImmutablePrivilegeTarget _pt, boolean _withExecute)
          Creates the simple DisplayableLinkImpl associated to a view object pair, and updates the created AccessControlLink with typed or linked Privilege rights.
protected  java.util.Map detectPrivilegeRights(GraphicView _gview, EPRViewInBase _viewInBase, java.util.Map _m_l_DisplayableLinks, BaseObject _center)
          Defines the effective applicable rights of a PrivilegeSource for a PrivilegeTarget, if there are direct typed or linked privileges between them.
 void finalizeForProcess()
          Finalizes the instance.
 java.util.List<PrivilegeForLinks> getL_linkedPrivilege(ImmutablePrivilegeSource _so, ImmutablePrivilegeTarget _res)
          Selects the non-inherited linked privileges which connect the target and the source.
 java.util.Set<PrivilegeTarget> getL_TargetsOfSourcePrivilege(ImmutablePrivilegeSource _ps)
          Selects all the direct targets for a PrivilegeSource, through a typed or a linked privilege.
 java.util.List<PrivilegeForType> getL_typedPrivilege(ImmutablePrivilegeSource _so, ImmutablePrivilegeTarget _pt)
          Gets the typed privileges which connect the target and the source.
 java.util.Set<DisplayableLinkImpl> selectDirectHiddenPrivilegeLinksForEP(GraphicView _gview, EPRViewInBase _viewInBase, ImmutableEligibleParty _ep, boolean _withExecute)
          Detects all the Actors and the VirtualFolders that are not in _viewInBase, and are directly accessible from _ep through one privilege.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

INITIAL_CAPACITY

private static final int INITIAL_CAPACITY
See Also:
Constant Field Values

interpreter_

private AlgorithmInterpreter interpreter_

baseUtil_

private UtilityImpl baseUtil_

linkUtil_

private DisplayableLinkUtilities linkUtil_

factoryUtil_

private FactoryUtilities factoryUtil_

l_targets_

private java.util.Set<PrivilegeTarget> l_targets_
Constructor Detail

PrivilegeRightsFactoryImpl

protected PrivilegeRightsFactoryImpl(AlgorithmInterpreter _interpreter)
only one protected constructor

Parameters:
_interpreter - algorithm interpreter
Method Detail

detectPrivilegeRights

protected final java.util.Map detectPrivilegeRights(GraphicView _gview,
                                                    EPRViewInBase _viewInBase,
                                                    java.util.Map _m_l_DisplayableLinks,
                                                    BaseObject _center)
Defines the effective applicable rights of a PrivilegeSource for a PrivilegeTarget, if there are direct typed or linked privileges between them. Registers all the privileges in the view RightsRelatedBaseObjects set. For a sketch view, only privileges from/to _center are processed. Called by RightsFactory_Facade.detectEPRRights(), detectNoThanRights() and detectSketchRights(). Caution: called by detectNoThanRights(), _viewInBase is not the view of _gview, since this method uses transient EPRViewInBases with for each of them, a pair of nodes from the initial NoThanViewInBase. Synchronized to _viewInBase from the GraphicView call.

Parameters:
_gview - is the graphic view to update. No use if _center is not null, and not null otherwise.
_viewInBase - EPRViewInBase to analyze
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update.
_center - the central object of a sketch view. Null if it is not a sketch view.
Returns:
Map of DisplayableLinks lists, with Privilege links associated to every pair (PrivilegeSource, PrivilegeTarget).

getL_linkedPrivilege

public final java.util.List<PrivilegeForLinks> getL_linkedPrivilege(ImmutablePrivilegeSource _so,
                                                                    ImmutablePrivilegeTarget _res)
Selects the non-inherited linked privileges which connect the target and the source. Called by NodeRightsImpl.detectL_linkedPrivilegeRights().

Parameters:
_so - with some privileges to filter
_res - to analyze
Returns:
the applicable linked privileges, or null. Never empty.

getL_typedPrivilege

public final java.util.List<PrivilegeForType> getL_typedPrivilege(ImmutablePrivilegeSource _so,
                                                                  ImmutablePrivilegeTarget _pt)
Gets the typed privileges which connect the target and the source. Caution: works for the TYPED, TYPED_CLASSED, TYPED_CLASSED_SPECIFIC privileges, but not for the TYPED_FOR_SEED privileges. Called by addPrivilegeInAccessControlLink(). Calls ImmutablePrivilegesource.getEorL_SourcePrivilegeForTypes() and LinkRights.isTargetForPrivilegeForType().

Parameters:
_so - with some privileges to filter
_pt - to analyze
Returns:
the applicable typed privileges, or null. Never empty.

selectDirectHiddenPrivilegeLinksForEP

public java.util.Set<DisplayableLinkImpl> selectDirectHiddenPrivilegeLinksForEP(GraphicView _gview,
                                                                                EPRViewInBase _viewInBase,
                                                                                ImmutableEligibleParty _ep,
                                                                                boolean _withExecute)
Detects all the Actors and the VirtualFolders that are not in _viewInBase, and are directly accessible from _ep through one privilege. The rights are set. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights(), with true for _withExecute, and ThreeNodesRightsFactoryImpl. Note: this method does not take account of the inherited linked privileges in an AcsAddon, and this may be done in NodeRights.selectAddonNewHiddenNodeForGroupIDMember() and selectAddonNewHiddenNodeForActor(). Caution: use the internal variable l_targets_. Calls addPrivilegeRightsInSimpleDisplayableLink() and getL_TargetsOfSourcePrivilege().

Parameters:
_gview - is the graphic view to update
_viewInBase - view on which _gview is based
_ep - is in _viewInBase or not
_withExecute - true for detecting only if there is an executing right in the AccessControlLink. No use if the target is a virtual folder.
Returns:
Set of simple DisplayableLinkImpls for which the first end is _ep, the second end is an Actor or a VirtualFolder not in the view. May be null, but not empty.

getL_TargetsOfSourcePrivilege

public final java.util.Set<PrivilegeTarget> getL_TargetsOfSourcePrivilege(ImmutablePrivilegeSource _ps)
Selects all the direct targets for a PrivilegeSource, through a typed or a linked privilege. Caution: works for TYPED, TYPED_CLASSED, TYPED_CLASSED_SPECIFIC privileges, but not for the TYPED_FOR_SEED privileges. Caution: clear and may return the internal variable l_targets_. Called by selectDirectHiddenPrivilegeLinksForEP(). Calls ImmutablePrivilegeSource.getEorL_SourcePrivilegeForTypes() and getEorL_TargetPrivilegeForTypes(), PrivilegeForLinks.getEorLinkedTargets() and LinkRights.getEorL_TargetsForPrivilegeForType() with, as argument, the ACS of the typed privilege, not the _ps ACS.

Parameters:
_ps - to analyze
Returns:
all the direct targets of _ps, or null if there is no target

addPrivilegeRightsInSimpleDisplayableLink

public final DisplayableLinkImpl addPrivilegeRightsInSimpleDisplayableLink(ImmutablePrivilegeSource _ps,
                                                                           ImmutablePrivilegeTarget _pt,
                                                                           boolean _withExecute)
Creates the simple DisplayableLinkImpl associated to a view object pair, and updates the created AccessControlLink with typed or linked Privilege rights. The main function is to handle the need to have executing rights when the last argument requires it, and this is necessary for the intermediate targets in the DisplayableLinks. Each right is provided by the ACS if the privilege is external, and it may have several ACS which are implied in one DisplayableLinkImpl. So, puts in comments the privilege ACS name for each right. Note : this method is sensible since it is used for both the 3-nodes method and some more-than-3-nodes methods. Called by selectDirectHiddenPrivilegeLinksForEP(). Calls addPrivilegeInAccessControlLink(). Note: when the argument _withExecute is true and activated, the method is much more complex. AccessControlLinkImpl.getRedondantRights() is called to have all the rights from all the implied ACSs, with one positive or negative right per ACS, and BaseUtilityImpl.withExecuteRight() gets the effective global rights to evaluate if there is an executing right. This means that there is no priorities among the implied ACS.

Parameters:
_ps - is a right user
_pt - is a right target. Has to be known in the AlgorithmInterpreter.
_withExecute - true for returning null if there is no effective executing right in the link. No use when _pt is a virtual folder.
Returns:
a new DisplayableLinkImpl. Null if the arguments are the same, or if there is no privilege to add.

addPrivilegeInAccessControlLink

public final AccessControlLinkImpl addPrivilegeInAccessControlLink(ImmutablePrivilegeTarget _pt,
                                                                   ImmutablePrivilegeSource _ps,
                                                                   AccessControlLinkImpl _upd_acLink)
Adds the privilege rights to an AccessControlLinkImpl. This will allow AccessControlLinkImpl.getRight() to filter them, if there are some negative rights from some ACSs. Reads the positive and negative inherited rights if the target ACS manages the LPRI rights inheritance. In this case, returns the direct rights if there is no inherited rights through the method LinkRights.getL_accessRightsThroughNodesTree(), while the non-null inherited rights may delete all rights or be addded to the direct ones by the method NodeRights.mergeInheritedAclPriRightsAndComments().

If the LPRI inheritance is managed and if NodeRights.withAccessThroughNodesTreeFromEP() returns true, the result is null if the inherited rights array is null. On the other hand, the inherited rights array may be empty, and then the result contains simply the direct rights. When direct rights and inherited rights are not empty, they are merged by NodeRights.mergeInheritedAclPriRightsAndComments(). This method allows also to add specific AcsAddon comments for the direct privileges.

Puts in comments the rights, and puts also in the GLOBAL comment, the Privilege names and all the Privilege ACS names if they are more than one.

Note: this method is sensible since it is used for both the 2-nodes methods, the 3-nodes methods and a multiple-links method. Called by detectPrivilegeRights(), addPrivilegeRightsInSimpleDisplayableLink(), and CompoundRightsFactoryImpl.detectHiddenCompoundEpRights(). Calls getL_privilegeRights() and getL_linkedPrivilege(), and the _pt NodeRights.detectL_linkedPrivilegeRights(), mergeInheritedAclPriRightsAndComments(), getL_accessRightsThroughNodesTree() and withAccessThroughNodesTreeFromEP().

Parameters:
_pt - to analyze. Has to be known in the AlgorithmInterpreter.
_ps - to analyze
_upd_acLink - is the AccessControlLink to update. May be null.
Returns:
null if no right has been added, otherwise returns the updated _upd_acLink, or a new AccessControlLinkImpl if _upd_acLink is null.

finalizeForProcess

public void finalizeForProcess()
Finalizes the instance. Called by RightsMediatorImpl.finalizeForProcess().