ARoad0.AcsAddon.Accbee.MySQL.gBase
Class DirectoryMySQLImpl

java.lang.Object
  extended by ARoad0.gBase.BasicImpl
      extended by ARoad0.gBase.ResourceImpl
          extended by ARoad0.gBase.DirectoryImpl
              extended by ARoad0.AcsAddon.Accbee.MySQL.gBase.DirectoryMySQLImpl
All Implemented Interfaces:
DirectoryMySQL, ResourceMySQL, ACSObject, ACSObjectAddon, BaseBeanManager, BaseObject, Basic, BoundBean, Copyable, Directory, FinalizedObject, FinalizedObjectForUser, ImmutableBasic, ImmutableDirectory, ImmutableLeaf, ImmutableNode, ImmutablePrivilegeTarget, ImmutableResource, ImmutableTarget, Leaf, Node, PrivilegeTarget, PrivilegeUser, Resource, java.io.Serializable, java.lang.Cloneable, java.lang.Comparable

public class DirectoryMySQLImpl
extends DirectoryImpl
implements DirectoryMySQL

This class is responsible to manage the inherited AclEntries of the children, to manage the global rights, and to provide the main documentation for all the ResourceMySQL classes.

The children of a DirectoryMySQLImpl are ResourceMySQL, which is implemented by this class, and by ResourceMySQLImpl, ActorMySQLImpl and BasesSetMySQLImpl. This class manages a map of primary inherited AclEntry rights. The final access rights include these primary rights, but only if there is at least one right on the root 'MySQL server' for the user. Otherwise, the user has no right on the resource. On every child of the root 'MySQL server', a new ACL for a pair (user@host or accounts-for-hosts group) produces a new ACL on the root for the same pair if it does not exist. This new root ACL has the right USAGE, and it is not deleted by default when the initial ACL is deleted. For a new non-conditional ACL for an user, a host or a hosts group, there is no adding on the root. The inverse operation is to delete all the direct ACL of a pair on the root children when the root ACL for this pair is deleted.

In the ACS MySQL, the effective rights of a pair (user, host) on a resource are selected by a two-steps algorithm, derived from the MySQL specification, that is described hereinafter:

At the first step of access control, only the ACL on the root 'MySQL server' are implied to select the first pair (user, host or accounts-for-hosts group) that user matches. An accounts-for-hosts group contains some accounts to which it transfers the rights of all its ACL. Its behavior is like a Privilege having the type LINKED_IF_ALL_SOURCES. This pair (user, host or accounts-for-hosts group) is called by MySQL the current user, and it may be the initial pair (user, host) or not. For instance, all the effective rights of a pair (jerry, localhost) may be provided by the current user ('jerry', '%'). The AclEntries on the root 'MySQL server', for this first step of access control, may be:

- conditional user/host ACL on the root 'MySQL server' EXCLUSIVE OR non-conditional 'accounts-for-hosts group' ACL on the root 'MySQL server'.

The ACL list is not totally ordered, since the accounts conditional ACL are not sorted if the accounts are not 'anomymous'. If a right is granted at this first step (at least the 'USAGE' right), some complementary rights may be added, for the SAME current user, at each parent level from the database to the resource direct parent, as inherited ACL, then other complementary rights may be added from the direct ACLs of the resource. At each of these parent levels, and for the resource itself, into the sorted list of inherited or direct ACLs, the FIRST ACL or the FIRST couple of ACL for the current user, if any, defines the effective rights, at this level, for the pair (user, host) on the resource. This is the sens of the 'EXCLUSIVE OR' into each description of the two-steps algorithm. This first-selected-single-output rule is also applied into each category of ACL, like into the sorted list of the non-conditional 'accounts-for-hosts group' ACL for a resource.

The database and the bases set are both called 'database-specific target', because the bases set AclEntries are copied into the direct ACL list of every database that matches the bases set name. This copy is mainly provided by the class BasesSetMySQLImpl. For instance, the bases set named 'on%' matches the database named 'one', and all the 'on%' direct ACL are then copied by BasesSetMySQLImpl into the direct ACL list of the database 'one'. As we have seen, if a right is granted at the first step on the root 'MySQL server', some complementary rights may be added from the other levels:

first from the database-specific targets:

- AND ((conditional user/host ACL on a database-specific target EXCLUSIVE OR non-conditional 'accounts-for-hosts group' ACL on a database-specific target) EXCLUSIVE OR (user non-conditional ACL on a database-specific target AND host non-conditional ACL on the database-specific target)),

and secondly, some complementary rights may be also added, for the SAME current user (user, host or group of hosts), from the rights on all the database children which are parents of the resource or which is the resource itself:

- AND (conditional user/host ACL on a table EXCLUSIVE OR non-conditional 'accounts-for-hosts group' ACL on this table),

- AND (conditional user/host ACL on a column EXCLUSIVE OR non-conditional 'accounts-for-hosts group' ACL on this column),

- AND (conditional user/host ACL on a routine EXCLUSIVE OR non-conditional 'accounts-for-hosts group' ACL on this routine),

- AND (conditional user/host ACL on a view delegate EXCLUSIVE OR non-conditional 'accounts-for-hosts group' ACL on this view delegate),

Routines are the stored functions and the stored procedures. The rights on a resource may use any direct ACL rights on itself and also may use any of the rights on any direct or indirect parent. The rights on a database are the most complex. They use the ACL on the root, on the related bases sets and on this database.

Only the first applicable ACL is selected at each parent level (since there is the 'AND' logical operator between all of them), except for the to-be-mixed ACL on the databases. This selection rule explains why the ACL sorting into each ACL list is so important. The only exception is at the database level, when two to-be-mixed ACL are used into the sentence (user non-conditional ACL on a database-specific target AND host non-conditional ACL on the database-specific target) to produce the effective rights from the database level. This is true only if the previous ACL at this level do not match, because the ACL sorting puts first the conditional user/host ACL, then the non-conditional 'accounts-for-hosts group' ACL, and so, the to-be-mixed ACL are always at the end of the sorted list for a database.

Among the conditional user/host ACL, only one ACL matches a given pair (user, host). There is no sorting to apply among the hosts into this category of ACL. On the other hand, for several category of ACL into this description, like for instance 'non-conditional 'accounts-for-hosts group' ACL on the root 'MySQL server'', two specific ACL sortings are required, so that the first matched ACL is get for the effective rights. For the 'non-conditional 'accounts-for-hosts group' ACL and the host to-be-mixed ACL, the first sorting is based on the hosts group names, where for instance '192.168.1.%' is selected before '192.168.%' because it is sorted first. For the bases set ACL at the database level, there is an another sorting for the bases set names, where for instance 'on%' is selected before '%'. All the ACL sorting for a given parent level is the responsibility of the method BaseUtilityMySQLImpl.addInSortedAclList() and the related methods in the same class, like addAclNOTForDatabase(). Detecting what ACL match the current user is the responsability of the class gWork.NodeRightsMySQLImpl.

For summarizing the ResourceMySQL AclEntries, the beamer uses the ResourceImpl property m_inheritedT_ACLRights_ to show the primary rights to the user, which are defined as the rights statements of a given parent level. The map keys mimic the 'user@host' MySQL statements the administers use to declare the rights. This map does not contain only the inherited ACL, as its generic name seems to declare it, but also the direct ACL. The interface ResourceMySQL adds a new map for the global rights on the root 'MySQL server'. Comparing the keys, the single difference between the map keys is that the key for the primary rights is a String form of a Name, and the global rights key is the same Name. This is the responsibility of DirectoryMySQLImpl to create and edit these two rights maps. The map of global rights is reserved to NodeRightsMySQLImpl to detect quickly if an user has no access on the root 'MySQL server'.

There are three flows of data to manage the updating of AclEntries: (1) at the ACL creation/deletion, (2) when the inner rights of an ACL are editing, (3) only for the conditional ACL, at any change of the membership relation between the source and a condition group.

The flow of method calls at the ACL creation is summarized hereinafter. The process is fully under the responsability of the MySQL AcsAddon, with the calling of varied objects and methods:

- ResourceMySQL.addAclEntry() is the starting entry method, typically when it is called by the beamer,

- BaseUtilityMySQLImpl.setM_PrimaryTargetACLRightsFromDirectACL() to set both the map of the primary AclEntry rights and the map of the global AclEntry rights.

- if the ResourceMySQL is a BasesSetMySQLImpl, call to the matched databases to copy the new ACL,

- if the ResourceMySQL is a DirectoryMySQLImpl, ResourceMySQL.addInheritedAclEntry() on all the children, so that the updating of each child is independant, calling ResourceMySQL.setEorL_TargetInheritedAclEntries() that calls BaseUtilityMySQLImpl.setM_TargetInheritedACLRights() to set both the map of the primary AclEntry rights and the map of the global AclEntry rights for each child.

The detailed sequence of these calls is given at the method addAclEntry().

To manage the rights editing of an AclEntry among the primary AclEntries, the process is partially managed by the MySQL AcsAddon. At each inner rights change, AclEntryImpl calls Directory.resetInheritedAclEntryRightsOfChildren() if its target is a Directory, and this method is overridden in DirectoryMySQL.

The calling sequence is the following:

- DirectoryMySQL calls the overridden resetInheritedAclEntryRightsOfChildren() method, to call Resource.resetInheritedAclEntryRights() on each child,

- if the DirectoryMySQL is a BasesSetMySQLImpl, it calls Resource.resetInheritedAclEntryRights() on each matched database,

- it calls BaseUtilityMySQLImpl.setM_PrimaryTargetACLRightsFromDirectACL().

The 'InheritedTargetAclEntries' events are bound following specific rules:

- if the inherited AclEntries list changes, then the primary AclEntries map may change, but it is not mandatory for a to-be-mixed ACL,

- the global AclEntries map change each time the ACL on the root 'MySQL server' change.

The use of the property change event 'InheritedTargetAclEntries' does not strictly fulfill with the BeanInfoPattern. In the second case, the event is fired to inform the beamer about the primary rights, while the changing is about a direct ACL, not an inherited one. This is due to the fact that the ACS addon has chosen to not alterate the generic handling of a change of rights on a direct ACL, since the addon does not subclass the AclEntryImpl class. On the other hand, a graphic view that contains a ResourceMySQL listens the direct ACL and the inherited ACL events. Then, the graphic view receives several events about the same basic event about a change among the rights of an ACL. The timer delay in Gui2.GraphiViewBaseListenerImpl allows to avoid some unuseful processings for updating the graphic view.

A database is registered into the matched bases sets which is implemented by BasesSetMySQLImpl. This class implements the following rules, and when the user enter is not fulfilled with, it delivers an error message to the Access Road user with the same sentence:

- A database must have 'BASE ' at the beginning of its name.

- A table must have 'table' at the end of its name.

- MySQL allows conditional ACL only to accounts.

- MySQL allows a conditional ACL only with a simple host as conditional group. To set 'tom@%' for instance, creates the accounts-for-groups group 'tom§@%', and creates then a new non-conditional ACL on this new group.

- MySQL allows conditional ACL only with the account first host as condition group.

- A MySQL bases set allows non-conditional ACL only to accounts, accounts-for-hosts groups, hosts and hosts groups.

Excepting for EPRViewInBaseImpl, the listeners are outside gBase, they are transient (not serialized in this instance backup). They are called in any order. They may receive a copy of the new value, a null or an empty value. All the exceptions from the listeners are catched, and a dialog box is displayed to inform the user.

This class has no subclass into this package.

See Also:
BaseUtilityMySQLImpl, Serialized Form

Field Summary
static DirectoryMySQLImpl EMPTY_INSTANCE
          A reusable empty instance for initialization, to avoid the use of 'new' for temporary values.
protected  java.util.Map<ImmutableName,StringRight[]> m_globalT_ACLRights_
          TreeMap of global AclEntry rights, that are the direct rights statements for the root 'MySQL server'.
static java.io.ObjectStreamField[] serialPersistentFields
          variable for the JDK 2 serialization
private static long serialVersionUID__
           
 
Fields inherited from class ARoad0.gBase.DirectoryImpl
EnforceChildGID_, nodeHandler_
 
Fields inherited from class ARoad0.gBase.ResourceImpl
actorActivated_, groupID_, l_aclEntry_, l_groupRights_, l_inheritedT_AclEntries_, l_OpenAcsControllerNames_, l_ownerRights_, l_parentTreeAGRightsAllowToGoAcross_, l_rootRights_, m_inheritedT_ACLRights_, parent_, userID_
 
Fields inherited from class ARoad0.gBase.BasicImpl
aCS_, aCS_Name_, aliasHandler_, changeSupport_, comment_, folderMember_, INCREMENT_CAPACITY, INITIAL_CAPACITY, INITIAL_CAPACITY_2, iS_Name_, m_ConstrainedChildACS_, name_, PRIME, privHandler_, type_
 
Constructor Summary
DirectoryMySQLImpl()
          The basic constructor
DirectoryMySQLImpl(ImmutableName _name, ACS _acs, Directory _parent, UserID _owner, java.lang.String _resourceType)
          This constructor is set by the beamer editor for the ACS resources list, from the 'New' button, or from the gWork.AcsFactoryUbuntu.
DirectoryMySQLImpl(ImmutableName _name, ACS _acs, Directory _parent, UserID _owner, java.lang.String _resourceType, boolean _toRegisterInManager)
          This constructor is called by the other constructor.
 
Method Summary
 AclEntry addAclEntry(ImmutableACS _aclAcs, ImmutableEligibleParty _ep, StringRight[] _l_right, java.lang.Boolean _positiveRight, ImmutableGroupID _conditionGroup)
          Updates the inherited AclEntry in the children, the primary and the global rights maps, if it is applicable, and sorts the new direct AclEntry list.
 void addInheritedAclEntry(AclEntry _acl)
          Adds the inherited AclEntry.
 java.lang.Object clone()
          Deep cloning without registering of the new object in the ACSs.
 java.lang.Object copy(ImmutableName _name, ACS _acs, Directory _parent, java.lang.Boolean _toRegisterInManager)
          This method provides a copy of the instance with another name, without children copying because the copy order will not be always correct.
protected  DirectoryMySQLImpl copyOwnVariables(DirectoryMySQLImpl _result, boolean _withoutInternalAcl)
          This method provides a copy of the instance variables.
 java.lang.Object copyWithoutInternalAcl(ImmutableName _name, ACS _acs, Directory _parent, java.lang.Boolean _toRegisterInManager)
          This method provides a copy of the instance as Copyable.copy(), but without copying the internal aclEntries.
 void finalizeForBase()
          This method sets to null the primary inherited rights map, and unregisters this instance into the matched bases sets.
protected  void finalizeFromDeserialization()
          Currently unused.
 java.util.Map<java.lang.String,java.lang.String> getAddonInnerPropertiesToListen()
          Gets the specific events to listen from an ACSObject, because these events should change the rights of an ACSObject in an ACS Addon.
 java.util.Map<ImmutableName,StringRight[]> getM_GlobalTargetACLRights()
          Gets the map of the global rights from the root 'MySQL server'.
 java.util.Map<java.lang.String,StringRight[]> getM_TargetInheritedACLRights()
          Gets the internal map of the primary rights from each parent level of this resource.
 long getSerialVersionUID()
          For the java serialization.
 void removeAclEntry(ImmutableACS _aclAcs, ImmutableEligibleParty _ep, boolean _positiveRight, ImmutableGroupID _conditionGroup)
          Removes the AclEntry and the inherited AclEntries in the children.
 void removeAclEntryWithoutFiring(ImmutableACS _aclAcs, ImmutableEligibleParty _ep, boolean _positiveRight, ImmutableGroupID _conditionGroup)
          Removes the direct AclEntry and the inherited AclEntries in the children, but without event firing.
 void removeInheritedAclEntry(AclEntry _acl)
          Removes the inherited AclEntries in the children.
 void resetInheritedAclEntryRights(AclEntry _acl)
          Resets the inherited AclEntry rights and the primary rights after an user edition.
 void resetInheritedAclEntryRightsOfChildren(AclEntry _acl)
          At each rights changing into a direct ACL, if the ACL inheritance is applicable, resets the primary rights, the global rights and the inherited AclEntry rights in the children.
 AclEntry selectInheritedAclEntry(AclEntry _acl, java.lang.String _type)
          Returns the AclEntry to use as inherited AclEntry in a child.
protected  void setEorL_TargetInheritedAclEntries(java.util.ArrayList<AclEntry> _l_acl, boolean _withFiring)
          Sets all the inherited AclEntries, the global and the primary rights for this target.
protected  void setM_TargetInheritedACLRights(java.util.List<AclEntry> _l_acl)
          Sets the internal maps of the primary and global rights.
 
Methods inherited from class ARoad0.gBase.DirectoryImpl
addEorChild, addPropertyChangeListener, copyOwnVariables, equals, getEnforceChildGID, getEorL_Children, getPropertyChangeListeners, hashCode, removeEorChild, removePropertyChangeListener, resetInheritedPrivilegeRights, resetInheritedPrivilegeRightsOfChildren, setEnforceChildGID, setEorL_Children, setL_groupRights, setL_ownerRights, toString
 
Methods inherited from class ARoad0.gBase.ResourceImpl
addAcsController, addEorPrivilegeForLinksToTarget, addEorPrivilegeForTypeToTarget, compareTo, containsAclEntryToEP, copyOwnAcl, copyOwnVariables, fireL_inheritedGroupRights, fireL_inheritedOwnerRights, getActorActivated, getAGOAccessFromTheParentAccount, getAGOAccessFromTheParentGroup, getEorGroupID, getEorImmutableL_TargetInheritedAclEntries, getEorImmutableL_TargetInheritedLinkedPrivileges, getEorL_EPthroughAclEntry, getEorL_TargetInheritedAclEntries, getEorL_TargetInheritedLinkedPrivileges, getEorL_TargetPrivilegeForLinks, getEorL_TargetPrivilegeForTypes, getEorL_TargetPrivileges, getEorParent, getEorUserID, getL_aclEntry, getL_AcsControllers, getL_groupRights, getL_inheritedGroupRights, getL_inheritedOwnerRights, getL_ownerRights, getL_rootRights, getM_TargetInheritedLinkedPRIRights, getResourceType, hasTheAccountAndGroupOfParent, removeACL, removeAcsController, removeEorGroupID, removeEorPrivilegeToTarget, removeEorUserID, selectInheritedPrivilege, setAGOAccessFromTheParentAccount, setAGOAccessFromTheParentGroup, setEorGroupID, setEorParent, setEorUserID, setL_rootRights, setResourceType
 
Methods inherited from class ARoad0.gBase.BasicImpl
addAcsOfSoftReferences, addConstrainedChildACS, addEorSoftAlias, addInVFolderList, addInViewList, addPropertyChangeListener, copyOwnVariables, finalize, finalizeForUser, firePropertyChange, getAcsName, getComment, getEorACS, getEorAliasAsInternalHardReference, getEorReferenceAsInternalHardAlias, getFullName, getHasSoftAlias, getImpliedViews, getIS_Name, getL_AcsOfSoftReferences, getL_SoftAlias, getM_ConstrainedChildACS, getName, getNickName, getType, getVirtualFolders, removeAcsOfSoftReferences, removeConstrainedChildACS, removeEorSoftAlias, removeInVFolderList, removeInViewList, removePropertyChangeListener, setComment, setEorAliasAsInternalHardReference, setEorReferenceAsInternalHardAlias, setType
 
Methods inherited from class java.lang.Object
getClass, notify, notifyAll, wait, wait, wait
 
Methods inherited from interface ARoad0.gBaseInterface.Directory
resetInheritedPrivilegeRightsOfChildren, setEnforceChildGID
 
Methods inherited from interface ARoad0.gBaseInterface.ImmutableDirectory
getEnforceChildGID, getEorL_Children
 
Methods inherited from interface ARoad0.gBaseInterface.Resource
resetInheritedPrivilegeRights, selectInheritedPrivilege, setEorGroupID, setEorUserID, setL_groupRights, setL_ownerRights, setL_rootRights, setResourceType
 
Methods inherited from interface ARoad0.gBaseInterface.ImmutableResource
containsAclEntryToEP, getActorActivated, getAGOAccessFromTheParentAccount, getAGOAccessFromTheParentGroup, getEorGroupID, getEorImmutableL_TargetInheritedAclEntries, getEorL_EPthroughAclEntry, getEorUserID, getL_aclEntry, getL_AcsControllers, getL_groupRights, getL_inheritedGroupRights, getL_inheritedOwnerRights, getL_ownerRights, getL_rootRights, getM_ConstrainedChildACS, getResourceType, hasTheAccountAndGroupOfParent
 
Methods inherited from interface ARoad0.gBaseInterface.Basic
finalizeForUser, setComment
 
Methods inherited from interface ARoad0.gBaseInterface.ImmutableBasic
getComment, getEorAliasAsInternalHardReference, getEorReferenceAsInternalHardAlias, getHasSoftAlias, getImpliedViews, getIS_Name, getL_AcsOfSoftReferences, getL_SoftAlias, getPropertyChangeListeners, getVirtualFolders
 
Methods inherited from interface ARoad0.gBaseInterface.PrivilegeTarget
addEorPrivilegeForTypeToTarget, removeEorPrivilegeToTarget
 
Methods inherited from interface ARoad0.gBaseInterface.ImmutablePrivilegeTarget
getEorImmutableL_TargetInheritedLinkedPrivileges, getEorL_TargetPrivilegeForLinks, getEorL_TargetPrivilegeForTypes, getEorL_TargetPrivileges, getM_TargetInheritedLinkedPRIRights, getType
 
Methods inherited from interface ARoad0.gBaseInterface.ImmutableTarget
getEorAliasAsInternalHardReference, getEorReferenceAsInternalHardAlias, getHasSoftAlias, getL_AcsOfSoftReferences, getL_SoftAlias
 
Methods inherited from interface ARoad0.gBaseInterface.ACSObject
getAcsName, getEorACS
 
Methods inherited from interface ARoad0.gBaseInterface.BaseObject
equals, getFullName, getName, getNickName, hashCode
 

Field Detail

serialVersionUID__

private static final long serialVersionUID__
See Also:
Constant Field Values

EMPTY_INSTANCE

public static final DirectoryMySQLImpl EMPTY_INSTANCE
A reusable empty instance for initialization, to avoid the use of 'new' for temporary values. Caution: never change the state of the returned instance.


m_globalT_ACLRights_

protected java.util.Map<ImmutableName,StringRight[]> m_globalT_ACLRights_
TreeMap of global AclEntry rights, that are the direct rights statements for the root 'MySQL server'. The global access depends on this map, so each directory has such a map to accelerate the rights search. A ActorMySQL, ResourceMySQL or a BasesSetMySQL has no such property. The types of key are described at the method BaseUtilityMySQLImpl.setM_TargetInheritedACLRights() which updates this map. The map key into the primary rights map uses the same Name, but in its String form. The types 'virtual_objects' and 'bases set' have no global rights.

See Also:
BaseUtilityMySQLImpl.setM_TargetInheritedACLRights(ARoad0.AcsAddon.Accbee.MySQL.gBaseInterface.ResourceMySQL, java.util.List, java.util.Map, java.util.Map, boolean)

serialPersistentFields

public static final java.io.ObjectStreamField[] serialPersistentFields
variable for the JDK 2 serialization

Constructor Detail

DirectoryMySQLImpl

public DirectoryMySQLImpl()
The basic constructor


DirectoryMySQLImpl

public DirectoryMySQLImpl(ImmutableName _name,
                          ACS _acs,
                          Directory _parent,
                          UserID _owner,
                          java.lang.String _resourceType)
                   throws CreateError
This constructor is set by the beamer editor for the ACS resources list, from the 'New' button, or from the gWork.AcsFactoryUbuntu.

Parameters:
_name - of the directory
_acs - is the main ACS of the directory
_parent - of the directory; may be null.
_resourceType - is the type, and may be null if the ACS allows it.
_owner - owns the resource; may be null. Never used.
Throws:
CreateError - if ACSImpl.newEorResource() throws it - the instance must then be deleted !

DirectoryMySQLImpl

public DirectoryMySQLImpl(ImmutableName _name,
                          ACS _acs,
                          Directory _parent,
                          UserID _owner,
                          java.lang.String _resourceType,
                          boolean _toRegisterInManager)
                   throws CreateError
This constructor is called by the other constructor. For a database, it registers this instance into the matched bases sets. A bases set is implemented by the subclass BasesSetMySQLImpl. A table must have 'table' at the end of its name. The AclEntries and the inherited AclEntries from the parent are added. Calls the super constructor.

Parameters:
_name - of the directory
_acs - is the main ACS of the directory
_parent - of the directory; may be null.
_resourceType - is the type, and may be null if the ACS allows it.
_owner - owns the resource; may be null. Never used.
_toRegisterInManager - false if this method must not register the instance in the ACS.
Throws:
CreateError - if ACSImpl.newEorResource() throws it, or error on the name - the instance must then be deleted !
Method Detail

getSerialVersionUID

public long getSerialVersionUID()
Description copied from class: BasicImpl
For the java serialization.

Specified by:
getSerialVersionUID in interface ImmutableBasic
Overrides:
getSerialVersionUID in class DirectoryImpl
Returns:
the static serialVersionUID__ of this class

getAddonInnerPropertiesToListen

public java.util.Map<java.lang.String,java.lang.String> getAddonInnerPropertiesToListen()
Gets the specific events to listen from an ACSObject, because these events should change the rights of an ACSObject in an ACS Addon. Returns always null. These events are listened to update the views containing these ACSObjects, and this is not necessary for m_globalT_ACLRights_. This method does not cover the parent properties of a Resource or a VirtualFolder (see ARoad0.gBase.AcsAddon.getAddonParentPropertiesToListen()). To define the events, the map key may have the following values:

- 'THIS' to say that the single object to listen is the ACSObject,

- 'ACS.method_name' to say that the list of objects to listen is returned by the method 'method_name' in the Addon ACS class.

For each map key, the values have the following format:

'AAA.method_name IF BBB'

where:

- AAA: THIS (mandatory),

- method_name: 'get' method name of the ACSObject that is associated, in the relevant BeanInfo class, to the event to listen (mandatory)

- IF BBB: where BBB is TRUE, or FALSE, or NULL, or NOT-NULL, to say that the event must be listened if and only if the returned value of the method_name is respectively a boolean TRUE, or FALSE, or an object NULL, or NOT-NULL (option).

When the map value starts with 'ACS', the ACS method to call has the ACSObject has one argument. Otherwise, the ACS or the ACSObject method has no argument. Called by ARoad0.UtilityImpl.removeAddonParentPropertyChangeListener().

Specified by:
getAddonInnerPropertiesToListen in interface ACSObjectAddon
Returns:
map to define the specific ACS Addon events to listen. Is always null.
See Also:
AcsAddon.getAddonParentPropertiesToListen()

addAclEntry

public AclEntry addAclEntry(ImmutableACS _aclAcs,
                            ImmutableEligibleParty _ep,
                            StringRight[] _l_right,
                            java.lang.Boolean _positiveRight,
                            ImmutableGroupID _conditionGroup)
                     throws CreateError
Updates the inherited AclEntry in the children, the primary and the global rights maps, if it is applicable, and sorts the new direct AclEntry list. This is true for the root 'MySQL server' and for any of its child, with few exceptions since the types 'directory', 'virtual_objects' and 'bases set' have no global rights. On every child of the root 'MySQL server', a new ACL for a pair (user@host or accounts-for-hosts group) produces a new ACL on the root for the same pair if it does not exist. This new root ACL has the right USAGE, and it is not deleted by default when the initial ACL is deleted. For a new non-conditional ACL for an user, a host or a hosts group, there is no adding on the root. The inverse operation is to delete all the ACL of a pair on the root children when the root ACL for this pair is deleted. It is not possible to give a CREATE (or DROP) right on a table if the same grantee cannot CREATE (or DROP) the database itself.

This method stops then restores the property change firing on 'AclRights'. The generic order on 'AclRights' and 'EPsThroughAclEntry' firings is inversed. It fires the 'InheritedTargetAclEntries' events only to update the display of the primary rights map. Copies the overridden method and calls it after a removing of all the property change listeners for the event 'AclRights'. Calls addInheritedAclEntry() on the children, and calls BaseUtilityMySQLImpl.setM_PrimaryTargetACLRightsFromDirectACL(). The detailed sequence of calls from this method is the following:

- removePropertyChangeListener() for 'AclRights', to remove all the listeners,

- super.addAclEntry(), which has the calls sequence:

----- AclEntryImpl constructor,

----- ACS.newAclEntry(),

----- EligibleParty.addEorAclEntryToEP(),

----- updating of ResourceImpl.l_aclEntry_,

----- ResourceImpl.addAcsController(),

----- ResourceImpl.firePropertyChange() for 'EPsThroughAclEntry',

- BaseUtilityMySQLImpl.addInSortedAclList() with the original ResourceImpl.l_aclEntry_ as argument,

- updating of ResourceImpl.l_aclEntry_ with the returned sorted list,

- addPropertyChangeListener() for 'AclRights', to restore the initial listeners,

- BaseUtilityMySQLImpl.setM_TargetInheritedACLRights() for updating the primary and the global rights maps,

- for a conditional ACL and if the root node has no ACL with the same pair, addAclEntry() on the root node to add an equivalent ACL having only the USAGE right,

- for each child, selectInheritedAclEntry(),

- on each child, ResourceMySQL.addInheritedAclEntry(), which has the calls sequence:

----- BaseUtilityMySQLImpl.addInSortedInheritedAclList() to insert the new ACL in the inherited ACL list,

---------- BaseUtilityMySQLImpl.addInSortedAclList() with the original inherited ACL list as argument,

----- setEorL_TargetInheritedAclEntries() with the new inherited ACL list, which itself uses the sequence of calls:

---------- updating of ResourceImpl.l_inheritedT_AclEntries_,

---------- setM_TargetInheritedACLRights(), which calls:

--------------- BaseUtilityMySQLImpl.setM_TargetInheritedACLRights(), which includes:

-------------------- updating of ResourceImpl.m_inheritedT_ACLRights_,

-------------------- updating of ResourceMySQL.m_globalT_ACLRights_,

---------- firePropertyChange() for 'InheritedTargetAclEntries',

----- if the child is a Directory, repeats the calls to selectInheritedAclEntry() and addInheritedAclEntry() on its proper children,

- firePropertyChange() for 'AclRights' and 'InheritedTargetAclEntries' from this method.

Specified by:
addAclEntry in interface Resource
Overrides:
addAclEntry in class ResourceImpl
Parameters:
_aclAcs - ImmutableACS which owns the new AclEntry, and to be recorded as an ACS controller of this resource if it is not its main ACS.
_ep - eligible party connected to the resource through a new aclEntry.
_l_right - is an array of positive or negative rights of _ep on this resource (that is, if READ is a right, _ep can read on the resource). May be null.
_positiveRight - is true if the rights are set to authorize (grant), and false if they are set to forbid (deny).
_conditionGroup - first condition group. May be null.
Returns:
the new AclEntry.
Throws:
CreateError - if _ep or _aclAcs is null, or if _ep is already recorded in this resource with the same ACS, or thrown by the ACS.newEorAclEntry(), or with a condition group while the source is not an account, or without a condition group, and if this directory is not a database while the source is not an accounts-for-hosts group, or for a database when it is not for an account, a host or a host group (including the accounts-for-hosts groups).

removeAclEntry

public void removeAclEntry(ImmutableACS _aclAcs,
                           ImmutableEligibleParty _ep,
                           boolean _positiveRight,
                           ImmutableGroupID _conditionGroup)
                    throws UpDateError
Removes the AclEntry and the inherited AclEntries in the children. On the root 'MySQL server', updates the global rights and deletes all the direct ACL of a pair on the root children when the root ACL for this pair is deleted. Calls the overridden method at last. Calls removeInheritedAclEntry() on the children. Fires 'InheritedTargetAclEntries' events only to update the display of the primary rights map. The detailed sequence of calls for adding is described at the method addAclEntry().

Specified by:
removeAclEntry in interface Resource
Overrides:
removeAclEntry in class ResourceImpl
Parameters:
_aclAcs - ImmutableACS which owns the AclEntry, and is recorded as an ACS controller of this resource.
_ep - eligible party connected to the resource through an AclEntry. This method unrecords the relevant aclEntry in _ep, in this resource, and in the relevant ACS. The ACS of the aclEntry may be unrecorded in this resource if there are no other aclEntry owned by this ACS in this resource.
_positiveRight - is true if the rights are oriented to authorize, and false if they are oriented to forbid.
_conditionGroup - first condition group. May be null.
Throws:
UpDateError - if _ep is null, unknown, if _aclAcs is closed or unknown, or if the type does not allow this operation.
See Also:
addAclEntry(ARoad0.gBaseInterface.ImmutableACS, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.StringRight[], java.lang.Boolean, ARoad0.gBaseInterface.ImmutableGroupID)

addInheritedAclEntry

public void addInheritedAclEntry(AclEntry _acl)
Adds the inherited AclEntry. Called by DirectoryMySQLImpl.addAclEntry() and the same method, and by the constructor. An inherited AclEntry may have a Resource which is not this instance. The sorting rules in the ACL list are described in BaseUtilityMySQLImpl. Copied from ResourceMySQLImpl. Calls getEorL_TargetInheritedAclEntries(), BaseUtilityMySQLImpl.addInSortedInheritedAclList() and ResourceImpl.setEorL_TargetInheritedAclEntries() that fires 'InheritedTargetAclEntries'. Not described in the BeanInfo since the user does not call it. Calls the children addInheritedAclEntry() method at last.

Specified by:
addInheritedAclEntry in interface ResourceMySQL
Parameters:
_acl - inherited AclEntry to put in the list at the right order. Its target is not this instance.
See Also:
addAclEntry(ARoad0.gBaseInterface.ImmutableACS, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.StringRight[], java.lang.Boolean, ARoad0.gBaseInterface.ImmutableGroupID)

removeInheritedAclEntry

public void removeInheritedAclEntry(AclEntry _acl)
                             throws UpDateError
Removes the inherited AclEntries in the children. Called by DirectoryMySQLImpl. Copied from ResourceMySQLImpl. Calls getEorL_TargetInheritedAclEntries() and setEorL_TargetInheritedAclEntries() that fires 'InheritedTargetAclEntries'. Not described in the BeanInfo since the user does not call it. Calls the children removeInheritedAclEntry() method at last.

Specified by:
removeInheritedAclEntry in interface ResourceMySQL
Parameters:
_acl - inherited AclEntry. Its target is not this instance.
Throws:
UpDateError - if _acl is null or unknown

selectInheritedAclEntry

public AclEntry selectInheritedAclEntry(AclEntry _acl,
                                        java.lang.String _type)
Returns the AclEntry to use as inherited AclEntry in a child. Returns null if the type contains 'index', 'directory', or starts with 'byAcsCreator'. Otherwise, returns the argument. Called by the constructors, resetInheritedAclEntryRights() and Directory.resetInheritedAclEntryRightsOfChildren(). Overrides the super method and does not call it. Calls the ResourceMySQL static method having the same name.

Specified by:
selectInheritedAclEntry in interface ImmutableResource
Overrides:
selectInheritedAclEntry in class ResourceImpl
Parameters:
_acl - the initial AclEntry which may be given to the child
_type - type of a child, as Resource
Returns:
the same AclEntry if the child inherits this initial AclEntry, or null

resetInheritedAclEntryRights

public void resetInheritedAclEntryRights(AclEntry _acl)
Resets the inherited AclEntry rights and the primary rights after an user edition. Called by the parent when there is a change in the effective rights of an inherited AclEntry. Derived from setM_TargetInheritedACLRights(). Called by Directory.resetInheritedAclEntryRightsOfChildren(). Overrides the super method to update m_globalT_ACLRights_, and does not call it. Calls setM_TargetInheritedACLRights(), since it is not possible to reset the two inherited rights maps without analyzing all the inherited AclEntries. Calls resetInheritedAclEntryRights() on the children. Fires the 'InheritedTargetAclEntries' event.

Specified by:
resetInheritedAclEntryRights in interface ResourceMySQL
Specified by:
resetInheritedAclEntryRights in interface Resource
Overrides:
resetInheritedAclEntryRights in class DirectoryImpl
Parameters:
_acl - inherited AclEntry with updated rights. Never null.

resetInheritedAclEntryRightsOfChildren

public void resetInheritedAclEntryRightsOfChildren(AclEntry _acl)
At each rights changing into a direct ACL, if the ACL inheritance is applicable, resets the primary rights, the global rights and the inherited AclEntry rights in the children. There are three flows of data to manage the inherited AclEntries:

- one at the ACL creation/deletion, and this is not done in the generic gBase package,

- one at their inner rights editing,

- and the last flow, only for the condition ACL, at the editing of the membership relation between the source and a condition group.

This method is called for handling the second and the third cases, to update the children of the Directory which is the target of the AclEntry. This generic Directory method is used to not subclass the generic AclEntry class.

Called by an own AclEntry when there is a change in its effective rights, to update the children of the Directory which is its target. Not described in the BeanInfo since the user does not call it. Overrides the super method and calls it at the end. Note: the creation of the inherited AclEntry in a child is not handled by the generic gBase package, while the rights updating of the inherited AclEntry is handled through this method. Fires 'InheritedTargetAclEntries' events only to update the display of the primary rights map. Calls BaseUtilityMySQLImpl.setM_PrimaryTargetACLRights(). Called by AclEntryImpl.resetRightsAsInheritedAclEntry(), but not by the subclass BasesSetMySQLImpl.

Specified by:
resetInheritedAclEntryRightsOfChildren in interface Directory
Overrides:
resetInheritedAclEntryRightsOfChildren in class DirectoryImpl
Parameters:
_acl - own AclEntry with updated rights

getM_TargetInheritedACLRights

public java.util.Map<java.lang.String,StringRight[]> getM_TargetInheritedACLRights()
Gets the internal map of the primary rights from each parent level of this resource. The primary rights are displayed into the beamer. They help the user to understand the current users, since it covers the root 'MySQL server' rights, and to understand the complex database rights. Because this method overrides the Resource method, its name is 'TargetInheritedACL' rather than 'TargetPrimaryACL'. The map has lists of rights as values, and strongly contrained String keys. The rights may be from a real ACL or from a virtual ACL. The AclEntries list is used to produce some processed rights, as virtual ACL into the map. Only the real ACL are displayed by the beamer, as conditional or non-conditional ACL. A real ACL in the inherited AclEntries list produces rights directly into the map.

The primary rights are not an official MySQL concept. It is an help for the Access Road user and it is necessary for the gWork classes. It describes both the inherited AclEntries and the direct AclEntries. The root 'MySQL server' has primary rights only from its direct ACL, and a database has primary rights from the root and its direct ACL.

To have some access rights on a MySQL Resource, a pair (user, host) has to match on the root 'MySQL Server' a pair (user, host) or a pair (user, accounts-for-hosts group) which has at least an USAGE right. The FIRST matching pair in the 'MySQL server' list becomes the current user. It is used to get the rights for the initial pair (user, host) at each parent level. The current user is returned by the method NodeRightsMySQLImpl.getConnectionPair(). If the current user has only an USAGE right and if, for a given Resource, the curren user has no direct ACL and no inherited ACL, then no right is granted. Otherwise, the rights are the sum of the current user rights from the FIRST matched direct ACL and from the FIRST matched inherited ACL at EACH parent level. For these inherited ACL, the rights from each parent are added to the final result.

This section is about the virtual ACL in the MySQL addon. There are two types of virtual ACL: the virtual 'user@accounts-for-hosts group' ACL on any Resource, which derives from one 'accounts-for-hosts group' real ACL, and the mixed ACL which is only on databases. The mixed ACL derives from two to-be-mixed real ACL. The virtual user@accounts-for-hosts group ACL is so derived from a non-conditional accounts-for-hosts group ACL, and the target may have any type. There are processed rights for each account member of the accounts-for-hosts group. If there are 3 members into the accounts-for-hosts group, there are 3 sets of processed rights for three keys in the rights maps. All these rights are simply the copy of the accounts-for-hosts group ACL rights.

The database level is the most complex case. It is the only parent level to handle the virtual mixed ACL, the to-be-mixed real ACL and the real bases set ACLs. The to-be-mixed real ACL are the only case where two real ACL are selected at a level (this is indeed always the database level) to build up some rights in a virtual mixed ACL. To-be-mixed and mixed ACL are not official MySQL concepts, but they implement a MySQL algorithm. Two non-conditional to-be-mixed ACL on a database-related target, respectively for an user U and a host H, are combined to define the processed rights for the pair (U, H). The processed rights are the union of the rights from the two real ACL. This define a map key even if the union of rights is empty. This is the only case where a key in the two maps, may have an empty set of effective rights.

This section is about the keys into the primary rights map. Each parent level may produce a matched key for a given couple user/host and a target. Into the primary ACL rights map, the map key may have varied forms, where the parent order is always at the end. The parent order tells the distance from the target to the parent which delivers the referenced rights. For instance, the direct parent of a resource has the string '1'. The direct parent of this parent has the string '2' as parent order, and so on. Into the two rights maps, the single difference between the keys is that the key for the primary rights is a String form of a Name, and the global rights key is the same Name.

The ten key forms are listed hereinafter:

- (user name @ host name last component) :: parent order, for instance 'one :: mysql :: jerry@localhost :: 2',

- :: (user name @ accounts-for-hosts group name last component) :: parent order, for instance ':: one :: mysql :: jerry@192.168.1.% :: 0',

'' is a generic tag that means 'processed rights', to tell the key and its rights are not get from the direct reading of a real ACL. These two first forms are the only used ones when the parent level is not a database. These forms are also used for a database, but the followings are additional forms in this case: - :: (user name @ host name last component):: parent order,

- :: (user name @ accounts-for-hosts group name last component) :: parent order,

- :: (user name @ host name last component) :: parent order,

- :: (user name @ host name last component) :: parent order,

- :: (user name @ host name last component) :: parent order,

- :: (user name @ hosts group name last component) :: parent order,

- :: (user name @ hosts group name last component) :: parent order,

- :: (user name @ hosts group name last component) :: parent order.

In this catalog of key forms for the database, '' means this is a virtual mixed ACL, and '' means a bases set ACL is the real ACL from which the virtual ACL is derived. The tag '' is proper to MySQL but it may be reused in another ACS Addons. The tag '' is a generic form another ACS Addon may use. A key contains two times '' when there are both a real bases set ACL for the user, and a real bases set ACL for the host or the hosts group. These key forms are designed to help the Access Road user to find the origin of a key into a rights map. A key has exactly one origin, which is one real ACL in most of the cases, except the virtual mixed ACL where two real to-be-mixed ACL are processed. The rights map keys of a parent level are not sorted following the ACL sorting, or following any other sorting. The value in a rights map is always a non-null StringRight array. This array may be empty only for a mixed virtual ACL. Overrides the Resource method to describe its use by the MySQL addon.

Specified by:
getM_TargetInheritedACLRights in interface ResourceMySQL
Specified by:
getM_TargetInheritedACLRights in interface ImmutableResource
Overrides:
getM_TargetInheritedACLRights in class ResourceImpl
Returns:
unmodifiable map of primary rights from the direct and inherited AclEntries. May be empty but never null.

getM_GlobalTargetACLRights

public java.util.Map<ImmutableName,StringRight[]> getM_GlobalTargetACLRights()
Gets the map of the global rights from the root 'MySQL server'. The map has lists of rights as values, and strongly contrained Name keys. The rights may be from a real ACL or from a virtual ACL. The AclEntries list is used to produce some processed rights, as virtual ACL into the map. Only the real ACL are displayed by the beamer, as conditional or non-conditional ACL.

The global rights are necessary for the gWork classes, and the first user is NodeRightsMySQLImpl.getConnectionPair(). To have some access rights on a MySQL Resource, a pair (user, host) has to match on the root 'MySQL Server' a pair (user, host) or a pair (user, accounts-for-hosts group) which has at least an USAGE right. The FIRST matching pair in the 'MySQL server' list becomes the current user. It is used to get the rights for the initial pair (user, host) at each parent level. If the current user has only an USAGE right on the root and if, for a given Resource, the current user has no other inherited ACL on the target, then no right is granted.

Into the global ACL rights map, the map key may have varied forms, where the parent order is always at the end. The parent order tells the distance from the target to the parent which delivers the referenced rights. For instance, the direct parent of a resource has the string '1'. The direct parent of this parent has the string '2' as parent order, and so on. The two key forms are listed hereinafter, where the parent order is always 0:

- (user name @ host name last component) :: parent order, for instance 'one :: mysql :: jerry@localhost :: 0',

- :: (user name @ accounts-for-hosts group name last component) :: parent order, for instance ':: one :: mysql :: jerry@192.168.1.% :: 0',

'' is a generic tag that means 'processed rights', to tell the key and its rights are not get from the processing of a real ACL. A key has exactly one origin, which is one real ACL. The value in a rights map is always a non-null StringRight array.

Specified by:
getM_GlobalTargetACLRights in interface DirectoryMySQL
Returns:
the map of global rights from the root direct AclEntries. This is a direct reference without protection, to be fast. May be empty but never null.

clone

public java.lang.Object clone()
Deep cloning without registering of the new object in the ACSs. Caution: don't use any updating method on this clone, because that may destroy the base integrity. A finalized instance returns a clone with getEorACS() which returns null, but getName() and getAcsName() operates.

Overrides:
clone in class DirectoryImpl
Returns:
Object; is not registred in the ACSs. The names, the aclEntries, the AG rights, the ACS controller names are cloned. The AclEntries are weakly cloned, so they have no direct link to this resource. The external object references are not cloned
Throws:
java.lang.CloneNotSupportedException

finalizeForBase

public void finalizeForBase()
                     throws UpDateError
This method sets to null the primary inherited rights map, and unregisters this instance into the matched bases sets. Overrides the super method and calls it at the end. Note: when this method is called by the ResourceImpl constructor, the proper variables of this class are not still initialized.

Specified by:
finalizeForBase in interface FinalizedObject
Overrides:
finalizeForBase in class DirectoryImpl
Throws:
UpDateError - if the main ACS do not known the resource (if it is a clone without setName(), typically)

copy

public java.lang.Object copy(ImmutableName _name,
                             ACS _acs,
                             Directory _parent,
                             java.lang.Boolean _toRegisterInManager)
                      throws CreateError
This method provides a copy of the instance with another name, without children copying because the copy order will not be always correct. Caution: the user and the group will not be copied if the copy ACS is different and without similar user or group. This method is overridden by the subclasses. Calls copyOwnVariables().

Specified by:
copy in interface Copyable
Overrides:
copy in class DirectoryImpl
Parameters:
_name - copy name. Usually creates as an extension of _parent name.
_acs - main ACS of the copy to create. May not be the ACS of this instance.
_parent - DirectoryImpl which belongs to _acs and will have the copy. May be null.
_toRegisterInManager - false if this method must not register the instance in the ACS.
Returns:
copy as DirectoryMySQLImpl instance
Throws:
CreateError - of the constructor with the same parameters, or if _parent ACS is not _acs, or addAclEntry() exceptions.

copyWithoutInternalAcl

public java.lang.Object copyWithoutInternalAcl(ImmutableName _name,
                                               ACS _acs,
                                               Directory _parent,
                                               java.lang.Boolean _toRegisterInManager)
                                        throws CreateError
This method provides a copy of the instance as Copyable.copy(), but without copying the internal aclEntries. It is used for ACSImpl.copy(), because all the EP must be copied first before the copy of all the resources with their aclEntries. Each internal variable that is an external object reference has a shallow copy (no deep copy), but without copy for the internal aclEntry nor the list of ViewInBase that contains this instance. Called from BaseUtilitiesImpl.copyDirectoriesAndActors(). Calls copyOwnVariables().

Specified by:
copyWithoutInternalAcl in interface Resource
Overrides:
copyWithoutInternalAcl in class DirectoryImpl
Parameters:
_name - copy name. Usually creates as an extension of _parent name.
_acs - main ACS of the copy to create. May not be the ACS of this instance.
_parent - is not used, wathever the value.
_toRegisterInManager - false if this method must not register the instance in the ACS.
Returns:
a new DirectoryMySQLImpl instance
Throws:
CreateError - of the constructor with the same parameters, or if _parent ACS is not _acs, or addAclEntry() exceptions.

removeAclEntryWithoutFiring

public void removeAclEntryWithoutFiring(ImmutableACS _aclAcs,
                                        ImmutableEligibleParty _ep,
                                        boolean _positiveRight,
                                        ImmutableGroupID _conditionGroup)
                                 throws UpDateError
Removes the direct AclEntry and the inherited AclEntries in the children, but without event firing. The purpose of this method is to avoid an unuseful sequence of firings when a lot of AclEntries are removed. It is called from the root 'MySQL server' method removeAclEntry() when it deletes all the direct ACL of a pair on the root children when the root ACL for this pair is deleted. Calls removeInheritedAclEntry() on the children and also calls the overridden method, and disables before all the firings for the 'InheritedTargetAclEntries', 'AclRights' and 'EPsThroughAclEntry' events.

Specified by:
removeAclEntryWithoutFiring in interface ResourceMySQL
Parameters:
_aclAcs - ImmutableACS which owns the AclEntry, and is recorded as an ACS controller of this resource.
_ep - eligible party connected to the resource through an AclEntry. This method unrecords the relevant aclEntry in _ep, in this resource, and in the relevant ACS. The ACS of the aclEntry may be unrecorded in this resource if there are no other aclEntry owned by this ACS in this resource.
_positiveRight - is true if the rights are oriented to authorize, and false if they are oriented to forbid.
_conditionGroup - first condition group. May be null.
Throws:
UpDateError - if _ep is null, unknown, if _aclAcs is closed or unknown, or if the type does not allow this operation.
See Also:
addAclEntry(ARoad0.gBaseInterface.ImmutableACS, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.StringRight[], java.lang.Boolean, ARoad0.gBaseInterface.ImmutableGroupID)

copyOwnVariables

protected DirectoryMySQLImpl copyOwnVariables(DirectoryMySQLImpl _result,
                                              boolean _withoutInternalAcl)
                                       throws CreateError
This method provides a copy of the instance variables. Does not copy the children. Called by copy(), and by the copyOwnVariables() methods of the subclasses. Calls super.copyOwnVariables(). Caution: the user and the group will not be copied if the copy ACS is different and without similar user or group.

Parameters:
_result - to update with this instance variables copies.
_withoutInternalAcl - true if the internal aclEntries - that is with a resource having the same ACS - must not be copied
Returns:
updated _result
Throws:
if - super throws it
CreateError

finalizeFromDeserialization

protected void finalizeFromDeserialization()
Currently unused. This method sets to null the primary inherited rights map, since it is used after a deserialization. Overrides the super method and calls it at the end.

Overrides:
finalizeFromDeserialization in class DirectoryImpl

setEorL_TargetInheritedAclEntries

protected void setEorL_TargetInheritedAclEntries(java.util.ArrayList<AclEntry> _l_acl,
                                                 boolean _withFiring)
Sets all the inherited AclEntries, the global and the primary rights for this target. The AclEntry may be a clone. Called by add/removeInheritedAclEntry(), removeAclEntryWithoutFiring() and by BasesSetMySQLImpl.resetInheritedAclEntryRightsOfChildren() for a database. Calls setM_TargetInheritedACLRights() to set the primary rights map. Fires 'InheritedTargetAclEntries' events. The detailed sequence of calls for adding is described at the method DirectoryMySQLImpl.addAclEntry().

Parameters:
_l_acl - list of AclEntries. May be empty, but never null.
_withFiring - true to fire 'InheritedTargetAclEntries'. False only when called by removeAclEntryWithoutFiring().
See Also:
addAclEntry(ARoad0.gBaseInterface.ImmutableACS, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.StringRight[], java.lang.Boolean, ARoad0.gBaseInterface.ImmutableGroupID)

setM_TargetInheritedACLRights

protected void setM_TargetInheritedACLRights(java.util.List<AclEntry> _l_acl)
Sets the internal maps of the primary and global rights. Does not fire a property change event. Called by setEorL_TargetInheritedAclEntries() only. Does not fire any event while the caller method may fire 'InheritedTargetAclEntries' events. Calls the BaseUtilityMySQLImpl method having the same name. The detailed sequence of calls for adding is described at the method DirectoryMySQLImpl.addAclEntry().

Parameters:
_l_acl - new list of inherited AclEntries. May be empty, but never null.
See Also:
addAclEntry(ARoad0.gBaseInterface.ImmutableACS, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.StringRight[], java.lang.Boolean, ARoad0.gBaseInterface.ImmutableGroupID)