ARoad0.gWork
Class LinkRightsImpl

java.lang.Object
  extended by ARoad0.gWork.LinkRightsImpl
All Implemented Interfaces:
LinkRights
Direct Known Subclasses:
LinkRightsMySQLImpl, LinkRightsUbuntuImpl

public class LinkRightsImpl
extends java.lang.Object
implements LinkRights

This class provides detection and filtering operations about links and privileges, for a given ACS. It operates on DisplayableLinkImpls, on the inherited rights and the typed privileges. An important service is the adding of a DisplayableLinkImpl to the view map for these objects, and its filtering by the AcsAddon subclasses (see the method addDisplayableLink). Another important service is the application of priority rules to filter a link after a comparison with the other links. This service may be defined for the AGO, ACL or Privilege rights. An another service is the handling of the inherited rights of a leaf through a tree. There is also the analysis of the Account/Groups context of a node in a given DisplayableLinkImpl. No direct call to the ACS methods.

Each node in a view and each intermediate node has one LinkRights instance for each view it belongs to. The implementation classes of this interface have properties that depend only on the class of the node ACS, then 2 nodes of the same view should use the same LinkRights instance, even if it is not the actual behavior in all cases. But there is an exception for the methods that detects the Account and AcsAddon priorities over all the links. They use RightsMediatorImpl.getAllLinkRights() which returns only one LinkRights instance per implied gWork package, and not one instance per view node.

Each instance of LinkRights is called by only one thread. A node may be in several DisplayableLinks of the same view, but it has only one LinkRights instance for the view. The association between a node and its LinkRights instance is managed by the RightsMediatorImpl of the view.

An AcsAddon may overread this class to change the implemented rules, for instance it may be necessary to change the 'ThroughNodesTree' methods for the rights inheritance.

During a search, a DisplayableLinkImpl may have to be removed after its insertion in the final result. The reason is the filtering of access paths to apply some priority rules among the AGO, PRI, ACL or BDG rights. Some of these priority rules may be from an AcsAddon, through the call to a method detectAddonPriorityInXXX(). These methods have the property to detect a prioritary link which enforces the removing of one or several longuer links in the final result. The inverse is not true, since a long link cannot produce, by its existence, the removing of a shorter link. To overcome this limit in an AcsAddon, it is possible to use the 3 methods NodeRights.detectAddon2Nodes, detectAddon3Nodes and detectAddonFinalAllNodes. These methods detect some long links, and may remove other links if there is a priority rule to fulfill with. However, this way breaks the semantic of these NodeRights methods. The work is longer and it would produce a code more difficult to maintain.

Note : since the AGO rights are only inner rights of an ACS, and since all the nodes of an ACS have LinkRight instances that have the same behavior, it is possible for the AGO rights to use for a node, the LinkRight instance of another node from the same ACS. This is also true for VirtualFolder memberships, but not for the Bridge and Privilege rights.

The calls to the ACS are for the methods getManageGroups(), getManageGroupTrees(), getManageLPRIRightsInheritance(), getManageACLRightsInheritance(), getManageAGORightsInheritance(), getManageSecGroupsForActor(). This class is used by the gWork and Gui2 classes.

See Also:
AccessControlLinkImpl

Field Summary
protected  AlgorithmInterpreter interpreter_
           
protected  DisplayableLinkUtilities linkUtil_
           
private static java.util.Map M_RIGHTS_ACRONYMS
           
protected  UtilityImpl utility_
           
 
Fields inherited from interface ARoad0.gWorkInterface.LinkRights
INITIAL_CAPACITY
 
Constructor Summary
LinkRightsImpl(AlgorithmInterpreter _interpreter)
          Only one constructor, called by RightsMediatorImpl after the creation of _interpreter.
 
Method Summary
 DisplayableLinkImpl addDisplayableLink(DisplayableLinkImpl _dLink, java.util.Map _upd_m_l_DisplayableLinks)
          This important method adds a DisplayableLinkImpl in the map, if it does not exist, or adds the rights of each AccessControlLink in the link, to the matched link in the map.
 java.util.Collection detectAccountPriorityInAllLinksAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
          This heavy method removes any DisplayableLink which contains an Account/Group Group relation while there is an Account in another DisplayableLink.
 boolean detectAccountPriorityInLastLinkAGORights(DisplayableLinkImpl _dLink, java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
          Applies the rule 'AGO right: A rights overlay G rights' to a DisplayableLink that ends with the sequence source/groupIDMember/resource, through the analysis of a list of DisplayableLinkImpls.
 java.util.Collection detectAddonPriorityInAllLinksAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
          This heavy method is overridden by the AcsAddon, to remove any DisplayableLink which has an AcsAddon object, and contains an AGO right while there is a superior right in another DisplayableLink, following the applicable ACS rules of the AcsAddon ACS.
 java.util.Collection detectAddonPriorityInAllLinksNonAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
          This heavy method is overridden by the AcsAddon, to remove any DisplayableLink which has an AcsAddon object and contains an ACL right or a Privilege right, while there is a superior right in another DisplayableLink, following the applicable ACS rules of the AcsAddon ACS.
 boolean detectAddonPriorityInLastLinkAGORights(DisplayableLinkImpl _dLink, java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
          Overridden by the AcsAddon, to apply the ACS priority rules to a DisplayableLink that ends with an access target, for a given Addon ACS that owns this target, through the analysis of a list of DisplayableLinkImpls.
 boolean detectAddonPriorityInLastLinkNonAGORights(DisplayableLinkImpl _dLink, java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
          Overridden by the AcsAddon, to applies any priority rules to a DisplayableLink, about an ACL right or a Privilege right in the last AccessControlLink, through the analysis of a list of DisplayableLinkImpls.
 boolean equals(java.lang.Object _obj)
           
 void finalizeForProcess()
          Finalizes the instance.
 boolean getDetectAddonPriorityInAllLinksAGORights()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop, and by detectOneHiddenNodeCompoundRights().
 boolean getDetectAddonPriorityInAllLinksNonAGORights()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop, and by detectOneHiddenNodeCompoundRights().
 boolean getDetectAddonPriorityInLastLinksAGORights()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loops, and by ThreeNodeRightsFactoryImpl.endsPathsFromGroupIDMemberrWithAclPrivilegeMemberOwnContain().
 boolean getDetectAddonPriorityInLastLinksNonAGORights()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loops.
 java.util.List<PrivilegeSource> getEorL_SourcesForPrivilegeForType(PrivilegeForType _priv, ImmutableACS _acs)
          Gets all the PrivilegeSources using a given PrivilegeForType.
 java.util.List<PrivilegeTarget> getEorL_TargetsForPrivilegeForType(PrivilegeForType _priv, ImmutableACS _acs)
          Gets all the PrivilegeTargets using a given PrivilegeForType.
 int hashCode()
           
 boolean isSourceForPrivilegeForType(PrivilegeForType _priv, ImmutablePrivilegeSource _ps)
          NO USE - Returns true if a PrivilegeSource uses a given PrivilegeForType.
 boolean isTargetForPrivilegeForType(PrivilegeForType _priv, ImmutablePrivilegeTarget _pt)
          Returns true if a PrivilegeTarget uses a given PrivilegeForType.
 boolean isTransferingAGcontext(AccessControlLinkImpl _acLink, ImmutableACS _firstACS, ImmutableACS _secondACS)
          Called by setNextNodeAGrunningContext() and updateAGrunningContext().
protected  java.util.HashSet<ImmutableGroupIDMember> setNextNodeAGrunningContext(DisplayableLinkImpl _upd_dLink, int _nodeIndex)
          This method increments the Account/Groups context position, updates the AG context set in the DisplayableLinkImpl and returns this context.
 java.lang.String toString()
           
 java.util.Set<ImmutableGroupIDMember> updateAGrunningContext(DisplayableLinkImpl _upd_dLink)
          This important method updates the Account/Groups context of a DisplayableLinkImpl, either from the AG context of the last node having one, or from one of the following nodes in the same ACS, or, if there is no current AG context, through all the connected nodes from the same ACS.
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

M_RIGHTS_ACRONYMS

private static java.util.Map M_RIGHTS_ACRONYMS

interpreter_

protected AlgorithmInterpreter interpreter_

utility_

protected UtilityImpl utility_

linkUtil_

protected DisplayableLinkUtilities linkUtil_
Constructor Detail

LinkRightsImpl

public LinkRightsImpl(AlgorithmInterpreter _interpreter)
Only one constructor, called by RightsMediatorImpl after the creation of _interpreter.

Parameters:
_interpreter - algorithm interpreter of this view
Method Detail

equals

public boolean equals(java.lang.Object _obj)
Overrides:
equals in class java.lang.Object
Parameters:
_obj - Object to compare
Returns:
false only if _obj is null or has not the same class, that is, _obj is an instance of LinkRights from another (generic or AcsAddon) gWork package

hashCode

public int hashCode()
Overrides:
hashCode in class java.lang.Object
Returns:
0 as hashcode

finalizeForProcess

public void finalizeForProcess()
Finalizes the instance. Called by RightsMediatorImpl.finalizeForProcess().

Specified by:
finalizeForProcess in interface LinkRights

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object
Returns:
the String form of the class, not of the instance

getDetectAddonPriorityInAllLinksAGORights

public boolean getDetectAddonPriorityInAllLinksAGORights()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop, and by detectOneHiddenNodeCompoundRights(). Overridden by the subclasses.

Specified by:
getDetectAddonPriorityInAllLinksAGORights in interface LinkRights
Returns:
true if the detectAddonPriorityInAllLinksAGORights method provides some work in this class.

getDetectAddonPriorityInAllLinksNonAGORights

public boolean getDetectAddonPriorityInAllLinksNonAGORights()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop, and by detectOneHiddenNodeCompoundRights(). Overridden by the subclasses.

Specified by:
getDetectAddonPriorityInAllLinksNonAGORights in interface LinkRights
Returns:
true if the detectAddonPriorityInAllLinksNonAGORights method provides some work in this class.

getDetectAddonPriorityInLastLinksAGORights

public boolean getDetectAddonPriorityInLastLinksAGORights()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loops, and by ThreeNodeRightsFactoryImpl.endsPathsFromGroupIDMemberrWithAclPrivilegeMemberOwnContain(). Overridden by the subclasses.

Specified by:
getDetectAddonPriorityInLastLinksAGORights in interface LinkRights
Returns:
true if the detectAddonPriorityInLastLinksAGORights method provides some work in this class.

getDetectAddonPriorityInLastLinksNonAGORights

public boolean getDetectAddonPriorityInLastLinksNonAGORights()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loops. Overridden by the subclasses.

Specified by:
getDetectAddonPriorityInLastLinksNonAGORights in interface LinkRights
Returns:
true if the detectAddonPriorityInLastLinksNonAGORights method provides some work in this class.

addDisplayableLink

public DisplayableLinkImpl addDisplayableLink(DisplayableLinkImpl _dLink,
                                              java.util.Map _upd_m_l_DisplayableLinks)
This important method adds a DisplayableLinkImpl in the map, if it does not exist, or adds the rights of each AccessControlLink in the link, to the matched link in the map. This is the main method to add a DisplayableLinkImpl to the map of a view, and CompoundRightsFactoryImpl.detectAcsLinks() is the only method to not use it. If the argument is not a weak link, it is put as the first link in the list if the current first link is weak, since only a first weak link is ridden by GraphicEPRview. The merging of rights is done by DisplayableLinkImpl.mergeRightsWithoutFiltering().

Caution: the rights and the comments are merging if there is in the map a DisplayableLinkImpl with the same nodes, and the result is then this previous link. But there is no merging of the _dLink properties since the merging algorithm depends on the semantic of the property.

This method may be subclassed by the AcsAddon subclasses for filtering the adding of a DisplayableLinkImpl following the previous DisplayableLinkImpls in the map. Called by AgoRightsFactoryImpl, AclRightsFactoryImpl, PrivilegeRightsFactoryImpl and CompoundRightsFactoryImpl. Calls DisplayableLinkImpl.mergeRightsWithoutFiltering() and mergeCommentsWithoutFiltering().

Specified by:
addDisplayableLink in interface LinkRights
Parameters:
_dLink - is the new link including some rights and to add to _upd_m_l_DisplayableLinks
_upd_m_l_DisplayableLinks - Map of DisplayableLinks ArrayLists (one per pair) to update.
Returns:
DisplayableLinkImpl in _upd_m_l_DisplayableLinks, which may be _dLink, or the similar link in _upd_m_l_DisplayableLinks, after the rights merging but without merging of the properties. Null if the adding is rejected.
See Also:
getDisplayableLink()

detectAccountPriorityInLastLinkAGORights

public boolean detectAccountPriorityInLastLinkAGORights(DisplayableLinkImpl _dLink,
                                                        java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
Applies the rule 'AGO right: A rights overlay G rights' to a DisplayableLink that ends with the sequence source/groupIDMember/resource, through the analysis of a list of DisplayableLinkImpls. This is the LinkRightsImpl instance of the last resource.

If the last sequence is source/userID/resource in _dLink, this method removes any DisplayableLink in the list containing a sequence source/groupID/resource with the same source and resource, and the method returns false to say there is no priority that forbids the use of the argument _dLink as a valid link. Otherwise, with this last sequence, the method returns true.

If the last sequence is source/groupID/resource in _dLink, and if there is a DisplayableLink in the list containing a sequence source/userID/resource with the same source and resource, then the method returns true to say there is a priority that forbids the use of the argument _dLink as a valid link. Otherwise, with this last sequence, the method returns false.

The OWNER path may be without workable rights, since the account remains there the single applicable relation. Called by AgoRightsFactoryImpl.detectHiddenChainedGroupsRights().

Specified by:
detectAccountPriorityInLastLinkAGORights in interface LinkRights
Parameters:
_dLink - with a Resource as as node of this instance and as second end, and a groupIDMember just before the second end. Returns true if null, empty or with less than 3 nodes. Its AccessControlLinks are not analyzed.
_upd_l_dLinks - to analyze and update, all with the same second end than _dLink. Returns false if it is null or empty. It may be updated only if _dLink contains an UserID as node before the last node. The last AccessControlLink of each DisplayableLinkImpl is analyzed for the types OWNER and CONTAIN. May contain the argument _dLink that is then ignored. May be null.
Returns:
true if _dLink is not a valid link
Throws:
java.lang.InternalError - with a list having links without the same _dLink ends, or _dLink does not have a groupIDMember as node just before the last one

detectAddonPriorityInAllLinksAGORights

public java.util.Collection detectAddonPriorityInAllLinksAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
This heavy method is overridden by the AcsAddon, to remove any DisplayableLink which has an AcsAddon object, and contains an AGO right while there is a superior right in another DisplayableLink, following the applicable ACS rules of the AcsAddon ACS. Caution: a smaller DisplayableLink may be in a list after a longuer DisplayableLink. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final search if getDetectAddonPriorityInAllLinksAGORights() returns true. Overridden method.

Specified by:
detectAddonPriorityInAllLinksAGORights in interface LinkRights
Parameters:
_l_dLinks - DisplayableLinkImpls to analyze, all with the same two ends or not, where this LinkRights is for one of the node in at least one DisplayableLinkImpl. Not null.
Returns:
the updated argument

detectAddonPriorityInAllLinksNonAGORights

public java.util.Collection detectAddonPriorityInAllLinksNonAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
This heavy method is overridden by the AcsAddon, to remove any DisplayableLink which has an AcsAddon object and contains an ACL right or a Privilege right, while there is a superior right in another DisplayableLink, following the applicable ACS rules of the AcsAddon ACS. Caution: a smaller DisplayableLink may be in a list after a longuer DisplayableLink. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final search if getDetectAddonPriorityInAllLinksNonAGORights() returns true. Overridden method.

Specified by:
detectAddonPriorityInAllLinksNonAGORights in interface LinkRights
Parameters:
_l_dLinks - DisplayableLinkImpls to analyze, all with the same two ends or not, where this LinkRights is for one of the node in at least one DisplayableLinkImpl. Not null
Returns:
the updated argument

detectAddonPriorityInLastLinkNonAGORights

public boolean detectAddonPriorityInLastLinkNonAGORights(DisplayableLinkImpl _dLink,
                                                         java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
Overridden by the AcsAddon, to applies any priority rules to a DisplayableLink, about an ACL right or a Privilege right in the last AccessControlLink, through the analysis of a list of DisplayableLinkImpls. The Privilege rights on a VirtualFolder is an exception, since there is no call to this method for them in the xxxRightsFactoryImpl generic methods. But the near method detectAddonPriorityInAllLinksNonAGORights() may be applied to the Privilege rights on a VirtualFolder. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop if getDetectAddonPriorityInLastLinksNonAGORights() returns true, for the central iteration and the final search, and for a collection of DisplayableLinkImpls having from 2 to N+2 nodes. For instance, this method may be overridden to detect the actors connected to the analyzed groupidmember through an executing acl, when these actors do not transfer the AG context.

Specified by:
detectAddonPriorityInLastLinkNonAGORights in interface LinkRights
Parameters:
_dLink - where the second end is the node of this instance. Returns true if null, empty or with less than 3 nodes.
_upd_l_dLinks - to analyze and update, all with the same second end than _dLink. Returns false if it is null or empty. It may be updated. May contain the argument _dLink that is then ignored. May be null.
Returns:
true if _dLink is not valid

detectAddonPriorityInLastLinkAGORights

public boolean detectAddonPriorityInLastLinkAGORights(DisplayableLinkImpl _dLink,
                                                      java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
Overridden by the AcsAddon, to apply the ACS priority rules to a DisplayableLink that ends with an access target, for a given Addon ACS that owns this target, through the analysis of a list of DisplayableLinkImpls. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop if getDetectAddonPriorityInLastLinksAGORights() returns true, and for the central iteration and the final search, for a collection of DisplayableLinkImpls having from 2 to N+2 nodes. Overridden method.

Specified by:
detectAddonPriorityInLastLinkAGORights in interface LinkRights
Parameters:
_dLink - where the second end is the node of this instance.
_upd_l_dLinks - to analyze and update, all with the same two ends of _dLink. Returns false if it is null or empty. It may be updated. May contain the argument _dLink that is then ignored. May be null.
Returns:
true if _dLink is not valid
Throws:
java.lang.InternalError - with some ACS-specific errors

detectAccountPriorityInAllLinksAGORights

public java.util.Collection detectAccountPriorityInAllLinksAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
This heavy method removes any DisplayableLink which contains an Account/Group Group relation while there is an Account in another DisplayableLink. Applies the rule 'AGO right: A rights overlay G rights' to a DisplayableLink that ends with the sequence source/groupIDMember/resource. The 'owner' path may be without workable rights. The DisplayableLinkImpl analysis is based on the identity of the nodes in 2 links ('==' operator). The 2 types of DisplayableLinkImpl to remove are listed hereafter:

- in dLink to remove, there is a node triplet (ep)-RUN_UNDER or IS_MEMBER- (groupid)-CONTAIN-(resource), and in some dLink2, there is a node triplet (same ep)-RUN_UNDER-(userid)-OWNER-(same resource);

- in dLink to remove, there is a node triplet (userid)-IS_MEMBER-(groupid)-CONTAIN-(resource), and in some dLink2, there is a node couple (same userid)-OWNER-(same resource).

Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop. Calls removeSomeGroupRightsInAllLinksAGORights().

Specified by:
detectAccountPriorityInAllLinksAGORights in interface LinkRights
Parameters:
_l_dLinks - DisplayableLinkImpls to analyze, all items with the same two ends, where this LinkRights is for one of the node in at least one DisplayableLinkImpl. Not null.
Returns:
the updated argument.

updateAGrunningContext

public java.util.Set<ImmutableGroupIDMember> updateAGrunningContext(DisplayableLinkImpl _upd_dLink)
                                                             throws ProcessError
This important method updates the Account/Groups context of a DisplayableLinkImpl, either from the AG context of the last node having one, or from one of the following nodes in the same ACS, or, if there is no current AG context, through all the connected nodes from the same ACS. As generic rules, the internal AclEntries propagate the AG context so the local AG context of the ACL target is not applied, while the Privileges does not propagate the generic AG context. For instance, this method allows to set the rules for a 3-nodes path 'ep/acl/actor started from xid/alias/virtual folder'. If the intermediate actor runs under the account U and the group G, the generic rule is that the rights of 'ep' on the virtual folder members depend on the U and G rights, and does not depend on the 'ep' AG context. The AG context is a set of GroupIDMembers that may contain, first, an optional couple (UserID, GroupID), and, second, a list of optional GroupIDs.

This method has to be called before the use of the AG context of the second end. This means that it the DisplayableLinkImpl has to be updated each time the paths search finds an actor running under its own AG context, or if the context is no more propagated. It is recommanded because the AG context may be needed for analyzing the next nodes of the path. This calling rule is also true for the AcsAddon path search methods. If it is done, any AcsAddon paths search method may read the current AG context of a DisplayableLinkImpl passed in as argument. If it is not done in an AcsAddon, the AcsAddons of the next nodes should call the generic method DisplayableLinkUtilities.getSecondEndAGcontext() to set the AG context properly.

If the DisplayableLinkImpl contains only nodes from one ACS, there is one LinkRights instance to use. One call to this method provides a complete result. Otherwise, if the nodes are from different ACSs, the caller of this method has to define a sequence of calls to this method on different LinkRights instances. The aim is to process each node in the right instance and the proper order, and this is done by DisplayableLinkUtilities.getSecondEndAGcontext(). In the returned DisplayablelinkImpl, the AG context current position is on the last node to have been analyzed. This position is ridden by the caller to define the next LinkRights instance on which this method has to be called, for the next node(s) to analyze. When this current position is the second end of the DisplayableLinkImpl, the work is completed.

Called by ThreeNodesRightsFactoryImpl.selectOneHiddenNodePathsForVirtualFolder(), addPathsFromActorStartsUnderGroupIDMember(), and by DisplayableLinkUtilities.getSecondEndAGcontext(). Calls setNextNodeAGrunningContext() that produces the effective work.

Overridden method in the AcsAddons. Caution: the overridding in a subclass should work only on the nodes of its AcsAddon. The overridding method may simply delete the AG context of the last analyzed node from a generic ACS or from another AcsAddon.

Specified by:
updateAGrunningContext in interface LinkRights
Parameters:
_upd_dLink - the node after the node having the AG context, if any, is the node of this instance. Never null. Its properties should be updated by this method, and they may be null after the updating. The AG context position is set to the last node having been analyzed.
Returns:
set of one UserID and some GroupIDs, as the AG context of the second end of the argument. May be null but never empty.
Throws:
ProcessError - if a node is not an ACSObject, if an AccessControLink is applied to a node that has not the right class.
See Also:
DisplayableLinkUtilities.getSecondEndAGcontext(ARoad0.CNot.DisplayableLinkImpl), setNextNodeAGrunningContext(ARoad0.CNot.DisplayableLinkImpl, int)

setNextNodeAGrunningContext

protected java.util.HashSet<ImmutableGroupIDMember> setNextNodeAGrunningContext(DisplayableLinkImpl _upd_dLink,
                                                                                int _nodeIndex)
                                                                         throws ProcessError
This method increments the Account/Groups context position, updates the AG context set in the DisplayableLinkImpl and returns this context. For instance, this method allows to implement that for a 3-nodes path 'ep/privilege/actor started from xid/alias/virtual folder', if the intermediate actor runs under the account U and the group G, the generic rule is that the rights of 'ep' on the virtual folder members depend on the U and G rights, and does not depend on the 'ep' AG context. The AG context is a set of GroupIDMembers that may contain, first, an optional couple (UserID, GroupID), and, second, a list of optional GroupIDs. The AG context is returned by this method. It is also stored in the argument.

The couple of (UserID, GroupID) contains the 2 GroupIDMembers under which the second end is running, if it is an actor, or which is its AG context as resource or virtual folder. The UserID is given by the last UserID node in the DisplayableLinkImpl that is the source for an AccessControlLink with the types OWNER and through a chain of links that transfers the AG context. The GroupID is given by the last GroupID node in the DisplayableLinkImpl that is the source for an AccessControlLink with the types CONTAIN, and through a chain of links that transfers the AG context.

The list of GroupIDs depends on the first node of the DisplayableLinkImpl, if the chain of links transfers the AG context. If the first end is a GroupIDMember, the list contains the groups to which this GroupIDMember is member, if any. If the first end is an Actor, the list contains the secondary groups of this Actor, if any.

If the chain of links does not transfer the first end AG context, the list of GroupIDMembers is from the last intermediate Actor starting without transfered AG context. With the exemple of the 3-nodes path having the form 'ep/privilege/actor started from xid/alias/virtual folder', if the intermediate actor runs under the account U and the group G, the virtual folder in the path is on the mode VirtualFolderImpl.AG_CONTEXT_DEPENDENT, and the path has to be extended by two paths 'run under/U' and 'run under/G'. Otherwise, if the actor does not run under U, no running group is considered, the virtual folder has the mode PASS_ON, and the 'ep' rights on the virtual folder members are defined by the other properties of the path 'ep/privilege/actor started from xid/alias/virtual folder/virtual member/resource'.

The right proxy property of the actor is never considered. It is ridden in other core algorithms to allow an actor to be an intermediate node, whatever the AG context.

Called by updateAGrunningContext(). The caller must have checked the following requisites:

- the current node with the AG context is an ACSObject, like the next one,

- these two nodes have the same ACS,

- the current node with the AG context has the index just before _nodeIndex.

The AccessControlLink between theses two implied nodes may allow or not to transfer the AG context, and this is given by isTransferingAGcontext(). The returned DisplayableLinkImpl may have a null property for the key DisplayableLinkImpl.AG_CONTEXT_SET, but never for AG_CONTEXT_NODE_POSITION.

Overridden method in the AcsAddons, for instance to provide AG context transferings through the privileges. Another case is to reset the AG context of a no-simple DisplayableLinkImpl when an AccessControlLink transfers a null AG context between two nodes. The overriding method may simply delete the AG context of the last analyzed node from a generic ACS or from another AcsAddon. Caution: the overriding in an AcsAddon should work only on nodes from its AcsAddon. Called by updateAGrunningContext().

Parameters:
_upd_dLink - its second end is the node of this instance. Never null. Its properties should be updated by this method, and they may be null after it. The AG context position is set to the node at _nodeIndex.
_nodeIndex - index of the node to analyze; is the node of this instance. Always greater than 0.
Returns:
a clone of the updated AG context, that is a set of one applicable UserID and some GroupIDs, like those under which the last actor is running in its ACS. May be null but never empty.
Throws:
ProcessError - if the position of the node to analyze is lesser than 1, and varied cases
See Also:
CompoundRightsFactoryImpl.selectDirectHiddenReferenceForAlias(ARoad0.Gui2.GraphicView, ARoad0.gBaseInterface.EPRViewInBase, ARoad0.gBaseInterface.ACSObject), isTransferingAGcontext(ARoad0.CNot.AccessControlLinkImpl, ARoad0.gBaseInterface.ImmutableACS, ARoad0.gBaseInterface.ImmutableACS)

isTransferingAGcontext

public boolean isTransferingAGcontext(AccessControlLinkImpl _acLink,
                                      ImmutableACS _firstACS,
                                      ImmutableACS _secondACS)
Called by setNextNodeAGrunningContext() and updateAGrunningContext(). Calls AccessControlLinkImpl.isTransferingAGcontextWithoutACL(). In addition to this method, the relation ACL tranfers the AG context for the internal ACLs and the external ACLs. Overridden method in the AcsAddons. Caution: the overriding in an AcsAddon should work only on nodes from its AcsAddon.

Parameters:
_acLink - never null
_firstACS - ACS of the _acLink first node. May be null. No use in this version.
_secondACS - ACS of the _acLink second node. May be null. No use in this version.
Returns:
true if the Account/Groups context of the starting node is transfered to the last node of the AccessControlLinkImpl
See Also:
AccessControlLinkImpl.isTransferingAGcontextWithoutACL()

isSourceForPrivilegeForType

public boolean isSourceForPrivilegeForType(PrivilegeForType _priv,
                                           ImmutablePrivilegeSource _ps)
NO USE - Returns true if a PrivilegeSource uses a given PrivilegeForType. The word '<immutable>' is never taken in account in the type comparison. Caution: works for TYPED, TYPED_CLASSED, TYPED_CLASSED_SPECIFIC privileges, but not for TYPED_FOR_SEED privileges. The privileges may be applicable to external objects for the TYPED_FOR_SEED PrivilegeForTypes. The other typed privileges are limited to the ACS objects of their ACS.e. Calls UtilityImpl.getObjectTypeWithoutImmutable().

Specified by:
isSourceForPrivilegeForType in interface LinkRights
Parameters:
_priv - to test
_ps - to test
Returns:
true if _ps is a source for _priv

isTargetForPrivilegeForType

public boolean isTargetForPrivilegeForType(PrivilegeForType _priv,
                                           ImmutablePrivilegeTarget _pt)
Returns true if a PrivilegeTarget uses a given PrivilegeForType. The word '<immutable>' is never taken in account in the type comparison. Caution: works for TYPED, TYPED_CLASSED, TYPED_CLASSED_SPECIFIC privileges, but not for TYPED_FOR_SEED privileges. The privileges may be applicable to external objects for the TYPED_FOR_SEED PrivilegeForTypes. The other typed privileges are limited to the ACS objects of their ACS. Called by PrivilegeRightsFactoryImpl.getL_typedPrivilege(). Calls UtilityImpl.getObjectTypeWithoutImmutable().

Specified by:
isTargetForPrivilegeForType in interface LinkRights
Parameters:
_priv - to test. Not null.
_pt - to test. Not null.
Returns:
true if _ps is a target for _priv

getEorL_SourcesForPrivilegeForType

public java.util.List<PrivilegeSource> getEorL_SourcesForPrivilegeForType(PrivilegeForType _priv,
                                                                          ImmutableACS _acs)
Gets all the PrivilegeSources using a given PrivilegeForType. This method may produce a heavy processing load if there are many EligibleParties in the ACS. The key word 'immutable' is never taken in account. Caution: works for TYPED, TYPED_CLASSED, TYPED_CLASSED_SPECIFIC privileges, but not for the TYPED_FOR_SEED privileges. The arguments may be from different ACS, and the result may then be true. Called by ViewInBase_Facade.populateSketchView(). Calls getObjectTypeWithoutImmutable(), ACS.getEorM_EligibleParties().

Specified by:
getEorL_SourcesForPrivilegeForType in interface LinkRights
Parameters:
_priv - to analyze. Returns an empty list if null, empty, from another ACS.
_acs - the privilege acs
Returns:
List of PrivilegeSources. May be empty, but never null.

getEorL_TargetsForPrivilegeForType

public java.util.List<PrivilegeTarget> getEorL_TargetsForPrivilegeForType(PrivilegeForType _priv,
                                                                          ImmutableACS _acs)
Gets all the PrivilegeTargets using a given PrivilegeForType. This method may produce a heavy processing load if there are many resources in the ACS. The key word 'immutable' is never taken in account. Caution: works for TYPED, TYPED_CLASSED, TYPED_CLASSED_SPECIFIC privileges, but not for the TYPED_FOR_SEED privileges. The arguments may be from different ACS, and the result may then be true. Called by ViewInBase_Facade.populateSketchView() and PrivilegeRightsFactoryImpl.getL_TargetsOfSourcePrivilege(). Calls getObjectTypeWithoutImmutable(), ACS.getEorL_VirtualFolders(), ACS.getEorM_Resources().

Specified by:
getEorL_TargetsForPrivilegeForType in interface LinkRights
Parameters:
_priv - to analyze. Returns an empty list if null, empty, from another ACS.
_acs - the privilege acs
Returns:
List of PrivilegeTargets (Resources or VirtualFolders). May be empty, but never null.