|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface LinkRights
This interface provides detection and filtering operations about links and privileges for a given ACS. It operates on or return DisplayableLinkImpls, on the inherited rights and the typed privileges. An important service is the application of priority rules to filter a link after a comparison with the other links. This service may be defined for the AGO, ACL or Privilege rights. An another service is the handling of the rules for going down to a leaf through a tree. There is also the analysis of the Account/Group context of an Actor in a given DisplayableLinkImpl. No direct call to the ACS methods.
Each node in a view and each intermediate node has one LinkRights instance for each view it belongs to. The implementation classes of this interface have properties that depend only on the class of the node ACS, then 2 nodes of the same view should use the same LinkRights instance, even if it is not the actual behavior in all cases. But there is an exception for the methods that detects the Account and Addon priorities over all the links. They use RightsMediatorImpl.getAllLinkRights() which returns only one LinkRights instance per implied gWork package, and not one instance per view node. This is why the equals method is overridden in this interface. Each instance of LinkRights is called by only one thread. A node may be in several DisplayableLinks of the same view, but it has only one LinkRights instance for the view. The association between a node and its LinkRights instance is managed by the RightsMediatorImpl of the view.
Note : since the AGO rights are only inner rights of an ACS, and since all the nodes of an ACS have NodeRight instances that have the same behavior, it is possible for the AGO rights, and only for them, to use for a node, the NodeRight instance of another node from the same ACS. This is also true for VirtualFolder memberships, but not for the Bridge and Privilege rights.
It is used by the gWork and Gui2 classes.
AccessControlLinkImpl
Field Summary | |
---|---|
static int |
INITIAL_CAPACITY
|
Method Summary | |
---|---|
DisplayableLinkImpl |
addDisplayableLink(DisplayableLinkImpl _dLink,
java.util.Map _upd_m_l_DisplayableLinks)
This important method adds a DisplayableLinkImpl in the map, if it does not exist, or adds the rights of each AccessControlLink in the link, to the matched link in the map. |
java.util.Collection |
detectAccountPriorityInAllLinksAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
This heavy method removes any DisplayableLink which contains an Account/Group relation while there is an Account in another DisplayableLink. |
boolean |
detectAccountPriorityInLastLinkAGORights(DisplayableLinkImpl _dLink,
java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
Applies the rule 'AGO right: A rights delete G rights' to a DisplayableLink that ends with the sequence source/groupIDMember/resource, through the analysis of a list of DisplayableLinkImpls. |
java.util.Collection |
detectAddonPriorityInAllLinksAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
This heavy method is overridden by the AcsAddon, to remove any DisplayableLink which has an AcsAddon object, and contains an AGO right while there is a superior right in another DisplayableLink, following the applicable ACS rules of the AcsAddon ACS. |
java.util.Collection |
detectAddonPriorityInAllLinksNonAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
This heavy method is overridden by the AcsAddon, to remove any DisplayableLink which has an AcsAddon object and contains an ACL or Privilege right, while there is a superior right in another DisplayableLink, following the applicable ACS rules of the AcsAddon ACS. |
boolean |
detectAddonPriorityInLastLinkAGORights(DisplayableLinkImpl _dLink,
java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
This method is overridden by the AcsAddon, to apply the ACS priority rules to a DisplayableLink that ends with an access target, for a given Addon ACS that owns this target, through the analysis of a list of DisplayableLinkImpls. |
boolean |
detectAddonPriorityInLastLinkNonAGORights(DisplayableLinkImpl _dLink,
java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
This method is overridden by the AcsAddon, to apply any priority rules to a DisplayableLink, about an ACL right or a Privilege right in the last AccessControlLink, through the analysis of a list of DisplayableLinkImpls. |
void |
finalizeForProcess()
Finalizes the instance. |
boolean |
getDetectAddonPriorityInAllLinksAGORights()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop, and by detectOneHiddenNodeCompoundRights(). |
boolean |
getDetectAddonPriorityInAllLinksNonAGORights()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop, and by detectOneHiddenNodeCompoundRights(). |
boolean |
getDetectAddonPriorityInLastLinksAGORights()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the starting and central loops, and by detectOneHiddenNodeCompoundRights(). |
boolean |
getDetectAddonPriorityInLastLinksNonAGORights()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the starting and central loops, and by detectOneHiddenNodeCompoundRights(). |
java.util.List<PrivilegeSource> |
getEorL_SourcesForPrivilegeForType(PrivilegeForType _priv,
ImmutableACS _acs)
Gets all the PrivilegeSources using a given PrivilegeForType. |
java.util.List<PrivilegeTarget> |
getEorL_TargetsForPrivilegeForType(PrivilegeForType _priv,
ImmutableACS _acs)
Gets all the PrivilegeTargets using a given PrivilegeForType. |
boolean |
isSourceForPrivilegeForType(PrivilegeForType _priv,
ImmutablePrivilegeSource _ps)
Returns true if a PrivilegeSource uses a given PrivilegeForType. |
boolean |
isTargetForPrivilegeForType(PrivilegeForType _priv,
ImmutablePrivilegeTarget _pt)
Returns true if a PrivilegeTarget uses a given PrivilegeForType. |
java.util.Set<ImmutableGroupIDMember> |
updateAGrunningContext(DisplayableLinkImpl _upd_dLink)
This important method updates the Account/Groups context of a DisplayableLinkImpl, either from the AG context of the last node having one, or from one of the following nodes in the same ACS, or, if there is no current AG context, through all the connected nodes from the same ACS. |
Field Detail |
---|
static final int INITIAL_CAPACITY
Method Detail |
---|
boolean getDetectAddonPriorityInAllLinksAGORights()
boolean getDetectAddonPriorityInAllLinksNonAGORights()
boolean getDetectAddonPriorityInLastLinksAGORights()
boolean getDetectAddonPriorityInLastLinksNonAGORights()
DisplayableLinkImpl addDisplayableLink(DisplayableLinkImpl _dLink, java.util.Map _upd_m_l_DisplayableLinks)
Caution: the rights and the comments are merging if there is in the map a DisplayableLinkImpl with the same nodes, and the result is then this previous link. But there is no merging of the _dLink properties since the merging algorithm depends on the semantic of the property.
This method may be subclassed by the AcsAddon subclasses for filtering the adding of a DisplayableLinkImpl following the previous DisplayableLinkImpls in the map. Called by AgoRightsFactoryImpl, AclRightsFactoryImpl, PrivilegeRightsFactoryImpl and CompoundRightsFactoryImpl. Calls DisplayableLinkImpl.mergeRightsWithoutFiltering() and mergeCommentsWithoutFiltering().
_dLink
- is the new link including some rights and to add to _upd_m_l_DisplayableLinks_upd_m_l_DisplayableLinks
- Map of DisplayableLinks lists (one per pair) to update.
getDisplayableLink()
boolean detectAccountPriorityInLastLinkAGORights(DisplayableLinkImpl _dLink, java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
If the last sequence is source/userID/resource in _dLink, this method removes any DisplayableLink in the list containing a sequence source/groupID/resource with the same source and resource, and the method returns false to say there is no priority that forbids the use of the argument _dLink as a valid link. Otherwise, with this last sequence, the method returns true.
If the last sequence is source/groupID/resource in _dLink, and if there is a DisplayableLink in the list containing a sequence source/userID/resource with the same source and resource, then the method returns true to say there is a priority that forbids the use of the argument _dLink as a valid link. Otherwise, with this last sequence, the method returns false.
The OWNER path may be without workable rights, since the account remains there the single applicable relation. Called by detectPriorityInLastLinkAllRights( and AgoRightsFactoryImpl.detectHiddenChainedGroupsRights().
_dLink
- with a Resource as as node of this instance and as second end,
and a groupIDMember just before the last node. Returns true
if null, empty or with less than 3 nodes. Its AccessControlLinks are not analyzed._upd_l_dLinks
- to analyze and update, all with the same two ends of _dLink.
Returns false if it is null or empty. It may be updated only if _dLink contains
an UserID as node before the last node. The last AccessControlLink of each
DisplayableLinkImpl is analyzed for the types OWNER and CONTAIN. May contain
the argument _dLink that is then ignored. May be null.
java.lang.InternalError
- with a list having links without the _dLink 2 ends, or
_dLink does not have a groupIDMember as node just before the last onejava.util.Collection detectAddonPriorityInAllLinksAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
_l_dLinks
- DisplayableLinkImpls to analyze, all with the same two ends or not,
where this LinkRights is for one of the node in at least one DisplayableLinkImpl.
Not null.
java.util.Collection detectAddonPriorityInAllLinksNonAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
_l_dLinks
- DisplayableLinkImpls to analyze, all with the same two ends or not,
where this LinkRights is for one of the node in at least one DisplayableLinkImpl.
Not null.
boolean detectAddonPriorityInLastLinkNonAGORights(DisplayableLinkImpl _dLink, java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
_dLink
- where the second end is the node of this instance.
Returns true if null, empty or with less than 3 nodes._upd_l_dLinks
- to analyze and update, all with the same two ends of _dLink.
Returns false if it is null or empty. It may be updated. May contain
the argument _dLink that is then ignored. May be null.
boolean detectAddonPriorityInLastLinkAGORights(DisplayableLinkImpl _dLink, java.util.Collection<DisplayableLinkImpl> _upd_l_dLinks)
_dLink
- where the second end is the node of this instance._upd_l_dLinks
- to analyze and update, all with the same two ends of _dLink.
Returns false if it is null or empty. It may be updated. May contain
the argument _dLink that is then ignored. May be null.
java.lang.InternalError
- with some ACS-specific errorsjava.util.Collection detectAccountPriorityInAllLinksAGORights(java.util.Collection<DisplayableLinkImpl> _l_dLinks)
- in dLink to remove, there is a node triplet (ep)-RUN_UNDER or IS_MEMBER- (groupid)-CONTAIN-(resource), and in some dLink2, there is a node triplet (same ep)-RUN_UNDER-(userid)-OWNER-(same resource);
- in dLink to remove, there is a node triplet (userid)-IS_MEMBER-(groupid)-CONTAIN-(resource), and in some dLink2, there is a node couple (same userid)-OWNER-(same resource).
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop.
_l_dLinks
- DisplayableLinkImpls to analyze, all items with the same two ends,
where this LinkRights is for one of the node in at least one DisplayableLinkImpl.
Not null.
java.util.Set<ImmutableGroupIDMember> updateAGrunningContext(DisplayableLinkImpl _upd_dLink) throws ProcessError
This method has to be called before the use of the AG context of the second end. This means that it the DisplayableLinkImpl has to be updated each time the paths search finds an actor running under its own AG context, or if the context is no more propagated. It is recommanded because the AG context may be needed for analyzing the next nodes of the path. This calling rule is also true for the AcsAddon path search methods. If it is done, any AcsAddon paths search method may read the current AG context of a DisplayableLinkImpl passed in as argument. If it is not done in an AcsAddon, the AcsAddons of the next nodes should call the generic method DisplayableLinkUtilities.getSecondEndAGcontext() to set the AG context properly.
If the DisplayableLinkImpl contains only nodes from one ACS, there is one LinkRights instance to use. One call to this method provides a complete result. Otherwise, if the nodes are from different ACSs, the caller of this method has to define a sequence of calls to this method on different LinkRights instances. The aim is to process each node in the right instance and the proper order. In the returned DisplayablelinkImpl, the AG context current position is on the last node to have been analyzed. This position is ridden by the caller to define the next LinkRights instance on which this method has to be called, for the next node(s) to analyze. When this current position is the second end of the DisplayableLinkImpl, the work is completed.
_upd_dLink
- the node after the node having the AG context, if any, is the node
of this instance. Never null. Its properties may be updated by this method.
The AG context position is set to the last node having been analyzed.
ProcessError
- if a node is not an ACSObject, if an AccessControLink
is applied to a node that has not the right class.void finalizeForProcess()
boolean isSourceForPrivilegeForType(PrivilegeForType _priv, ImmutablePrivilegeSource _ps)
_priv
- to test_ps
- to test
boolean isTargetForPrivilegeForType(PrivilegeForType _priv, ImmutablePrivilegeTarget _pt)
_priv
- to test. Not null._pt
- to test. Not null.
java.util.List<PrivilegeSource> getEorL_SourcesForPrivilegeForType(PrivilegeForType _priv, ImmutableACS _acs)
_priv
- privilege. Returns an empty list if null, empty, from another ACS._acs
- the privilege acs
java.util.List<PrivilegeTarget> getEorL_TargetsForPrivilegeForType(PrivilegeForType _priv, ImmutableACS _acs)
_priv
- privilege. Returns an empty list if null, empty, from another ACS_acs
- the privilege acs
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |