ARoad0.AcsAddon.Accbee.MySQL.gBaseInterface
Interface ResourceMySQL

All Superinterfaces:
ACSObject, ACSObjectAddon, BaseBeanManager, BaseObject, Basic, BoundBean, java.lang.Cloneable, java.lang.Comparable, Copyable, FinalizedObject, FinalizedObjectForUser, ImmutableBasic, ImmutableLeaf, ImmutablePrivilegeTarget, ImmutableResource, ImmutableTarget, Leaf, PrivilegeTarget, PrivilegeUser, Resource
All Known Subinterfaces:
ActorMySQL, BasesSetMySQL, DirectoryMySQL
All Known Implementing Classes:
ActorMySQLImpl, BasesSetMySQLImpl, DirectoryMySQLImpl, ResourceMySQLImpl

public interface ResourceMySQL
extends Resource, ACSObjectAddon

This interface is responsible for modeling a MySQL resource. The Resource method getL_aclEntry is not overridden, but it provides a sorted list of ACL from a ResourceMySQL.


Method Summary
 void addInheritedAclEntry(AclEntry _acl)
          Adds the inherited AclEntry.
 java.util.Map<java.lang.String,StringRight[]> getM_TargetInheritedACLRights()
          Gets the internal map of the primary rights from each parent level of this resource.
 void removeAclEntryWithoutFiring(ImmutableACS _aclAcs, ImmutableEligibleParty _ep, boolean _positiveRight, ImmutableGroupID _conditionGroup)
          Removes the direct AclEntry and the inherited AclEntries in the children, but without event firing.
 void removeInheritedAclEntry(AclEntry _acl)
          Removes the inherited AclEntries in the children.
 void resetInheritedAclEntryRights(AclEntry _acl)
          Resets the inherited AclEntry rights after an user edition of the ACL rights.
 
Methods inherited from interface ARoad0.gBaseInterface.Resource
addAclEntry, copyWithoutInternalAcl, removeAclEntry, resetInheritedPrivilegeRights, selectInheritedPrivilege, setEorGroupID, setEorUserID, setL_groupRights, setL_ownerRights, setL_rootRights, setResourceType
 
Methods inherited from interface ARoad0.gBaseInterface.ImmutableResource
containsAclEntryToEP, getActorActivated, getAGOAccessFromTheParentAccount, getAGOAccessFromTheParentGroup, getEorGroupID, getEorImmutableL_TargetInheritedAclEntries, getEorL_EPthroughAclEntry, getEorUserID, getL_aclEntry, getL_AcsControllers, getL_groupRights, getL_inheritedGroupRights, getL_inheritedOwnerRights, getL_ownerRights, getL_rootRights, getM_ConstrainedChildACS, getResourceType, hasTheAccountAndGroupOfParent, selectInheritedAclEntry
 
Methods inherited from interface ARoad0.gBaseInterface.Basic
finalizeForUser, setComment
 
Methods inherited from interface ARoad0.gBaseInterface.ImmutableBasic
getComment, getEorAliasAsInternalHardReference, getEorReferenceAsInternalHardAlias, getHasSoftAlias, getImpliedViews, getIS_Name, getL_AcsOfSoftReferences, getL_SoftAlias, getPropertyChangeListeners, getSerialVersionUID, getVirtualFolders
 
Methods inherited from interface ARoad0.gBaseInterface.Copyable
copy
 
Methods inherited from interface ARoad0.gBaseInterface.PrivilegeTarget
addEorPrivilegeForTypeToTarget, removeEorPrivilegeToTarget
 
Methods inherited from interface ARoad0.gBaseInterface.ImmutablePrivilegeTarget
getEorImmutableL_TargetInheritedLinkedPrivileges, getEorL_TargetPrivilegeForLinks, getEorL_TargetPrivilegeForTypes, getEorL_TargetPrivileges, getM_TargetInheritedLinkedPRIRights, getType
 
Methods inherited from interface ARoad0.gBaseInterface.ImmutableTarget
getEorAliasAsInternalHardReference, getEorReferenceAsInternalHardAlias, getHasSoftAlias, getL_AcsOfSoftReferences, getL_SoftAlias
 
Methods inherited from interface ARoad0.gBaseInterface.ACSObject
getAcsName, getEorACS
 
Methods inherited from interface ARoad0.gBaseInterface.BaseObject
equals, getFullName, getName, getNickName, hashCode
 
Methods inherited from interface ARoad0.gBaseInterface.ACSObjectAddon
getAddonInnerPropertiesToListen
 

Method Detail

addInheritedAclEntry

void addInheritedAclEntry(AclEntry _acl)
Adds the inherited AclEntry. An inherited AclEntry may have a Resource which is not this instance.

Parameters:
_acl - inherited AclEntry to put in the list at the right order

removeInheritedAclEntry

void removeInheritedAclEntry(AclEntry _acl)
                             throws UpDateError
Removes the inherited AclEntries in the children.

Parameters:
_acl - inherited AclEntry
Throws:
UpDateError - if _acl is null or unknown

resetInheritedAclEntryRights

void resetInheritedAclEntryRights(AclEntry _acl)
Resets the inherited AclEntry rights after an user edition of the ACL rights.

Specified by:
resetInheritedAclEntryRights in interface Resource
Parameters:
_acl - inherited AclEntry with updated rights

getM_TargetInheritedACLRights

java.util.Map<java.lang.String,StringRight[]> getM_TargetInheritedACLRights()
Gets the internal map of the primary rights from each parent level of this resource. The primary rights are displayed into the beamer. They help the user to understand the current users, since it covers the root 'MySQL server' rights, and to understand the complex database rights. Because this method overrides the Resource method, its name is 'TargetInheritedACL' rather than 'TargetPrimaryACL'. The map has lists of rights as values, and strongly contrained String keys. The rights may be from a real ACL or from a virtual ACL. The AclEntries list is used to produce some processed rights, as virtual ACL into the map. Only the real ACL are displayed by the beamer, as conditional or non-conditional ACL. A real ACL in the inherited AclEntries list produces rights directly into the map.

The primary rights are not an official MySQL concept. It is an help for the Access Road user and it is necessary for the gWork classes. It describes both the inherited AclEntries and the direct AclEntries. The root 'MySQL server' has primary rights only from its direct ACL, and a database has primary rights from the root and its direct ACL.

To have some access rights on a MySQL Resource, a pair (user, host) has to match on the root 'MySQL Server' a pair (user, host) or a pair (user, accounts-for-hosts group) which has at least an USAGE right. The FIRST matching pair in the 'MySQL server' list becomes the current user. It is used to get the rights for the initial pair (user, host) at each parent level. The current user is returned by the method NodeRightsMySQLImpl.getConnectionPair(). If the current user has only an USAGE right and if, for a given Resource, the current user has no direct ACL and no inherited ACL, then no right is granted. Otherwise, the rights are the sum of the current user rights from the FIRST matched direct ACL and from the FIRST matched inherited ACL at EACH parent level. For these inherited ACL, the rights from each parent are added to the final result.

This section is about the virtual ACL in the MySQL addon. There are two types of virtual ACL: the virtual 'user@accounts-for-hosts group' ACL on any Resource, which derives from one 'accounts-for-hosts group' real ACL, and the mixed ACL which is only on databases. The mixed ACL derives from two to-be-mixed real ACL. The virtual user@accounts-for-hosts group ACL is so derived from a non-conditional accounts-for-hosts group ACL, and the target may have any type. There are processed rights for each account member of the accounts-for-hosts group. If there are 3 members into the accounts-for-hosts group, there are 3 sets of processed rights for three keys in the rights maps. All these rights are simply the copy of the accounts-for-hosts group ACL rights.

The database level is the most complex case. It is the only parent level to handle the virtual mixed ACL, the to-be-mixed real ACL and the real bases set ACLs. The to-be-mixed real ACL are the only case where two real ACL are selected at a level (this is indeed always the database level) to build up some rights in a virtual mixed ACL. To-be-mixed and mixed ACL are not official MySQL concepts, but they implement a MySQL algorithm. Two non-conditional to-be-mixed ACL on a database-related target, respectively for an user U and a host H, are combined to define the processed rights for the pair (U, H). The processed rights are the union of the rights from the two real ACL. This define a map key even if the union of rights is empty. This is the only case where a key in the two maps, may have an empty set of effective rights.

This section is about the keys into the primary rights map. Each parent level may produce a matched key for a given couple user/host and a target. Into the primary ACL rights map, the map key may have varied forms, where the parent order is always at the end. The parent order tells the distance from the target to the parent which delivers the referenced rights. For instance, the direct parent of a resource has the string '1'. The direct parent of this parent has the string '2' as parent order, and so on. Into the two rights maps, the single difference between the keys is that the key for the primary rights is a String form of a Name, and the global rights key is the same Name.

The ten key forms are listed hereinafter:

- (user name @ host name last component) :: parent order, for instance 'one :: mysql :: jerry@localhost :: 2',

- :: (user name @ accounts-for-hosts group name last component) :: parent order, for instance ':: one :: mysql :: jerry@192.168.1.% :: 0',

'' is a generic tag that means 'processed rights', to tell the key and its rights are not get from the direct reading of a real ACL. These two first forms are the only used ones when the parent level is not a database. These forms are also used for a database, but the followings are additional forms in this case: - :: (user name @ host name last component):: parent order,

- :: (user name @ accounts-for-hosts group name last component) :: parent order,

- :: (user name @ host name last component) :: parent order,

- :: (user name @ host name last component) :: parent order,

- :: (user name @ host name last component) :: parent order,

- :: (user name @ hosts group name last component) :: parent order,

- :: (user name @ hosts group name last component) :: parent order,

- :: (user name @ hosts group name last component) :: parent order.

In this catalog of key forms for the database, '' means this is a virtual mixed ACL, and '' means a bases set ACL is the real ACL from which the virtual ACL is derived. The tag '' is proper to MySQL but it may be reused in another ACS Addons. The tag '' is a generic form another ACS Addon may use. A key contains two times '' when there are both a real bases set ACL for the user, and a real bases set ACL for the host or the hosts group. These key forms are designed to help the Access Road user to find the origin of a key into a rights map. A key has exactly one origin, which is one real ACL in most of the cases, except the virtual mixed ACL where two real to-be-mixed ACL are processed. The rights map keys of a parent level are not sorted following the ACL sorting, or following any other sorting. The value in a rights map is always a non-null StringRight array. This array may be empty only for a mixed virtual ACL. Overrides the Resource method to describe its use by the MySQL addon.

Specified by:
getM_TargetInheritedACLRights in interface ImmutableResource
Returns:
unmodifiable map of primary rights from the direct and inherited AclEntries. May be empty but never null.

removeAclEntryWithoutFiring

void removeAclEntryWithoutFiring(ImmutableACS _aclAcs,
                                 ImmutableEligibleParty _ep,
                                 boolean _positiveRight,
                                 ImmutableGroupID _conditionGroup)
                                 throws UpDateError
Removes the direct AclEntry and the inherited AclEntries in the children, but without event firing. The purpose of this method is to avoid an unuseful sequence of firings when a lot of AclEntries are removed. It is called from the root 'MySQL server' method removeAclEntry() when it deletes all the direct ACL of a pair on the root children when the root ACL for this pair is deleted. Calls removeInheritedAclEntry() on the children and also calls the overridden method, and disables before all the firings for the 'InheritedTargetAclEntries', 'AclRights' and 'EPsThroughAclEntry' events.

Parameters:
_aclAcs - ImmutableACS which owns the AclEntry, and is recorded as an ACS controller of this resource.
_ep - eligible party connected to the resource through an AclEntry. This method unrecords the relevant aclEntry in _ep, in this resource, and in the relevant ACS. The ACS of the aclEntry may be unrecorded in this resource if there are no other aclEntry owned by this ACS in this resource.
_positiveRight - is true if the rights are oriented to authorize, and false if they are oriented to forbid.
_conditionGroup - first condition group. May be null.
Throws:
UpDateError - if _ep is null, unknown, if _aclAcs is closed or unknown, or if the type does not allow this operation.
See Also:
DirectoryMySQLImpl.addAclEntry(ARoad0.gBaseInterface.ImmutableACS, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.StringRight[], java.lang.Boolean, ARoad0.gBaseInterface.ImmutableGroupID)