ARoad0.gBase
Class AclEntryImpl

java.lang.Object
  extended by ARoad0.gBase.AclEntryImpl
All Implemented Interfaces:
AclEntry, ACSObject, BaseObject, BoundBean, DetailledName, FinalizedObject, FinalizedObjectForUser, ImmutableAclEntry, java.io.Serializable, java.lang.Cloneable, java.lang.Comparable

public class AclEntryImpl
extends java.lang.Object
implements AclEntry, java.io.Serializable, java.lang.Comparable

This important class is responsible for modeling an access control entry which manages some access rights or some access restrictions from an eligible party to a resource. An AclEntry is external if its eligible party or its resource is from an ACS which is not the ACS of the AclEntry. It is possible to have a third ACS for the other end. It is not possible to have the same ACS for the two ends and another ACS for the ACL. For an internal ACL, the ACL ACS is the ACS of the two ends. An AclEntry is conditional when it uses some condition group(s). There are two types of conditional AclEntry, the simple-condition (or flexible) ACL and the right-condition ACL. A conditional ACL is for a GroupIDMember or an Actor (new in 0.7.1) as source. An external ACL may be conditional. Then, it cannot have more than one condition group, and this group has to belong to the ACS of one of the two ends (it may not be the ACL ACS). An ACS cannot manage both the external AclEntries and the external linked Privileges. A resource in an ACS addon may inherit the ACL of its (in)direct parent(s), following the inheritance rules of the ACS addon.

The condition group(s) belong to the ACL source ACS or to the ACL target ACS. In most of the cases, the rights activation may be handled internally by the conditional AclEntry, except for an Actor as source of a conditional ACL, because the Actor AG context drives the rights activation, and it depends then on the access path into which the Actor is currently considered.

An AclEntry is created and managed by its resource, and it is deleted when the eligible party or the resource is deleted, or the condition group if it is mandatory. A non-conditional AclEntry cannot become a conditional one, and a conditional AclEntry can become a non-conditional one only if it is a right-condition ACL. A simple-condition (or flexible) AclEntry is uniquely defined by the set (its ACS, its Resource, its EligibleParty, first condition GroupID, sens of the rights). The first condition GroupID is mandatory at the creation only if it is a simple conditional AclEntry. The other types of AclEntry are uniquely defined by the set (its ACS, its Resource, its EligibleParty, sens of the rights). This is why a right-condition AclEntry may change its condition groups if the ACS policy authorizes the operation. The sens of the rights is immutable after the creation of the AclEntry, and any right changing has to comply with this sens.

In a conditional ACL with a GroupIDMember source, the effective rights the ACL delivers through getL_Rights() are not empty only if the ACL source is a direct or indirect member of each condition group. In a conditional ACL with an Actor source (new in 0.7.1), the rights the ACL delivers through getL_Rights() are the internal rights, not the effective rights, since the ACL cannot know the AG context of its source. In that second case, the effective rights are set by the access paths search, outside this gBase package. For such a conditional ACL, the value of the property 'Enabled rights' is always 'true'.

An external AclEntry has only one condition group, while all the types of internal AclEntry may have several condition groups if the ACS policy permits it. An AclEntry is simple-condition (or flexible) simply when the user selects one first condition group at the creation of the AclEntry. An AclEntry is right-defined conditional (or right-condition) when it uses a conditional right at the creation. Such a right includes the reference to one or several groups like in the Linux right 'authorize<IF><Console><IF><ActiveSession>'.

The ACL source (an EligibleParty) is implied in the ACL-rights policy only if it is internal, that is, if it belongs to the ACL ACS. Otherwise, only the resource type is taken in account for getting the allowed rights by the ACL ACS, not by the resource ACS. As these rights depend on the resource type (and sometimes the EP type), and since these objects may be external to the ACL ACS, the ACL-rights policy in the ACL ACS has to be defined in accordance to these external types. If the ACL ACS right policy define no rights, the AclEntry cannot have any right. For a conditional ACL, it is also true if a condition group cannot, through the policy types, have the ACL source as member, or an item of the ACL Actor AG context.

Performance limitation: if the AclEntry GroupIDMember source is not a member of one condition group, it is necessary to listen the changes in the membership relations to update the effective rights, if the source becomes an indirect member of the condition group. This listening along a chain of groups is applied to all the groups for which the source is indirect member. However, the distance of these listened groups to the source, that is the number of intermediate groups, has to be inferior to 5. Otherwise, a new indirect membership is not detected immediately by Access Road, and the view cannot be updated. The indirect membership detection is always correct at the opening of a view, whatever the distance source/condition group. This performance limitation is not applicable when the source is an Actor, because the AG context of the acccess path is then updated at each relevant property change.

The right-defined conditional AclEntry defines its condition group(s) through the single StringRight of the AclEntry. This right has to contain the word 'IF' before the name(s) of the condition group(s). Such a right is not a metaright. It is an ACS right which is created at the ACS construction. In this case, the condition groups may be changed by the user after the ACS creation, if the ACS has other conditional rights. The flexible conditional (simple-condition) AclEntry has its first condition group selected by the user at the creation of the AclEntry. Other condition group(s) may be added to a flexible AclEntry if the AclEntry is not external.

To process the inherited AclEntry, it is mandatory to code in an AcsAddon how the Directory creates and removes the inherited AclEntry in its direct children. This may include the choice of the ACL and the child, and the definition of an order to select them in each target. The default behavior, in this generic class, is to inherit all the applicable AclEntries, and to sum up all the rights. After the inherited object creation to code in an AcsAddon, the right updating of the inherited object is handled by the generic DirectoryImpl class, at every change on the AclEntry rights or on the condition groups.

An AclEntry has no type, so it is not possible to set it immutable for the user, contrary of a Privilege. But the AclEntry instance and its rights are immutable if its Resource or its EligibleParty is immutable. The condition groups may be edited, even with an immutable group, but not the first condition group in a flexible conditional AclEntry. The right-condition AclEntry is used in the RBAC application. The flexible conditional AclEntry is managed for example in the MySQL ACS, for handling the database and the host MySQL rights. It is an alternative to the LINKED_IF_ALL_SOURCES privilege. The main differences are (1) the ACL rights may be changed by the user, (2) the conditional AclEntry is focused to deliver rights to one source which has to be member of all the condition groups, and through its AG context if it is an Actor.

The use of conditional AclEntries may be reserved to some types of Resource by the ACS type policy. For the GroupIDMember or Actor, the use of AclEntries may be constrained only through the specialized rights, not by the type policy. About the ACL targets, a conditional ACL may be forbidden or set mandatory for some resource types. A given type of resource may have constraints on the allowed sources of its conditional AclEntries. If the ACS type policy enforces it, the resource may have only conditional ACLs. A StringRight may be controled by the ACS specialized rights on AclEntries.

All these rules on the ACSObject type policy are handled through keys as followings:

- 'GroupID.ConditionalAclGroup' where the values are the types of the groups which may be condition groups in some flexible or right-defined conditional ACLs

- 'Resource.OneRightACL' where the values are the types of the resources which handled only AclEntries with no or one right

- 'Resource.NoConditionalACL' where the values are the types of the resources which never handle flexible or right-defined conditional AclEntries

- 'Resource.NoNonConditionalACL' where the values are the types of the resources for which an AclEntry without condition group(s) is never operational

- 'Resource.OneConditionGroupInACL' where the values are the types of the resources which handled only conditional AclEntries with no or one condition group

- 'GroupIDMember.IsNotConditionalAclSource', where the values are the types of the GroupIDmembers for which the conditional ACL is forbidden as source

- 'Actor.IsNotConditionalAclSource', where the values are the types of the Actors for which the conditional ACL is forbidden as source

- 'Resource.TypesOfSourceForConditionalACL.allowed_Resource_type' where the values are the allowed EligibleParty types as source of a conditional ACL in a Resource having this type

If the ACS type policy 'Resource.NoNonConditionalACL' enforces the resource to have only conditional ACLs and if there is no conditional right and no condition group at the creation of the AclEntry, the constructor assumes it is a right-defined conditional ACL, or, if it is not allowed, throws an exception. For a right-defined conditional ACL, the constructor sets then an empty array of rights and no exception is thrown. After the creation of the AclEntry, the user may set directly the conditional right to produce the derived condition group(s).

This class is a javabean with the following bound properties: 'Comment', 'AclRights', 'ConditionSourceGroups'.

The listeners are proper to this instance. Excepting for EPRViewInBaseImpl, they are outside gBase, they are transient (not serialized in this instance backup). They are called in any order. They receive only a copy of the new value, to protect the property. All the exceptions from the listeners are catched, and a dialog box is displayed to inform the user.

This class has several subclasses in the AcsAddon packages. Most of the variables are protected.

See Also:
Resource.addAclEntry(ARoad0.gBaseInterface.ImmutableACS, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.StringRight[], java.lang.Boolean, ARoad0.gBaseInterface.ImmutableGroupID), Serialized Form

Field Summary
protected  ImmutableACS aCS_
           
protected  ImmutableName acsName_
           
private  java.beans.PropertyChangeSupport changeSupport_
          manage all the property change listeners
protected  java.lang.String comment_
           
protected  java.lang.String detailledName_
           
static AclEntryImpl EMPTY_INSTANCE
          A reusable empty instance for initialization, to avoid the use of 'new' for temporary values.
protected  ImmutableEligibleParty ep_
           
protected  ImmutableName epName_
           
protected static int INITIAL_CAPACITY
           
protected  java.util.ArrayList<ImmutableGroupID> l_ConditionSourceGroups_
          To activate the ACL rights, the EP has to be member of the GroupIDs in this list.
protected  StringRight[] l_right_
           
protected  ImmutableName nameOfEpAcs_
           
protected  ImmutableName nameOfResAcs_
           
protected  boolean positiveRight_
           
private static int PRIME
           
protected  ImmutableACS resACS_
           
protected  ImmutableName resName_
           
protected  java.lang.String resType_
           
static java.io.ObjectStreamField[] serialPersistentFields
          variable for the JDK 2 serialization "aCS_",ACSImpl.class, "resACS_",ACSImpl.class, "resName_",NameImpl.class, "resType_",String.class, "acsName_",NameImpl.class, "nameOfResAcs_",NameImpl.class, "epName_",NameImpl.class, "nameOfEpAcs_",NameImpl.class, "ep_",EligiblePartyImpl.class, "l_right_",String[].class, "positiveRight_",Boolean.TYPE, "comment_",String.class, "l_ConditionSourceGroups_",ArrayList.class "detailledName_",String.class
private static long serialVersionUID__
           
 
Constructor Summary
  AclEntryImpl()
          Constructor to use only as a transient value for initialization, or used from ARoad0.gBase.AclEntryImplBeanInfo.getPropertyDescriptors() in ARoad0.Gui1.CollectionPropertyEditor.getValue().
protected AclEntryImpl(ImmutableACS _aCS, ImmutableResource _res, ImmutableEligibleParty _ep, StringRight[] _l_right, boolean _positiveRight, ImmutableGroupID _conditionGroup)
          This is the standard way to create an instance, only from a resource in gBase.
 
Method Summary
protected  void addConditionSourceGroup(ImmutableGroupID _grp)
          Adds a condition group without controls.
 void addForUserConditionSourceGroup(ImmutableGroupID _grp)
          This method is to use only for the flexible conditional ACL, and if there is alrady a non-null first condition group set by the constructor.
 void addPropertyChangeListener(java.beans.PropertyChangeListener _l)
          Add a listener to the bean.
 void addPropertyChangeListener(java.lang.String _propertyName, java.beans.PropertyChangeListener _l)
          Add a listener to the bean.
static java.lang.String buildUpDetailledName(ImmutableName _epName, ImmutableName _resName, boolean _positiveRight, java.lang.String _conditionGroupName)
          This method creates the detailled name of an internal AclEntry, that is unique in its ACS, and it provides the preprocessing of the detailled name for an external AclEntry.
 java.lang.Object clone()
          Called by removeEorAclEntry() in the events firing.
 int compareTo(java.lang.Object o)
          Based on the AclEntry name comparisons on the EP first, and then on the Resource, if the EP names are equals.
 AclEntry copy(Resource _newRes)
          Copy the AclEntry for a resource of the same ACS.
protected  AclEntry copyForExternal()
          Called by ACSImpl.closeAclEntriesTo() only for the external ACLs, when the links to other ACS have to be cut and cloned.
 boolean equals(java.lang.Object _obj)
          This method returns true for a clone, even if it has no direct references to its ACS, resource or EP.
protected  void finalizeClosedAcl()
          This method allows the detection by the garbage collector of unused closed ACLs, or copied ACLs through copyForExternal(), after the closing of their ACS, or after the deleting of their resource or eligible party.
 void finalizeForBase()
          Currently unused method, that is from the DetailledName interface.
 void finalizeForUser()
          Currently unused method, that is from the DetailledName interface.
protected  void finalizeForUser(short _epCount)
          Replacing finalizeForBase() and finalizeForUser(), this method removes the AclEntry from the aclConnectedResources map of its EligibleParty, and from the list of its ACS.
protected  void firePropertyChange(java.lang.String _propertyName, java.lang.Object _oldValue, java.lang.Object _newValue)
          Fire an event to every registered listener, in any order.
 ImmutableName getAcsName()
          Caution: does not return a clone.
 java.lang.String getComment()
           
 java.lang.String getDetailledName()
          This method returns the detailled name for the explorer, which gives the key components of the object, without the acs name.
 java.lang.String getDetailledNameFromName(ImmutableName _name)
          Gets the detailled name from the AclEntry name, like a static method since the AclEntry properties are not used.
 boolean getEnabledRights()
          Gets false only for a conditional AclEntry where the GroupIDMember source is not (in)direct member of a condition group.
 ImmutableACS getEorACS()
          Returns null for a clone or a finalized instance.
 ImmutableEligibleParty getEorEP()
          Returns null for a clone or a finalized instance.
 ImmutableACS getEorResACS()
           
 ImmutableResource getEorResource()
          Gets the resource through a call to the ACS map, so quite slow.
 ImmutableName getEpName()
          Caution: does not return a clone.
 ImmutableName getFullName()
          The full name is unique for the Access Road program.
 ImmutableName[] getKeyPropertiesFromDetailledName(java.lang.String _displayedName)
          Extracts the resource name first, and the EligibleParty name in the detailled name of an AclEntry, then the right sens and, if not null, the first condition group name.
static ImmutableName[] getKeyPropertiesFromName(ImmutableName _aclName)
          Gets the component names from the AclEntry name.
static java.lang.Object[] getKeyReferencesFromName(ImmutableName _aclName)
          Gets the 4 or 5 AclEntry main components from the AclEntry name.
 java.util.List<ImmutableGroupID> getL_ConditionSourceGroups()
          To activate the ACL rights in a conditional AclEntry, the EP is a GroupIDMember, and it has to be a member of each condition GroupID.
 StringRight[] getL_Rights()
          Gets the effective rights for the eligible party upon the resource.
 ImmutableName getName()
          Gets the BaseObject name of the AclEntry from getNameFromDetailledName().
 ImmutableName getNameFromDetailledName(ImmutableACS _acs, java.lang.String _detailledName)
          Extracts the BaseObject name from the detailled name of an AclEntry.
 ImmutableName getNameOfEpACS()
          Caution: does not return a clone.
 ImmutableName getNameOfResACS()
          Caution: does not return a clone.
 java.lang.String getNickName()
          This short name is NOT unique for the Access Road program nor the ACS if it is an ACS object.
 StringRight[] getNoConditionalRight()
          Gets the list of the internal conditional or no-conditional rights for the EligibleParty upon the Resource, whatever the compliance to the conditions if there are some conditional groups.
 boolean getPositiveRight()
           
 java.beans.PropertyChangeListener[] getPropertyChangeListeners(java.lang.String _propertyName)
          Returns the change listeners for a property.
static ImmutableName[] getPropertyNamesFromName(java.lang.String _aclName)
          Gets the main components names from the aclEntry name as a string, returned by toString().
 ImmutableName getResName()
          Caution: does not return a clone.
 java.lang.String getResType()
          To use when it is possible to replace getEorResource().
 long getSerialVersionUID()
          Return long value for serialization
 java.lang.String getSource()
          Gets the access source displayed in the beamer.
 java.lang.String getTarget()
          Gets the access target displayed in the beamer.
 int hashCode()
           
 boolean isConditionalAclEntry()
          Gets true for a right-defined or a flexible conditional AclEntry.
 boolean isEmpty()
           
 boolean isExternalAclEntry()
          An external ACL has the source or the target from another ACS than the ACL ACS.
 boolean isRightDefinedConditionalAclEntry()
          Gets true for a right-defined conditional AclEntry.
protected  void removeConditionSourceGroup(ImmutableGroupID _grp)
          Removes a condition group.
 void removeForUserConditionSourceGroup(ImmutableGroupID _grp)
          To activate the ACL rights, the EP has to be member of the condition GroupIDs, if it is a GroupIDMember.
 void removePropertyChangeListener(java.beans.PropertyChangeListener _l)
          remove a listener to the bean.
 void removePropertyChangeListener(java.lang.String _propertyName, java.beans.PropertyChangeListener _l)
          remove a listener to the bean.
protected  void resetRightsAsInheritedAclEntry()
          If the target is a Directory in an ACS that manages the ACL inheritance, calls Directory.resetInheritedAclEntryRightsOfChildren(), to reset the effective rights in the inherited AclEntry map of each Directory child.
 void setComment(java.lang.String _s)
          Set any comment related to this AclEntry.
protected  int setConditionSourceGroupsFromRights()
          Main method to update the right-defined condition group at every rights updating.
protected  void setL_Rights(StringRight[] _st)
          Sets the rights of the AclEntry, from which the effective rights given by getRight() are derived.
 void setL_RightsForUser(StringRight[] _st)
          Sets the rights of the AclEntry, from which the effective rights given by getRight() are derived.
 java.lang.String toString()
          The form is 'Eligible party: KKKK+ , ACL ACS: GGG + ; Resource: DDDD+ Right(s): bbbb| vvvv| nnnn + positive right: true/false"+ Condition groups: UUUU| OOOO| .
 
Methods inherited from class java.lang.Object
finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

serialVersionUID__

private static final long serialVersionUID__
See Also:
Constant Field Values

PRIME

private static final int PRIME
See Also:
Constant Field Values

INITIAL_CAPACITY

protected static final int INITIAL_CAPACITY
See Also:
Constant Field Values

detailledName_

protected java.lang.String detailledName_

aCS_

protected ImmutableACS aCS_

resACS_

protected ImmutableACS resACS_

resName_

protected ImmutableName resName_

resType_

protected java.lang.String resType_

ep_

protected ImmutableEligibleParty ep_

acsName_

protected ImmutableName acsName_

epName_

protected ImmutableName epName_

nameOfResAcs_

protected ImmutableName nameOfResAcs_

nameOfEpAcs_

protected ImmutableName nameOfEpAcs_

l_right_

protected StringRight[] l_right_

positiveRight_

protected boolean positiveRight_

comment_

protected java.lang.String comment_

l_ConditionSourceGroups_

protected java.util.ArrayList<ImmutableGroupID> l_ConditionSourceGroups_
To activate the ACL rights, the EP has to be member of the GroupIDs in this list. May be null.


EMPTY_INSTANCE

public static final AclEntryImpl EMPTY_INSTANCE
A reusable empty instance for initialization, to avoid the use of 'new' for temporary values. Caution: never change the state of the returned instance.


changeSupport_

private transient java.beans.PropertyChangeSupport changeSupport_
manage all the property change listeners


serialPersistentFields

public static final java.io.ObjectStreamField[] serialPersistentFields
variable for the JDK 2 serialization "aCS_",ACSImpl.class, "resACS_",ACSImpl.class, "resName_",NameImpl.class, "resType_",String.class, "acsName_",NameImpl.class, "nameOfResAcs_",NameImpl.class, "epName_",NameImpl.class, "nameOfEpAcs_",NameImpl.class, "ep_",EligiblePartyImpl.class, "l_right_",String[].class, "positiveRight_",Boolean.TYPE, "comment_",String.class, "l_ConditionSourceGroups_",ArrayList.class "detailledName_",String.class

Constructor Detail

AclEntryImpl

public AclEntryImpl()
Constructor to use only as a transient value for initialization, or used from ARoad0.gBase.AclEntryImplBeanInfo.getPropertyDescriptors() in ARoad0.Gui1.CollectionPropertyEditor.getValue().


AclEntryImpl

protected AclEntryImpl(ImmutableACS _aCS,
                       ImmutableResource _res,
                       ImmutableEligibleParty _ep,
                       StringRight[] _l_right,
                       boolean _positiveRight,
                       ImmutableGroupID _conditionGroup)
                throws CreateError
This is the standard way to create an instance, only from a resource in gBase. Registers the new acl in the condition group(s). The acl registration in the ACS and in the EligibleParty is done by the resource.

An AclEntry is right-defined conditional when it uses a conditional right. An AclEntry is simple (or flexible) conditional when the user set an immutable condition group as argument of the AclEntry constructor. A simple-condition AclEntry is uniquely defined by the set (its ACS, its Resource, its EligibleParty, first condition GroupID, sens of the rights). The first condition GroupID is mandatory at the creation only if it is a simple conditional AclEntry. The other types of AclEntry are uniquely defined by the set (its ACS, its Resource, its EligibleParty, sens of the rights).

The constructor calls the method setL_Rights() to control and setup the rights. If the ACL source is not external, it is used for getting the rights policy from the ACL ACS. In all cases, the ACL target is used to get them. In a right-defined conditional ACL, the method setL_Rights() sets the condition groups. The error messages for the user are as following:

- An external conditional AclEntry must have its Eligible Party ACS or its Resource ACS being its condition group ACS.

- This ACS does not manage the simple-condition AclEntries, into which the rights are activated only if the right user is member of all the condition group(s);

- A condition group has to be from the source ACS or from the target ACS.

- With the type policy 'Resource.NoConditionalACL', the ACS forbids this Resource type as target of a simple-condition AclEntry.

- With the type policy 'GroupIDMember.IsNotConditionalAclSource', the ACS forbids this UserID or GroupID type as source of a simple-condition AclEntry.

- No conditional right in a simple-condition AclEntry, since the condition groups are directly set.

Called only by ResourceImpl.

Parameters:
_aCS - open controller which owns this AclEntry. May be the main ACS of _res, or not. If not, is recorded as ACS controller of this main ACS.
_res - External Object Reference to the resource.
_ep - External Object Reference to the EligibleParty, which may belong to another ACS. Has to be a GroupIDMember if it is a conditional AclEntry.
_l_right - is an array of rights for _ep on _res. Create an empty array with a length of 1 if the argument is null or if its first element is null (even if there is a second non-null element). Controls if the rights are allowed by the ACS and if not, the rights are not set. For a right-defined conditional AclEntry, only one right is allowed.
_positiveRight - is true if the rights are oriented to grant, and false if they are oriented to deny. _l_right is checked.
_conditionGroup - first condition group. May be null. If null, no condition group may be added directly after the AclEntry creation. If not null, _l_right cannot contain a conditional right.
Throws:
CreateError - if (_res or _ep).getName() or (_res or _ep).getEorACS() is null, if _ep is not an EligiblePartyImpl nor an ActorImpl, if _right has not the sens of _positiveRight, or if they are conditional and more than one, or more than one right when the acs forbids it, or external.
Method Detail

buildUpDetailledName

public static final java.lang.String buildUpDetailledName(ImmutableName _epName,
                                                          ImmutableName _resName,
                                                          boolean _positiveRight,
                                                          java.lang.String _conditionGroupName)
                                                   throws CreateError
This method creates the detailled name of an internal AclEntry, that is unique in its ACS, and it provides the preprocessing of the detailled name for an external AclEntry. The detailled name may include its ACS name and the ACS names of the Resource/EP only if the ACL is external. Being external means that at least one of the two EP/Resource ACS is not the ACL ACS. It is then possible to have a third ACS for the other end. It is not possible to have the same ACS for the two ends and another ACS for the ACL. For an internal ACL, the ACL ACS is the ACS of the two ends. Otherwise, for an internal ACL, the ACL ACS is the ACS of the two ends. Called by the constructors and getDetailledNameFromName(), and by some AcsAddon classes like DirectoryMySQLImpl. The format of the detailled name for an internal ACL is as following:

- incomplete Eligible Party name >> incomplete Resource name || grant OR deny || first condition group last component.

For an external ACL, the format of the detailled name is as following:

- ACS: ACS_name | (full or incomplete) Eligible Party name >> (full or incomplete) Resource name || grant OR deny || <Source ACS group> OR <Target ACS group> || first condition group last component.

An Eligible Party or Resource name is incomplete if it belongs to the AclEntry ACS. The condition group is put in the name or the detailled name only for a flexible conditional AclEntry. '<XXXX ACS group>' is used only for an external ACL, when the condition group belongs to the Source or Target (XXXX) ACS.

Parameters:
_epName - name of the EligibleParty, without its ACS name. Never null nor empty.
_resName - name of the Resource, without its ACS name. Never null nor empty.
_positiveRight - is true for a granting right, false for a denying one
_conditionGroupName - first condition group name last component. May be null.
Returns:
the detailled name of an internal AclEntry, even if all the parameters are null, or the first form of the detailled name for an external AclEntry.
Throws:
CreateError - if a name is null or empty

getDetailledName

public java.lang.String getDetailledName()
This method returns the detailled name for the explorer, which gives the key components of the object, without the acs name. The form of the detailled name is:

(full or incomplete) Eligible Party name >> (full or incomplete) Resource name || grant/deny || first condition group last component.

The condition group is put in the name or the detailled name only for a flexible conditional AclEntry. The EP and Resource names may be incomplete because the detailled name includes the ACS names of the Resource/EP only if the ACL is external, and it means that at least one of the two EP/Resource ACS is not the ACL ACS. Works on cloned aclEntries.

Specified by:
getDetailledName in interface DetailledName
Returns:
the detailled name, or 'null AclEntry'
See Also:
getKeyPropertiesFromDetailledName(java.lang.String)

getEorResource

public ImmutableResource getEorResource()
Gets the resource through a call to the ACS map, so quite slow. getResName() and getResType() are much more faster. Returns null if it is a clone or a finalized instance. Caution: Use resourceACS.getEorM_Resources(), so do NOT work after the ACS closing.

Specified by:
getEorResource in interface ImmutableAclEntry
Returns:
the resource that applies this AclEntry

getSource

public java.lang.String getSource()
Gets the access source displayed in the beamer. The form is: 'ep name as string'+'(ACL)'.

Specified by:
getSource in interface ImmutableAclEntry
Returns:
the source name. May be null.

getTarget

public java.lang.String getTarget()
Gets the access target displayed in the beamer. The form is: 'resource name as string'+'(by ACL)'.

Specified by:
getTarget in interface ImmutableAclEntry
Returns:
the target name. May be null.

getEorEP

public final ImmutableEligibleParty getEorEP()
Returns null for a clone or a finalized instance.

Specified by:
getEorEP in interface ImmutableAclEntry
Returns:
ImmutableEligibleParty, as an External Object Reference

getEorACS

public final ImmutableACS getEorACS()
Returns null for a clone or a finalized instance.

Specified by:
getEorACS in interface ACSObject
Specified by:
getEorACS in interface ImmutableAclEntry
Returns:
ImmutableACS of this AclEntry, as an External Object Reference

getEorResACS

public final ImmutableACS getEorResACS()
Specified by:
getEorResACS in interface ImmutableAclEntry
Returns:
ImmutableACS of the AclEntry resource, as an External Object Reference

setL_RightsForUser

public void setL_RightsForUser(StringRight[] _st)
                        throws CreateError
Sets the rights of the AclEntry, from which the effective rights given by getRight() are derived. Called by the GUI. Calls setL_Rights() and resetRightsAsInheritedAclEntry(). Fires a PropertyChangeEvent "AclRights" to the listeners.

Specified by:
setL_RightsForUser in interface AclEntry
Parameters:
_st - array of non-null, non-empty rights for the couple (resource, EligibleParty) in the AclEntry ACS. The authorized rights depend on the AclEntry ACS. May be null.
Throws:
CreateError - if the resource or the eligible party is immutable, or from setL_Rights()

getL_Rights

public final StringRight[] getL_Rights()
Gets the effective rights for the eligible party upon the resource. If there is no condition group, the effective rights are the internal rights as returned by getNoConditionalRight(). If there are conditional groups and if the eligible party is a group member, the eligible party has to be a direct or indirect member of each conditional group, to return the internal rights. Otherwise, the condition rights are not workable, and an empty array is returned. If the eligible party is not a group member, the condition group(s) are forbbiden. Calls getNoConditionalRight(), GroupIDImpl.containsAsMember() and containsAsIndirectMember().

Specified by:
getL_Rights in interface ImmutableAclEntry
Returns:
effective rights for the couple (Resource, EligibleParty) Never null. May be an empty array.

getNoConditionalRight

public final StringRight[] getNoConditionalRight()
Gets the list of the internal conditional or no-conditional rights for the EligibleParty upon the Resource, whatever the compliance to the conditions if there are some conditional groups. Called by setL_Rights() and getL_Rights().

Specified by:
getNoConditionalRight in interface ImmutableAclEntry
Returns:
rights as READ, CONNECT, DELETE... for the couple (resource, eligible party). Never null. May be an empty array.

isRightDefinedConditionalAclEntry

public final boolean isRightDefinedConditionalAclEntry()
Gets true for a right-defined conditional AclEntry. A simple-condition AclEntry is not a right-condition AclEntry. Called by setConditionSourceGroupsFromRights().

Specified by:
isRightDefinedConditionalAclEntry in interface ImmutableAclEntry
Returns:
true if the first right is a conditional right

isConditionalAclEntry

public final boolean isConditionalAclEntry()
Gets true for a right-defined or a flexible conditional AclEntry.

Specified by:
isConditionalAclEntry in interface ImmutableAclEntry
Returns:
true if the condition groups list is not null

getEnabledRights

public final boolean getEnabledRights()
Gets false only for a conditional AclEntry where the GroupIDMember source is not (in)direct member of a condition group. A conditional ACL having an Actor as source has always enabled rights (new in 0.7.1).

Specified by:
getEnabledRights in interface ImmutableAclEntry
Returns:
true if the rights are workable

getPositiveRight

public final boolean getPositiveRight()
Specified by:
getPositiveRight in interface ImmutableAclEntry
Returns:
_b true if the AclEntry rights ('r' for example) grant access to the eligible party, and false if the rights deny an access type.

getNameOfResACS

public ImmutableName getNameOfResACS()
Caution: does not return a clone.

Specified by:
getNameOfResACS in interface ImmutableAclEntry
Returns:
ImmutableName name of the AclEntry resource ACS. No cloned from the internal property. May be null.

getResName

public ImmutableName getResName()
Caution: does not return a clone.

Specified by:
getResName in interface ImmutableAclEntry
Returns:
ImmutableName name of the AclEntry resource. No cloned from the internal property. May be NameImpl.EMPTY_INSTANCE.

getResType

public java.lang.String getResType()
To use when it is possible to replace getEorResource().

Specified by:
getResType in interface ImmutableAclEntry
Returns:
the AclEntry resource type.

getAcsName

public ImmutableName getAcsName()
Caution: does not return a clone.

Specified by:
getAcsName in interface ACSObject
Returns:
ImmutableName name of the AclEntry ACS. No cloned from the internal property. May be null.

getNameOfEpACS

public ImmutableName getNameOfEpACS()
Caution: does not return a clone.

Specified by:
getNameOfEpACS in interface ImmutableAclEntry
Returns:
ImmutableName name of the AclEntry EligibleParty ACS. No cloned from the internal property. May be null.

getEpName

public ImmutableName getEpName()
Caution: does not return a clone.

Specified by:
getEpName in interface ImmutableAclEntry
Returns:
ImmutableName name of the AclEntry EligibleParty. No cloned from the internal property. May be null.

setComment

public void setComment(java.lang.String _s)
Set any comment related to this AclEntry. It is a bound property.

Specified by:
setComment in interface AclEntry
Parameters:
_s - comment which is associated to the AclEntry

getComment

public java.lang.String getComment()
Returns:
comment which is associated to the AclEntry

getL_ConditionSourceGroups

public java.util.List<ImmutableGroupID> getL_ConditionSourceGroups()
To activate the ACL rights in a conditional AclEntry, the EP is a GroupIDMember, and it has to be a member of each condition GroupID. If the EP is not a GroupIDMember, the effective rights are null.

Specified by:
getL_ConditionSourceGroups in interface ImmutableAclEntry
Returns:
condition groups. May be empty, never null.

addPropertyChangeListener

public void addPropertyChangeListener(java.lang.String _propertyName,
                                      java.beans.PropertyChangeListener _l)
Add a listener to the bean. Used by Gui1.CommonPropertyEditor for the 'Comment', 'AclRights', 'ConditionSourceGroups' properties.

Specified by:
addPropertyChangeListener in interface BoundBean
Parameters:
_propertyName - String is the name of the property
_l - PropertyChangeListener to add

addPropertyChangeListener

public void addPropertyChangeListener(java.beans.PropertyChangeListener _l)
Add a listener to the bean.

Specified by:
addPropertyChangeListener in interface BoundBean
Parameters:
_l - PropertyChangeListener to add

removePropertyChangeListener

public void removePropertyChangeListener(java.lang.String _propertyName,
                                         java.beans.PropertyChangeListener _l)
remove a listener to the bean. Used by Gui1.CommonPropertyEditor for the 'Comment', 'AclRights', 'ConditionSourceGroups' properties.

Specified by:
removePropertyChangeListener in interface BoundBean
Parameters:
_propertyName - String is the name of the property
_l - PropertyChangeListener to remove

removePropertyChangeListener

public void removePropertyChangeListener(java.beans.PropertyChangeListener _l)
remove a listener to the bean.

Specified by:
removePropertyChangeListener in interface BoundBean
Parameters:
_l - PropertyChangeListener to remove

getPropertyChangeListeners

public java.beans.PropertyChangeListener[] getPropertyChangeListeners(java.lang.String _propertyName)
Returns the change listeners for a property. Used by the AcsAddons.

Specified by:
getPropertyChangeListeners in interface ImmutableAclEntry
Parameters:
_propertyName - name of the listened property.
Returns:
the change listeners. May be null or empty.

compareTo

public int compareTo(java.lang.Object o)
              throws java.lang.ClassCastException
Based on the AclEntry name comparisons on the EP first, and then on the Resource, if the EP names are equals. On Resources, the nodes are always smaller than their leaves. The UserIDs are smaller than the GroupIDs. The condition groups are compared at the end, through the comparison of the detailled names where only the first group name last component appears, if any, and the ACS name is it is an external AclEntry. The rights are NOT compared. Called by ACSImpl.newEorAclEntry() (through Arrays.sort()) ACSTreeUtilities.addDetailledNameUnderNode() and by Gui1.CollectionPropertyEditor.propertyChange() to display the AclEntries.

Specified by:
compareTo in interface java.lang.Comparable
Parameters:
o - to compare must be an ImmutableAclEntry
Returns:
0 if the ACL are almost equals, a negative integer if this object is lesser than the argument, and a positive integer if this object is greater than the argument.
Throws:
java.lang.ClassCastException - - if the specified object's type prevents it from being compared to this current Object

clone

public java.lang.Object clone()
Called by removeEorAclEntry() in the events firing. The ACS, the EP and the resource ACS are null in the returned AclEntry. The rights array is copied without cloning of the rights (shallow copy). Thus the rights networks of metarights and acsrights are linked to the ACL clone. The method getEorResource() returns null while getResName() returns a clone of the resource name. The condition groups list is cloned in a shallow copy. The methods getRight() and getDetailledName() work well, as toString(). The properties are protected, so may be accessed by the package. Caution: the clone is not registered in its ACS, its resource, its EP or its confition groups, but equals() returns true when it compares a clone and its source.

Specified by:
clone in interface ImmutableAclEntry
Overrides:
clone in class java.lang.Object
Returns:
Object without external references (ACS, resource ACS and EligibleParty) and copy of the other properties.

equals

public boolean equals(java.lang.Object _obj)
This method returns true for a clone, even if it has no direct references to its ACS, resource or EP. This method casts _obj to AclEntryImpl, to have a direct access to the protected properties. The result is true if the two ACL have the same rights in a different order.

Specified by:
equals in interface BaseObject
Specified by:
equals in interface ImmutableAclEntry
Overrides:
equals in class java.lang.Object
Parameters:
_obj - is the object to compare.
Returns:
boolean true if _obj is equal with the same class, not only an implementation of AclEntry.

hashCode

public int hashCode()
Specified by:
hashCode in interface BaseObject
Specified by:
hashCode in interface ImmutableAclEntry
Overrides:
hashCode in class java.lang.Object
Returns:
the hashcode value from the detailled name only

getSerialVersionUID

public long getSerialVersionUID()
Return long value for serialization

Specified by:
getSerialVersionUID in interface ImmutableAclEntry
Returns:
long is the uid used for serialization of the instance.

isExternalAclEntry

public boolean isExternalAclEntry()
An external ACL has the source or the target from another ACS than the ACL ACS. It may be a conditional ACL. Called by the constructor.

Specified by:
isExternalAclEntry in interface ImmutableAclEntry
Returns:
true if the source or the target is from another ACS

isEmpty

public boolean isEmpty()
Specified by:
isEmpty in interface ImmutableAclEntry
Returns:
boolean true if equal to new AclEntryImpl()

copy

public AclEntry copy(Resource _newRes)
              throws CreateError
Copy the AclEntry for a resource of the same ACS. The AclEntry contains the same properties than this instance, and it is registered in its ACS, resource and EP.

Specified by:
copy in interface ImmutableAclEntry
Parameters:
_newRes - is a resource belonging to the same ACS
Returns:
an AclEntry with a new resource and a copy of the other properties.
Throws:
java.lang.InternalError - if _newRes is null.
CreateError - if _ep is already recorded in this resource with the same ACS and sens, or thrown by the ACS.newEorAclEntry().

firePropertyChange

protected void firePropertyChange(java.lang.String _propertyName,
                                  java.lang.Object _oldValue,
                                  java.lang.Object _newValue)
Fire an event to every registered listener, in any order. Called by setComment(), setRights(). For the properties 'Comment', 'AclRights', 'ConditionSourceGroups'.

Parameters:
_propertyName - name of the changing property
_oldValue - of the property
_newValue - of the property. No operation if equal to _oldValue and not null.

finalizeForBase

public void finalizeForBase()
                     throws UpDateError
Currently unused method, that is from the DetailledName interface.

Specified by:
finalizeForBase in interface FinalizedObject
Throws:
no - UpDateError throwing
UpDateError - if the resource is unknown of the main ACS (if it is a clone without setName(), typically)

finalizeForUser

public void finalizeForUser()
                     throws UpDateError
Currently unused method, that is from the DetailledName interface.

Specified by:
finalizeForUser in interface FinalizedObjectForUser
Throws:
no - UpDateError throwing
UpDateError - for instance if the object is immutable

finalizeForUser

protected void finalizeForUser(short _epCount)
                        throws UpDateError
Replacing finalizeForBase() and finalizeForUser(), this method removes the AclEntry from the aclConnectedResources map of its EligibleParty, and from the list of its ACS. The removing in the ACS fires a change property event to the GUI, and may remove the AclEntry Resource or EP in the ACS lists if they are external. Most of the variables are set to null, so the instance is equals to a new AclEntryImpl(). It is called only by its resource, which deletes the AclEntry and its own references to it. The StringRights are not finalized, but the links are cut. Only ActorImpls and EligiblePartyImpls are managed as EligibleParties.

Parameters:
_epCount - is the number of references to ep_ in the AclEntries list of its Resource. If it is equal to '1', the aclConnectedResources map of ep_ is updated.
Throws:
UpDateError - if the Resource is unknown of the main ACS, or if this AclEntry is recorded more than once.

finalizeClosedAcl

protected void finalizeClosedAcl()
This method allows the detection by the garbage collector of unused closed ACLs, or copied ACLs through copyForExternal(), after the closing of their ACS, or after the deleting of their resource or eligible party. This method sets the properties to their default values, without updating their resource or eligible party as finalizeForUser() does it. It sets to null almost all variables, thus the instance becames empty. It is called by the constructor, by BaseManagerImpl.saveAndCloseOpenACS() and closeOpenACS(), by ResourceImpl.finalizeFromDeserialization and by ACSImpl.checkClosedAclEntries(), to cleanup the AclEntry instances in ACSImpl.l_ClosedAclEntries_ or in ResourceImpl


getFullName

public ImmutableName getFullName()
The full name is unique for the Access Road program. There, its is equal to the name with all the rights and all the condition groups.

Specified by:
getFullName in interface BaseObject
Returns:
a copy of the name. Null for an empty AclEntry.

getNickName

public java.lang.String getNickName()
This short name is NOT unique for the Access Road program nor the ACS if it is an ACS object. The format is:

EligibleParty Name last component >> first right nick name >> Resource Name last component

Specified by:
getNickName in interface BaseObject
Returns:
the AclEntry nick name. Never null.

getName

public ImmutableName getName()
Gets the BaseObject name of the AclEntry from getNameFromDetailledName(). The AclEntry name is composed of:

ACS:: acsName:: ELIGIBLEPARTY:: epName:: >> RESOURCE:: resName || grant/deny || CONDITIONS:: first condition group name

(here, ':: ' is added by gBase.NameImpl.toString()), where epName is the eligible Party full name, and resName is the Resource full name.

The condition group is put in the name or the detailled name only for a flexible conditional AclEntry. If _acsName, _epName or _resName is null, like in an empty instance, they are not put in the name. This method works for a clone. This name is used only outside gBase, following BaseObject interface. The IS name is in the first components of the ACS name.

Specified by:
getName in interface BaseObject
Returns:
ImmutableName of the AclEntry, or null if it is a finalized AclEntry

addForUserConditionSourceGroup

public void addForUserConditionSourceGroup(ImmutableGroupID _grp)
                                    throws UpDateError
This method is to use only for the flexible conditional ACL, and if there is alrady a non-null first condition group set by the constructor. If the condition group is immutable, the operation is not aborted. Controls the ACS type policy on 'Resource.NoConditionalACL'. An external AclEntry handles only one condition group. To activate the ACL rights, the source has to be member of the condition GroupIDs, or, if the source is an Actor, has to have an AG context which is member of the condition GroupIDs. If the AclEntry uses right-defined condition group(s), it is not possible to update them directly. If a condition group is finalized, this AclEntry does not listen the event but the method getRight() returns empty. Controls of the ACL policy for 'Resource.NoConditionalACL', 'GroupID.ConditionalAclGroup', 'Resource.OneConditionGroupInACL', 'Resource.TypesOfSourceForConditionalACL.resource_type'. Calls addConditionSourceGroup() and resetRightsAsInheritedAclEntry().

Specified by:
addForUserConditionSourceGroup in interface AclEntry
Parameters:
_grp - condition group from the AclEntry ACS. Never null.
Throws:
UpDateError - if the AclEntry ACS does not manage the flexible conditional group, if the first condition group is null, already known, if the argument is null or not from the AclEntry ACS, if it is an external AclEntry

removeForUserConditionSourceGroup

public void removeForUserConditionSourceGroup(ImmutableGroupID _grp)
                                       throws UpDateError
To activate the ACL rights, the EP has to be member of the condition GroupIDs, if it is a GroupIDMember. The first condition group cannot be removed. For a right-defined AclEntry, it is not possible to update them directly. If a condition group is finalized, this AclEntry does not listen the event but the method getRight() returns empty. Calls removeConditionSourceGroup() and resetRightsAsInheritedAclEntry().

Specified by:
removeForUserConditionSourceGroup in interface AclEntry
Parameters:
_grp - conditionnal group to remove
Throws:
UpDateError - if the AclEntry uses static condition group, or the argument is not from the AclEntry ACS or it is the first condition group

getNameFromDetailledName

public ImmutableName getNameFromDetailledName(ImmutableACS _acs,
                                              java.lang.String _detailledName)
                                       throws BaseError
Extracts the BaseObject name from the detailled name of an AclEntry. The form of the detailled name for an internal ACL is:

- incomplete Eligible Party name >> incomplete Resource name || grant OR deny || first condition group last component.

For an external ACL, the form of the detailled name is:

- ACS: ACS_name | (full or incomplete) Eligible Party name >> (full or incomplete) Resource name || grant OR deny || <Source ACS group> OR <Target ACS group> || first condition group last component.

An Eligible Party or Resource name is incomplete if it belongs to the AclEntry ACS. The condition group is put in the name or the detailled name only for a flexible conditional AclEntry. '<XXXX ACS group>' is used only for an external ACL, when the condition group belongs to the XXXX ACS.

The AclEntry name is composed of:

ACS:: acsName:: ELIGIBLEPARTY:: epName:: >> RESOURCE:: resName || grant/deny || CONDITIONS:: first condition group name

(here, ':: ' is added by gBase.NameImpl.toString()), where epName is the Eligible Party full name, and resName is the Resource full name.

The condition group is put in the name or the detailled name only for a flexible conditional AclEntry. This is a pseudo-static method, since it does not depend on the instance. Calls BaseUtilityImpl.getEorBaseObject(). Called by getName(), TreeManager.analyzeSelectedNodeInExplorer() and SimplePropertyEditor.viewOneElement().

Specified by:
getNameFromDetailledName in interface DetailledName
Parameters:
_detailledName - is the viewable name of the object in the explorer
_acs - ACS of the BaseObject
Returns:
name of the AclEntry
Throws:
BaseError - if an argument is null, or if _detailledName is not well formed

getKeyPropertiesFromDetailledName

public ImmutableName[] getKeyPropertiesFromDetailledName(java.lang.String _displayedName)
                                                  throws BaseError
Extracts the resource name first, and the EligibleParty name in the detailled name of an AclEntry, then the right sens and, if not null, the first condition group name. The ACS name is never returned. The form of the detailled name for an internal ACL is as following:

- incomplete Eligible Party name >> incomplete Resource name || grant OR deny || first condition group last component.

For an external ACL, the form of the detailled name is as following:

- ACS: ACS_name | (full or incomplete) Eligible Party name >> (full or incomplete) Resource name || grant OR deny || <Source ACS group> OR <Target ACS group> || first condition group last component.

An Eligible Party or Resource name is incomplete if it belongs to the AclEntry ACS. The condition group is put in the name or the detailled name only for a flexible conditional AclEntry. '<XXXX ACS group>' is used only for an external ACL, when the condition group belongs to the XXXX ACS.

This is a pseudo-static method, since it does not depend on the instance. Used by the method getNameFromDetailledName.

Specified by:
getKeyPropertiesFromDetailledName in interface DetailledName
Parameters:
_displayedName - is the short viewable name of an AclEntry
Returns:
array of 3 or 4 names, with - at the index 0, the resource name, without the ACS name if it belongs to the ACL ACS - at the index 1, the eligible party name, without the ACS name if it belongs to the ACL ACS - at the index 2, 'grant' or 'deny' in a one-component name - at the index 3, the first condition group name, without '<G>' nor its ACS name (as option)
Throws:
BaseError - if the argument is not an AclEntry name string, or if a main component string is not provided by NameImpl.toString().
See Also:
getDetailledName()

getDetailledNameFromName

public java.lang.String getDetailledNameFromName(ImmutableName _name)
                                          throws BaseError
Gets the detailled name from the AclEntry name, like a static method since the AclEntry properties are not used. The form of the detailled name for an internal ACL is as following:

- incomplete Eligible Party name >> incomplete Resource name || grant OR deny || first condition group last component.

For an external ACL, the form of the detailled name is as following:

- ACS: ACS_name | (full or incomplete) Eligible Party name >> (full or incomplete) Resource name || grant OR deny || <Source ACS group> OR <Target ACS group> || first condition group last component.

The AclEntry name is composed of:

ACS:: acsName:: ELIGIBLEPARTY:: epName:: >> RESOURCE:: resName || grant/deny || CONDITIONS:: first condition group name

Note: the detailled name is not unique in the base. Calls BaseManagerImpl.getEorM_OpenACS() and knowsACS() to find the ACS name. Calls getKeyPropertiesFromName() and buildUpDetailledName().

Specified by:
getDetailledNameFromName in interface DetailledName
Parameters:
_name - name of an AclEntry
Returns:
the detailled name of the AclEntry
Throws:
BaseError - if the argument has a wrong format
See Also:
PrivilegeAbst.buildUpDetailledName(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String), buildUpDetailledName(ARoad0.gBaseInterface.ImmutableName, ARoad0.gBaseInterface.ImmutableName, boolean, java.lang.String)

toString

public java.lang.String toString()
The form is 'Eligible party: KKKK+ , ACL ACS: GGG + ; Resource: DDDD+ Right(s): bbbb| vvvv| nnnn + positive right: true/false"+ Condition groups: UUUU| OOOO| . Called by BaseManagerImpl.importACS() to display the closed AclEntries, and in the ResourceImpl.addAclEntry() error messages.

Specified by:
toString in interface ImmutableAclEntry
Overrides:
toString in class java.lang.Object
Returns:
string form of the AclEntry with most of the properties

getKeyPropertiesFromName

public static ImmutableName[] getKeyPropertiesFromName(ImmutableName _aclName)
                                                throws BaseError
Gets the component names from the AclEntry name. The AclEntry name is composed of:

ACS:: acsName:: ELIGIBLEPARTY:: epName:: >> RESOURCE:: resName || grant/deny || CONDITIONS:: first condition group name

(here, ':: ' is added by gBase.NameImpl.toString()), where epName is the EligibleParty full name, and resName is the Resource full name. The condition group is put in the name or the detailled name only for a flexible conditional AclEntry. Called by the methods getKeyReferencesFromName, getDetailledNameFromName, getPropertyNamesFromName.

Parameters:
_aclName - name of the AclEntry.
Returns:
an array of 4 or 5 names:

- the ACS full name at index 0,

- the EligibleParty full name at index 1,

- the Resource full name at index 2,

- the 'grant' or 'deny' string in a one-component name,

- the first condition group name at index 4, or no index 4.

Throws:
BaseError - the argument is not an AclEntry name with the key words.

getKeyReferencesFromName

public static java.lang.Object[] getKeyReferencesFromName(ImmutableName _aclName)
                                                   throws BaseError
Gets the 4 or 5 AclEntry main components from the AclEntry name. These components fully define the AclEntry instance. The AclEntry name is composed of:

ACS:: acsName:: ELIGIBLEPARTY:: epName:: >> RESOURCE:: resName || grant/deny || CONDITIONS:: first condition group name

where epName is the EligibleParty full name, and resName is the Resource full name. The condition group is put in the name or the detailled name only for a flexible conditional AclEntry. To have names rather than instances, use getKeyPropertiesFromName(). This method is used by Gui1.PropertyEditor to remove an AclEntry from a list displaying the AclEntry name in the beamer. This method is returned by the PropertyDescriptor value 'removeArgumentsFromName' in ResourceImplBeanInfo, for CollectionPropertyEditor.

Parameters:
_aclName - the AclEntry name, get through getName()
Returns:
array of the 4 or 5 AclEntry main components:

- index 0: ACS which manages this AclEntry

- index 1: AclEntry EligibleParty

- index 2: AclEntry Resource

- index 3: Boolean for the right sens - index 4: the first condition group

Throws:
BaseError - if the argument is not an AclEntry name string, or if a main component string is not provided by NameImpl.toString()

getPropertyNamesFromName

public static ImmutableName[] getPropertyNamesFromName(java.lang.String _aclName)
                                                throws BaseError
Gets the main components names from the aclEntry name as a string, returned by toString(). These key components names define completly the AclEntry instance, following the KeyPropertiesInName pattern. The AclEntry name is composed of:

ACS:: acsName:: ELIGIBLEPARTY:: epName:: >> RESOURCE:: resName || grant/deny || CONDITIONS:: first condition group name

The condition group is put in the name or the detailled name only for a flexible conditional AclEntry.

Parameters:
_aclName - the AclEntry name, get through getName().toString()
Returns:
array of the 4 or 5 AclEntry main components names:

- index 0: name of the ACS which manages this AclEntry

- index 1: name of the EligibleParty

- index 2: name of the Resource

- index 3: the 'grant' or 'deny' string in a one-component name - index 4: the first condition group

Throws:
BaseError - if the argument is not an AclEntry name string, or if a main component string is not provided by NameImpl.toString().

setL_Rights

protected void setL_Rights(StringRight[] _st)
                    throws CreateError
Sets the rights of the AclEntry, from which the effective rights given by getRight() are derived. Only header rights are used. The ACS constraints on 'AclRights' are applied even if they are null, and they depend on both the EligibleParty and the Resource. This is not like for AGO rights. To explain the result, an exception is thrown as an user message when the ACS constraints are no fullfilled. Controls the ACL rights constraints in the ACS from the resource, and also from the EP only if the AclEntry is not external (that is, the ACS is the same for the AclEntry and the EP.

Only non-null, non-empty rights are set as new rights. Creates a 0-size array if the argument is null. Controls if each right has the correct sens. Controls the ACS type policy on 'Resource.OneRightACL', 'Resource.NoConditionalACL', 'Resource.NoNonConditionalACL', 'GroupIDMember.IsNotConditionalAclSource' and 'Actor.IsNotConditionalAclSource'.

A right-defined conditional AclEntry must have a single non-null right. It may be be external. For a conditional AclEntry, _ep is a GroupIDMember, and the right is workable only if _ep is a member of each of these condition groups (or the _ep AG context). Otherwise, the resulting effective right from getRight() is a 0-size array. Calls BaseUtilityImpl.getL_AcsRestrictedRights() and UtilityImpl.selectHeaders().

Note: 'AclRights' is also the bound property name of the ACLs in ResourceImpl, to allow the work of the Gui1 package. For Gui2.GraphicViewBaseListenerImpl that listens the 'AclRights' events both from the Resource and the AclEntry, the source and the value types in the event allows to process the event properly.

No action if this instance is a clone or has been finalized. Called by the constructor and setRightsForUser().

Parameters:
_st - array of non-null, non-empty rights for the couple (resource, EligibleParty) in the AclEntry ACS. The authorized rights depend on the AclEntry ACS. May be null.
Throws:
CreateError - if a right is null, empty, if a right is not allowed, has not the sens of getPositiveRight(), or does not fulfil with the ACL constraints.
See Also:
BaseUtilityImpl.getL_AcsRestrictedRights(ARoad0.Pattern.BeanInfoPattern, ARoad0.gBaseInterface.BaseObject, java.lang.String, ARoad0.gBaseInterface.ImmutableACS, java.lang.String)

setConditionSourceGroupsFromRights

protected int setConditionSourceGroupsFromRights()
                                          throws CreateError
Main method to update the right-defined condition group at every rights updating. Noop if the ACS does not manage the right-defined conditional ACL. Only one external condition group is allowed for an external AclEntry. Controls the ACS policy for 'GroupID.ConditionalAclGroup', 'Resource.OneConditionGroupInACL', 'Resource.TypesOfSourceForConditionalACL.'. Called by setL_Rights() and ACSImpl.checkClosedAclEntriesTo(). Calls addConditionSourceGroup(), but not removeConditionSourceGroup(). Fires the event 'ConditionSourceGroups' for the removing of all the current groups, then one 'ConditionSourceGroups' event for each new group.

Returns:
if negative, it is the number of new condition groups which are unknown by the acs, else return 0.
Throws:
CreateError - if the ACS does not manage right-condition ACL while the first right contains 'IF', or the ACS of the condition group is not the AclEntry ACS.

addConditionSourceGroup

protected void addConditionSourceGroup(ImmutableGroupID _grp)
Adds a condition group without controls. The ACS of the group may not be the ACL ACS. To activate the ACL rights, the EP has to be member of the condition GroupIDs. If the EP is not a GroupIDMember while there is at least one condition group, the rights are empty. The argument is not updated. GroupIDImpl.finalizeForBase() delete a conditional AclEntry having a finalized group as condition group. Called by the constructor, setConditionSourceGroupsFromRights() and addForUserConditionSourceGroup(). Fires a PropertyChangeEvent "ConditionSourceGroups" to the listeners.

Parameters:
_grp - conditionnal group to add. Never null.

removeConditionSourceGroup

protected void removeConditionSourceGroup(ImmutableGroupID _grp)
                                   throws CreateError
Removes a condition group. The result is never null nor empty, since the first group cannot be removed. To activate the ACL rights, the EP has to be member of the condition GroupIDs, if it is a GroupIDMember. The argument is not updated. The first condition group cannot be removed. Called by removeForUserConditionSourceGroup(), but not by setConditionSourceGroupsFromRights(). If the target is a Directory in an ACS that manages the ACL inheritance, calls the method resetInheritedAclEntryRights() on the Directory. Fires a PropertyChangeEvent "ConditionSourceGroups" to the listeners.

Parameters:
_grp - conditionnal group to remove
Throws:
CreateError - if _grp is not registered or it is the first condition group

resetRightsAsInheritedAclEntry

protected void resetRightsAsInheritedAclEntry()
If the target is a Directory in an ACS that manages the ACL inheritance, calls Directory.resetInheritedAclEntryRightsOfChildren(), to reset the effective rights in the inherited AclEntry map of each Directory child. An AcsAddon may use also this call to resetInheritedAclEntryRightsOfChildren() for other AclEntry-related operations, like in MySQL. Called by the methods setL_RightsForUser() and add/removeForUserConditionSourceGroup() after the updating of the effective rights, and by GroupIDImpl.add/removeEorMember() after the updating of the (in)direct members of a condition group. Calls Directory.resetInheritedAclEntryRightsOfChildren(). Note: the creation of the inherited AclEntry in a child is not handled by the generic gBase package, contrary of the rights updating of the inherited AclEntry. Fires no PropertyChangeEvent.


copyForExternal

protected AclEntry copyForExternal()
Called by ACSImpl.closeAclEntriesTo() only for the external ACLs, when the links to other ACS have to be cut and cloned. The ACS, the EP and the resource ACS are null in the returned AclEntry. The rights array is copied without cloning of the rights (shallow copy). Thus the rights networks of metarights and acsrights are linked to the ACL clone. The method getEorResource() returns null while getResName() returns a clone of the resource name. An external ACL has conditional group(s) from the source ACS or the target ACS. The methods getRight() and getDetailledName() work well, as toString(). The properties are protected, so may be accessed by the package. The returned instance may be finalized with finalizeClosedAcl(). Caution: the clone is not registered in its ACS, its resource, its EP or its confition groups, but equals() returns true when it compares a clone and its source.

Returns:
Object without external references (ACS, resource ACS and EligibleParty) and copy of the other properties, excluding the condition groups.