|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface ResourceMySQL
This interface is responsible for modeling a MySQL resource. The Resource method getL_aclEntry is not overridden, but it provides a sorted list of ACL from a ResourceMySQL.
Method Summary | |
---|---|
void |
addInheritedAclEntry(AclEntry _acl)
Adds the inherited AclEntry. |
java.util.Map<java.lang.String,StringRight[]> |
getM_TargetInheritedACLRights()
Gets the internal map of the primary rights from each parent level of this resource. |
void |
removeAclEntryWithoutFiring(ImmutableACS _aclAcs,
ImmutableEligibleParty _ep,
boolean _positiveRight,
ImmutableGroupID _conditionGroup)
Removes the direct AclEntry and the inherited AclEntries in the children, but without event firing. |
void |
removeInheritedAclEntry(AclEntry _acl)
Removes the inherited AclEntries in the children. |
void |
resetInheritedAclEntryRights(AclEntry _acl)
Resets the inherited AclEntry rights after an user edition of the ACL rights. |
Methods inherited from interface ARoad0.gBaseInterface.Resource |
---|
addAclEntry, copyWithoutInternalAcl, removeAclEntry, resetInheritedPrivilegeRights, selectInheritedPrivilege, setEorGroupID, setEorUserID, setL_groupRights, setL_ownerRights, setL_rootRights, setResourceType |
Methods inherited from interface ARoad0.gBaseInterface.Basic |
---|
finalizeForUser, setComment |
Methods inherited from interface ARoad0.gBaseInterface.ImmutableBasic |
---|
getComment, getEorAliasAsInternalHardReference, getEorReferenceAsInternalHardAlias, getHasSoftAlias, getImpliedViews, getIS_Name, getL_AcsOfSoftReferences, getL_SoftAlias, getPropertyChangeListeners, getSerialVersionUID, getVirtualFolders |
Methods inherited from interface ARoad0.gBaseInterface.Copyable |
---|
copy |
Methods inherited from interface ARoad0.gBaseInterface.PrivilegeTarget |
---|
addEorPrivilegeForTypeToTarget, removeEorPrivilegeToTarget |
Methods inherited from interface ARoad0.gBaseInterface.ImmutablePrivilegeTarget |
---|
getEorImmutableL_TargetInheritedLinkedPrivileges, getEorL_TargetPrivilegeForLinks, getEorL_TargetPrivilegeForTypes, getEorL_TargetPrivileges, getM_TargetInheritedLinkedPRIRights, getType |
Methods inherited from interface ARoad0.gBaseInterface.ImmutableTarget |
---|
getEorAliasAsInternalHardReference, getEorReferenceAsInternalHardAlias, getHasSoftAlias, getL_AcsOfSoftReferences, getL_SoftAlias |
Methods inherited from interface ARoad0.gBaseInterface.ACSObject |
---|
getAcsName, getEorACS |
Methods inherited from interface ARoad0.gBaseInterface.BaseObject |
---|
equals, getFullName, getName, getNickName, hashCode |
Methods inherited from interface ARoad0.gBaseInterface.ACSObjectAddon |
---|
getAddonInnerPropertiesToListen |
Method Detail |
---|
void addInheritedAclEntry(AclEntry _acl)
_acl
- inherited AclEntry to put in the list at the right ordervoid removeInheritedAclEntry(AclEntry _acl) throws UpDateError
_acl
- inherited AclEntry
UpDateError
- if _acl is null or unknownvoid resetInheritedAclEntryRights(AclEntry _acl)
resetInheritedAclEntryRights
in interface Resource
_acl
- inherited AclEntry with updated rightsjava.util.Map<java.lang.String,StringRight[]> getM_TargetInheritedACLRights()
The primary rights are not an official MySQL concept. It is an help for the Access Road user and it is necessary for the gWork classes. It describes both the inherited AclEntries and the direct AclEntries. The root 'MySQL server' has primary rights only from its direct ACL, and a database has primary rights from the root and its direct ACL.
To have some access rights on a MySQL Resource, a pair (user, host) has to match on the root 'MySQL Server' a pair (user, host) or a pair (user, accounts-for-hosts group) which has at least an USAGE right. The FIRST matching pair in the 'MySQL server' list becomes the current user. It is used to get the rights for the initial pair (user, host) at each parent level. The current user is returned by the method NodeRightsMySQLImpl.getConnectionPair(). If the current user has only an USAGE right and if, for a given Resource, the current user has no direct ACL and no inherited ACL, then no right is granted. Otherwise, the rights are the sum of the current user rights from the FIRST matched direct ACL and from the FIRST matched inherited ACL at EACH parent level. For these inherited ACL, the rights from each parent are added to the final result.
This section is about the virtual ACL in the MySQL addon. There are two types of virtual ACL: the virtual 'user@accounts-for-hosts group' ACL on any Resource, which derives from one 'accounts-for-hosts group' real ACL, and the mixed ACL which is only on databases. The mixed ACL derives from two to-be-mixed real ACL. The virtual user@accounts-for-hosts group ACL is so derived from a non-conditional accounts-for-hosts group ACL, and the target may have any type. There are processed rights for each account member of the accounts-for-hosts group. If there are 3 members into the accounts-for-hosts group, there are 3 sets of processed rights for three keys in the rights maps. All these rights are simply the copy of the accounts-for-hosts group ACL rights.
The database level is the most complex case. It is the only parent level to handle the virtual mixed ACL, the to-be-mixed real ACL and the real bases set ACLs. The to-be-mixed real ACL are the only case where two real ACL are selected at a level (this is indeed always the database level) to build up some rights in a virtual mixed ACL. To-be-mixed and mixed ACL are not official MySQL concepts, but they implement a MySQL algorithm. Two non-conditional to-be-mixed ACL on a database-related target, respectively for an user U and a host H, are combined to define the processed rights for the pair (U, H). The processed rights are the union of the rights from the two real ACL. This define a map key even if the union of rights is empty. This is the only case where a key in the two maps, may have an empty set of effective rights.
This section is about the keys into the primary rights map. Each parent level may produce a matched key for a given couple user/host and a target. Into the primary ACL rights map, the map key may have varied forms, where the parent order is always at the end. The parent order tells the distance from the target to the parent which delivers the referenced rights. For instance, the direct parent of a resource has the string '1'. The direct parent of this parent has the string '2' as parent order, and so on. Into the two rights maps, the single difference between the keys is that the key for the primary rights is a String form of a Name, and the global rights key is the same Name.
The ten key forms are listed hereinafter:
- (user name @ host name last component) :: parent order, for instance 'one :: mysql :: jerry@localhost :: 2',
-
'
-
-
-
-
-
-
-
In this catalog of key forms for the database, '
getM_TargetInheritedACLRights
in interface ImmutableResource
void removeAclEntryWithoutFiring(ImmutableACS _aclAcs, ImmutableEligibleParty _ep, boolean _positiveRight, ImmutableGroupID _conditionGroup) throws UpDateError
_aclAcs
- ImmutableACS which owns the AclEntry, and is recorded
as an ACS controller of this resource._ep
- eligible party connected to the resource through an AclEntry.
This method unrecords the relevant aclEntry in _ep, in this resource,
and in the relevant ACS. The ACS of the aclEntry may be unrecorded in this
resource if there are no other aclEntry owned by this ACS in this resource._positiveRight
- is true if the rights are oriented to authorize,
and false if they are oriented to forbid._conditionGroup
- first condition group. May be null.
UpDateError
- if _ep is null, unknown, if _aclAcs is closed or unknown,
or if the type does not allow this operation.DirectoryMySQLImpl.addAclEntry(ARoad0.gBaseInterface.ImmutableACS, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.StringRight[], java.lang.Boolean, ARoad0.gBaseInterface.ImmutableGroupID)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |