ARoad0.gWorkInterface
Interface NodeRights

All Known Implementing Classes:
NodeRightsImpl, NodeRightsMySQLImpl, NodeRightsUbuntuImpl

public interface NodeRights

This interface is responsible for getting the rights for a node in a view, and since each implied ACS may be generic or from an AcsAddon, the main job of this class is to give the correct method to use for each ACS and each search. The NodeRights true class is a NodeRights or one of its subclasses that is set in an AcsAddon. Then, each node offers to the paths search a set of methods from this NodeRights and, optionally, another set from the AcsAddon that are called from some NodeRights methods which are overridden.

The path search algorithms are then divided in 4 sets:

- the core algorithms are the larger part of the code, and they are in most of the gWork classes; they work for all the ACSs, generic one or from an AcsAddon, they consider the node general interface (EligibleParty or Resource, for instance), but they are independant to the effective properties of the node,

- the NodeRights generic methods: they are called by the core methods to process each node, and they use the generic properties of a node and its environment (like the generic properties of a Resource); they work for all the ACSs, they are always called by the core algorythms, but an AcsAddon may choose to override them in some rare cases,

- the NodeRights AcsAddon methods: the core methods test through the getXXXAddonYYY methods, if a given AcsAddon method (detectAddon... or selectAddon...) is defined for the node, and if it true, the relevant method is called during the paths search by the core algorithms; these AcsAddon methods are empty in the NodeRights class (all the getXXXAddonYYY methods return false), and they may be overridden in the subclasses to write a code that calls some specialized AcsAddon methods,

- the specialized methods of an AcsAddon are in a NodeRights subclass, and they are called by an overridden NodeRights AcsAddon method; there is no name pattern for these methods; they use the generic properties of a node and its environment, but they also handle the original properties of the AcsAddon node. Since an AcsAddon may be based on another AcsAddon, a NodeRights subclass may have another NodeRights subclass has super class.

This framework is an important part of the AcsAddon pattern. It gives to the AcsAddon designer the full control on the true search algorithms to use in its own ACSs, but it also provides the powerfull support of the generic algorithms and all the other AcsAddons, to limit the code he has to add in its AcsAddon.

A node is here the end of a view access path, or it may be a potential or effective intermediate node in an access path. Such an intermediate node is an ImmutableSource like Actor, GroupIDMember or VirtualFolder.

Generally speaking, the rights depend on the node and its one or two previous nodes in the access path. These rights are based mainly on the classes and properties of these 2 or 3 implied nodes, and naturally also on their ACS properties. The resulting rights depends usually on the NodeRights algorithms only, but in some rare cases, they may also depend on the single NodeRights property, defined at the NodeRights creation, that is simply the node itself.

Each node in a view and each intermediate node has one NodeRights instance for each view it belongs to. The implementation classes of this interface have properties that depend only on the class of the node ACS, then 2 nodes of the same view should use the same NodeRights instance, even if it is not the actual behavior in all cases. Each instance of NodeRights is called by only one thread. A node may be in several DisplayableLinks of the same view, but it has only one NodeRights instance for the view. The association between a node and its NodeRights instance is managed by the RightsMediatorImpl of the view.

Note : since the AGO rights are only inner rights of an ACS, and since all the nodes of an ACS have NodeRight instances that have the same behavior, it is possible for the AGO rights, and only for them, to use for a node, the NodeRight instance of another node from the same ACS. This is also true for VirtualFolder memberships, but not for the Bridge and Privilege rights.

Upper-level methods begin by get...() and detect...(), middle-level methods begin by select...(), lower-level methods begin by add...().


Field Summary
static int INITIAL_CAPACITY
           
 
Method Summary
 java.util.Map detectAddon2Nodes(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks, BaseObject _center)
          For an AcsAddon, filters for a given node the incompatible rights, if any, in the 2-nodes DisplayableLinks, and adds the AcsAddon specific rights, if any.
 java.util.Map detectAddon3Nodes(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks)
          For an AcsAddon, filters for a given node the incompatible rights, if any, in the 3-nodes DisplayableLinks, and adds the AcsAddon specific rights, if any.
 java.util.Map detectAddonFinal2Nodes(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks, BaseObject _center)
          For an AcsAddon, defines the specific final direct rights, if any, for a given node in the 2-nodes DisplayableLinks.
 java.util.Map detectAddonFinal3Nodes(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks)
          For an AcsAddon, defines the specific final direct rights, if any, for a given node in the 3-nodes DisplayableLinks.
 java.util.Map detectAddonFinalAllNodes(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks, java.util.Map<ImmutableName,java.util.Set<StringRight>> _m_effectiveRights)
          For an AcsAddon, defines the specific final direct rights, if any, for a given node in the DisplayableLinks having more than 3 nodes.
 java.util.List<StringRight> detectL_aclEntryRights(ImmutableResource _res, ImmutableEligibleParty _ep, boolean _onlyNonConditionalACLs)
          Gets all the rights of the relevant AclEntries managed by the Resource for a given EligibleParty.
 java.util.List<StringRight> detectL_linkedPrivilegeRights(ImmutablePrivilegeTarget _targ, ImmutablePrivilegeSource _sour)
          Gets all the rights of the relevant direct linked privileges managed by the Resource for a given EligibleParty.
 void finalizeForProcess()
          Finalizes the instance.
 boolean getDetectAddon2Nodes()
          Called by RightsFactory_Facade.
 boolean getDetectAddon3Nodes()
          Called by RightsFactory_Facade.
 boolean getDetectAddonFinal2Nodes()
          Called by RightsFactory_Facade.
 boolean getDetectAddonFinal3Nodes()
          Called by RightsFactory_Facade.
 boolean getDetectAddonFinalAllNodes()
          Called by RightsFactory_Facade.
 AccessControlLinkImpl getL_accessRightsThroughNodesTree(ImmutableLeaf _res, ImmutableEligibleParty _acc, ImmutableGroupID _grp)
          Returns in an AccessControlLink the inherited rights given by the directory tree or virtual folder tree, as AG, ACL or LPRI rights.
 AccessControlLinkImpl getMergedInheritedAclPriRightsAndComments(ImmutableSource _so, ImmutableLeaf _targ, AccessControlLinkImpl _upd_acLink, StringRight[] _l_transientInheritedRights)
          Gets the effective ACL or LPRI rights of the source on the target when there are non-null inherited rights through the nodes tree, and adds some specific comments for the ACL or PRI rights from an AcsAddon, even if there is no inherited rights.
 boolean getSelectAddonLastViewNodeAfterActor()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by detectOneHiddenNodeCompoundRights().
 boolean getSelectAddonLastViewNodeAfterGroupIDMember()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by detectOneHiddenNodeCompoundRights().
 boolean getSelectAddonLastViewNodeAfterVirtualFolder()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by detectOneHiddenNodeCompoundRights().
 boolean getSelectAddonNewHiddenNodeForActor()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes.
 boolean getSelectAddonNewHiddenNodeForGroupIDMember()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes.
 boolean getSelectAddonNewHiddenNodeForVirtualFolder()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes.
 DisplayableLinkImpl selectAddonLastViewNodeAfterActor(EPRViewInBase _viewInBase, ImmutableTarget _target, DisplayableLinkImpl _dLink, java.util.Map _m_l_DisplayableLinks)
          Detects the view target that is linked to an actor, to extend the current DisplayableLink ended by this actor.
 DisplayableLinkImpl selectAddonLastViewNodeAfterGroupIDMember(EPRViewInBase _viewInBase, ImmutableTarget _target, DisplayableLinkImpl _dLink, java.util.Map _m_l_DisplayableLinks)
          Detects the view target that is linked to a groupIDMember, to extend the current DisplayableLink ended by this groupIDMember.
 DisplayableLinkImpl selectAddonLastViewNodeAfterVirtualFolder(EPRViewInBase _viewInBase, ImmutableResource _target, DisplayableLinkImpl _dLink, java.util.Map _m_l_DisplayableLinks)
          Detects the view target that is linked to a VirtualFolder, to extend the current DisplayableLink ended by this VirtualFolder.
 java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForActor(EPRViewInBase _viewInBase, ImmutableActor _node, java.util.Set<DisplayableLinkImpl> _l_dLinks, java.util.Map _m_l_DisplayableLinks, java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
          Detects the hidden nodes that are linked to an Actor as access source, to extend the current DisplayableLinks ended by this actor.
 java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForGroupIDMember(EPRViewInBase _viewInBase, ImmutableGroupIDMember _node, java.util.Set<DisplayableLinkImpl> _l_dLinks, java.util.Map _m_l_DisplayableLinks, java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
          Detects the hidden nodes that are linked to a GroupIDMember as access source, to extend the current DisplayableLinks ended by this groupIDMember.
 java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForVirtualFolder(EPRViewInBase _viewInBase, ImmutableVirtualFolder _node, java.util.Set<DisplayableLinkImpl> _l_dLinks, java.util.Map _m_l_DisplayableLinks, java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
          Detects the hidden nodes that are linked to a VirtualFolder as access source, to extend the current DisplayableLinks ended by this VirtualFolder.
 java.util.Set<ImmutableGroupIDMember> selectDirectOwnerContainGlobalForActorAsEP(EPRViewInBase _viewInBase, ImmutableActor _act)
          Detects the current UserID (including 'root'), the current GroupID and the secondary groups under which an actor runs, if they are in the view.
 java.util.Set<DisplayableLinkImpl> selectForGroupIDMemberItsHiddenActorsWithNextLinks(EPRViewInBase _viewInBase, ImmutableGroupIDMember _ep)
          Detects all the actors that are not in _viewInBase, that are owned or contained by _ep, and executable from it, and that are access sources for another AG context.
 java.util.Set selectHiddenButNoDirectGroupLinks(EPRViewInBase _viewInBase, ImmutableEligibleParty _ep)
          Detects the main GroupID and, recursivelly, the tree of GroupIDs in the _ep ACS, that contains _ep indirectly, and are not in _viewInBase.
 java.util.Set selectHiddenDirectGroupIDForGroupIDMember(EPRViewInBase _viewInBase, ImmutableGroupIDMember _memb)
          Detects all the GroupIDs in the ACS, that contains directly a GroupIDMember (even for 'root'), and are not in _viewInBase.
 java.util.Set selectHiddenDirectOwnerContainForActorAsResource(EPRViewInBase _viewInBase, ImmutableActor _act)
          Detects the UserID and all the GroupIDs in the ACS, that owns or contains an actor directly as a Resource, and are not in _viewInBase.
 java.util.Set selectHiddenDirectOwnerContainForTarget(EPRViewInBase _viewInBase, ImmutableResource _res)
          Detects the UserID and the GroupID in the _res ACS, that owns or contains _res directly, and are not in _viewInBase.
 java.util.Set<ImmutableGroupIDMember> selectHiddenDirectOwnerContainGlobalForActorAsEP(EPRViewInBase _viewInBase, ImmutableActor _act)
          Detects the current UserID (including 'root'), the current GroupID and the secondary groups under which an actor runs, if they are not in the view.
 boolean withAccessThroughNodesTreeFromEP(ImmutableSource _ep, ImmutableLeaf _res, ImmutableGroupIDMember _ep_2)
          This method is designed to be fast, and to returns true it the resource tree or the virtual folder tree allows the source to access through the inherited rights to the leaf.
 

Field Detail

INITIAL_CAPACITY

static final int INITIAL_CAPACITY
See Also:
Constant Field Values
Method Detail

getDetectAddon2Nodes

boolean getDetectAddon2Nodes()
Called by RightsFactory_Facade.

Returns:
true if the detectAddon2Nodes method provides some work in this class.

getDetectAddonFinal2Nodes

boolean getDetectAddonFinal2Nodes()
Called by RightsFactory_Facade.

Returns:
true if the detectAddonFinal2Nodes method provides some work in this class.

getDetectAddon3Nodes

boolean getDetectAddon3Nodes()
Called by RightsFactory_Facade.

Returns:
true if the detectAddon3Nodes method provides some work in this class.

getDetectAddonFinal3Nodes

boolean getDetectAddonFinal3Nodes()
Called by RightsFactory_Facade.

Returns:
true if the detectAddonFinal3Nodes method provides some work in this class.

getDetectAddonFinalAllNodes

boolean getDetectAddonFinalAllNodes()
Called by RightsFactory_Facade.

Returns:
true if the detectAddonFinalAllNodes method provides some work in this class.

getSelectAddonLastViewNodeAfterActor

boolean getSelectAddonLastViewNodeAfterActor()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by detectOneHiddenNodeCompoundRights().

Returns:
true if the selectAddonLastViewNodeAfterActor method provides some work in this class.

getSelectAddonLastViewNodeAfterGroupIDMember

boolean getSelectAddonLastViewNodeAfterGroupIDMember()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by detectOneHiddenNodeCompoundRights().

Returns:
true if the selectAddonLastViewNodeAfterGroupIDMember method provides some work in this class.

getSelectAddonLastViewNodeAfterVirtualFolder

boolean getSelectAddonLastViewNodeAfterVirtualFolder()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by detectOneHiddenNodeCompoundRights().

Returns:
true if the selectAddonLastViewNodeAfterVirtualFolder method provides some work in this class.

getSelectAddonNewHiddenNodeForActor

boolean getSelectAddonNewHiddenNodeForActor()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes. Overriden by the subclasses.

Returns:
true if the selectAddonNewHiddenNodeForActor method provides some work in this class.

getSelectAddonNewHiddenNodeForGroupIDMember

boolean getSelectAddonNewHiddenNodeForGroupIDMember()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes.

Returns:
true if the selectAddonNewHiddenNodeForGroupIDMember method provides some work in this class.

getSelectAddonNewHiddenNodeForVirtualFolder

boolean getSelectAddonNewHiddenNodeForVirtualFolder()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes.

Returns:
true if the selectAddonNewHiddenNodeForVirtualFolder method provides some work in this class.

detectAddon2Nodes

java.util.Map detectAddon2Nodes(EPRViewInBase _viewInBase,
                                ImmutableTarget _node,
                                java.util.Map _m_l_DisplayableLinks,
                                BaseObject _center)
For an AcsAddon, filters for a given node the incompatible rights, if any, in the 2-nodes DisplayableLinks, and adds the AcsAddon specific rights, if any. The specific rights are searching for all the sources in the view. For a sketch view, this method may return new DisplayableLinks from _center to _node, if any, but also, new DisplayableLinks from the view sources to _center when _node is _center. Called by RightsFactory_Facade.

Parameters:
_viewInBase - EPRViewInBase
_node - node of this instance
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update.
_center - is the central object of a sketch view. Null if it is not a sketch view.
Returns:
Map of DisplayableLinks, with 'other' links associated to every pair (EP,Resource).
See Also:
detectAddonFinal2Nodes(ARoad0.gBaseInterface.EPRViewInBase, ARoad0.gBaseInterface.ImmutableTarget, java.util.Map, ARoad0.gBaseInterface.BaseObject)

detectAddonFinal2Nodes

java.util.Map detectAddonFinal2Nodes(EPRViewInBase _viewInBase,
                                     ImmutableTarget _node,
                                     java.util.Map _m_l_DisplayableLinks,
                                     BaseObject _center)
For an AcsAddon, defines the specific final direct rights, if any, for a given node in the 2-nodes DisplayableLinks. This method handles the work to do at the end of the searches on direct rights, like for instance the AGO 'Other' rights on a Linux Ubuntu. The specific rights are searching for all sources in the view. For a sketch view, this method may return new DisplayableLinks from _center to _node, if any, but also, new DisplayableLinks from the view sources to _center when _node is _center. Called by RightsFactory_Facade.

Parameters:
_viewInBase - EPRViewInBase
_node - node of this instance
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update.
_center - is the central object of a sketch view. Null if it is not a sketch view.
Returns:
Map of DisplayableLinks, with 'other' links associated to every pair (EP, Resource).
See Also:
detectAddon2Nodes(ARoad0.gBaseInterface.EPRViewInBase, ARoad0.gBaseInterface.ImmutableTarget, java.util.Map, ARoad0.gBaseInterface.BaseObject)

detectAddon3Nodes

java.util.Map detectAddon3Nodes(EPRViewInBase _viewInBase,
                                ImmutableTarget _node,
                                java.util.Map _m_l_DisplayableLinks)
                                throws java.lang.InterruptedException
For an AcsAddon, filters for a given node the incompatible rights, if any, in the 3-nodes DisplayableLinks, and adds the AcsAddon specific rights, if any. The specific rights are searching for any source in the view. Called by RightsFactory_Facade.

Parameters:
_viewInBase - EPRViewInBase
_node - node of this instance
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update.
Returns:
Map of DisplayableLinks
Throws:
java.lang.InterruptedException
See Also:
detectAddonFinal3Nodes(ARoad0.gBaseInterface.EPRViewInBase, ARoad0.gBaseInterface.ImmutableTarget, java.util.Map)

detectAddonFinal3Nodes

java.util.Map detectAddonFinal3Nodes(EPRViewInBase _viewInBase,
                                     ImmutableTarget _node,
                                     java.util.Map _m_l_DisplayableLinks)
                                     throws java.lang.InterruptedException
For an AcsAddon, defines the specific final direct rights, if any, for a given node in the 3-nodes DisplayableLinks. This method handles the work to do at the end of the searches on 3-nodes links. Called by RightsFactory_Facade.

Parameters:
_viewInBase - EPRViewInBase
_node - node of this instance
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update.
Returns:
Map of DisplayableLinks
Throws:
java.lang.InterruptedException
See Also:
detectAddon3Nodes(ARoad0.gBaseInterface.EPRViewInBase, ARoad0.gBaseInterface.ImmutableTarget, java.util.Map)

detectAddonFinalAllNodes

java.util.Map detectAddonFinalAllNodes(EPRViewInBase _viewInBase,
                                       ImmutableTarget _node,
                                       java.util.Map _m_l_DisplayableLinks,
                                       java.util.Map<ImmutableName,java.util.Set<StringRight>> _m_effectiveRights)
                                       throws java.lang.InterruptedException
For an AcsAddon, defines the specific final direct rights, if any, for a given node in the DisplayableLinks having more than 3 nodes. This method handles the work to do at the end of the searches on all the links.

Note: to speed up this method, the argument _m_effectiveRights is set from the initial argument _m_l_DisplayableLinks before the first call to this method, and for a given EPR view. _m_effectiveRights is then immutable while _m_l_DisplayableLinks may be updated by this method. This is not the case for the NoThan views. For the EPR views, this behavior implies this method provides independant changes for each _node for which it is called, so that the initial _m_effectiveRights remains usable. Called by RightsFactory_Facade.

Parameters:
_viewInBase - EPRViewInBase
_node - node of this instance
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update.
_m_effectiveRights - non-null and immutable Map where the keys are the _m_l_DisplayableLinks keys where rights are activated, and the value is a set of StringRights. May be an empty set.
Returns:
Map of DisplayableLinks
Throws:
java.lang.InterruptedException

detectL_aclEntryRights

java.util.List<StringRight> detectL_aclEntryRights(ImmutableResource _res,
                                                   ImmutableEligibleParty _ep,
                                                   boolean _onlyNonConditionalACLs)
Gets all the rights of the relevant AclEntries managed by the Resource for a given EligibleParty. These AclEntries may be managed by different ACSs, and for each ACS, the negative rights are subtracted from the positive ones. The negative rights from an ACS are then the only resulting rights if the subtraction returns an empty list. With ACLs from several ACS, in the resulting list, the result from each ACS is added without filtering. Then one ACS may provides a negative right while another ACS provides a positive right.

Parameters:
_res - of this instance, with some AclEntries to filter
_ep - may be associated to some _res AclEntries
_onlyNonConditionalACLs - true to read only the non-conditional AClEntries
Returns:
list of positive or negative rights from different ACSs, or null.

detectL_linkedPrivilegeRights

java.util.List<StringRight> detectL_linkedPrivilegeRights(ImmutablePrivilegeTarget _targ,
                                                          ImmutablePrivilegeSource _sour)
Gets all the rights of the relevant direct linked privileges managed by the Resource for a given EligibleParty. Inherited privileges are not covered. These privileges are managed by different ACSs, and for each ACS, the negative rights are subtracted from the positive ones. The negative rights from an ACS are then the only resulting rights if the subtraction returns an empty list. With ACLs from several ACS, in the resulting list, the result from each ACS is added without filtering. Then one ACS may provides a negative right while another ACS provides a positive right.

Parameters:
_targ - privilege target of this instance
_sour - privilege source
Returns:
list of positive or negative rights from different ACSs, or null.

selectAddonLastViewNodeAfterActor

DisplayableLinkImpl selectAddonLastViewNodeAfterActor(EPRViewInBase _viewInBase,
                                                      ImmutableTarget _target,
                                                      DisplayableLinkImpl _dLink,
                                                      java.util.Map _m_l_DisplayableLinks)
Detects the view target that is linked to an actor, to extend the current DisplayableLink ended by this actor. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by detectOneHiddenNodeCompoundRights().

Parameters:
_viewInBase - EPRViewInBase. Never null.
_target - view node, not node of this instance. Never null.
_dLink - with an actor as second end and node of this instance. Never null.
_m_l_DisplayableLinks - immutabke Map of DisplayableLinks lists (one per pair) to never update in this method.
Returns:
new DisplayableLinkImpl that is an extension of _dlink with _target as the second node, or null. Never empty.

selectAddonLastViewNodeAfterGroupIDMember

DisplayableLinkImpl selectAddonLastViewNodeAfterGroupIDMember(EPRViewInBase _viewInBase,
                                                              ImmutableTarget _target,
                                                              DisplayableLinkImpl _dLink,
                                                              java.util.Map _m_l_DisplayableLinks)
Detects the view target that is linked to a groupIDMember, to extend the current DisplayableLink ended by this groupIDMember. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by detectOneHiddenNodeCompoundRights().

Parameters:
_viewInBase - EPRViewInBase. Never null.
_target - view node, not node of this instance. Never null.
_dLink - with a groupidmember as second end and node of this instance. Never null.
_m_l_DisplayableLinks - immutabke Map of DisplayableLinks lists (one per pair) to never update in this method.
Returns:
new DisplayableLinkImpl that is an extension of _dlink with _target as the second node, or null. Never empty.

selectAddonLastViewNodeAfterVirtualFolder

DisplayableLinkImpl selectAddonLastViewNodeAfterVirtualFolder(EPRViewInBase _viewInBase,
                                                              ImmutableResource _target,
                                                              DisplayableLinkImpl _dLink,
                                                              java.util.Map _m_l_DisplayableLinks)
Detects the view target that is linked to a VirtualFolder, to extend the current DisplayableLink ended by this VirtualFolder. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by detectOneHiddenNodeCompoundRights().

Parameters:
_viewInBase - EPRViewInBase. Never null.
_target - view resource, not node of this instance. Never null.
_dLink - with a VirtualFolder as second end and node of this instance. Never null.
_m_l_DisplayableLinks - immutabke Map of DisplayableLinks lists (one per pair) to never update in this method.
Returns:
new DisplayableLinkImpl that is an extension of _dlink with _target as the second node, or null. Never empty.

selectAddonNewHiddenNodeForActor

java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForActor(EPRViewInBase _viewInBase,
                                                                     ImmutableActor _node,
                                                                     java.util.Set<DisplayableLinkImpl> _l_dLinks,
                                                                     java.util.Map _m_l_DisplayableLinks,
                                                                     java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
Detects the hidden nodes that are linked to an Actor as access source, to extend the current DisplayableLinks ended by this actor. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes, where this method is called first since some updatings may be done on the links in _l_dLinks. Two lists are returned to separate the executing right-proxy nodes. The last argument may be updated to provide the second returned value, and it contains only the nodes on which the property changes have to be listened.

Parameters:
_viewInBase - EPRViewInBase. Never null.
_node - node of this instance. Never null.
_l_dLinks - list of links with _node as second end. May be null.
_m_l_DisplayableLinks - immutabke Map of DisplayableLinks lists (one per pair) to never update in this method.
_upd_l_NoProxyOrNoExecuteNodes - updated by the adding of the hidden nodes without executing right or which are not right-proxy nodes, if any. This list is only extended if necessary, as a complement of the returned value of the method. This argument is usually empty at the call of this method, but this is not mandatory. Never null.
Returns:
new DisplayableLinkImpls that are extensions or updatings of some DisplayableLinkImpls in _l_dLinks with an Actor, GroupIDMember or VirtualFolder as the second end having executing right and being a right-proxy, or null. If _l_dLinks is null, returns only simple links. May be null but never empty.

selectAddonNewHiddenNodeForGroupIDMember

java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForGroupIDMember(EPRViewInBase _viewInBase,
                                                                             ImmutableGroupIDMember _node,
                                                                             java.util.Set<DisplayableLinkImpl> _l_dLinks,
                                                                             java.util.Map _m_l_DisplayableLinks,
                                                                             java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
Detects the hidden nodes that are linked to a GroupIDMember as access source, to extend the current DisplayableLinks ended by this groupIDMember. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes, where this method is called first since some updatings may be done on the links in _l_dLinks. Two lists are returned to separate the executing right-proxy nodes. The last argument may be updated to provide the second returned value, and it contains only the nodes on which the property changes have to be listened.

Parameters:
_viewInBase - EPRViewInBase. Never null.
_node - node of this instance. Never null.
_l_dLinks - list of links with _node as second end. May be null.
_m_l_DisplayableLinks - immutabke Map of DisplayableLinks lists (one per pair) to never update in this method.
_upd_l_NoProxyOrNoExecuteNodes - updated by the adding of the hidden nodes without executing right or which are not right-proxy nodes, if any. This list is only extended if necessary, as a complement of the returned value of the method. This argument is usually empty at the call of this method, but this is not mandatory. Never null.
Returns:
new DisplayableLinkImpls that are extensions or updatings of some DisplayableLinkImpls in _l_dLinks with an Actor, GroupIDMember or VirtualFolder as the second end, or null. If _l_dLinks is null, returns only simple links. May be null but never empty.

selectAddonNewHiddenNodeForVirtualFolder

java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForVirtualFolder(EPRViewInBase _viewInBase,
                                                                             ImmutableVirtualFolder _node,
                                                                             java.util.Set<DisplayableLinkImpl> _l_dLinks,
                                                                             java.util.Map _m_l_DisplayableLinks,
                                                                             java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
Detects the hidden nodes that are linked to a VirtualFolder as access source, to extend the current DisplayableLinks ended by this VirtualFolder. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes, where this method is called first since some updatings may be done on the links in _l_dLinks. Two lists are returned to separate the executing right-proxy nodes. The last argument may be updated to provide the second returned value, and it contains only the nodes on which the property changes have to be listened.

Parameters:
_viewInBase - EPRViewInBase. Never null.
_node - node of this instance. May be a Resource VirtualFolder. Never null.
_l_dLinks - list of links with _node as second end. May be null.
_m_l_DisplayableLinks - immutabke Map of DisplayableLinks lists (one per pair) to never update in this method.
_upd_l_NoProxyOrNoExecuteNodes - updated by the adding of the hidden nodes without executing right or which are not right-proxy nodes, if any. This list is only extended if necessary, as a complement of the returned value of the method. This argument is usually empty at the call of this method, but this is not mandatory. Never null.
Returns:
new DisplayableLinkImpls that are extensions or updatings of some DisplayableLinkImpls in _l_dLinks with an Actor as the second end, or null. If _l_dLinks is null, returns only simple links. May be null but never empty.

selectHiddenButNoDirectGroupLinks

java.util.Set selectHiddenButNoDirectGroupLinks(EPRViewInBase _viewInBase,
                                                ImmutableEligibleParty _ep)
Detects the main GroupID and, recursivelly, the tree of GroupIDs in the _ep ACS, that contains _ep indirectly, and are not in _viewInBase. Detects the MEMBER and GLOBAL relationships without any setting of the link types nor the rights. Puts a comment only for AccessControlLink.CONTAIN, through the adding of ''. The search of indirect relations is provided through up to 40 iterations.

Parameters:
_viewInBase - EPRViewInBase
_ep - node of this instance; is in _viewInBase
Returns:
Set of DisplayableLinkImpl for which the first end is _ep, the second end is not in _viewInBase, and for which the second end and the intermediate nodes are the actor UserID or GroupIDs that contain _ep. The rights are not set. May be null but not empty.
Throws:
java.lang.InternalError - if the number of iterations is up to 40.

selectHiddenDirectOwnerContainGlobalForActorAsEP

java.util.Set<ImmutableGroupIDMember> selectHiddenDirectOwnerContainGlobalForActorAsEP(EPRViewInBase _viewInBase,
                                                                                       ImmutableActor _act)
Detects the current UserID (including 'root'), the current GroupID and the secondary groups under which an actor runs, if they are not in the view. The secondary groups are added only if there is a current UserID or a current GroupID. This is independent to the AGO rights management by the ACS. Note: this method is sensible, since it is called for 3-nodes paths and for the longer paths. Returns null if there is no current UserID, and returns only the relevant GroupIDs if the current UserID is in the view. No control to check up if the actor is a right proxy.

Parameters:
_viewInBase - EPRViewInBase
_act - node of this instance; is in _viewInBase
Returns:
the UserID and the GroupID under which _res runs and which are not in the view. May be null but not empty.

selectDirectOwnerContainGlobalForActorAsEP

java.util.Set<ImmutableGroupIDMember> selectDirectOwnerContainGlobalForActorAsEP(EPRViewInBase _viewInBase,
                                                                                 ImmutableActor _act)
Detects the current UserID (including 'root'), the current GroupID and the secondary groups under which an actor runs, if they are in the view. Returns null if there is no current UserID. No control to check up if the actor is a right proxy.

Parameters:
_viewInBase - EPRViewInBase
_act - node of this instance; is in _viewInBase
Returns:
the UserID and the GroupID under which _res runs and which are in the view. May be null but not empty.

selectHiddenDirectOwnerContainForActorAsResource

java.util.Set selectHiddenDirectOwnerContainForActorAsResource(EPRViewInBase _viewInBase,
                                                               ImmutableActor _act)
Detects the UserID and all the GroupIDs in the ACS, that owns or contains an actor directly as a Resource, and are not in _viewInBase. The link type is given in that order: 'owner' includes, in that order: - the userID that owns the actor, 'contain' includes, in that order: - the primary groupID that contains the actor. Then, all the tree of the 'contains' relations are applicable, plus the 'own' relations. Do not process the secondary groups where _act is, since it is an EligibleParty property of Actor.

Parameters:
_viewInBase - EPRViewInBase
_act - node of this instance; is in _viewInBase
Returns:
Set of UserID and GroupIDs that owns/contain _res and which are not in the view. May be null but not empty.

selectHiddenDirectGroupIDForGroupIDMember

java.util.Set selectHiddenDirectGroupIDForGroupIDMember(EPRViewInBase _viewInBase,
                                                        ImmutableGroupIDMember _memb)
Detects all the GroupIDs in the ACS, that contains directly a GroupIDMember (even for 'root'), and are not in _viewInBase.

Parameters:
_viewInBase - EPRViewInBase
_memb - node of this instance; is in _viewInBase
Returns:
Set of GroupIDs that contain _memb and which are not in the view. May be null but not empty.

selectHiddenDirectOwnerContainForTarget

java.util.Set selectHiddenDirectOwnerContainForTarget(EPRViewInBase _viewInBase,
                                                      ImmutableResource _res)
Detects the UserID and the GroupID in the _res ACS, that owns or contains _res directly, and are not in _viewInBase. The link type is given in that order:

- the userID that owns the resource,

- the groupID that contains the resource.

As selectHiddenDirectOwnerContainForActorAsResource(), but without search of the actor secondary groups.

Parameters:
_viewInBase - EPRViewInBase
_res - node of this instance; is in _viewInBase
Returns:
Set of UserID and GroupIDs that owns/contain _res and are not in the view. May be null but not empty.

selectForGroupIDMemberItsHiddenActorsWithNextLinks

java.util.Set<DisplayableLinkImpl> selectForGroupIDMemberItsHiddenActorsWithNextLinks(EPRViewInBase _viewInBase,
                                                                                      ImmutableGroupIDMember _ep)
Detects all the actors that are not in _viewInBase, that are owned or contained by _ep, and executable from it, and that are access sources for another AG context. This means that the actor is in one of the following cases:

- at least it has one ACL as access source,

- or at least it has one Bridge as access source,

- or at least it has one Privilege as access source.

No adding of the actor whether _ep is a secondary group for the actor. The ACL, Bridge or Privilege rights of the actor as source are not checked, then they may be without effective rights. The AGO priorities of the ACS are not checked. An AcsAddon may overread this method, for instance to process the inherited AclEntries or Privileges. Note: if there is an ACL with the same ACS for the source and the target, the AG context is not changed, but the ACL target may be an actor which is a source for ACL, Bridge or Privileges, and then the path has to be explored.

Parameters:
_viewInBase - the view to analyze
_ep - node of this instance; is in _viewInBase or not
Returns:
Set of simple DisplayableLinkImpl for which the first end is _ep, the second end is an actor that is owned or contained by _ep. The owner/contain rights are set. May be null, but not empty.

getL_accessRightsThroughNodesTree

AccessControlLinkImpl getL_accessRightsThroughNodesTree(ImmutableLeaf _res,
                                                        ImmutableEligibleParty _acc,
                                                        ImmutableGroupID _grp)
Returns in an AccessControlLink the inherited rights given by the directory tree or virtual folder tree, as AG, ACL or LPRI rights. This method has to be called on the LinkRightsImpl instance of the argument _res. Comments allow to explain the result. Among the 3 types of inherited rights, an ACS can manage only one type. The result uses one of the type AccessControlLink.ACL, LPRI or OWNER. If there is at least a conditional ACL, the result contains in the comment 'conditional ACL' for the relevant type. There is never bottom-up search among the Resources tree, since the AcsAddon framework specifies that each node has to update the inherited rights of its children.

For the ACL and LPRI inherited rights, the inherited rights of the leaf which are returned are those of the first eligible party that is linked to the argument _acc or to _grp. In the map of the inherited rights of _res, this method searches among the map keys to find a linked eligible party. It applies a bottom-up test among the parent tree, using the fact that a key is the name of an eligible party extended by the order of the parent from _res. For example, if both the _res direct parent and its proper parent deliver two inherited rights sets for _acc to _res in the map, there are two keys '_acc primary group name + 1' and '_acc primary group name + 2' in the inherited rights map of _res, and the returned rights will be the value for the key '_acc primary group name + 1', from the _res direct parent.

For the AGO inherited rights, the account or group inherited rights of the resource are returned simply if the tested eligible party is equal to the resource account or group.

The order of the linked eligible parties to be tested in the inherited rights map is identical for the three types of inherited rights, and this EP search order is:

1/ the account _acc first - and the method ends immediately if _acc is able to deliver some inherited rights to _res, from one of the _res parent -

2/ if the previous result is null, the _acc primary group is tested, if any,

3/ otherwise, the group _grp passed in to the method is tested,

4/ if the result is still null, the _acc groups,

5/ at the end, all the _grp groups at the first level are tested.

The EP search order does not depend on the distance from _res to the parent which delivers the effective rights. This is why a parent at three levels above _res will be able to deliver inherited rights to _acc, while the _res direct parent delivers rights to _grp that wont be returned. The EP search order algorithm may be overridden by an AcsAddon. This generic algorithm is trully used only in the rare cases where the _res ACS structure includes all the relevant properties.

This method is strongly coupled to withAccessThroughNodesTreeFromEP(), and the rules to follow are explained in the documentation of this method. It is recommanded to use withAccessThroughNodesTreeFromEP() before, to check in if an access is allowed. An AcsAddon may overread this method, and then, it is mandatory to analyze the need to change also the methods withAcl/Ago/PriAccessThroughNodesTree() and withAccessThroughNodesTreeFromEP(). For example, the AcsAddon Ubuntu overrides it to add the AG Other rights.

Caution: this method does not check the identity of the ACS for the 3 arguments.

Parameters:
_res - Resource or VirtualFolder of this instance; may be accessed or not through its parent tree. May be null.
_acc - the _res userID or not, or an Actor. May be null. If not null and is an account, the account primary group may deliver the inherited rights if the account does not do it.
_grp - the _res groupID or not. May be null.
Returns:
the link with the rights given by the parent and some comments. May be null or without rights. Null if _acc and _grp are both not null, or if _res, its ACs or its parent is null. Without rights if _res has no parent.
See Also:
withAccessThroughNodesTreeFromEP(ARoad0.gBaseInterface.ImmutableSource, ARoad0.gBaseInterface.ImmutableLeaf, ARoad0.gBaseInterface.ImmutableGroupIDMember)

getMergedInheritedAclPriRightsAndComments

AccessControlLinkImpl getMergedInheritedAclPriRightsAndComments(ImmutableSource _so,
                                                                ImmutableLeaf _targ,
                                                                AccessControlLinkImpl _upd_acLink,
                                                                StringRight[] _l_transientInheritedRights)
Gets the effective ACL or LPRI rights of the source on the target when there are non-null inherited rights through the nodes tree, and adds some specific comments for the ACL or PRI rights from an AcsAddon, even if there is no inherited rights. The argument _l_transientInheritedRights contains the inherited rights found by getL_accessRightsThroughNodesTree(). In this generic LinkRightsImpl class, these rights are the first found ones in a bottom-up search. In this method, these rights are simply added to the direct rights already set in the argument _upd_aclink. This method also puts in the ACL comment 'conditional ACL', with the condition group names, for each enabled conditional AclEntry.

If that is not the good algorithm for a given AcsAddon, this method or getL_accessRightsThroughNodesTree() should be overridden.

Parameters:
_so - source for which the rights on _targ has to be set
_targ - Resource or VirtualFolder of this instance. May be null. May be empty.
_upd_acLink - contains the direct ACL or LPRI rights, if any. Never null.
_l_transientInheritedRights - has to be from getL_accessRightsThroughNodesTree(). May be null or empty.
Returns:
_upd_acLink with the effective ACL or LPRI rights of the source on the target, or null if the inherited rights nullify the result.

withAccessThroughNodesTreeFromEP

boolean withAccessThroughNodesTreeFromEP(ImmutableSource _ep,
                                         ImmutableLeaf _res,
                                         ImmutableGroupIDMember _ep_2)
This method is designed to be fast, and to returns true it the resource tree or the virtual folder tree allows the source to access through the inherited rights to the leaf. All the ACS apply the rule 'right inheritance in the targets tree: no more than one of the three ACL/AGO/LPRI rights inheritance may be activated'.

This method applies the following generic rules for one of the three inherited rights:

- 'ACL/AGO/LPRI right inheritance 1: child/node inherits rights from the direct and indirect parents',

- 'ACL/LPRI right inheritance 1: if activated and no access from the inherited rights, no AGO access to the child',

- 'ACL/AGO/LPRI right inheritance 2: at each access of an account, the first eligible party having inherited rights set them, and the search order is, first the account, second its primary group, and third the account groups',

- 'ACL/AGO/LPRI right inheritance 2: at each access of a group, the first eligible party having inherited rights set them, and the search order is first the group, second the group groups',

- 'ACL/LPRI right inheritance 2: at each access of an actor, the first eligible party having inherited rights set them, and the search order is, first the actor, second the account of its AG context, third the group of its AG context, fourth the secondary groups of the actor',

- 'AGO right inheritance 1: if activated and no access from the inherited rights, no AGO access to the child if and only if the account or the group is not null',

- 'AGO right inheritance 2: at each access of an actor, the first eligible party having inherited rights set them, and the search order is, first the account of its AG context, second the group of its AG context, third the secondary groups of the actor',

For the account-to-group primary group relation, these rules imply that the primary group of the account argument delivers its inherited rights, if any, before any group, even the group argument.

For the group-to-group is_member relation, this implies the rule 'EP: group of groups on N levels, with search of the group inherited rights only for the first is_member level'

An AcsAddon may overread this method to change these rules, for example to simplify the method. It is then recommanded to analyze the need to change the method getL_accessRightsThroughNodesTree().

Parameters:
_ep - Actor, UserID or GroupID to test. If null, returns true. If its ACS does not manage any rights inheritance, returns true.
_res - Resource or VirtualFolder of this instance, which may be accessed or not through its parent tree. Never null.
_ep_2 - the group member which may be accessed by _ep. May be null. If _ep is not an Actor, this argument is not used. For an Actor, this argument replaces in this method, the current UserID or the current GroupID of the Actor.
Returns:
true if the resource parent tree allows _ep to go through down to the resource, if _ep is null, or if its ACS does not manage any rights inheritance.
See Also:
getL_accessRightsThroughNodesTree(ARoad0.gBaseInterface.ImmutableLeaf, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.ImmutableGroupID)

finalizeForProcess

void finalizeForProcess()
Finalizes the instance. Called by RightsMediatorImpl.finalizeForProcess().