|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.ObjectARoad0.gBase.BaseUtilityImpl
ARoad0.AcsAddon.Accbee.MySQL.gBase.BaseUtilityMySQLImpl
public class BaseUtilityMySQLImpl
This class is a utility class for the MySQL ACS, providing synchronized static methods to sort the AclEntry list and to set the internal maps of the inherited AclEntry rights and the primary rights.
Generally speaking, the sorting for ACLs having a different parent level is independant. For the same parent level, the ACL are sorted first from the more-specific sources to the least-specific ones, then they are sorted with a similar logic for the hosts (the ACL condition group) and finally, with a special sorting for the bases sets, if any. This sorting is both for direct AclEntries and inherited AclEntries. The method addInSortedAclList) inserts a new AclEntry into the ACL list, at the right MySQL sorting, and for a given access target. The method handles three independant cases:
(1) if the _acl target is not a database-specific target (database or base set),
(2) if the _acl target is a database-specific target and _acl is NOT a to-be-mixed ACL,
(3) if the _acl target is a database-specific target and _acl is a to-be-mixed ACL.
This method is so a commutator for the methods addAclNOTForDatabase(), addAclForDatabaseNOTForToBeMixedAcl() and addAclForDatabaseForToBeMixedAcl(). This sorting drives the selection process of the first matched AclEntry(ies) at a parent level, for a couple user/host and a target. The ACL selection is the responsability of the methods NodeRightsMySQLImpl.detectL_aclEntryRights() and getL_accessRightsThroughNodesTree(), respectively for the direct and inherited ACL.
Important: Sorting the host (or the hosts group) first, then sorting the base (or the bases set) does NOT fulfill with the MySQL documentation at http://dev.mysql.com/doc/refman/5.6/en/request-access.html, because the true behavior of the MySQL Server is to sort the hosts first. To go further, see the documentation of the method addInSortedAclList().
For having some rights on a MySQL Resource, it is mandatory for a pair (user, host) to match on the MySQL Server. This means to match on the Resources root 'MySQL server', a pair (user, host) or a pair (user, hosts group) which has at least an USAGE right. The first matching pair becomes the current user, and it is used to get the rights for the requesting pair (user, host). The current user is returned by the method NodeRightsMySQLImpl.getConnectionPair(). If the current user has only an USAGE right and if, for a given Resource, the current user has no direct ACL and no inherited ACL, then no right is granted to the pair (user, host). Otherwise, the rights are the sum of the current user rights from the first matched direct ACL and from the inherited ACL. For these inherited ACL, the rights from each parent are added to the final result. A given parent delivers the rights of the first matched inherited ACL, for the current user. This ACL may be real or virtual, where the real ACL are the classical ACL displayed in the beamer lists. There are two types of virtual ACL: the virtual 'user@accounts-for-hosts group' ACL and the mixed ACL.
To take in account the ACLs from different parent level, the inherited ACLs of a Resource are simply the full copy of all the ACL of its direct and indirect parents, including for instance all the direct ACL on the database.
For the inherited AclEntries, the MySQL Resource description contains a specific map for the primary rights. This is not a MySQL concept. The primary rights for each applicable user@host pair are specically created to help the user to better understand both the current user and the complex database rights. It is the responsibility of DirectoryMySQLImpl to create and edit the primary rights. To go further about the inherited ACL rights, see the documentation of the method setM_TargetInheritedACLRights(). The documentation of the method DirectoryMySQLImpl.addAclEntry() describes in details the calling sequence of all these methods when an ACL is created, including DirectoryMySQLImpl, BasesSetMySQLImpl, ResourceMySQLImpl and AclEntryImpl.
The methods of the superclass are not called by the consumers of this class. The calls to this class are reserved to this package, even if its methods are public since they overread the super methods. Caution: this class is not defined in ACSFactoryUtilityImpl.M_GENERIC_ACS_VOCABULARY, then it is not possible to get it outside this package through ARoad0.gBaseInterface.ACSRun.getM_AcsVocabulary(). This class has no subclass in this package.
Field Summary |
---|
Fields inherited from class ARoad0.gBase.BaseUtilityImpl |
---|
INITIAL_CAPACITY, instance__ |
Constructor Summary | |
---|---|
BaseUtilityMySQLImpl()
Public constructor |
Method Summary | |
---|---|
protected static java.util.ArrayList<AclEntry> |
addAclForDatabaseForToBeMixedAcl(java.util.ArrayList<AclEntry> _upd_l_acl,
AclEntry _acl)
This method inserts an AclEntry into the ACL list, following the MySQL sorting, when the _acl target is a database-specific target and _acl is a to-be-mixed ACL. |
protected static java.util.ArrayList<AclEntry> |
addAclForDatabaseNOTForToBeMixedAcl(java.util.ArrayList<AclEntry> _upd_l_acl,
AclEntry _acl)
This method inserts an AclEntry into the ACL list, following the MySQL sorting, when the _acl target is a database-specific target and _acl is NOT a to-be-mixed ACL. |
protected static java.util.ArrayList<AclEntry> |
addAclNOTForDatabase(java.util.ArrayList<AclEntry> _upd_l_acl,
AclEntry _acl)
This method inserts an AclEntry into the ACL list, following the MySQL sorting, when the AclEntry has a given access target that is NOT a database or a bases set, just like the ACL targets in the list. |
static java.util.ArrayList<AclEntry> |
addInSortedAclList(java.util.ArrayList<AclEntry> _upd_l_acl,
AclEntry _acl)
This important method inserts an AclEntry into the ACL list, at the right MySQL sorting, for a given access target. |
static java.util.ArrayList<AclEntry> |
addInSortedInheritedAclList(java.util.ArrayList<AclEntry> _l_acl,
AclEntry _acl)
This method inserts an inherited AclEntry into the inherited ACL list, at the right MySQL sorting, for a given resource. |
static void |
addSimplestKeysInM_TargetInheritedACLRights(AclEntry _acl,
java.lang.String _order,
StringRight[] _l_rights,
java.util.Map<ImmutableName,StringRight[]> _upd_m_globalT_ACLRights,
java.util.Map<java.lang.String,StringRight[]> _upd_m_primaryT_ACLRights)
This method sets the internal maps of the global rights and the primary rights, only for the simpliest AclEntries. |
static int |
countPercentageCharacter(java.lang.String _text)
Currently unused. |
static int |
countUnderscoreCharacter(java.lang.String _text)
Currently unused. |
static BaseUtilityImpl |
getInstance()
Only method to obtain the unique instance of BaseUtilityMySQLImpl. |
static java.util.ArrayList<java.lang.String> |
getPreviousSortedTypesOfResourceInSortedAclList(java.util.ArrayList<AclEntry> _l_acl,
java.lang.String _type)
Gets the Resource types which are before _type in the sorted AclEntry list. |
static int |
getTypeOfEPLastOrderInSortedAclList(java.util.ArrayList<AclEntry> _l_acl,
java.lang.String _type)
Currently unused. |
static int |
getTypeOfResourceFirstOrderInSortedAclList(java.util.ArrayList<AclEntry> _l_acl,
java.lang.String _type)
Gets the order of the first AclEntry in _upd_l_acl having a Resource with the argument _type in its type. |
static int |
getTypeOfResourceLastOrderInSortedAclList(java.util.ArrayList<AclEntry> _l_acl,
java.lang.String _type)
Gets the order of the last AclEntry in _upd_l_acl having a Resource with the argument _type in its type. |
static boolean |
isAfterAsPatternNameBasesSet(java.lang.String _compo_one,
java.lang.String _compo_two)
Detects from two bases set name last components, if the first argument has to be sorted after the second argument. |
static boolean |
isAfterAsPatternNameHostsGroup(java.lang.String _compo_one,
java.lang.String _compo_two)
Detects from two hosts group name last components, if the first argument has to be sorted after the second argument. |
static boolean |
isAfterInTheGroupIDMemberOrder(java.lang.String _typeOne,
java.lang.String _typeTwo,
java.lang.String _nameOne,
java.lang.String _nameTwo)
Detects for two types of a GroupIDMember without immutable, if the first argument has to be after the second argument, following the MySQL sorting order. |
static void |
setM_TargetInheritedACLRights(ResourceMySQL _res,
java.util.List<AclEntry> _l_acl,
java.util.Map<ImmutableName,StringRight[]> _upd_m_globalT_ACLRights,
java.util.Map<java.lang.String,StringRight[]> _upd_m_primaryT_ACLRights,
boolean _forDirectACL)
This important method sets the internal maps of the inherited AclEntry rights and the primary rights from the new inherited AclEntries list. |
static void |
setM_TargetInheritedACLRightsForDatabaseAclForToBeMixedAcl(ResourceMySQL _res,
java.util.List<AclEntry> _l_acl,
java.util.Map<java.lang.String,StringRight[]> _upd_m_primaryT_ACLRights)
This method sets the primary rights from the new inherited AclEntries list, when the AclEntries are for the database and are to-be-mixed. |
static void |
setM_TargetInheritedACLRightsForDatabaseAclNOTForToBeMixedAcl(ResourceMySQL _res,
java.util.List<AclEntry> _l_acl,
java.util.Map<java.lang.String,StringRight[]> _upd_m_primaryT_ACLRights)
This method sets the primary rights from the new inherited AclEntries list, when the AclEntries are for the database and are not to-be-mixed. |
static void |
setM_TargetInheritedACLRightsNOTForDatabaseAcl(ResourceMySQL _res,
java.util.List<AclEntry> _l_acl,
java.util.Map<ImmutableName,StringRight[]> _upd_m_globalT_ACLRights,
java.util.Map<java.lang.String,StringRight[]> _upd_m_primaryT_ACLRights)
This method sets the internal maps of the inherited AclEntry rights and the primary rights from the new inherited AclEntries list, when the AclEntries are not for the database. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public BaseUtilityMySQLImpl()
Method Detail |
---|
public static BaseUtilityImpl getInstance()
public static java.util.ArrayList<AclEntry> addInSortedInheritedAclList(java.util.ArrayList<AclEntry> _l_acl, AclEntry _acl)
_l_acl
- inherited AclEntry sorted list. May be empty but not null._acl
- inherited AclEntry to put in the list at the right order. Never null.
addInSortedAclList(java.util.ArrayList, ARoad0.gBaseInterface.AclEntry)
public static java.util.ArrayList<AclEntry> addInSortedAclList(java.util.ArrayList<AclEntry> _upd_l_acl, AclEntry _acl)
This method handles three independant cases:
(1) if the _acl target is not a database-specific target (database or base set),
(2) if the _acl target is a database-specific target and _acl is NOT a to-be-mixed ACL,
(3) if the _acl target is a database-specific target and _acl is a to-be-mixed ACL.
This method is then a commutator for the methods addAclNOTForDatabase(), addAclForDatabaseNOTForToBeMixedAcl() and addAclForDatabaseForToBeMixedAcl(). The detailed sequence of calls for adding an ACL is described at the method DirectoryMySQLImpl.addAclEntry().
Called by addInSortedInheritedAclList() and ResourceMySQLImpl.addInheritedAclEntry() and addAclEntry(), DirectoryMySQLImpl and ActorMySQLImpl.addAclEntry().
_upd_l_acl
- direct AclEntry sorted list, with all ACL not for a database-specific target
or with all ACL for a database-specific target, following the nature of _acl.
May be empty but not null._acl
- direct AclEntry to put in the list at the right order. Never null.
DirectoryMySQLImpl.addAclEntry(ARoad0.gBaseInterface.ImmutableACS, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.StringRight[], java.lang.Boolean, ARoad0.gBaseInterface.ImmutableGroupID)
,
NodeRightsMySQLImpl.getL_accessRightsThroughNodesTree(ARoad0.gBaseInterface.ImmutableLeaf, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.ImmutableGroupID)
,
setM_TargetInheritedACLRights(ARoad0.AcsAddon.Accbee.MySQL.gBaseInterface.ResourceMySQL, java.util.List, java.util.Map, java.util.Map, boolean)
,
getPreviousSortedTypesOfResourceInSortedAclList(java.util.ArrayList, java.lang.String)
,
addAclNOTForDatabase(java.util.ArrayList, ARoad0.gBaseInterface.AclEntry)
,
addAclForDatabaseNOTForToBeMixedAcl(java.util.ArrayList, ARoad0.gBaseInterface.AclEntry)
,
addAclForDatabaseNOTForToBeMixedAcl(java.util.ArrayList, ARoad0.gBaseInterface.AclEntry)
protected static java.util.ArrayList<AclEntry> addAclNOTForDatabase(java.util.ArrayList<AclEntry> _upd_l_acl, AclEntry _acl)
The 4 sorting rules are the followings, in this order:
(1) among the ACL targets, the ACL for the parent before the ACL for the child,
(2) the conditional ACL before the non-conditional ACL, so that the ACL for accounts-for-hosts groups are at the end,
(3) among the conditional ACL, the ACL of the 'anonymous' account after the ACL for other accounts,
(4) among the non-conditional ACL, which are all for accounts-for-hosts groups, the hosts group sorting is applied (there is no order among the accounts).
The first order is implemented by this method, but it is not used because the calling method manages it to put only direct ACL in the argument _upd_l_acl. The third and fourth order are indeed at the same priority. An accounts-for-hosts group never handles a simple host, but always a hosts group. The accounts-for-hosts group name has the format 'xxxx§@yyyyy', where 'yyyyy' is a hosts group name last component which contains exactly one wildcard '_' or '%'. The hosts group sorting is complex. A typical example of a sorted list for hosts groups, all matching 'localhost', is the following hosts group last components:
'localhos_', '_ocalhost', 'localhost%', 'localhos%', 'lo%', 'lo%t', 'lo%ost', 'l%t', '%', '%ocalhost', '%t'.
For sorting the hosts groups of the accounts-for-hosts groups, the method isAfterAsPatternNameHostsGroup() is called. The detailed sequence of calls for adding an ACL is described at the method DirectoryMySQLImpl.addAclEntry(). Called by addInSortedAclList(). Calls getPreviousSortedTypesOfResourceInSortedAclList(), getTypeOfResourceLastOrderInSortedAclList(), getTypeOfResourceFirstOrderInSortedAclList(), isAfterAsPatternNameHostsGroup().
_upd_l_acl
- direct AclEntry sorted list, where the target is not
a database-specific target. May be empty but not null._acl
- direct AclEntry to put in the list at the right order. Never null
and not into _upd_l_acl.
DirectoryMySQLImpl.addAclEntry(ARoad0.gBaseInterface.ImmutableACS, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.StringRight[], java.lang.Boolean, ARoad0.gBaseInterface.ImmutableGroupID)
,
NodeRightsMySQLImpl.getL_accessRightsThroughNodesTree(ARoad0.gBaseInterface.ImmutableLeaf, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.ImmutableGroupID)
,
isAfterAsPatternNameHostsGroup(java.lang.String, java.lang.String)
protected static java.util.ArrayList<AclEntry> addAclForDatabaseNOTForToBeMixedAcl(java.util.ArrayList<AclEntry> _upd_l_acl, AclEntry _acl)
The 7 sorting rules include the 4 rules for addAclNOTForDatabase(), where the fourth rule becomes the fifth rule. They are the followings, in this order:
(1) among the ACL targets, the ACL for the parent before the ACL for the child,
(2) the conditional ACL before the non-conditional ACL,
(3) among the conditional ACL, the ACL of the 'anonymous' account after the ACL for other accounts,
(4) among the conditional ACL, after the rule 3, if the account is 'anonymous' or not, the ACL sorting follows the target sorting, that is all the 'database' targets first, then the 'bases set' target sorting,
(5) among the non-conditional ACL (there are all for accounts-for-hosts groups), the hosts group sorting is applied first (there is no order among the accounts),
(6) among the non-conditional ACL, after the rule 5, the ACL sorting follows the target sorting, that is all the 'database' targets first, then the 'bases set' target sorting,
(7) among the non-conditional ACL and for a database-specific target, the to-be-mixed ACL are at the end of the list.
The first order is not used because the calling method manages it to put, in the argument _upd_l_acl, only database-specific target ACL. The seventh order may be seen as an interface with the method addAclForDatabaseForToBeMixedAcl(). An accounts-for-hosts group never handles a simple host, but always a hosts group. The accounts-for-hosts group name has the format 'xxxx§@yyyyy', where 'yyyyy' is a hosts group name last component which contains exactly one wildcard ('_' or '%'). The hosts group sorting is complex. A typical example of a sorted list for hosts groups, all matching 'localhost', is the following hosts group last components:
'localhos_', '_ocalhost', 'localhost%', 'localhos%', 'lo%', 'lo%t', 'lo%ost', 'l%t', '%', '%ocalhost', '%t'.
For sorting the hosts groups of the accounts-for-hosts groups, the method isAfterAsPatternNameHostsGroup() is called.
A 'pattern-name_bases set' target has a name last component which contains exactly one wildcard '_' or '%'. The 'bases set' sorting is specific and also complex. A typical example of a sorted list for bases sets, all matching 'one', is the following bases set last components:
'on%', 'on_', 'o%', 'o%e', 'o_e', '%', '_ne', '%e', '%ne'.
For sorting the bases sets, the method isAfterAsPatternNameBasesSet() is called.
The detailed sequence of calls for adding an ACL is described at the method DirectoryMySQLImpl.addAclEntry(). Called by addInSortedAclList(). Calls getPreviousSortedTypesOfResourceInSortedAclList(), getTypeOfResourceLastOrderInSortedAclList(), getTypeOfResourceFirstOrderInSortedAclList(), isAfterAsPatternNameHostsGroup().
_upd_l_acl
- direct AclEntry sorted list for a database-specific target.
May be empty but not null._acl
- direct AclEntry to put in the list at the right order. Never null
and not into _upd_l_acl.
DirectoryMySQLImpl.addAclEntry(ARoad0.gBaseInterface.ImmutableACS, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.StringRight[], java.lang.Boolean, ARoad0.gBaseInterface.ImmutableGroupID)
,
NodeRightsMySQLImpl.getL_accessRightsThroughNodesTree(ARoad0.gBaseInterface.ImmutableLeaf, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.ImmutableGroupID)
,
isAfterAsPatternNameHostsGroup(java.lang.String, java.lang.String)
,
isAfterAsPatternNameBasesSet(java.lang.String, java.lang.String)
protected static java.util.ArrayList<AclEntry> addAclForDatabaseForToBeMixedAcl(java.util.ArrayList<AclEntry> _upd_l_acl, AclEntry _acl)
The 8 sorting rules are derived from the 7 rules for addAclForDatabaseNOTForToBeMixedAcl(), where the 3-to-6 rules are inserted in the positions 5 to 8. They are the followings, in this order:
(1) among the ACL targets, the ACL for the parent before the ACL for the child,
(2) the conditional ACL before the non-conditional ACL,
(3) among the non-conditional ACL and for a database-specific target, the to-be-mixed ACL are at the end of the list, after the ACL for the type "pattern-name_accounts-for-hosts group".
(4) among the to-be-mixed ACL, the ACL of host(s) are after the ACL of account,
(5) among the to-be-mixed ACL of accounts, the ACL of the 'anonymous' account after the ACL of other accounts,
(6) among the to-be-mixed ACL of accounts, after the rule 5, if the account is 'anonymous' or not, the ACL sorting follows the target sorting, that is the 'database' target first, then the 'bases set' target sorting,
(7) among the to-be-mixed ACL of host(s), the ACL sorting follows the hosts group sorting, that is the 'host' source first, then the 'hosts group' source sorting,
(8) among the to-be-mixed ACL of host or hosts group, after the rule 7, the ACL sorting follows the target sorting, that is the 'database' target first, then the 'bases set' target sorting.
The first order is not used because the calling method manages it to put in the argument _upd_l_acl, only database-specific target ACL. A to-be-mixed ACL is a non-conditional ACL. The second and third orders may be seen as an interface with the method addAclForDatabaseNOTForToBeMixedAcl(). The hosts group sorting is complex. A typical example of a sorted list for hosts groups, all matching 'localhost', is the following hosts group last components:
'localhos_', '_ocalhost', 'localhost%', 'localhos%', 'lo%', 'lo%t', 'lo%ost', 'l%t', '%', '%ocalhost', '%t'.
For sorting the hosts groups of the accounts-for-hosts groups, the method isAfterAsPatternNameHostsGroup() is called.
A 'pattern-name_bases set' target has a name last component which contains exactly one wildcard '_' or '%'. The 'bases set' sorting is specific and also complex. A typical example of a sorted list for bases sets, all matching 'one', is the following bases set last components:
'on%', 'on_', 'o%', 'o%e', 'o_e', '%', '_ne', '%e', '%ne'.
For sorting the bases sets, the method isAfterAsPatternNameBasesSet() is called.
The detailed sequence of calls for adding an ACL is described at the method DirectoryMySQLImpl.addAclEntry(). Called by addInSortedAclList(). Calls getPreviousSortedTypesOfResourceInSortedAclList(), getTypeOfResourceLastOrderInSortedAclList(), getTypeOfResourceFirstOrderInSortedAclList(), isAfterAsPatternNameHostsGroup().
_upd_l_acl
- direct AclEntry sorted list for a database-specific target.
May be empty but not null._acl
- direct AclEntry to put in the list at the right order. Never null
and not into _upd_l_acl.
DirectoryMySQLImpl.addAclEntry(ARoad0.gBaseInterface.ImmutableACS, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.StringRight[], java.lang.Boolean, ARoad0.gBaseInterface.ImmutableGroupID)
,
NodeRightsMySQLImpl.getL_accessRightsThroughNodesTree(ARoad0.gBaseInterface.ImmutableLeaf, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.ImmutableGroupID)
,
isAfterAsPatternNameHostsGroup(java.lang.String, java.lang.String)
,
isAfterAsPatternNameBasesSet(java.lang.String, java.lang.String)
public static java.util.ArrayList<java.lang.String> getPreviousSortedTypesOfResourceInSortedAclList(java.util.ArrayList<AclEntry> _l_acl, java.lang.String _type)
For instance, if the argument _type is 'table', the returned list may contain at most 'MySQL server', 'database' and 'pattern-name_bases set' as previous types. The types 'byAcsCreator', 'directory', 'file', 'trigger' and 'index' are for Actors which cannot be AclEntry targets.
Note: this target-oriented logic is never altered by the other logics in the final ACL list, except for the sorting between 'database' and 'pattern-name_bases set', where, for instance, the conditional ACL 'user@host' for a 'pattern-name_bases set' is set before the non-conditional ACL 'accounts-for-hosts group' for 'database'. The general rule is that the host-oriented sorting is prior to the base-oriented sorting. This is why 'database' is returned for the _type 'pattern-name_bases set', and 'pattern-name_bases set' is returned for the _type 'database'. When this target-oriented logic is altered, it is the responsability of the calling method to handle properly the changes in the ACL sorting.
Called by addAclNOTForDatabase().
_l_acl
- list of already-sorted AclEntries_type
- a Resource type without 'immutable'. May be the type
of an AclEntry Resource in the list.
public static int getTypeOfResourceLastOrderInSortedAclList(java.util.ArrayList<AclEntry> _l_acl, java.lang.String _type)
This order is both for direct AclEntries and inherited AclEntries. Called by addAclNOTForDatabase().
_l_acl
- list of AclEntries in the correct sorting from the Resource type_type
- a Resource type without immutable
public static int getTypeOfResourceFirstOrderInSortedAclList(java.util.ArrayList<AclEntry> _l_acl, java.lang.String _type)
This order is both for direct AclEntries and inherited AclEntries. Called by addAclNOTForDatabase().
_l_acl
- list of AclEntries in the correct sorting from the Resource type_type
- a Resource type without 'immutable'
public static boolean isAfterAsPatternNameHostsGroup(java.lang.String _compo_one, java.lang.String _compo_two)
'localhos_', '_ocalhost', 'localhost%', 'localhos%', 'lo%', 'lo%t', 'lo%ost', 'l%t', '%', '%ocalhost', '%t'.
This method implements the following algorithm:
(1) if a component contains '_' and the other component contains '%', the '%' component is after ('_ocalhost' before '%ocalhost'),
(2) if both components contain '_':
(2.1) if the 2 '_' have not the same location, the smaller location is after ('localhos_' before '_ocalhost'),
(2.2) otherwise the components are equal,
(3) if both components contain '%':
(3.1) if the 2 '%' have not the same location, the smaller location is after ('localhost%' before 'localhos%'),
(3.2) if the '%' location is 0:
(3.2.1) the component '%' is never after ('%' before '%ocalhost'),
(3.2.2) otherwise, the smaller component is after ('%ocalhost' before '%t'),
(3.3) otherwise, the greater component is after ('lo%t' before 'lo%ost'),
This algorithm is based on MySQL server testing. It is not from the official documentation, which declares simply that the most-specific group is sorted first.
Called by addAclNOTForDatabase(), addAclForDatabaseNOTForToBeMixedAcl(), addAclForDatabaseForToBeMixedAcl(), isAfterInTheGroupIDMemberOrder(), and NodeRightsMySQLImpl.detectL_aclEntryRightsNOTForDatabase().
_compo_one
- last component of a hosts group name of an ACL to sort.
Must contain exactly one wildcard '_' or '%'._compo_two
- last component of a hosts group name of an ACL to sort.
Must contain exactly one wildcard '_' or '%'.
public static boolean isAfterAsPatternNameBasesSet(java.lang.String _compo_one, java.lang.String _compo_two)
'on%', 'on_', 'o%', 'o%e', 'o_e', '%', '_ne', '%e', '%ne'.
This method implements the following algorithm:
(1) if a component contains '_' and the other component contains '%':
(1.1) with different locations, the smaller location is after ('on_' before 'o%'), ('o%e' before '_ne'),
(1.2) otherwise, if the '%' location is 0:
(1.2.1) the component '%' is never after ('%' before '_ne'),
(1.2.2) otherwise, the '%' component is after ('_ne' before '%e'),
(1.3) otherwise, the '_' component is after ('on%' before 'on_'),
(2) if both components contain '_':
(2.1) if the 2 '_' have not the same location, the smaller location is after ('on_' before 'o_e'),
(2.2) otherwise the components are equal,
(3) if both components contain '%':
(3.1) if the 2 '%' have not the same location, the smaller location is after ('on%' before 'o%'),
(3.2) if the '%' location is 0:
(3.2.1) the component '%' is never after ('%' before '%e'),
(3.2.2) otherwise, the greater component is after ('%e' before '%ne'),
(3.3) otherwise, the greater component is after ('o%' before 'o%e'),
This algorithm is based on MySQL server testing. It is not from the official documentation, which declares simply the most-specific bases set is sorted first.
Called by addAclNOTForDatabase(), addAclForDatabaseNOTForToBeMixedAcl() and addAclForDatabaseForToBeMixedAcl().
_compo_one
- last component of a hosts group name of an ACL to sort.
Must contain exactly one wildcard '_' or '%'._compo_two
- last component of a hosts group name of an ACL to sort.
Must contain exactly one wildcard '_' or '%'.
public static boolean isAfterInTheGroupIDMemberOrder(java.lang.String _typeOne, java.lang.String _typeTwo, java.lang.String _nameOne, java.lang.String _nameTwo)
Called by UserIDMySQLImpl and GroupIDMySQLImpl.addGroupToGM(). Calls isAfterAsPatternNameHostsGroup().
_typeOne
- type of a GroupIDMember without immutable. Nerver null._typeTwo
- type of a GroupIDMember without immutable. Nerver null._nameOne
- name last component of the GroupIDMember having _typeOne. Nerver null._nameTwo
- name last component of the GroupIDMember having _typeTwo. Nerver null.
public static int getTypeOfEPLastOrderInSortedAclList(java.util.ArrayList<AclEntry> _l_acl, java.lang.String _type)
_l_acl
- list of AclEntries in the correct sorting from the EP type_type
- an EligibleParty type without 'immutable'
public static void setM_TargetInheritedACLRights(ResourceMySQL _res, java.util.List<AclEntry> _l_acl, java.util.Map<ImmutableName,StringRight[]> _upd_m_globalT_ACLRights, java.util.Map<java.lang.String,StringRight[]> _upd_m_primaryT_ACLRights, boolean _forDirectACL)
To take in account the ACLs from different parent level, the inherited ACLs of a Resource are simply the full copy of all the ACL of its direct and indirect parents, including for instance all the direct ACL on the database. The sorting of the new inherited AclEntries list, for each parent level, has been provided by addInSortedAclList(). This sorting drives the selection process of the matched AclEntries at each parent level, for a given couple user/host and a target. This selection is not handled by this current method. It is the responsibility of the methods detectL_aclEntryRights() and getL_accessRightsThroughNodesTree() on NodeRightsMySQLImpl, in the search of the access paths.
The rights, as items into the values of the two maps, may be from a real ACL or from a virtual ACL. Only the real ACL are displayed by the beamer, as conditional or non-conditional ACL. A real ACL in the new inherited AclEntries list produces rights directly into the two maps. The new inherited AclEntries list is also used to produce some processed rights, as virtual ACL, into the two right maps.
The primary rights are not a MySQL concept. It is an help for the Access Road user. They are not used by the gWork classes, to search for the access paths. For the inherited AclEntries, the MySQL Resource description contains a specific map for the primary rights from the real and virtual ACL. A primary right for a Resource is delivered by the ACL list of the Resources root 'MySQL server', or by the ACL list of the database which is the parent of the Resource. The root 'MySQL server' has primary rights from its direct ACL, and a database has primary rights from the root and its direct ACL. The primary rights are so designed to help the user to better understand both the current users and the complex database rights.
To have some access rights on a MySQL Resource, a pair (user, host) has to match on the root 'MySQL Server' a pair (user, host) or a pair (user, hosts group) which has at least an USAGE right. The FIRST matching pair becomes the current user. It is used to get the rights for the initial pair (user, host) at each parent level. The current user is returned by the method NodeRightsMySQLImpl.getConnectionPair(), but not by this current method where the rights selection is not considered. If the current user has only an USAGE right and if, for the given Resource, the current user has no direct ACL and no inherited ACL, then no right is granted to the pair (user, host). Otherwise, the rights are the sum of the current user rights from the FIRST matched direct ACL and from the FIRST matched inherited ACL at EACH parent level. So, for these inherited ACL, the rights from each parent are added to the final result. The first matched inherited ACL, for the current user, may be real or virtual. The real ACL are the classical ACL displayed in the beamer lists.
This section is about the virtual ACL in the MySQL addon. There are two types of virtual ACL: the virtual 'user@accounts-for-hosts group' ACL on any Resource, which derives from one 'accounts-for-hosts group' real ACL, and the mixed ACL only on databases, which derives from two to-be-mixed real ACL. The virtual user@accounts-for-hosts group ACL is so derived from a non-conditional accounts-for-hosts group ACL, and the target may have any type. There are processed rights for each account member of the accounts-for-hosts group. If there are 3 members into the accounts-for-hosts group, there are 3 sets of processed rights for three keys in the rights maps. All these rights are simply the copy of the accounts-for-hosts group ACL rights. This is not a MySQL concept, just as the accounts-for-hosts group is not.
The to-be-mixed real ACL are the only case where two real ACL are selected at a level (this is indeed always the database level) to build up some rights in a virtual mixed ACL. To-be-mixed and mixed ACL are not MySQL concepts, but they implement a MySQL algorithm. Two non-conditional to-be-mixed ACL on a database-specific target, respectively for an user U and a host H, are combined to define the processed rights for the pair (U, H). The processed rights are the union of the rights from the two real ACL. This define a map key even if the union of rights is empty. This is the only case where a key in the two maps, may have an empty set of effective rights. The database level is the most complex case. It is the only parent level to handle the virtual mixed ACL, and also to handle the real bases set ACLs.
This section is about the keys into the primary rights map. Each parent level may produce a matched key for a given couple user/host and a target. We have seen that the ACL sorting at the parent level drives the selection process of the matched key, in the class NodeRightsMySQLImpl. For the inherited ACL rights and the primary ACL rights, the map key may have varied forms, but the parent order is always at the end. The parent order tells the distance from the target to the parent which delivers the rights. To set the parent order as a number, the direct parent of a resource has the string '1'. The direct parent of this parent has the string '2' as parent order in the last name component, and so on. Into the two maps, the first difference between the map keys is that the key for inherited ACL rights is a Name, and the primary ACL rights key is the String form of this same Name. The second and last difference is to allow a parent order '0' into a key for the primary rights of the root 'MySQL server' or a database, while this is forbidden for the inherited ACL rights.
The ten key forms are listed hereinafter:
- (user name @ host name last component) :: parent order, for instance 'one :: mysql :: jerry@localhost :: 2',
- <Proc>:: (user name @ accounts-for-hosts group name last component) :: parent order, for instance '<Proc>:: one :: mysql :: jerry(2)@192.168.1.% :: 0',
'<Proc>' is a generic tag that means 'processed rights', to tell the key and its rights are not get from the direct reading of a real ACL. These two first forms are the only used ones when the parent level is not a database. These forms are also used for a database, but the followings are additional forms in this case: - <Proc><from 'bases set name last component'>:: (user name @ host name last component):: parent order,
- <Proc><from 'bases set name last component'>:: (user name @ accounts-for-hosts group name last component) :: parent order,
- <Proc><Mixed>:: (user name @ host name last component) :: parent order,
- <Proc><Mixed><from 'bases set name last component'>:: (user name @ host name last component) :: parent order,
- <Proc><Mixed><from 'bases set name last component'><from 'bases set name last component'>:: (user name @ host name last component) :: parent order,
- <Proc><Mixed>:: (user name @ hosts group name last component) :: parent order,
- <Proc><Mixed><from 'bases set name last component'>:: (user name @ hosts group name last component) :: parent order,
- <Proc><Mixed><from 'bases set name last component'><from 'bases set name last component'>:: (user name @ hosts group name last component) :: parent order.
In this catalog of key forms for the database, '<Mixed>' means this is a virtual mixed ACL, and '<from 'bases set name last component'>' means a bases set ACL is the real ACL from which the virtual ACL is derived. The tag '<Mixed>' is proper to MySQL but it may be reused in another ACS Addons. The tag '<from 'xxxx'v' is a generic form another ACS Addon may use. A key contains two times '<from 'bases set name last component'>' when there are both a bases set ACL for the user, and a bases set ACL for the host or the hosts group. These key forms are designed to help the Access Road user to find the origin of a key into a rights map. A key has exactly one origin, which is one real ACL in most of the cases, except the virtual mixed ACL where two real to-be-mixed ACL are processed. We have seen that the rights map keys of a parent level are not sorted following the ACL sorting, or following any other sorting. The value in a rights map is always a non-null StringRight array. This array may be empty only for a mixed ACL. This array may contain only an 'USAGE' right when the key is provided by an ACL on the root 'MySQL server', and this single right does not generate primary rights for the other targets.
The overall rights analysis process for the inherited ACL is described into the documentation of the class DirectoryMySQLImpl. The documentation of the method DirectoryMySQLImpl.addAclEntry() describes also the calling sequence when an ACL is created, including the roles of the classes DirectoryMySQLImpl, BaseSetMySQLImpl, ResourceMySQLImpl and AclEntryImpl. Called by the non-static methods having the same name in ResourceMySQLImpl, ActorMySQLImpl, DirectoryMySQLImpl, BaseSetMySQLImpl. This method is mainly a commutator for the methods setM_TargetInheritedACLRightsNOTForDatabaseAcl(), setM_TargetInheritedACLRightsForDatabaseAclNOTForToBeMixedAcl() and setM_TargetInheritedACLRightsForDatabaseAclForToBeMixedAcl(), to handle the three following independant parts of the _l_acl list:
(1) all the ACL where the target is not a database-specific target (database or base set),
(2) all the ACL where the target is a database-specific target and the ACL is NOT a to-be-mixed ACL,
(3) all the ACL where the target is a database-specific target and the ACL is a to-be-mixed ACL.
.
_res
- resource to update_l_acl
- list of AclEntries, which is the current list
of inherited or direct AclEntries of _res. May be empty, but never null._upd_m_globalT_ACLRights
- _res map to update. May be null and no updating then.
Otherwise, this argument is cleared before the updating._upd_m_primaryT_ACLRights
- _res primary rights map to update.
May be empty, but never null._forDirectACL
- false if _l_acl is a list of inherited ACL, true if
_l_acl is a list of direct ACLDirectoryMySQLImpl
,
DirectoryMySQLImpl.addAclEntry(ARoad0.gBaseInterface.ImmutableACS, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.StringRight[], java.lang.Boolean, ARoad0.gBaseInterface.ImmutableGroupID)
public static void setM_TargetInheritedACLRightsNOTForDatabaseAcl(ResourceMySQL _res, java.util.List<AclEntry> _l_acl, java.util.Map<ImmutableName,StringRight[]> _upd_m_globalT_ACLRights, java.util.Map<java.lang.String,StringRight[]> _upd_m_primaryT_ACLRights)
The two key forms this method handles are listed hereinafter:
- (user name @ host name last component) :: parent order, for instance 'one :: mysql :: jerry@localhost :: 2',
- <Proc>:: (user name @ accounts-for-hosts group name last component) :: parent order, for instance '<Proc>:: one :: mysql :: jerry(2)@192.168.1.% :: 0',
'<Proc>' is a generic tag that means 'processed rights', to tell the key and its rights are not get from the direct reading of a real ACL. Only the root 'MySQL server' may have as rights the single 'USAGE' right, in the value arrays of the two rights maps. Called by setM_TargetInheritedACLRights(). Calls addSimplestKeysInM_TargetInheritedACLRights().
_res
- resource to update_l_acl
- list of AclEntries, which is the current list
of inherited or direct (only for the root 'MySQL server') AclEntries of _res.
May be empty, but never null._upd_m_globalT_ACLRights
- inherited ACL map of _res to update.
May be null and no updating then. No key nor value removing on this argument._upd_m_primaryT_ACLRights
- primary ACL map of _res to update.
May be empty, but never null. No key nor value removing on this argument.
No adding for the database-specific ACL keys.setM_TargetInheritedACLRights(ARoad0.AcsAddon.Accbee.MySQL.gBaseInterface.ResourceMySQL, java.util.List, java.util.Map, java.util.Map, boolean)
public static void setM_TargetInheritedACLRightsForDatabaseAclNOTForToBeMixedAcl(ResourceMySQL _res, java.util.List<AclEntry> _l_acl, java.util.Map<java.lang.String,StringRight[]> _upd_m_primaryT_ACLRights)
The two first key forms this method handles are listed hereinafter:
- (user name @ host name last component) :: parent order, for instance 'one :: mysql :: jerry@localhost :: 2',
- <Proc>:: (user name @ accounts-for-hosts group name last component) :: parent order, for instance '<Proc>:: one :: mysql :: jerry(2)@192.168.1.% :: 0',
'<Proc>' is a generic tag that means 'processed rights', to tell the key and its rights are not get from the direct reading of a real ACL. These previous forms are completed by additional forms excluding to-be-mixed ACL: - <Proc><from 'bases set name last component'>:: (user name @ host name last component):: parent order,
- <Proc><from 'bases set name last component'>:: (user name @ accounts-for-hosts group name last component) :: parent order,
Called by setM_TargetInheritedACLRights(). Derived from setM_TargetInheritedACLRightsNOTForDatabaseAcl(). Calls addSimplestKeysInM_TargetInheritedACLRights() for the two first key forms.
_res
- resource to update_l_acl
- list of AclEntries, which is the current list of inherited AclEntries of _res,
or direct AclEntries only when _res is a database. May be empty, but never null._upd_m_primaryT_ACLRights
- primary ACL map of _res to update.
May be empty, but never null. No key nor value removing on this argument.setM_TargetInheritedACLRights(ARoad0.AcsAddon.Accbee.MySQL.gBaseInterface.ResourceMySQL, java.util.List, java.util.Map, java.util.Map, boolean)
public static void setM_TargetInheritedACLRightsForDatabaseAclForToBeMixedAcl(ResourceMySQL _res, java.util.List<AclEntry> _l_acl, java.util.Map<java.lang.String,StringRight[]> _upd_m_primaryT_ACLRights)
The six key forms this method handles for the virtual mixed ACL are listed hereinafter:
- <Proc><Mixed>:: (user name @ host name last component) :: parent order,
- <Proc><Mixed><from 'bases set name last component'>:: (user name @ host name last component) :: parent order,
- <Proc><Mixed><from 'bases set name last component'><from 'bases set name last component'>:: (user name @ host name last component) :: parent order,
- <Proc><Mixed>:: (user name @ hosts group name last component) :: parent order,
- <Proc><Mixed><from 'bases set name last component'>:: (user name @ hosts group name last component) :: parent order,
- <Proc><Mixed><from 'bases set name last component'><from 'bases set name last component'>:: (user name @ hosts group name last component) :: parent order.
In this catalog of key forms for the database, '<Mixed>' means this is a virtual mixed ACL, and '<from 'bases set name last component'>' means a bases set ACL is the real ACL from which the virtual ACL is derived. A key contains two times '<from 'bases set name last component'>' when there are both a real bases set ACL for the user, and a real bases set ACL for the host or the hosts group. The value in a rights map is always a non-null StringRight array. This rights array may be empty only for a mixed ACL.
Called by setM_TargetInheritedACLRights(). Derived from setM_TargetInheritedACLRightsForDatabaseAclNOTForToBeMixedAcl().
_res
- resource to update_l_acl
- list of AclEntries, which is the current list of inherited AclEntries of _res,
or direct AclEntries only when _res is a database. May be empty, but never null._upd_m_primaryT_ACLRights
- primary ACL map of _res to update.
May be empty, but never null. No key nor value removing on this argument.setM_TargetInheritedACLRights(ARoad0.AcsAddon.Accbee.MySQL.gBaseInterface.ResourceMySQL, java.util.List, java.util.Map, java.util.Map, boolean)
public static void addSimplestKeysInM_TargetInheritedACLRights(AclEntry _acl, java.lang.String _order, StringRight[] _l_rights, java.util.Map<ImmutableName,StringRight[]> _upd_m_globalT_ACLRights, java.util.Map<java.lang.String,StringRight[]> _upd_m_primaryT_ACLRights)
The two simple key forms this method handles are the most common ones. They are listed hereinafter:
- (user name @ host name last component) :: parent order, for instance 'one :: mysql :: jerry@localhost :: 2',
- <Proc>:: (user name @ accounts-for-hosts group name last component) :: parent order, for instance '<Proc>:: one :: mysql :: jerry(2)@192.168.1.% :: 0',
'<Proc>' is a generic tag that means 'processed rights', to tell the key and its rights are not get from the direct reading of a real ACL. Called by setM_TargetInheritedACLRightsNOTForDatabaseAcl(), setM_TargetInheritedACLRightsForDatabaseAclNOTForToBeMixedAcl() and setM_PrimaryTargetACLRightsFromDirectACL().
_acl
- simpliest ACL to process_order
- parent order of _acl for the Resource. Never below '0'._l_rights
- effective rights to put as value in the two maps_upd_m_globalT_ACLRights
- global rights map of _res to update.
May be null and no updating then. No key nor value removing on this argument._upd_m_primaryT_ACLRights
- primary ACL map of _res to update.
May be empty, but never null. No key nor value removing on this argument.setM_TargetInheritedACLRights(ARoad0.AcsAddon.Accbee.MySQL.gBaseInterface.ResourceMySQL, java.util.List, java.util.Map, java.util.Map, boolean)
public static int countUnderscoreCharacter(java.lang.String _text)
_text
- non-null text
public static int countPercentageCharacter(java.lang.String _text)
_text
- non-null text
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |