|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.ObjectARoad0.gWork.NodeRightsImpl
ARoad0.AcsAddon.Accbee.Ubuntu.gWork.NodeRightsUbuntuImpl
public class NodeRightsUbuntuImpl
This class is responsible for getting the rights for an Ubuntu node in a view, for the AcsAddon Ubuntu. It adds to its superclass the handling of Linux AGO Other rights. It adds also the search of the 2 Linux Ubuntu capacity groups that are simulated in this Access Road version. To provide these tasks, the methods detectAddon2Nodes() and detectAddon3Nodes() of the superclass are overridden.
For the AGO rights, the AccessControlLink.GLOBAL comments use in this Addon the constant ACLINK_C_AGO_OTHER to comment the AGO Other rights.
The paths search covers fully the ACL rights, even if in Ubuntu for this version, there is no management of the Linux Access Control Lists. An ACL transmits the direct Account/Group context of its source to its target if they are from the same ACS. It does not transmit the indirect like an alias relation. The Account/Group context is never propagated for a privilege (not managed in Ubuntu) or a bridge, for which the target has its proper AG context, even if sometimes this context is empty.
For the Linux/Unix ACS only, there are AGO Other rights on resources and actors, but no privileges nor virtual folders to handle. Some 3-nodes paths are specific to the Linux/Unix ACS, and they are listed hereinafter:
- ep/acl/actor/other-ridden resource in Linux-Unix,
- actor started from xid/run under/account or group or secondary group/other-ridden resource in Linux-Unix,
- actor started from xid/other-executed actor/acl/resource,
- actor started from xid/other-executed actor/bridge/actor,
- groupidmember/group/other-ridden resource in Linux-Unix,
- NO PRI, so no: ep/pri/actor/other-ridden resource in Linux-Unix,
- actor/bridge/actor/other-ridden resource in Linux-Unix,
- NO VF, so no: ep virtual folder/virtual member/actor/other-ridden resource in Linux-Unix,
- groupidmember/other-executed actor in Linux-Unix/acl/resource,
- groupidmember/other-executed actor in Linux-Unix/bridge/actor,
- NO PRI, so no: groupidmember/other-executed actor in Linux-Unix/pri/resource or virtual folder,
Here are the 2 Linux Ubuntu capacity groups which are simulated: - '<CAP_DAC_OVERRIDE>': overrides all read/write/execute AGO rights, including ACL execute access if [_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. The executing permission is set only when at least one of the file's three AGO execute permission bits is set.
- '<CAP_DAC_READ_SEARCH>': overrides all read/write/execute AGO rights regarding read and search on files and directories, including ACL restrictions if [_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
The following comments are about all the NodeRights in the AcsAddon framework. The specialized methods of an AcsAddon are in a NodeRightsImpl subclass, and they are called by an overriden NodeRights AcsAddon method; there is no name pattern for these methods; they use the generic properties of a node and its environment, but they also handle the original properties of the AcsAddon node. Since an AcsAddon may be based on another AcsAddon, a NodeRightsImpl subclass may have another NodeRightsImpl subclass has super class.
The direct calls to the Ubuntu ACS in this class are calls to getEorL_FromOtherInCurrentContextActors() and getEorM_EligibleParties(). Upper-level methods begin by get...(), with...() and detect...(), middle-level methods begin by select...().
NodeRightsImpl
Field Summary | |
---|---|
static java.lang.String |
ACLINK_C_AGO_OTHER
For the AGO types, this is a specialized comment for Ubuntu to say that a resource is targeted through Linux AGO Other rights. |
protected AgoRightsFactoryImpl |
ago_
|
protected DisplayableLinkUtilities |
linkUtil_
|
protected UtilityImpl |
util_
|
Fields inherited from class ARoad0.gWork.NodeRightsImpl |
---|
aclFact_, interpreter_, link_, priFact_, utility_ |
Fields inherited from interface ARoad0.gWorkInterface.NodeRights |
---|
INITIAL_CAPACITY |
Constructor Summary | |
---|---|
NodeRightsUbuntuImpl(AlgorithmInterpreter _interpreter,
LinkRightsImpl _utility)
Only one constructor, called by RightsMediatorImpl. |
Method Summary | |
---|---|
protected DisplayableLinkImpl |
addCapacityRightsToDisplayableLink(DisplayableLinkImpl _dLink)
This specialized AcsAddon method updates a DisplayableLinkImpl with capacity rights, for the '<files_tree>' resources only. |
protected AccessControlLinkImpl |
addOtherRightsToAccessControlLink(ImmutableGroupIDMember _gm,
ResourceUbuntu _node)
This specialized AcsAddon method defines the effective applicable 'other' rights for any pair of nodes in a DisplayableLink. |
protected DisplayableLinkImpl |
addOtherRightsToExtendDisplayableLink(ResourceUbuntu _target,
DisplayableLinkImpl _dLink,
java.util.Set<ImmutableGroupIDMember> _l_epContext)
Defines the AGO other rights to apply to a Resource to extend a DisplayableLink. |
java.util.Map |
detectAddon2Nodes(EPRViewInBase _viewInBase,
ImmutableTarget _node,
java.util.Map _m_l_DisplayableLinks,
BaseObject _center)
Detects the capacity groups ' |
java.util.Map |
detectAddon3Nodes(EPRViewInBase _viewInBase,
ImmutableTarget _node,
java.util.Map _m_l_DisplayableLinks)
For an AcsAddon, filters the incompatible rights, if any, for a node, and adds the AcsAddon specific rights, if any. |
void |
finalizeForProcess()
Finalizes the instance. |
boolean |
getDetectAddon2Nodes()
Called by RightsFactory_Facade. |
boolean |
getDetectAddon3Nodes()
Called by RightsFactory_Facade. |
AccessControlLinkImpl |
getL_accessRightsThroughNodesTree(ImmutableLeaf _res,
ImmutableEligibleParty _ep,
ImmutableGroupID _grp)
Returns the inherited rights given by the directory tree, as AGO rights. |
boolean |
getSelectAddonLastViewNodeAfterActor()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by detectOneHiddenNodeCompoundRights(). |
boolean |
getSelectAddonLastViewNodeAfterGroupIDMember()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by detectOneHiddenNodeCompoundRights(). |
boolean |
getSelectAddonNewHiddenNodeForActor()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes. |
boolean |
getSelectAddonNewHiddenNodeForGroupIDMember()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes. |
protected java.util.Map |
select2NodesCapacityRights(EPRViewInBase _viewInBase,
ImmutableTarget _node,
java.util.Map _m_l_DisplayableLinks,
BaseObject _center)
This specialized AcsAddon method defines the capacity groups ' |
protected java.util.Map |
select3NodesCapacityRights(EPRViewInBase _viewInBase,
ImmutableTarget _node,
java.util.Map _m_l_DisplayableLinks)
This specialized AcsAddon method defines the capacity groups ' |
DisplayableLinkImpl |
selectAddonLastViewNodeAfterActor(EPRViewInBase _viewInBase,
ImmutableTarget _target,
DisplayableLinkImpl _dLink,
java.util.Map _m_l_DisplayableLinks)
Detects the view target that is linked to an Ubuntu Actor, to extend the current DisplayableLinks ended by this actor. |
DisplayableLinkImpl |
selectAddonLastViewNodeAfterGroupIDMember(EPRViewInBase _viewInBase,
ImmutableTarget _target,
DisplayableLinkImpl _dLink,
java.util.Map _m_l_DisplayableLinks)
Detects the view target that is linked to an Ubuntu GroupIDMember, to extend the current DisplayableLink ended by this GroupIDMember. |
java.util.List<DisplayableLinkImpl> |
selectAddonNewHiddenNodeForActor(EPRViewInBase _viewInBase,
ImmutableActor _node,
java.util.Set<DisplayableLinkImpl> _l_dLinks,
java.util.Map _m_l_DisplayableLinks,
java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
Detects the hidden actors that are linked to an Ubuntu Actor as access source, to extend the current DisplayableLinks ended by this actor. |
java.util.List<DisplayableLinkImpl> |
selectAddonNewHiddenNodeForGroupIDMember(EPRViewInBase _viewInBase,
ImmutableGroupIDMember _node,
java.util.Set<DisplayableLinkImpl> _l_dLinks,
java.util.Map _m_l_DisplayableLinks,
java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
Detects the hidden nodes that are linked to an Ubuntu GroupIDMember as access source, to extend the current DisplayableLinks ended by this GroupIDMember. |
protected java.util.Set |
selectDirectOwnerContainForTarget(ImmutableResource _res)
Detects the UserID and the GroupID in the _res ACS, that owns or contains _res directly, and that are in _viewInBase or not. |
protected java.util.Map |
selectOtherRights(EPRViewInBase _viewInBase,
ResourceUbuntu _node,
java.util.Map _m_l_DisplayableLinks,
BaseObject _center)
UNUSED This specialized AcsAddon method defines the effective applicable 'other' rights for any view Resource from a view EligibleParty. |
java.lang.String |
toString()
|
protected boolean |
withAgoAccessThroughNodesTree(ImmutableResource _res,
ImmutableUserID _acc,
ImmutableGroupID _grp)
Returns true if the directory tree or the virtual folder tree allows to access to the leaf. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String ACLINK_C_AGO_OTHER
protected AgoRightsFactoryImpl ago_
protected UtilityImpl util_
protected DisplayableLinkUtilities linkUtil_
Constructor Detail |
---|
public NodeRightsUbuntuImpl(AlgorithmInterpreter _interpreter, LinkRightsImpl _utility)
_interpreter
- algorithm interpreter of this view_utility
- LinkRightsImpl or one of its subclass, to use for
processing this nodeMethod Detail |
---|
public boolean getDetectAddon2Nodes()
getDetectAddon2Nodes
in interface NodeRights
getDetectAddon2Nodes
in class NodeRightsImpl
public boolean getDetectAddon3Nodes()
getDetectAddon3Nodes
in interface NodeRights
getDetectAddon3Nodes
in class NodeRightsImpl
public boolean getSelectAddonLastViewNodeAfterActor()
getSelectAddonLastViewNodeAfterActor
in interface NodeRights
getSelectAddonLastViewNodeAfterActor
in class NodeRightsImpl
public boolean getSelectAddonLastViewNodeAfterGroupIDMember()
getSelectAddonLastViewNodeAfterGroupIDMember
in interface NodeRights
getSelectAddonLastViewNodeAfterGroupIDMember
in class NodeRightsImpl
public boolean getSelectAddonNewHiddenNodeForActor()
getSelectAddonNewHiddenNodeForActor
in interface NodeRights
getSelectAddonNewHiddenNodeForActor
in class NodeRightsImpl
public boolean getSelectAddonNewHiddenNodeForGroupIDMember()
getSelectAddonNewHiddenNodeForGroupIDMember
in interface NodeRights
getSelectAddonNewHiddenNodeForGroupIDMember
in class NodeRightsImpl
public java.util.Map detectAddon2Nodes(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks, BaseObject _center)
detectAddon2Nodes
in interface NodeRights
detectAddon2Nodes
in class NodeRightsImpl
_viewInBase
- EPRViewInBase_node
- is the node to analyze, as node of this instance_m_l_DisplayableLinks
- Map of DisplayableLinks lists (one per pair)
associated to the view, and to update._center
- is the central object of a sketch view. Null if it is not a sketch view.
select2NodesCapacityRights(ARoad0.gBaseInterface.EPRViewInBase, ARoad0.gBaseInterface.ImmutableTarget, java.util.Map, ARoad0.gBaseInterface.BaseObject)
public java.util.Map detectAddon3Nodes(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks) throws java.lang.InterruptedException
detectAddon3Nodes
in interface NodeRights
detectAddon3Nodes
in class NodeRightsImpl
_viewInBase
- EPRViewInBase_node
- is the node to analyze, as node of this instance_m_l_DisplayableLinks
- Map of DisplayableLinks lists (one per pair)
associated to the view, and to update.
java.lang.InterruptedException
NodeRightsImpl.detectAddonFinal3Nodes(ARoad0.gBaseInterface.EPRViewInBase, ARoad0.gBaseInterface.ImmutableTarget, java.util.Map)
protected boolean withAgoAccessThroughNodesTree(ImmutableResource _res, ImmutableUserID _acc, ImmutableGroupID _grp)
'AGO right inheritance 1: if no access from the inherited rights, no AGO access to the child if and only if the account or the group is not null'
'AGO right: A rights overlay G rights'
and the Ubuntu rule:
'AGO right: AG rights overlay O rights'
Called only by super.withAccessThroughNodesTreeFromEP(), to follow the AcsAddon pattern. Overrides the super method, to add the AGO Other rights analysis when the super method returns false. Does not call the super method.
withAgoAccessThroughNodesTree
in class NodeRightsImpl
_res
- ResourceUbuntu which may be accessed or not through its parent tree_acc
- the _res userID. May be null. If null and if all the _res parents have no UserID,
returns true._grp
- the _res groupID. May be null. If null and if all the _res parents have no GroupID,
returns true.
java.lang.InternalError
- if _res is not a ResourceUbuntuBaseUtilityImpl.withAcrossToDirectoryAGRights(ARoad0.gBaseInterface.StringRight[])
public AccessControlLinkImpl getL_accessRightsThroughNodesTree(ImmutableLeaf _res, ImmutableEligibleParty _ep, ImmutableGroupID _grp)
getL_accessRightsThroughNodesTree
in interface NodeRights
getL_accessRightsThroughNodesTree
in class NodeRightsImpl
_res
- Resource of this instance;
may be accessed or not through its parent tree. May be null._ep
- the _res userID. May be null._grp
- the _res groupID. May be null.
NodeRightsImpl.withAccessThroughNodesTreeFromEP(ARoad0.gBaseInterface.ImmutableSource, ARoad0.gBaseInterface.ImmutableLeaf, ARoad0.gBaseInterface.ImmutableGroupIDMember)
,
NodeRightsImpl.getMergedInheritedAclPriRightsAndComments(ARoad0.gBaseInterface.ImmutableSource, ARoad0.gBaseInterface.ImmutableLeaf, ARoad0.CNot.AccessControlLinkImpl, ARoad0.gBaseInterface.StringRight[])
public DisplayableLinkImpl selectAddonLastViewNodeAfterActor(EPRViewInBase _viewInBase, ImmutableTarget _target, DisplayableLinkImpl _dLink, java.util.Map _m_l_DisplayableLinks)
selectAddonLastViewNodeAfterActor
in interface NodeRights
selectAddonLastViewNodeAfterActor
in class NodeRightsImpl
_viewInBase
- EPRViewInBase. Never null._target
- ResourceUbuntu to analyze. Never null._dLink
- with an actor as second end and node of this instance. Never null._m_l_DisplayableLinks
- immutable Map of DisplayableLinks lists (one per pair)
to never update in this method.
public DisplayableLinkImpl selectAddonLastViewNodeAfterGroupIDMember(EPRViewInBase _viewInBase, ImmutableTarget _target, DisplayableLinkImpl _dLink, java.util.Map _m_l_DisplayableLinks)
selectAddonLastViewNodeAfterGroupIDMember
in interface NodeRights
selectAddonLastViewNodeAfterGroupIDMember
in class NodeRightsImpl
_viewInBase
- EPRViewInBase. Never null._target
- view node to analyze. Never null._dLink
- with a groupIDMember as second end and node of this instance. Never null._m_l_DisplayableLinks
- immutabke Map of DisplayableLinks lists (one per pair)
to never update in this method.
public java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForActor(EPRViewInBase _viewInBase, ImmutableActor _node, java.util.Set<DisplayableLinkImpl> _l_dLinks, java.util.Map _m_l_DisplayableLinks, java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
- actor _node with Linux setuid or setgid, that enforces in its Account/Groups context of execution, its current account and/or current group, and new pathes to them are added to each link in _l_dLinks
- actor _node started from xid/AGO Other rights/actor 'B', IF there is some B/acl/actor, B/bridge/actor or B/privilege/actor links; these AGO Other rights imply that _node has no AG running context that matches to the 'B' Account and Group (otherwise, it is not other-executed).
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes and in the starting search, and by ThreeNodesRightsFactoryImpl.addPathsFromActorAcsAddonRelationActor(), addPathsFromActorAcsAddonRelationNoActor(). Overrides and calls first the super method. Calls addOtherRightsToExtendDisplayableLink(), LinkRights.updateAGrunningContext() and ACSUbuntuImpl.getEorL_FromOtherInCurrentContextActors().
selectAddonNewHiddenNodeForActor
in interface NodeRights
selectAddonNewHiddenNodeForActor
in class NodeRightsImpl
_viewInBase
- EPRViewInBase. Never null._node
- actor to analyze. Never null._l_dLinks
- list of links with _node as second end and node of this instance.
May be null._m_l_DisplayableLinks
- immutable Map of DisplayableLinks lists (one per pair)
to never update in this method._upd_l_NoProxyOrNoExecuteNodes
- updated by the adding of the hidden nodes
without executing right or which are not right-proxy nodes, if any.
A RUN_UNDER relation on a GroupIDMember is considered there as an executing
right on a right-proxy node.
This list is only extended if necessary, as a complement of the returned value of the method.
This argument is usually empty at the call of this method, but this is not mandatory.
Never null.
java.lang.InternalError
- if _l_dLinks contains a link where _node is not the second endpublic java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForGroupIDMember(EPRViewInBase _viewInBase, ImmutableGroupIDMember _node, java.util.Set<DisplayableLinkImpl> _l_dLinks, java.util.Map _m_l_DisplayableLinks, java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
Adds the links:
- groupidmember/other-executed actor 'B', IF there is some B/acl/resource or an B/bridge/actor links, and IF groupidmember is not a capacity group nor in the AG running context that matches to the 'B' Account and Group (otherwise, it is not other-executed).
- capacity group '
Does not add the AGO Other rights to the capacity groups.
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the
central loop on the intermediate nodes. Overridden by the subclasses.
Overrides and calls first the super method.
Calls addOtherRightsToExtendDisplayableLink() and addOtherRightsToAccessControlLink(),
LinkRightsImpl.withAccessThroughNodesTreeFromEP(), UtilityImpl.withExecuteRight(),
ACS.getEorL_FromOtherInCurrentContextActors(),
AgoRightsFactoryImpl.addOwnerContainRightsToDisplayableLink().
selectAddonNewHiddenNodeForGroupIDMember
in interface NodeRights
selectAddonNewHiddenNodeForGroupIDMember
in class NodeRightsImpl
_viewInBase
- EPRViewInBase. Never null._node
- groupIDMember to analyze. Never null._l_dLinks
- list of links with _node as second end and node of this instance.
May be null._m_l_DisplayableLinks
- immutabke Map of DisplayableLinks lists (one per pair)
to never update in this method._upd_l_NoProxyOrNoExecuteNodes
- updated by the adding of the hidden nodes
without executing right or which are not right-proxy nodes, if any.
This list is only extended if necessary, as a complement of the returned value of the method.
This argument is usually empty at the call of this method, but this is not mandatory.
Never null.
protected java.util.Set selectDirectOwnerContainForTarget(ImmutableResource _res)
- the userID that owns the resource,
- the groupID that contains the resource.
Called by detectAddon2Nodes().
_res
- node of this instance; is in _viewInBase
protected java.util.Map select2NodesCapacityRights(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks, BaseObject _center)
_viewInBase
- EPRViewInBase_node
- is the node to analyze_m_l_DisplayableLinks
- Map of DisplayableLinks lists (one per pair)
associated to the view, and to update._center
- is the central object of a sketch view. Null if it is not a sketch view.
protected java.util.Map select3NodesCapacityRights(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks) throws java.lang.InterruptedException
_viewInBase
- EPRViewInBase_node
- is not used_m_l_DisplayableLinks
- Map of DisplayableLinks lists (one per pair)
associated to the view, and to update
java.lang.InterruptedException
protected DisplayableLinkImpl addOtherRightsToExtendDisplayableLink(ResourceUbuntu _target, DisplayableLinkImpl _dLink, java.util.Set<ImmutableGroupIDMember> _l_epContext)
_target
- node to analyze. Never null._dLink
- simple link with ACL rights and an EligibleParty as second end.
Never null._l_epContext
- AG context of the _dLink second end.
Never null nor empty.
protected java.util.Map selectOtherRights(EPRViewInBase _viewInBase, ResourceUbuntu _node, java.util.Map _m_l_DisplayableLinks, BaseObject _center)
_viewInBase
- EPRViewInBase_node
- view node to analyze_m_l_DisplayableLinks
- Map of DisplayableLinks lists (one per pair)
associated to the view, and to update._center
- is the central object of a sketch view. Null if it is not a sketch view.
protected AccessControlLinkImpl addOtherRightsToAccessControlLink(ImmutableGroupIDMember _gm, ResourceUbuntu _node)
_gm
- first node of the returned AccessControlLinkImpl_node
- second node of the returned AccessControlLinkImpl
protected DisplayableLinkImpl addCapacityRightsToDisplayableLink(DisplayableLinkImpl _dLink)
- '<CAP_DAC_OVERRIDE>': override all DAC access, including ACL execute access if [_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
- '<CAP_DAC_READ_SEARCH>': overrides all DAC restrictions regarding read and search on files and directories, including ACL restrictions if [_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
Called by select2NodesCapacityRights(), select3NodesCapacityRights(), AgoRightsFactoryImpl.getRootRights() and CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() through detectAcsAddonPriorityRightsOnTarget(), selectAddonLastViewNodeAfterGroupIDMember(), selectAddonNewHiddenNodeForGroupIDMember(). Calls UtilityImpl.withDirectExecuteRight().
_dLink
- is a link having a Resource as second end,
and a GroupID capacity as previous node. May be null.
public void finalizeForProcess()
finalizeForProcess
in interface NodeRights
finalizeForProcess
in class NodeRightsImpl
public java.lang.String toString()
toString
in class NodeRightsImpl
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |