ARoad0.gWork
Class AclRightsFactoryImpl

java.lang.Object
  extended by ARoad0.gWork.AclRightsFactoryImpl
All Implemented Interfaces:
CoreAlgorithm

public class AclRightsFactoryImpl
extends java.lang.Object
implements CoreAlgorithm

This class is responsible for all the core algorithms about AclEntry rights analysis, and most of the Bridge rights analysis. These rights are direct or inherited rights for an EligibleParty (the access user) on a Resource (the access target). This class is stateless, and RightsMediatorImpl at its creation setups an instance for its ViewInBase. No direct call to the ACS methods. Upper-level methods begin by detect...(), middle-level methods begin by select...(), lower-level methods begin by add...().

See Also:
AclEntryImpl

Field Summary
private  AlgorithmInterpreter interpreter_
           
private  DisplayableLinkUtilities linkUtil_
           
private  UtilityImpl utility_
           
 
Fields inherited from interface ARoad0.gWorkInterface.CoreAlgorithm
INITIAL_CAPACITY
 
Constructor Summary
protected AclRightsFactoryImpl(AlgorithmInterpreter _interpreter)
          only one protected constructor
 
Method Summary
 DisplayableLinkImpl addAclBridgeRightsInSimpleDisplayableLink(ImmutableEligibleParty _ep, ImmutableResource _res, boolean _withExecute)
          Gets or creates the simple DisplayableLinkImpl associated to a view object pair, and updates the AccessControlLink with ACL or bridge rights.
 AccessControlLinkImpl addAclInAccessControlLink(ImmutableResource _res, ImmutableEligibleParty _ep, AccessControlLinkImpl _upd_acLink)
          Adds the AclEntry rights and comments to an AccessControlLinkImpl.
protected  java.util.Map detectACLRights(EPRViewInBase _viewInBase, java.util.Map _m_l_DisplayableLinks, BaseObject _center)
          Defines the effective applicable rights of an EligibleParty for a Resource, when there are direct AclEntries between them.
 void finalizeForProcess()
          Finalizes the instance.
static ImmutableAclEntry getAclEntryFromACS(ImmutableResource _res, ImmutableEligibleParty _ep, ImmutableACS _aclAcs, boolean _positiveRight)
          Selects the right aclEntry managed by the resource, from the ACS list because the resource list is updated after the ACS has fired its change property events for the AclEntry creation.
 java.util.Set selectDirectHiddenAclBridgeLinksToActorForEP(EPRViewInBase _viewInBase, ImmutableEligibleParty _ep, boolean _isProxyWithFinalExecute)
          Detects all the right-proxy Actors that are not in _viewInBase, and are directly accessible from _ep through an AclEntry or a Bridge, with some executing rights or not.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

interpreter_

private AlgorithmInterpreter interpreter_

utility_

private UtilityImpl utility_

linkUtil_

private DisplayableLinkUtilities linkUtil_
Constructor Detail

AclRightsFactoryImpl

protected AclRightsFactoryImpl(AlgorithmInterpreter _interpreter)
only one protected constructor

Parameters:
_interpreter - algorithm interpreter
Method Detail

detectACLRights

protected final java.util.Map detectACLRights(EPRViewInBase _viewInBase,
                                              java.util.Map _m_l_DisplayableLinks,
                                              BaseObject _center)
Defines the effective applicable rights of an EligibleParty for a Resource, when there are direct AclEntries between them. For a sketch view, only AclEntries from/to _center are processed. Called by RightsFactory_Facade.detectEPRRights(), detectNoThanRights() and detectSketchRights().

Synchronized to _viewInBase from the GraphicView call.

Parameters:
_viewInBase - the EPRViewInBase of _gview
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update.
_center - the central object of a sketch view. Null if it is not a sketch view.
Returns:
Map of DisplayableLinks lists, with ACL links associated to every pair (Source, Target).

selectDirectHiddenAclBridgeLinksToActorForEP

public final java.util.Set selectDirectHiddenAclBridgeLinksToActorForEP(EPRViewInBase _viewInBase,
                                                                        ImmutableEligibleParty _ep,
                                                                        boolean _isProxyWithFinalExecute)
                                                                 throws ProcessError
Detects all the right-proxy Actors that are not in _viewInBase, and are directly accessible from _ep through an AclEntry or a Bridge, with some executing rights or not. The rights are set. These actors will define new links that should do not transfer the AG context of the argument _ep. With an internal ACL, the AG context is transferred, but it is not possible to say if the ACL target, as actor, do not provide another links outside the current AG context. This is why all the ACL are detected. Note: this method does not take account of the inherited AclEntries in an AcsAddon, and this may be done in NodeRights.selectAddonNewHiddenNodeForGroupIDMember() and selectAddonNewHiddenNodeForActor(), if these methods are overidden by the AcsAddon. Called twice by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights(), with true for _withFinalExecute to find the access paths, and false to find the actors outside any path but to be listened. Calls addAclBridgeRightsInSimpleDisplayableLink().

Parameters:
_viewInBase - view on which _gview is based
_ep - is in viewInBase or not
_isProxyWithFinalExecute - true for detecting only if there is an execute right on a right-proxy actor. If false, any actor without executing right and/or not being a right-proxy is returned.
Returns:
Set of simple DisplayableLinkImpl for which the first end is _ep, the second end is an actor not in _viewInBase. May be null, but not empty.
Throws:
ProcessError - if there is a loop in the rights search

getAclEntryFromACS

public static final ImmutableAclEntry getAclEntryFromACS(ImmutableResource _res,
                                                         ImmutableEligibleParty _ep,
                                                         ImmutableACS _aclAcs,
                                                         boolean _positiveRight)
Selects the right aclEntry managed by the resource, from the ACS list because the resource list is updated after the ACS has fired its change property events for the AclEntry creation. Called by CompoundRightsFactoryImpl.detectAcsLinks().

Parameters:
_res - with some AclEntries to filter
_ep - is the EligibleParty associated to the AclEntry
_aclAcs - ImmutableACS which owns the new AclEntry
_positiveRight - is true is the searched AclEntry is psitive
Returns:
the ImmutableAclEntry, or null.

addAclBridgeRightsInSimpleDisplayableLink

public final DisplayableLinkImpl addAclBridgeRightsInSimpleDisplayableLink(ImmutableEligibleParty _ep,
                                                                           ImmutableResource _res,
                                                                           boolean _withExecute)
Gets or creates the simple DisplayableLinkImpl associated to a view object pair, and updates the AccessControlLink with ACL or bridge rights. The main function is to handle the need to have executing rights when the last argument requires it, and this is necessary for the intermediate actors in the DisplayableLinks. Each right is provided by the bridge or the AclEntry ACS, and it may have several ACS which are implied in one DisplayableLinkImpl. So, puts in comments the acl ACS name for each ACL right. Note : this method is sensible since it is used for both the two-link method and a multiple-links method. Called by selectDirectHiddenExternalAclBridgeLinksToActorForEP(), ThreeNodesRightsFactoryImpl.addPathsFromGroupIDMemberAclActor(). Calls addAclInAccessControlLink(). Note: when the argument _withExecute is true, the method is much more complex. AccessControlLinkImpl.getRedondantRights() is called to have all the rights from all the implied ACSs, with one positive or negative right per ACS, and BaseUtilityImpl.withExecuteRight() gets the effective global rights to evaluate if there is an executing right. This means that there is no priorities among the implied ACS and the implied right types (ACL and Bridge, here).

Parameters:
_ep - is a rights user
_res - is an access target. Has to be known in the AlgorithmInterpreter.
_withExecute - true for returning null if there is no effective executing right in the link.
Returns:
a new DisplayableLinkImpl. Null if there is no acl nor bridge to add.

addAclInAccessControlLink

public final AccessControlLinkImpl addAclInAccessControlLink(ImmutableResource _res,
                                                             ImmutableEligibleParty _ep,
                                                             AccessControlLinkImpl _upd_acLink)
Adds the AclEntry rights and comments to an AccessControlLinkImpl. It calls AccessControlLinkImpl.getRight() to filter the rights if there are negative rights. It reads the positive and negative inherited rights if the _res ACS manages the ACL rights inheritance. In this case, if the right user and the target are from the same ACS, it returns the direct rights if the method NodeRights.getL_accessRightsThroughNodesTree() returns an empty, but not null AccessControlLink, and also if NodeRights.withAccessThroughNodesTreeFromEP() returns true. With the same conditions but nodeRights.withAccessThroughNodesTreeFromEP() false, it returns null. With the same conditions but NodeRights.withAccessThroughNodesTreeFromEP() returning null, it returns null. The non-null inherited rights may delete all rights or be addded to the direct ones, through the method NodeRights.mergeInheritedAclPriRightsAndComments().

This method puts the rights as comment. It also puts in the GLOBAL comment all the ACL ACS names if they are more than one. It may adds 'conditional ACL'. The method NodeRights.getMergedInheritedAclPriRightsAndComments() is responsible to add the specific AcsAddon comments on the direct AclEntries, and to set the comment AccessControlLink.C_INHERITED_ACL about the inherited AclEntries. The method NodeRights.withAccessThroughNodesTreeFromEP() may add some additional comments for the inherited AclEntries.

Note: this method is sensible since it is used for both the one-link method, the two-links method and a multiple-links method. Called by detectACLRights(), addAclBridgeRightsInSimpleDisplayableLink(), CompoundRightsFactoryImpl.detectHiddenCompoundEpRights(), ThreeNodesRightsFactoryImpl.selectOneHiddenNodePathsForVirtualFolder(), endsPathsFromActorWithAclBridgePrivilege() and selectOneHiddenNodePathsForFirstLinkPrivileges(), endsPathsFromGroupIDMemberWithAclPrivilege(). The argument _upd_acLink is not null only for addAclBridgeRightsInSimpleDisplayableLink(). Calls the _res NodeRights.detectL_aclEntryRights(), mergeInheritedAclPriRightsAndComments(), getL_accessRightsThroughNodesTree() and withAccessThroughNodesTreeFromEP().

Parameters:
_res - with some AclEntries to filter. Has to be known in the AlgorithmInterpreter.
_ep - may be associated to some _res AclEntries
_upd_acLink - is the AccessControlLink to update. May be null.
Returns:
null if no right has been added, otherwise returns the updated _upd_acLink, or a new AccessControlLinkImpl if _upd_acLink is null.

finalizeForProcess

public void finalizeForProcess()
Finalizes the instance. Called by RightsMediatorImpl.finalizeForProcess().