ARoad0.gWork
Class NodeRightsImpl

java.lang.Object
  extended by ARoad0.gWork.NodeRightsImpl
All Implemented Interfaces:
NodeRights
Direct Known Subclasses:
NodeRightsMySQLImpl, NodeRightsUbuntuImpl

public class NodeRightsImpl
extends java.lang.Object
implements NodeRights

This class is responsible for getting the rights for a node in a view, and since each implied ACS may be generic or from an AcsAddon, the main job of this class is to give the correct method to use for each ACS and each search. The NodeRights effective class is a NodeRightsImpl or one of its subclasses that is set in an AcsAddon. Thus each node offers to the paths search a set of methods from this NodeRightsImpl and, as an option, another set from the AcsAddon that are called from some NodeRightsImpl methods which are overridden.

Overriding this class is the easiest way to change, in an ACS addon, the selection for a node of its direct or inherited ACL or PRI rights, or its AG inherited rights. For changing the selection of the AG direct rights or another relation, it is necessary to overread all the methods detectAddon and selectAddon. Each node in a view and each intermediate node has one NodeRightsImpl instance for each view it belongs to. This class has properties that depend only on the class of the node ACS, then 2 nodes of the same view should use the same NodeRights instance, even if it is not the actual behavior in all cases. Each instance of NodeRightsImpl is called by only one thread. A node may be in several DisplayableLinks of the same view, but it has only one NodeRightsImpl instance for the view. The association between a node and its NodeRights instance is managed by the RightsMediatorImpl of the view.

The path search algorithms are divided in 4 sets:

- the core algorithms are the larger part of the code, and they are in most of the gWork classes; they work for all the ACS, generic one or from an AcsAddon; they consider the node general interface (EligibleParty or Resource, for instance), but they are independant to the effective properties of the node,

- the NodeRightsImpl generic methods: they are called by the core methods to process each node, and they use the generic properties of a node and its environment (like the generic properties of a Resource); they work for all the ACSs, they are always called by the core algorythms, but an AcsAddon may choose to overread them in some rare cases,

- the NodeRightsImpl AcsAddon methods: the core methods test through the getXXXAddonYYY methods, if a given AcsAddon method (detectAddon... or selectAddon...) is defined for the node, and if it true, the relevant method is called during the paths search by the core algorithms; these AcsAddon methods are empty in the NodeRightsImpl class (all the getXXXAddonYYY methods return false), and they may be overridden in the subclasses to write a code that calls some specialized AcsAddon methods,

- the specialized methods of an AcsAddon are in a NodeRightsImpl subclass, and they are called by an overridden NodeRightsImpl AcsAddon method; there is no name pattern for these methods; they use the generic properties of a node and its environment, but they also handle the original properties of the AcsAddon node. Since an AcsAddon may be based on another AcsAddon, a NodeRightsImpl subclass may have another NodeRightsImpl subclass has super class.

This structure is an important part of the AcsAddon pattern. It gives to the AcsAddon designer the full control on the true search algorithms to use in its own ACSs, but it also provides the powerful support of the generic algorithms and all the other AcsAddons, to limit the code he has to add in its AcsAddon.

A node is here the end of a view access path, or it may be a potential or effective intermediate node in an access path. Such an intermediate node is an ImmutableSource like Actor, GroupIDMember or VirtualFolder. An simple ACSObject can be an intermediate node in a generic Alias relation, but not in an AcsAddon relation.

Generally speaking, the rights depend on the node and its one or two previous nodes in the access path. These rights are based mainly on the classes and properties of these 2 or 3 implied nodes, and naturally also on their ACS properties. The resulting rights depends usually on the NodeRightsImpl algorithms only, but in some rare cases, they may also depend on the single NodeRightsImpl property, defined at the NodeRightsImpl creation, that is simply the node itself.

Note: the AG rights are always internal ones, for a given ACS. Since all the nodes of an ACS have NodeRight instances that have the same behavior, it is possible for the AG rights, and only for them, to use for a node, the NodeRight instance of another node of the same ACS. This is also true for VirtualFolder memberships, but not for the Bridge, ACL and Privilege rights.

Upper-level methods begin by get...(), with...() and detect...(), middle-level methods begin by select...().


Field Summary
protected  AclRightsFactoryImpl aclFact_
           
protected  AlgorithmInterpreter interpreter_
           
protected  LinkRights link_
          instance of LinkRightsImpl or one of its subclass
protected  DisplayableLinkUtilities linkUtil_
           
protected  PrivilegeRightsFactoryImpl priFact_
           
protected  UtilityImpl utility_
           
 
Fields inherited from interface ARoad0.gWorkInterface.NodeRights
INITIAL_CAPACITY
 
Constructor Summary
NodeRightsImpl(AlgorithmInterpreter _interpreter, LinkRights _link)
          Only one constructor, called by RightsMediatorImpl after the creation of the DisplayableLinkUtilities instance of _interpreter.
 
Method Summary
 java.util.Map detectAddon2Nodes(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks, BaseObject _center)
          For an AcsAddon, filters for a given node the incompatible rights, if any, in the 2-nodes DisplayableLinks, and adds the AcsAddon specific rights, if any.
 java.util.Map detectAddon3Nodes(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks)
          For an AcsAddon, filters for a given node the incompatible rights, if any, in the 3-nodes DisplayableLinks, and adds the AcsAddon specific rights, if any..
 java.util.Map detectAddonFinal2Nodes(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks, BaseObject _center)
          For an AcsAddon, defines the specific final direct rights, if any, for a given node in the 2-nodes DisplayableLinks.
 java.util.Map detectAddonFinal3Nodes(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks)
          For an AcsAddon, filters the incompatible rights, if any, for a node, and adds the AcsAddon specific rights, if any.
 java.util.Map detectAddonFinalAllNodes(EPRViewInBase _viewInBase, ImmutableTarget _node, java.util.Map _m_l_DisplayableLinks, java.util.Map<ImmutableName,java.util.Set<StringRight>> _m_effectiveRights)
          For an AcsAddon, defines the specific final direct rights, if any, for a given node in the DisplayableLinks having more than 3 nodes.
 java.util.List<StringRight> detectL_aclEntryRights(ImmutableResource _res, ImmutableEligibleParty _ep, boolean _onlyNonConditionalACLs)
          Gets all the rights of the relevant AclEntries managed by the Resource for a given EligibleParty, without the inherited AclEntries.
 java.util.List<StringRight> detectL_linkedPrivilegeRights(ImmutablePrivilegeTarget _targ, ImmutablePrivilegeSource _sour)
          Gets all the rights of the relevant direct linked privileges managed by the target for a given source.
 void finalizeForProcess()
          Finalizes the instance.
 boolean getDetectAddon2Nodes()
          Called by RightsFactory_Facade.
 boolean getDetectAddon3Nodes()
          Called by RightsFactory_Facade.
 boolean getDetectAddonFinal2Nodes()
          Called by RightsFactory_Facade.
 boolean getDetectAddonFinal3Nodes()
          Called by RightsFactory_Facade.
 boolean getDetectAddonFinalAllNodes()
          Called by RightsFactory_Facade.
 AccessControlLinkImpl getL_accessRightsThroughNodesTree(ImmutableLeaf _res, ImmutableEligibleParty _ep, ImmutableGroupID _grp)
          Returns in an AccessControlLink the inherited rights given by the directory tree or virtual folder tree, as AG, ACL or LPRI rights.
 AccessControlLinkImpl getMergedInheritedAclPriRightsAndComments(ImmutableSource _so, ImmutableLeaf _targ, AccessControlLinkImpl _upd_acLink, StringRight[] _l_transientInheritedRights)
          Gets the effective ACL or LPRI rights of the source on the target when there are non-null inherited rights through the nodes tree, and adds some specific comments for the ACL or PRI rights from an AcsAddon, even if there is no inherited rights.
 boolean getSelectAddonLastViewNodeAfterActor()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by ThreeNodesRightsFactoryImpl.
 boolean getSelectAddonLastViewNodeAfterGroupIDMember()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by ThreeNodesRightsFactoryImpl.endsPathsFromGroupIDMemberWithAclPrivilege().
 boolean getSelectAddonLastViewNodeAfterVirtualFolder()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by ThreeNodesRightsFactoryImpl.
 boolean getSelectAddonNewHiddenNodeForActor()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes, and by ThreeNodesRightsFactoryImpl.
 boolean getSelectAddonNewHiddenNodeForGroupIDMember()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes, and by ThreeNodesRightsFactoryImpl.addPathsFromGroupIDMemberAcsAddonRelationActor() and addPathsFromGroupIDMemberAcsAddonRelationNoActor().
 boolean getSelectAddonNewHiddenNodeForVirtualFolder()
          Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes, and by ThreeNodesRightsFactoryImpl.
 DisplayableLinkImpl selectAddonLastViewNodeAfterActor(EPRViewInBase _viewInBase, ImmutableTarget _target, DisplayableLinkImpl _dLink, java.util.Map _m_l_DisplayableLinks)
          Detects the view target that is linked to an actor, to extend the current DisplayableLink ended by this actor.
 DisplayableLinkImpl selectAddonLastViewNodeAfterGroupIDMember(EPRViewInBase _viewInBase, ImmutableTarget _target, DisplayableLinkImpl _dLink, java.util.Map _m_l_DisplayableLinks)
          Detects the view target that is linked to a groupIDMember, to extend the current DisplayableLink ended by this groupIDMember.
 DisplayableLinkImpl selectAddonLastViewNodeAfterVirtualFolder(EPRViewInBase _viewInBase, ImmutableResource _target, DisplayableLinkImpl _dLink, java.util.Map _m_l_DisplayableLinks)
          Detects the view target that is linked to a VirtualFolder, to extend the current DisplayableLink ended by this VirtualFolder.
 java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForActor(EPRViewInBase _viewInBase, ImmutableActor _node, java.util.Set<DisplayableLinkImpl> _l_dLinks, java.util.Map _m_l_DisplayableLinks, java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
          Detects the hidden nodes that are linked to an Actor as access source, to extend the current DisplayableLinks ended by this actor.
 java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForGroupIDMember(EPRViewInBase _viewInBase, ImmutableGroupIDMember _node, java.util.Set<DisplayableLinkImpl> _l_dLinks, java.util.Map _m_l_DisplayableLinks, java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
          Detects the hidden nodes that are linked to a GroupIDMember as access source, to extend the current DisplayableLinks ended by this GroupIDMember.
 java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForVirtualFolder(EPRViewInBase _viewInBase, ImmutableVirtualFolder _node, java.util.Set<DisplayableLinkImpl> _l_dLinks, java.util.Map _m_l_DisplayableLinks, java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
          Detects the hidden nodes that are linked to a VirtualFolder as access source, to extend the current DisplayableLinks ended by this VirtualFolder.
 java.util.Set<ImmutableGroupIDMember> selectDirectOwnerContainGlobalForActorAsEP(EPRViewInBase _viewInBase, ImmutableActor _act)
          Detects the current UserID (including 'root'), the current GroupID and the secondary groups under which an actor runs, if they are in the view.
 java.util.Set<DisplayableLinkImpl> selectForGroupIDMemberItsHiddenActorsWithNextLinks(EPRViewInBase _viewInBase, ImmutableGroupIDMember _ep)
          Detects all the actors that are owned or contained by _ep, that are not in _viewInBase and executable from _ep, and that are access sources for another AG context.
 java.util.Set selectHiddenButNoDirectGroupLinks(EPRViewInBase _viewInBase, ImmutableEligibleParty _ep)
          Detects the main GroupID and, recursivelly, the tree of GroupIDs in the _ep ACS, that contains _ep indirectly, and are not in _viewInBase.
 java.util.Set selectHiddenDirectGroupIDForGroupIDMember(EPRViewInBase _viewInBase, ImmutableGroupIDMember _memb)
          Detects all the GroupIDs in the ACS, for which a GroupIDMember (even for 'root') is a member, and are not in _viewInBase.
 java.util.Set selectHiddenDirectOwnerContainForActorAsResource(EPRViewInBase _viewInBase, ImmutableActor _act)
          Detects the UserID and all the GroupIDs in the ACS, that owns or contains an actor directly as a Resource, and are not in _viewInBase.
 java.util.Set selectHiddenDirectOwnerContainForTarget(EPRViewInBase _viewInBase, ImmutableResource _res)
          Detects the UserID and the GroupID in the _res ACS, that owns or contains _res directly, and are not in _viewInBase.
 java.util.Set<ImmutableGroupIDMember> selectHiddenDirectOwnerContainGlobalForActorAsEP(EPRViewInBase _viewInBase, ImmutableActor _act)
          Detects the current UserID (including 'root'), the current GroupID and the secondary groups under which an actor runs, if they are not in the view.
 java.lang.String toString()
           
 boolean withAccessThroughNodesTreeFromEP(ImmutableSource _ep, ImmutableLeaf _res, ImmutableGroupIDMember _ep_2)
          This method is designed to be fast, and to returns true if the resource tree or the virtual folder tree allows the source to access through the inherited AGO, ACL or PRI rights to the leaf.
protected  boolean withAclAccessThroughNodesTree(ImmutableResource _res, ImmutableEligibleParty _ep, ImmutableGroupID _grp)
          Returns true if the AclEntry inherited rights in the resources tree allows to access to the resource for the EligibleParties _ep or _grp.
protected  boolean withAgoAccessThroughNodesTree(ImmutableResource _res, ImmutableUserID _acc, ImmutableGroupID _grp)
          Returns true if the Account/Group inherited rights in the resources tree allows to access to the resouce.
protected  boolean withPriAccessThroughNodesTree(ImmutablePrivilegeTarget _res, ImmutableEligibleParty _ep, ImmutableGroupID _grp)
          Returns true if the Privilege inherited rights in the resources or the virtual folders tree allows to access to the PrivilegeTarget for the EligibleParties _ep or _grp.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

link_

protected LinkRights link_
instance of LinkRightsImpl or one of its subclass


interpreter_

protected AlgorithmInterpreter interpreter_

linkUtil_

protected DisplayableLinkUtilities linkUtil_

utility_

protected UtilityImpl utility_

priFact_

protected PrivilegeRightsFactoryImpl priFact_

aclFact_

protected AclRightsFactoryImpl aclFact_
Constructor Detail

NodeRightsImpl

public NodeRightsImpl(AlgorithmInterpreter _interpreter,
                      LinkRights _link)
Only one constructor, called by RightsMediatorImpl after the creation of the DisplayableLinkUtilities instance of _interpreter.

Parameters:
_interpreter - algorithm interpreter of this view
_link - to use for processing this node
Method Detail

getDetectAddon2Nodes

public boolean getDetectAddon2Nodes()
Called by RightsFactory_Facade. Overridden by the subclasses.

Specified by:
getDetectAddon2Nodes in interface NodeRights
Returns:
true if the detectAddon2Nodes method provides some work in this class.

getDetectAddonFinal2Nodes

public boolean getDetectAddonFinal2Nodes()
Called by RightsFactory_Facade. Overridden by the subclasses.

Specified by:
getDetectAddonFinal2Nodes in interface NodeRights
Returns:
true if the detectAddonFinal2Nodes method provides some work in this class.

getDetectAddon3Nodes

public boolean getDetectAddon3Nodes()
Called by RightsFactory_Facade. Overridden by the subclasses.

Specified by:
getDetectAddon3Nodes in interface NodeRights
Returns:
true if the detectAddon3Nodes method provides some work in this class.

getDetectAddonFinal3Nodes

public boolean getDetectAddonFinal3Nodes()
Called by RightsFactory_Facade. Overridden by the subclasses.

Specified by:
getDetectAddonFinal3Nodes in interface NodeRights
Returns:
true if the detectAddonFinal3Nodes method provides some work in this class.

getDetectAddonFinalAllNodes

public boolean getDetectAddonFinalAllNodes()
Called by RightsFactory_Facade. Overridden by the subclasses.

Specified by:
getDetectAddonFinalAllNodes in interface NodeRights
Returns:
true if the detectAddonFinalAllNodes method provides some work in this class.

getSelectAddonLastViewNodeAfterActor

public boolean getSelectAddonLastViewNodeAfterActor()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by ThreeNodesRightsFactoryImpl. Overridden by the subclasses.

Specified by:
getSelectAddonLastViewNodeAfterActor in interface NodeRights
Returns:
true if the selectAddonLastViewNodeAfterActor method provides some work in this class.

getSelectAddonLastViewNodeAfterGroupIDMember

public boolean getSelectAddonLastViewNodeAfterGroupIDMember()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by ThreeNodesRightsFactoryImpl.endsPathsFromGroupIDMemberWithAclPrivilege(). Overridden by the subclasses.

Specified by:
getSelectAddonLastViewNodeAfterGroupIDMember in interface NodeRights
Returns:
true if the selectAddonLastViewNodeAfterGroupIDMember method provides some work in this class.

getSelectAddonLastViewNodeAfterVirtualFolder

public boolean getSelectAddonLastViewNodeAfterVirtualFolder()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by ThreeNodesRightsFactoryImpl. Overridden by the subclasses.

Specified by:
getSelectAddonLastViewNodeAfterVirtualFolder in interface NodeRights
Returns:
true if the selectAddonLastViewNodeAfterVirtualFolder method provides some work in this class.

getSelectAddonNewHiddenNodeForActor

public boolean getSelectAddonNewHiddenNodeForActor()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes, and by ThreeNodesRightsFactoryImpl. Overridden by the subclasses.

Specified by:
getSelectAddonNewHiddenNodeForActor in interface NodeRights
Returns:
true if the selectAddonNewHiddenNodeForActor method provides some work in this class.

getSelectAddonNewHiddenNodeForGroupIDMember

public boolean getSelectAddonNewHiddenNodeForGroupIDMember()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes, and by ThreeNodesRightsFactoryImpl.addPathsFromGroupIDMemberAcsAddonRelationActor() and addPathsFromGroupIDMemberAcsAddonRelationNoActor(). Overridden by the subclasses.

Specified by:
getSelectAddonNewHiddenNodeForGroupIDMember in interface NodeRights
Returns:
true if the selectAddonNewHiddenNodeForGroupIDMember method provides some work in this class.

getSelectAddonNewHiddenNodeForVirtualFolder

public boolean getSelectAddonNewHiddenNodeForVirtualFolder()
Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the central loop on the intermediate nodes, and by ThreeNodesRightsFactoryImpl. Overridden by the subclasses.

Specified by:
getSelectAddonNewHiddenNodeForVirtualFolder in interface NodeRights
Returns:
true if the selectAddonNewHiddenNodeForVirtualFolder method provides some work in this class.

detectAddon2Nodes

public java.util.Map detectAddon2Nodes(EPRViewInBase _viewInBase,
                                       ImmutableTarget _node,
                                       java.util.Map _m_l_DisplayableLinks,
                                       BaseObject _center)
For an AcsAddon, filters for a given node the incompatible rights, if any, in the 2-nodes DisplayableLinks, and adds the AcsAddon specific rights, if any. The specific rights are searching for all sources in the view. Called by RightsFactory_Facade before the detection of the 3-nodes links. Overridden by the subclasses. For a sketch view, this method may return new DisplayableLinks from _center to _node, if any, but also, new DisplayableLinks from the view sources to _center when _node is _center. Synchronized to _viewInBase by RightsFactory_Facade.

Specified by:
detectAddon2Nodes in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase
_node - node of this instance
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update.
_center - is the central object of a sketch view. Null if it is not a sketch view.
Returns:
Map of DisplayableLinks, with 'other' links associated to every pair (EP,Resource).
See Also:
detectAddonFinal2Nodes(ARoad0.gBaseInterface.EPRViewInBase, ARoad0.gBaseInterface.ImmutableTarget, java.util.Map, ARoad0.gBaseInterface.BaseObject)

detectAddonFinal2Nodes

public java.util.Map detectAddonFinal2Nodes(EPRViewInBase _viewInBase,
                                            ImmutableTarget _node,
                                            java.util.Map _m_l_DisplayableLinks,
                                            BaseObject _center)
For an AcsAddon, defines the specific final direct rights, if any, for a given node in the 2-nodes DisplayableLinks. This method handles the work to do at the end of the searches on direct rights, like for instance the AGO 'Other' rights on a Linux Ubuntu. The specific rights are searching for all sources in the view. For a sketch view, this method may return new DisplayableLinks from _center to _node, if any, but also, new DisplayableLinks from the view sources to _center when _node is _center. Called by RightsFactory_Facade. Overridden by the subclasses. Synchronized to _viewInBase by RightsFactory_Facade.

Specified by:
detectAddonFinal2Nodes in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase
_node - node of this instance
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update.
_center - is the central object of a sketch view. Null if it is not a sketch view.
Returns:
Map of DisplayableLinks, with 'other' links associated to every pair (EP,Resource).
See Also:
detectAddon2Nodes(ARoad0.gBaseInterface.EPRViewInBase, ARoad0.gBaseInterface.ImmutableTarget, java.util.Map, ARoad0.gBaseInterface.BaseObject)

detectAddon3Nodes

public java.util.Map detectAddon3Nodes(EPRViewInBase _viewInBase,
                                       ImmutableTarget _node,
                                       java.util.Map _m_l_DisplayableLinks)
                                throws java.lang.InterruptedException
For an AcsAddon, filters for a given node the incompatible rights, if any, in the 3-nodes DisplayableLinks, and adds the AcsAddon specific rights, if any.. The specific rights are searching for any source in the view. Called by RightsFactory_Facade. Overridden by the subclasses. Synchronized to _viewInBase by RightsFactory_Facade.

Specified by:
detectAddon3Nodes in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase
_node - node of this instance
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update.
Returns:
Map of DisplayableLinks
Throws:
java.lang.InterruptedException
See Also:
detectAddonFinal3Nodes(ARoad0.gBaseInterface.EPRViewInBase, ARoad0.gBaseInterface.ImmutableTarget, java.util.Map)

detectAddonFinal3Nodes

public java.util.Map detectAddonFinal3Nodes(EPRViewInBase _viewInBase,
                                            ImmutableTarget _node,
                                            java.util.Map _m_l_DisplayableLinks)
                                     throws java.lang.InterruptedException
For an AcsAddon, filters the incompatible rights, if any, for a node, and adds the AcsAddon specific rights, if any. This method handles the work to do at the end of the searches on 3-nodes links. Called by RightsFactory_Facade. Overridden by the subclasses. Synchronized to _viewInBase by RightsFactory_Facade.

Specified by:
detectAddonFinal3Nodes in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase
_node - node of this instance
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update.
Returns:
Map of DisplayableLinks
Throws:
java.lang.InterruptedException
See Also:
detectAddon3Nodes(ARoad0.gBaseInterface.EPRViewInBase, ARoad0.gBaseInterface.ImmutableTarget, java.util.Map)

detectAddonFinalAllNodes

public java.util.Map detectAddonFinalAllNodes(EPRViewInBase _viewInBase,
                                              ImmutableTarget _node,
                                              java.util.Map _m_l_DisplayableLinks,
                                              java.util.Map<ImmutableName,java.util.Set<StringRight>> _m_effectiveRights)
                                       throws java.lang.InterruptedException
For an AcsAddon, defines the specific final direct rights, if any, for a given node in the DisplayableLinks having more than 3 nodes. This method handles the work to do at the end of the searches on all the links.

Note: to speed up this method, the argument _m_effectiveRights is set from the initial argument _m_l_DisplayableLinks before the first call to this method, and for a given EPR view. _m_effectiveRights is then immutable while _m_l_DisplayableLinks may be updated by this method. This is not the case for the NoThan views. For the EPR views, this behavior implies this method provides independant changes for each _node for which it is called, so that the initial _m_effectiveRights remains usable. Called by RightsFactory_Facade.

Specified by:
detectAddonFinalAllNodes in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase
_node - node of this instance
_m_l_DisplayableLinks - Map of DisplayableLinks lists (one per pair) associated to the view, and to update.
_m_effectiveRights - non-null Map where the keys are the _m_l_DisplayableLinks keys where rights are activated, and the value is a set of StringRights. May be an empty set.
Returns:
Map of DisplayableLinks
Throws:
java.lang.InterruptedException

detectL_aclEntryRights

public java.util.List<StringRight> detectL_aclEntryRights(ImmutableResource _res,
                                                          ImmutableEligibleParty _ep,
                                                          boolean _onlyNonConditionalACLs)
Gets all the rights of the relevant AclEntries managed by the Resource for a given EligibleParty, without the inherited AclEntries. These AclEntries may be managed by different ACSs, and for each ACS, the negative rights are subtracted from the positive ones. The negative rights from an ACS are then the only resulting rights if the subtraction returns an empty list. With ACLs from several ACS, in the resulting list, the result from each ACS is added without filtering. Then one ACS may provide a negative right while another ACS provides a positive right. Note: this method is sensible since it is indirectly used for both the one-link method, the two-link method and a multiple-links method. Calls BaseUtilityImpl.subtractNegativeNotRemovingInOneACS(). Called by AclRightsFactoryImpl.addAclInAccessControlLink().

Specified by:
detectL_aclEntryRights in interface NodeRights
Parameters:
_res - of this instance, with some AclEntries to filter
_ep - may be associated to some _res AclEntries
_onlyNonConditionalACLs - true to read only the non-conditional AclEntries
Returns:
list of positive or negative rights from different ACSs, or null.

detectL_linkedPrivilegeRights

public java.util.List<StringRight> detectL_linkedPrivilegeRights(ImmutablePrivilegeTarget _targ,
                                                                 ImmutablePrivilegeSource _sour)
Gets all the rights of the relevant direct linked privileges managed by the target for a given source. Inherited privileges are not covered. These privileges are managed by different ACSs, and for each ACS, the negative rights are subtracted from the positive ones. The negative rights from an ACS are then the only resulting rights if the subtraction returns an empty list. With ACLs from several ACS, in the resulting list, the result from each ACS is added without filtering. Then one ACS may provides a negative right while another ACS provides a positive right. Note: this method is sensible since it is indirectly used for both the one-link method, the two-link method and a multiple-links method. Calls PrivilegeRightsFactoryImpl.getL_linkedPrivilege() and BaseUtilityImpl.subtractNegativeNotRemovingInOneACS(). Called by PrivilegeRightsFactoryImpl.addPrivilegeInAccessControlLink().

Specified by:
detectL_linkedPrivilegeRights in interface NodeRights
Parameters:
_targ - privilege target of this instance
_sour - privilege source
Returns:
list of positive or negative rights from different ACSs, or null.

withAgoAccessThroughNodesTree

protected boolean withAgoAccessThroughNodesTree(ImmutableResource _res,
                                                ImmutableUserID _acc,
                                                ImmutableGroupID _grp)
Returns true if the Account/Group inherited rights in the resources tree allows to access to the resouce. If the leaf is a resource, it is true if the parent UserID/GroupID are the leaf UserID/GroupID, and if the parent rights allow the access to children. If the AG rights inheritance is applicable to the ImmutableSource ACS, this method applies the following generic rules:

- 'AGO right inheritance 1: if no access from the inherited rights, no AGO access to the child if and only if the account or the group is not null'

- 'AGO right: A rights overlay G rights'

Called by withAccessThroughNodesTreeFromEP().

Caution: To follow the AcsAddon pattern, withAccessThroughNodesTreeFromEP() should be the single caller in the generic gWork package. This method is not private only to let the subclasses overread it, but it is necessary there to call it only from the same method, to not jump withAccessThroughNodesTreeFromEP().

Calls Resource.getAGOAccessFromTheParentAccount() and getAGOAccessFromTheParentGroup(). Overridden method by the AcsAddons, like in the AcsAddon Ubuntu for instance.

Parameters:
_res - Resource of this instance; may be accessed or not through its parent tree
_acc - the _res userID or not. May be null. If null and if all the _res parents have no UserID, returns true.
_grp - the _res groupID or not. May be null. If null and if all the _res parents have no GroupID, returns true.
Returns:
true if the resource parent tree allows to go through down to the leaf.
See Also:
BaseUtilityImpl.withAcrossToDirectoryAGRights(ARoad0.gBaseInterface.StringRight[])

withPriAccessThroughNodesTree

protected boolean withPriAccessThroughNodesTree(ImmutablePrivilegeTarget _res,
                                                ImmutableEligibleParty _ep,
                                                ImmutableGroupID _grp)
Returns true if the Privilege inherited rights in the resources or the virtual folders tree allows to access to the PrivilegeTarget for the EligibleParties _ep or _grp. Returns true if the resource has no parent. Called by withAccessThroughNodesTreeFromEP().

Caution: To follow the AcsAddon pattern, withAccessThroughNodesTreeFromEP() should be the single caller, from the generic gWork package or not. This method is not private only to let the subclasses overread it, but it is necessary there to call it through the same way, that is to never jump the method withAccessThroughNodesTreeFromEP() which chooses the good arguments for calling this method.

Calls ImmutablePrivilegeTarget.getM_TargetInheritedLinkedPRIRights(). Overridden method by the AcsAddons.

Parameters:
_res - Resource or VirtualFolder of this instance; may be accessed or not through its parent tree
_ep - the _res userID or not, or an Actor. May be null.
_grp - the _res groupID or not. May be null.
Returns:
true if the parent tree allows to go through down to the leaf.

withAclAccessThroughNodesTree

protected boolean withAclAccessThroughNodesTree(ImmutableResource _res,
                                                ImmutableEligibleParty _ep,
                                                ImmutableGroupID _grp)
Returns true if the AclEntry inherited rights in the resources tree allows to access to the resource for the EligibleParties _ep or _grp. Returns true if the resource has no parent. Called by withAccessThroughNodesTreeFromEP().

Caution: to follow the AcsAddon pattern, withAccessThroughNodesTreeFromEP() should be the single caller of this method, from the generic gWork package or not. This method is not private to let the subclasses overread it, but it is necessary there to call it through the same way, that is to never jump the method withAccessThroughNodesTreeFromEP() which chooses the good arguments for calling this method.

Calls ImmutableResource.getM_TargetInheritedACLRights(). Overridden method by the AcsAddons.

Parameters:
_res - Resource of this instance; may be accessed or not through its parent tree
_ep - the _res userID or not, or an Actor. May be null.
_grp - the _res groupID or not. May be null.
Returns:
true if the resource parent tree allows to go through down to the leaf.

withAccessThroughNodesTreeFromEP

public boolean withAccessThroughNodesTreeFromEP(ImmutableSource _ep,
                                                ImmutableLeaf _res,
                                                ImmutableGroupIDMember _ep_2)
This method is designed to be fast, and to returns true if the resource tree or the virtual folder tree allows the source to access through the inherited AGO, ACL or PRI rights to the leaf. All the ACSs apply the metarule 'right inheritance in the targets tree: no more than one of the three ACL/AGO/LPRI rights inheritance may be activated'.

This method implements the following generic rules for one of the three inherited rights:

- 'ACL/AGO/LPRI right inheritance 1: child/node inherits rights from the direct and indirect parents',

- 'ACL/LPRI right inheritance 1: if activated and no access from the inherited rights, no ACL/LPRI access to the child',

- 'ACL/AGO/LPRI right inheritance 2: at each access of an account, the first eligible party having inherited rights set them, and the search order is, first the account, second its primary group, and third the account groups',

- 'ACL/AGO/LPRI right inheritance 2: at each access of a group, the first eligible party having inherited rights set them, and the search order is first the group, second the group groups',

- 'ACL/LPRI right inheritance 2: at each access of an actor, the first eligible party having inherited rights set them, and the search order is, first the actor, second the account of its AG context, third the group of its AG context, fourth the secondary groups of the actor',

- 'AGO right inheritance 1: if activated and no access from the inherited rights, no AGO access to the child if and only if the account or the group is not null',

- 'AGO right inheritance 2: at each access of an actor, the first eligible party having inherited rights set them, and the search order is, first the account of its AG context, second the group of its AG context, third the secondary groups of the actor',

For the account-to-group primary group relation, these rules imply that the primary group of the account argument delivers its inherited rights, before any group, even the group argument. For an actor, these rules imply that access may be authorize through the actor current userID, even if the AG context of the actor has not to be considered in the access path. In this latter case, the effective rights of the actor are null, but that is the responsability of the consumer of this method.

For the group-to-group is_member relation, this method does not apply the rule 'EP: group of groups on N levels, with search of the group inherited rights only for the first is_member level'

An AcsAddon may overread this method to change these rules, for example to simplify the method, or to change one of the three called methods withAgo/Pri/AclAccessThroughNodesTree(). It is then recommanded to analyze the need to change the method getL_accessRightsThroughNodesTree(). Any code editing should have a similar changing in the AcsAddon ACS rules.

Called by AgoRightsFactoryImpl.detectHiddenChainedGroupsRights(), detectOneHiddenNodeWithCommonAGORights(), detectAGRights(), detectOwnerContainRights(), and selectForGroupIDMemberItsHiddenActorsWithNextLinks(), AclRightsFactoryImpl.addAclInAccessControlLink(), ThreeNodesRightsFactoryImpl.endsPathsFromGroupIDMemberWithAclPrivilegeMemberOwnContain(), CompoundRightsFactoryImpl.detectHiddenCompoundEpRights(). Calls the three methods withAgo/Pri/AclAccessThroughNodesTree().

Specified by:
withAccessThroughNodesTreeFromEP in interface NodeRights
Parameters:
_ep - Actor, UserID or GroupID to test. If null, returns true. If its ACS does not manage any rights inheritance, returns true.
_res - Resource or VirtualFolder of this instance, which may be accessed or not through its parent tree. Never null.
_ep_2 - the group member which may be accessed by _ep. May be null. If _ep is not an Actor, this argument is not used. Otherwise, in the generic gWork algorithms, only AgoRightsFactoryImpl.detectOneHiddenNodeWithCommonAGORights() uses this argument. Then, for an Actor, this argument replaces the current UserID or the current GroupID of the Actor.
Returns:
true if the resource parent tree allows _ep to go through down to the resource, if _ep is null, or if its ACS does not manage any rights inheritance.
See Also:
getL_accessRightsThroughNodesTree(ARoad0.gBaseInterface.ImmutableLeaf, ARoad0.gBaseInterface.ImmutableEligibleParty, ARoad0.gBaseInterface.ImmutableGroupID)

getL_accessRightsThroughNodesTree

public AccessControlLinkImpl getL_accessRightsThroughNodesTree(ImmutableLeaf _res,
                                                               ImmutableEligibleParty _ep,
                                                               ImmutableGroupID _grp)
Returns in an AccessControlLink the inherited rights given by the directory tree or virtual folder tree, as AG, ACL or LPRI rights. This method has to be called on the NodeRightsImpl instance of the argument _res. Comments allow to explain the result. The result uses one of the type AccessControlLink.ACL, LPRI or OWNER. If there is at least a conditional ACL, the result should contain in the comment 'conditional ACL' for the relevant type, while it is not done in the present method. Furthermore, LinkRightsMySQLImpl offers an exemple of overridden method where the conditional group names are added in the comment, like in AclRightsFactoryImpl.addAclInAccessControlLink() for the direct ACLs. This important method has to be called only on the LinkRightsImpl instance of the argument _res. Among the 3 types of inherited rights, an ACS can manage only one type. There is never bottom-up search in the tree of the applicable rights, to provide a fast method. The default algorithm in this method for the ACL or LPRI inherited rights are generally overridden in an AcsAddon gWork package. In the generic gBase classes or in an AcsAddon gBase package, a node has to update the inherited rights of its children, following its own algorithm. For the ACL or LPRI inherited rights, this is always done in an AcsAddon gBase package. The AGO rights inheritance requires to see if each parent node allows or not to go accross it. In this case, to avoid a bottom-up search in this method, each Directory updates the methods getAGOAccessFromTheXXXAccount() of its direct children when its proper AGO rights change.

For the ACL and LPRI inherited rights, in the default algorithm of this method, the rights of the leaf are those of the -first- EligibleParty that is linked to the argument _ep or to _grp. In the map of the inherited rights of _res, this method searches among the map keys to find a linked eligible party. It applies a bottom-up test among the parents tree, where the key is the name of an eligible party extended by the order of the parent from _res. For example, if both the _res direct parent and its proper parent deliver two inherited rights sets for _ep to _res in the map, there are two keys '_ep primary group name + 1' and '_ep primary group name + 2' in the inherited rights map of _res, and the returned rights will be the value for the key '_ep primary group name + 1', from the _res direct parent. This is due to the fact that the method ImmutableResource.getM_TargetInheritedACLRights() returns a map where the keySet() method has an iterator in the natural order of the ImmutableNames it uses. This implies that the root of the tree should not give inherited rights to _ep or _grp, while the leaf provides non-null inherited rights through an intermediate parent. In all cases, the method mergeInheritedAclPriRightsThroughNodesTree() is responsible to set the effective ACL or LPRI rights, from the inheritance or not, only if the array of inherited rights is not null (but it may be empty).

For the AGO inherited rights, the account or group inherited rights of the resource are returned simply if the tested eligible party is equal to the resource account or group.

In the default algorithm of this method, the order of the linked eligible parties to be tested in the inherited rights map is identical for the three types of inherited rights, and this EP search order is:

1/ the account _ep first - and the method ends immediately if _ep is able to deliver some inherited rights to _res

2/ if the previous result is null, the _ep primary group is tested, if any,

3/ otherwise, the group _grp passed in to the method is tested,

4/ if the result is still null, the _ep groups,

5/ at the end, all the _grp groups at the first level are tested.

The EP search order does not depend on the distance from _res to the parent which delivers the inherited rights. This is why a parent at three levels above _res will be able to deliver inherited rights to _ep, while the _res direct parent delivers rights to _grp that wont be returned. The EP search order algorithm may be overridden by an AcsAddon. This generic algorithm is trully used only in the rare cases where the _res ACS structure includes all the relevant properties.

This method is strongly coupled to withAccessThroughNodesTreeFromEP(), and the rules to follow are explained in the documentation of this method. For the AGO right inheritance, it is recommanded to use withAccessThroughNodesTreeFromEP() before, to check in if an access is allowed. An AcsAddon may overread this method, and then, it is necessary to analyze the need to change also the methods withAcl/Ago/PriAccessThroughNodesTree() and withAccessThroughNodesTreeFromEP(). For example, the AcsAddon Ubuntu Overrides it to add the AG 'Other' rights. No comment is added by this method, but this may be false in an AcsAddon.

Called by AgoRightsFactoryImpl.detectAGRights(), addOwnerContainRightsToLastLinkInDisplayableLink(), detectOwnerContainRights(), and selectForGroupIDMemberItsHiddenActorsWithNextLinks(), PrivilegeRightsFactoryImpl.addPrivilegeInAccessControlLink() and AclRightsFactoryImpl.addAclInAccessControlLink().

Specified by:
getL_accessRightsThroughNodesTree in interface NodeRights
Parameters:
_res - Resource or VirtualFolder of this instance may be accessed or not through its parent tree. May be null.
_ep - the _res userID or not, or an Actor. May be null. If not null and is an account, the account primary group may deliver the inherited rights if the account does not provide it.
_grp - the _res groupID or not. May be null.
Returns:
the link with the rights given by the parent and some comments, for one of the type AccessControlLink.ACL, LPRI, or GLOBAL for AG rights. It is not possible to activate more than one of the three types. May be null or without rights. Null if _acc and _grp are both not null, or if _res, its ACs or its parent is null. Without rights if _res has no parent.
See Also:
withAccessThroughNodesTreeFromEP(ARoad0.gBaseInterface.ImmutableSource, ARoad0.gBaseInterface.ImmutableLeaf, ARoad0.gBaseInterface.ImmutableGroupIDMember), getMergedInheritedAclPriRightsAndComments(ARoad0.gBaseInterface.ImmutableSource, ARoad0.gBaseInterface.ImmutableLeaf, ARoad0.CNot.AccessControlLinkImpl, ARoad0.gBaseInterface.StringRight[])

getMergedInheritedAclPriRightsAndComments

public AccessControlLinkImpl getMergedInheritedAclPriRightsAndComments(ImmutableSource _so,
                                                                       ImmutableLeaf _targ,
                                                                       AccessControlLinkImpl _upd_acLink,
                                                                       StringRight[] _l_transientInheritedRights)
Gets the effective ACL or LPRI rights of the source on the target when there are non-null inherited rights through the nodes tree, and adds some specific comments for the ACL or PRI rights from an AcsAddon, even if there is no inherited rights. The argument _l_transientInheritedRights contains the inherited rights found by getL_accessRightsThroughNodesTree(). In this generic NodeRightsImpl class, these inherited rights are the first found ones in a bottom-up search into the targets tree. In this default method an AcsAddon may overread, the inherited rights are simply added to the direct rights already set in the argument _upd_aclink, with a special comment for the 'See why' text. This method also adds 'conditional ACL' in the ACL comment, with the condition group names, for each enabled conditional non-inherited AclEntry from the source to the leaf, if the leaf is a Resource.

An AcsAddon may always return null even if there are non-null direct rights or non-null inherited rights. Called by PrivilegeRightsFactoryImpl.addPrivilegeInAccessControlLink() and AclRightsFactoryImpl.addAclInAccessControlLink().

Specified by:
getMergedInheritedAclPriRightsAndComments in interface NodeRights
Parameters:
_so - source for which the rights on _targ has to be set
_targ - Resource or VirtualFolder of this instance. May be null.
_upd_acLink - contains the direct ACL and/or LPRI rights, if any. Never null. May be empty.
_l_transientInheritedRights - has to be from getL_accessRightsThroughNodesTree(). May be null or empty.
Returns:
_upd_acLink with the effective ACL or LPRI rights of the source on the target, or null if the inherited rights nullify the result.

selectAddonLastViewNodeAfterActor

public DisplayableLinkImpl selectAddonLastViewNodeAfterActor(EPRViewInBase _viewInBase,
                                                             ImmutableTarget _target,
                                                             DisplayableLinkImpl _dLink,
                                                             java.util.Map _m_l_DisplayableLinks)
Detects the view target that is linked to an actor, to extend the current DisplayableLink ended by this actor. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by ThreeNodesRighsFactoryImpl.endsPathsFromActorWithAclBridgePrivilegeAlias() and selectOneHiddenNodePathsForVirtualFolder(). Overridden by the subclasses.

Specified by:
selectAddonLastViewNodeAfterActor in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase. Never null.
_target - view node, not node of this instance. Never null.
_dLink - with an actor as second end and node of this instance. Never null.
_m_l_DisplayableLinks - immutabke Map of DisplayableLinks lists (one per pair) to never update in this method.
Returns:
new DisplayableLinkImpl that is an extension of _dlink with _target as the second node, or null. Never empty.

selectAddonLastViewNodeAfterGroupIDMember

public DisplayableLinkImpl selectAddonLastViewNodeAfterGroupIDMember(EPRViewInBase _viewInBase,
                                                                     ImmutableTarget _target,
                                                                     DisplayableLinkImpl _dLink,
                                                                     java.util.Map _m_l_DisplayableLinks)
Detects the view target that is linked to a groupIDMember, to extend the current DisplayableLink ended by this groupIDMember. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by ThreeNodesRighsFactoryImpl.endsPathsFromGroupIDMemberWithAclPrivilegeAlias(). Overridden by the subclasses.

Specified by:
selectAddonLastViewNodeAfterGroupIDMember in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase. Never null.
_target - view node, not node of this instance. Never null.
_dLink - with a groupIDMember as second end and node of this instance. Never null.
_m_l_DisplayableLinks - immutabke Map of DisplayableLinks lists (one per pair) to never update in this method.
Returns:
new DisplayableLinkImpl that is an extension of _dlink with _target as the second node, or null. Never empty.

selectAddonLastViewNodeAfterVirtualFolder

public DisplayableLinkImpl selectAddonLastViewNodeAfterVirtualFolder(EPRViewInBase _viewInBase,
                                                                     ImmutableResource _target,
                                                                     DisplayableLinkImpl _dLink,
                                                                     java.util.Map _m_l_DisplayableLinks)
Detects the view target that is linked to a VirtualFolder, to extend the current DisplayableLink ended by this VirtualFolder. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the final loop on the view nodes, and by ThreeNodesRighsFactoryImpl.endsPathsFromVirtualFolderWithMemberAlias() Overridden by the subclasses.

Specified by:
selectAddonLastViewNodeAfterVirtualFolder in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase. Never null.
_target - view node, not node of this instance. Never null.
_dLink - with a VirtualFolder as second end and node of this instance. Never null.
_m_l_DisplayableLinks - immutabke Map of DisplayableLinks lists (one per pair) to never update in this method.
Returns:
new DisplayableLinkImpl that is an extension of _dlink with _target as the second node, or null. Never empty.

selectAddonNewHiddenNodeForActor

public java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForActor(EPRViewInBase _viewInBase,
                                                                            ImmutableActor _node,
                                                                            java.util.Set<DisplayableLinkImpl> _l_dLinks,
                                                                            java.util.Map _m_l_DisplayableLinks,
                                                                            java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
Detects the hidden nodes that are linked to an Actor as access source, to extend the current DisplayableLinks ended by this actor. Returns the no-proxy actors of the _node ACS in _upd_l_NoProxyOrNoExecuteNodes. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the starting and central loops. Two lists are returned to separate the executing right-proxy nodes. The last argument may be updated to provide the second returned value, and it contains only the nodes on which the property changes have to be listened. Overridden and called by the subclasses.

Specified by:
selectAddonNewHiddenNodeForActor in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase. Never null.
_node - node of this instance. Never null.
_l_dLinks - list of links with _node as second end. May be null.
_m_l_DisplayableLinks - immutabke Map of DisplayableLinks lists (one per pair) to never update in this method.
_upd_l_NoProxyOrNoExecuteNodes - updated by the adding of the hidden nodes without executing right or which are not right-proxy nodes, if any. This list is only extended if necessary, as a complement of the returned value of the method. This argument is usually empty at the call of this method, but this is not mandatory. Never null.
Returns:
new DisplayableLinkImpls that are extensions or updatings of some DisplayableLinkImpls in _l_dLinks with an Actor, GroupIDMember or VirtualFolder as the second end, or null. If _l_dLinks is null, returns only simple links. Always null.

selectAddonNewHiddenNodeForGroupIDMember

public java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForGroupIDMember(EPRViewInBase _viewInBase,
                                                                                    ImmutableGroupIDMember _node,
                                                                                    java.util.Set<DisplayableLinkImpl> _l_dLinks,
                                                                                    java.util.Map _m_l_DisplayableLinks,
                                                                                    java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
Detects the hidden nodes that are linked to a GroupIDMember as access source, to extend the current DisplayableLinks ended by this GroupIDMember. Returns the no-proxy actors of the _node ACS in _upd_l_NoProxyOrNoExecuteNodes. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the starting and central loops. Two lists are returned to separate the executing right-proxy nodes. The last argument may be updated to provide the second returned value, and it contains only the nodes on which the property changes have to be listened. Overridden and called by the subclasses.

Specified by:
selectAddonNewHiddenNodeForGroupIDMember in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase. Never null.
_node - node of this instance. Never null.
_l_dLinks - list of links with _node as second end. May be null.
_m_l_DisplayableLinks - immutabke Map of DisplayableLinks lists (one per pair) to never update in this method.
_upd_l_NoProxyOrNoExecuteNodes - updated by the adding of the hidden nodes without executing right or which are not right-proxy nodes, if any. This list is only extended if necessary, as a complement of the returned value of the method. This argument is usually empty at the call of this method, but this is not mandatory. Never null.
Returns:
new DisplayableLinkImpls that are extensions or updatings of some DisplayableLinkImpls in _l_dLinks with an Actor, GroupIDMember or VirtualFolder as the second end, or null. If _l_dLinks is null, returns only simple links. Always null.

selectAddonNewHiddenNodeForVirtualFolder

public java.util.List<DisplayableLinkImpl> selectAddonNewHiddenNodeForVirtualFolder(EPRViewInBase _viewInBase,
                                                                                    ImmutableVirtualFolder _node,
                                                                                    java.util.Set<DisplayableLinkImpl> _l_dLinks,
                                                                                    java.util.Map _m_l_DisplayableLinks,
                                                                                    java.util.List<ACSObject> _upd_l_NoProxyOrNoExecuteNodes)
Detects the hidden nodes that are linked to a VirtualFolder as access source, to extend the current DisplayableLinks ended by this VirtualFolder. Returns the no-proxy actors of the _node ACS in _upd_l_NoProxyOrNoExecuteNodes. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights() in the starting and central loops. Two lists are returned to separate the executing right-proxy nodes. The last argument may be updated to provide the second returned value, and it contains only the nodes on which the property changes have to be listened. Overridden and called by the subclasses.

Specified by:
selectAddonNewHiddenNodeForVirtualFolder in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase. Never null.
_node - node of this instance. May be a Resource VirtualFolder. Never null.
_l_dLinks - list of links with _node as second end. May be null.
_m_l_DisplayableLinks - immutabke Map of DisplayableLinks lists (one per pair) to never update in this method.
_upd_l_NoProxyOrNoExecuteNodes - updated by the adding of the hidden nodes without executing right or which are not right-proxy nodes, if any. This list is only extended if necessary, as a complement of the returned value of the method. This argument is usually empty at the call of this method, but this is not mandatory. Never null.
Returns:
new DisplayableLinkImpls that are extensions or updatings of some DisplayableLinkImpls in _l_dLinks with an Actor as the second end, or null. If _l_dLinks is null, returns only simple links. Always null.

selectHiddenButNoDirectGroupLinks

public java.util.Set selectHiddenButNoDirectGroupLinks(EPRViewInBase _viewInBase,
                                                       ImmutableEligibleParty _ep)
Detects the main GroupID and, recursivelly, the tree of GroupIDs in the _ep ACS, that contains _ep indirectly, and are not in _viewInBase. Detects the MEMBER and GLOBAL relationships without any setting of the link types nor the rights. Puts a comment only for AccessControlLink.CONTAIN, through the adding of ''. The search of indirect relations is provided through up to 40 iterations. Called by detectHiddenChainedGroupsRights().

Specified by:
selectHiddenButNoDirectGroupLinks in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase
_ep - node of this instance; is in _viewInBase
Returns:
Set of DisplayableLinkImpl for which the first end is _ep, the second end is not in _viewInBase, and for which the second end and the intermediate nodes are the actor UserID or GroupIDs that contain _ep. The rights are not set. May be null but not empty.
Throws:
java.lang.InternalError - if the number of iterations is up to 40.

selectHiddenDirectOwnerContainGlobalForActorAsEP

public java.util.Set<ImmutableGroupIDMember> selectHiddenDirectOwnerContainGlobalForActorAsEP(EPRViewInBase _viewInBase,
                                                                                              ImmutableActor _act)
Detects the current UserID (including 'root'), the current GroupID and the secondary groups under which an actor runs, if they are not in the view. The secondary groups are added only if there is a current UserID or a current GroupID. This is independent to the AGO rights management by the ACS. This method is called on the NodeRights of the actor, while it should be the NodeRights of the result to be comply with the AcsAddon framework. Nonetheless, it works because the NodeRights of the actor is identical to the NodeRights of the result.

Note: this method is sensible, since it is called for 3-nodes paths and for the longer paths. Returns null if there is no current UserID, and returns only the relevant GroupIDs if the current UserID is in the view. No control to check up if the actor is a right proxy. Called by selectHiddenDirectOwnerContainLinksForActor(), CompoundRightsFactoryImpl.detectOneHiddenNodeCompoundRights() and ThreeNodesRightsFactoryImpl.detectHiddenCompoundEpRights().

Specified by:
selectHiddenDirectOwnerContainGlobalForActorAsEP in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase
_act - node of this instance; is in _viewInBase
Returns:
the UserID and the GroupIDs under which _res runs and which are not in the view. May be null but not empty.

selectDirectOwnerContainGlobalForActorAsEP

public java.util.Set<ImmutableGroupIDMember> selectDirectOwnerContainGlobalForActorAsEP(EPRViewInBase _viewInBase,
                                                                                        ImmutableActor _act)
Detects the current UserID (including 'root'), the current GroupID and the secondary groups under which an actor runs, if they are in the view. Returns null if there is no current UserID. No control to check up if the actor is a right proxy. Called by detectAGRights() and ThreeNodesRightsFactoryImpl.selectOneHiddenNodePathsForVirtualFolder(), selectOneHiddenNodePathsForFirstLinkPrivileges(), addPathsFromActorBridgeActor(), addPathsFromActorAclActor(), addPathsFromActorAcsAddonRelationActor(), addPathsFromGroupIDMemberAclActor(), addPathsFromGroupIDMemberAcsAddonRelationActor().

Specified by:
selectDirectOwnerContainGlobalForActorAsEP in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase
_act - node of this instance; is in _viewInBase
Returns:
the UserID and the GroupID under which _res runs and which are in the view. May be null but not empty.

selectHiddenDirectOwnerContainForActorAsResource

public java.util.Set selectHiddenDirectOwnerContainForActorAsResource(EPRViewInBase _viewInBase,
                                                                      ImmutableActor _act)
Detects the UserID and all the GroupIDs in the ACS, that owns or contains an actor directly as a Resource, and are not in _viewInBase. The link type is given in that order: 'owner' includes, in that order: - the userID that owns the actor, 'contain' includes, in that order: - the primary groupID that contains the actor. Then, all the tree of the 'contains' relations are applicable, plus the 'own' relations. Do not process the secondary groups where _act is, since it is an EligibleParty property of Actor. Called by detectHiddenChainedGroupsRights() and CompoundRightsFactoryImpl.detectHiddenCompoundEpRights(). Calls selectHiddenDirectOwnerContainForTarget().

Specified by:
selectHiddenDirectOwnerContainForActorAsResource in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase
_act - node of this instance; is in _viewInBase
Returns:
Set of UserID and GroupIDs that owns/contain _res and which are not in the view. May be null but not empty.

selectHiddenDirectGroupIDForGroupIDMember

public java.util.Set selectHiddenDirectGroupIDForGroupIDMember(EPRViewInBase _viewInBase,
                                                               ImmutableGroupIDMember _memb)
Detects all the GroupIDs in the ACS, for which a GroupIDMember (even for 'root') is a member, and are not in _viewInBase. Called by selectHiddenButNoDirectGroupLinks() and CompoundRightsFactoryImpl.detectHiddenCompoundEpRights().

Specified by:
selectHiddenDirectGroupIDForGroupIDMember in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase
_memb - node of this instance; is in _viewInBase
Returns:
Set of GroupIDs for which _memb is a member and which are not in the view. May be null but not empty.

selectHiddenDirectOwnerContainForTarget

public java.util.Set selectHiddenDirectOwnerContainForTarget(EPRViewInBase _viewInBase,
                                                             ImmutableResource _res)
Detects the UserID and the GroupID in the _res ACS, that owns or contains _res directly, and are not in _viewInBase. The link type is given in that order:

- the userID that owns the resource,

- the groupID that contains the resource.

As selectHiddenDirectOwnerContainForActorAsResource(), but without search of the actor secondary groups. Called by detectHiddenChainedGroupsRights() and selectHiddenDirectOwnerContainForActor().

Specified by:
selectHiddenDirectOwnerContainForTarget in interface NodeRights
Parameters:
_viewInBase - EPRViewInBase
_res - node of this instance; is in _viewInBase
Returns:
Set of UserID and GroupIDs that owns/contain _res and are not in the view. May be null but not empty.

selectForGroupIDMemberItsHiddenActorsWithNextLinks

public java.util.Set<DisplayableLinkImpl> selectForGroupIDMemberItsHiddenActorsWithNextLinks(EPRViewInBase _viewInBase,
                                                                                             ImmutableGroupIDMember _ep)
Detects all the actors that are owned or contained by _ep, that are not in _viewInBase and executable from _ep, and that are access sources for another AG context. This means that the actor is in one of the following cases:

- at least it has one external ACL as access source,

- or at least it has one Bridge as access source,

- or at least it has one Privilege as access source,

- or at least if is an Alias.

No adding of the actor whether _ep is a secondary group for the actor. The ACL, Bridge or Privilege rights of the actor as source are not checked, then they may be without effective rights. The AGO priorities of the ACS are not checked. An AcsAddon may overread this method, for instance to process the inherited AclEntries or Privileges. Note: the actors running under xid, and those that are not proxy, are not selected. Note: if there is an ACL with the same ACS for the source and the target, the AG context is not changed, but the ACL target may be an actor which is a source for ACL, Bridge or Privileges, and then the path has to be explored. Called by CompoundRightsFactoryImpl.detectHiddenCompoundEpRights(), detectOneHiddenNodeCompoundRights() and by ThreeNodesRightsFactoryImpl.addPathsFromGroupIDMemberOwnContainActor().

Specified by:
selectForGroupIDMemberItsHiddenActorsWithNextLinks in interface NodeRights
Parameters:
_viewInBase - the view to analyze
_ep - node of this instance; may be in _viewInBase or not
Returns:
Set of simple DisplayableLinkImpl for which the first end is _ep, the second end is an actor that is owned or contained by _ep. The owner/contain rights are set. May be null, but not empty.

finalizeForProcess

public void finalizeForProcess()
Finalizes the instance. Called by RightsMediatorImpl.finalizeForProcess().

Specified by:
finalizeForProcess in interface NodeRights

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object
Returns:
a descriptor