ARoad0.gBaseInterface
Interface ACSCatalog

All Known Subinterfaces:
ACS, ImmutableACS
All Known Implementing Classes:
ACSImpl, ACSMySQLImpl, ACSUbuntuImpl

public interface ACSCatalog

This interface is responsible for delivering a catalog of the access control system (ACS) structure and its ACS objects.


Method Summary
 boolean containsAclEntry(ImmutableAclEntry _acl)
          Test if an AclEntry is known.
 boolean containsEligiblePartyName(ImmutableName _name)
           
 boolean containsOwnEligiblePartyName(ImmutableName _name)
           
 boolean containsOwnResourceName(ImmutableName _name)
           
 boolean containsOwnVirtualFolderName(ImmutableName _name)
          Tests if the ACS owns the virtual folder.
 boolean containsPrivilegeName(ImmutableName _name)
          Tests if a privilege is known.
 boolean containsResourceName(ImmutableName _name)
          Test if the resource is opened, and owned or controlled by the ACS.
 boolean containsVirtualFolderName(ImmutableName _name)
          Tests if a virtual folder is known.
 java.lang.String getEditorAndAddonNames()
          The format is 'Editor: full_editor_name - AcsAddon: addon_name'.
 boolean getEmbeddedInParentACS()
          Deprecated.  
 ImmutableAclEntry[] getEorL_AclEntries()
          Get the aclEntries managed by this ACS.
 java.util.List<VirtualFolder> getEorL_EPVirtualFolders()
          Gets the virtual folders managed by this ACS and which contain only eligible parties.
 VirtualFolder[] getEorL_ExternalVirtualFolders()
          Copy of the external virtual folders in a new array.
 java.util.List<ImmutableActor> getEorL_OwnActorBridgeSources()
          Gets all the own actors which are bridge sources for external actors.
 java.util.List<ImmutableActor> getEorL_OwnActorBridgeTargets()
          Gets all the own actors which are bridge targets for external actors.
 java.util.List<Privilege> getEorL_PrivilegeForLinks()
          Gets all the privilegeForLinks of the ACS, not the privilegeForTypes.
 java.util.List<Privilege> getEorL_PrivilegeForTypes()
          Gets all the privilegeForTypes of the ACS, not the PrivilegeForLinks.
 java.util.List<Privilege> getEorL_PrivilegeForTypesForSource(java.lang.String _type)
          Gets all the PrivilegeForTypes which have the right source type.
 java.util.List<Privilege> getEorL_PrivilegeForTypesForTarget(java.lang.String _type)
          Gets all the PrivilegeForTypes which have the right target type.
 Privilege[] getEorL_Privileges()
          Gets the privileges managed by this ACS.
 java.util.List<VirtualFolder> getEorL_ResourceVirtualFolders()
          Gets the virtual folders managed by this ACS and which contain only resources.
 VirtualFolder[] getEorL_VirtualFolders()
          Gets the virtual folders managed by this ACS.
 java.util.SortedMap<ImmutableName,ImmutableActor> getEorM_Actors()
          The actors here are the controlled ones, they are internal or external.
 java.util.SortedMap<ImmutableName,ImmutableEligibleParty> getEorM_EligibleParties()
           
 java.util.SortedMap<ImmutableName,ImmutableEligibleParty> getEorM_ExternalEligibleParties()
          Get the external eligible parties, which are defined as owned by another ACS.
 java.util.SortedMap<ImmutableName,ImmutableResource> getEorM_ExternalResources()
          An external resource is owned by another ACS.
 java.util.SortedMap<ImmutableName,ImmutableActor> getEorM_OwnActors()
           
 java.util.SortedMap<ImmutableName,ImmutableEligibleParty> getEorM_OwnEligibleParties()
           
 java.util.SortedMap<ImmutableName,ImmutableResource> getEorM_OwnNoParentResources()
           
 java.util.SortedMap<ImmutableName,ImmutableResource> getEorM_OwnResources()
           
 java.util.SortedMap<ImmutableName,ImmutableResource> getEorM_Resources()
           
 boolean getIncompleteBehaviorModeling()
          The modeling of the behavior is incomplete when important constraints on ACSObjects are not modeled, for instance to set their allowed rights, or their effective default rights.
 boolean getIncompleteStructureModeling()
          The modeling of the structure is incomplete when some ACSObjects miss while they participate to the decision for some important access controls, or simply when these missed ACSObjects are important for the overall ACS security, or when their important relations with some other ACSObjects are not set.
 boolean getIsAuthorizationServer()
           
 ImmutableName[] getL_AcsControllers()
          Get all the open ACS that have an external AclEntry or an external Linked Privilege for a resource or a virtual folder from this ACS.
 java.util.List<java.lang.String> getL_ImmutableRules()
           
 StringRight[] getL_SelectedRights(java.lang.String _r1, java.lang.String _r2, java.lang.String _r3, java.lang.String _r4, java.lang.String _r5)
          Gets the ACS or metarights having one of the arguments as nick name.
 java.util.SortedMap<java.lang.String,StringRight[]> getM_RightsOfInternalKey()
          Gets the ACS rights and the metarights this ACS handles and for a given internal key value of the associated metaright.
 java.util.Map<java.lang.String,StringRight[]> getM_SpecializedRights()
          Gets the specialized rights extending or constraining the allowed values which are defined for each right type set in getM_StandardRights().
 java.util.Map<java.lang.String,StringRight[]> getM_StandardRights()
          This map is initialized at the ACS creation to set the standard values for the ACSObject Right properties (for example, the Linux rights), but only when there is no matching specialized rights.
 java.util.SortedMap<java.lang.String,java.lang.Boolean> getM_Structure()
          Gets the structure of this ACS.
 java.util.Map<java.lang.String,java.lang.String[]> getM_TypeOrientedPolicy()
          Gets the ACS constraints on the allowed or forbidden ACSObject types to set the GroupID, Node, Resource, AclEntry and Privilege policies.
 java.util.Map<java.lang.String,java.lang.String[]> getM_TypesAndGUIPolicy()
          Get the String values which define the allowed ACSObject types.
 boolean getManageAccounts()
           
 boolean getManageACLRightsInheritance()
           
 boolean getManageAcsRights()
           
 boolean getManageActorInEPVirtualFolders()
           
 boolean getManageActors()
           
 boolean getManageAGORights()
           
 boolean getManageAGORightsInheritance()
           
 boolean getManageAuthorizationServerTypedPrivileges()
           
 boolean getManageBridges()
           
 boolean getManageClassedSpecificTypedPrivileges()
           
 boolean getManageClassedTypedPrivileges()
           
 boolean getManageDenyingRightPrivileges()
           
 boolean getManageDenyRights()
           
 boolean getManageDirectoryEPinEPVirtualFolders()
           
 boolean getManageDirectoryEPs()
           
 boolean getManageDirectoryInResourceVirtualFolders()
           
 boolean getManageEPVirtualFolders()
           
 boolean getManageExternalAcls()
           
 boolean getManageExternalForOneToOneLinkedPrivileges()
          May be true if the privileges are managed but all the other privilege features are not managed, to allow an own component in the privilege of another ACS.
 boolean getManageFlexibleConditionalAcls()
           
 boolean getManageGrantingRightPrivileges()
           
 boolean getManageGrantRights()
           
 boolean getManageGroups()
           
 boolean getManageGroupTrees()
          Caution: the name of this method is confusing, because a collection of nested groups may be more than one single group tree.
 boolean getManageIfAllSourceLinkedPrivileges()
           
 boolean getManageInternalAcls()
           
 boolean getManageInternalForOneToOneLinkedPrivileges()
           
 boolean getManageInternalHardAlias()
           
 boolean getManageLPRIRightsInheritance()
           
 boolean getManageMetaRights()
           
 boolean getManageOneTimeInVirtualFolderTreeForMember()
           
 boolean getManagePrivilegeRights()
           
 boolean getManagePrivilegesInResources()
          Caution: if getManageExternalForOneToOneLinkedPrivileges() returns true, the privilege of another ACS may always have as target a Resource of this ACS.
 boolean getManagePrivilegesInVirtualFolders()
          Caution: if getManageExternalForOneToOneLinkedPrivileges() returns true, the privilege of another ACS may always have as target a VirtualFolder of this ACS.
 boolean getManageResources()
           
 boolean getManageResourceTrees()
           
 boolean getManageResourceVirtualFolders()
           
 boolean getManageRightDefinedConditionalAcls()
           
 boolean getManageSecGroupsForActor()
           
 boolean getManageSimpleLinkedPrivileges()
           
 boolean getManageSimpleResourceVirtualFolders()
           
 boolean getManageSimpleTypedPrivileges()
           
 boolean getManageSoftAlias()
           
 boolean getManageVirtualFolderRightsPropagationToMembers()
           
 boolean getManageVirtualFolders()
           
 boolean getManageVirtualFolderTrees()
           
 int getNumberOfEPs()
          Get the number of own eligible parties in the ACS, excluding the external objects.
 int getNumberOfResources()
          Get the number of own resources in the ACS, excluding the external objects.
 AclEntry getOneAclEntryFromDetailledName(java.lang.String _detailledName)
          Get an AclEntry managed by this ACS from its detailled name.
 Privilege getOnePrivilegeFromDetailledName(java.lang.String _detailledName)
          Gets a privilege that is managed by this ACS.
 VirtualFolder getOneVirtualFolder(ImmutableName _name)
          Gets a virtual folder managed by this ACS.
 ImmutableName getOwnEPFoldersRootName()
          The current root is the first non-finalized virtual folder for eligible parties, without parent which has been created.
 ImmutableName getOwnResourceFoldersRootName()
          The current root is the first non-finalized virtual folder for resources without parent which has been created.
 boolean getRunningOnParentACS()
          Deprecated.  
 

Method Detail

getEorM_Resources

java.util.SortedMap<ImmutableName,ImmutableResource> getEorM_Resources()
Returns:
unmodifiable SortedMap of recorded open resources in the ACS base. The resources are external object references.

getEorM_OwnResources

java.util.SortedMap<ImmutableName,ImmutableResource> getEorM_OwnResources()
Returns:
unmodifiable SortedMap of recorded own resources copies, for which it is the main ACS. The resources are external object references.

getEorM_OwnNoParentResources

java.util.SortedMap<ImmutableName,ImmutableResource> getEorM_OwnNoParentResources()
Returns:
unmodifiable SortedMap of registred own resources copies, for which there is no parent. Return a subset of the getEorM_Resources method, then is much slower.

getEorM_ExternalResources

java.util.SortedMap<ImmutableName,ImmutableResource> getEorM_ExternalResources()
An external resource is owned by another ACS.

Returns:
unmodifiable SortedMap of registred external resources copies, for which it is NOT the main ACS.

getEorM_EligibleParties

java.util.SortedMap<ImmutableName,ImmutableEligibleParty> getEorM_EligibleParties()
Returns:
unmodifiable sorted map of registered open eligible parties

getEorM_OwnEligibleParties

java.util.SortedMap<ImmutableName,ImmutableEligibleParty> getEorM_OwnEligibleParties()
Returns:
unmodifiable SortedMap of recorded eligible parties in the ACS base. The eligible parties are external object references.

getEorM_ExternalEligibleParties

java.util.SortedMap<ImmutableName,ImmutableEligibleParty> getEorM_ExternalEligibleParties()
Get the external eligible parties, which are defined as owned by another ACS.

Returns:
unmodifiable SortedMap of registred external eligible party copies, for which it is NOT the main ACS.

getEorL_AclEntries

ImmutableAclEntry[] getEorL_AclEntries()
Get the aclEntries managed by this ACS. They may connect a resource and an eligible party from this ACS or from others ones. Caution: They can't be updated directly. Use their resources for that.

Returns:
ImmutableAclEntry[]: copy of the aclEntries of this ACS. May be with empty aclEntries, or equal to 'new AclEntryImpl[] {new AclEntryImpl()}'

getOneAclEntryFromDetailledName

AclEntry getOneAclEntryFromDetailledName(java.lang.String _detailledName)
Get an AclEntry managed by this ACS from its detailled name.

Parameters:
_detailledName - detailled name
Returns:
AclEntry - May be null.

getNumberOfResources

int getNumberOfResources()
Get the number of own resources in the ACS, excluding the external objects.

Returns:
number of resources managed by the ACS

getNumberOfEPs

int getNumberOfEPs()
Get the number of own eligible parties in the ACS, excluding the external objects.

Returns:
number of eligible parties managed by the ACS

containsResourceName

boolean containsResourceName(ImmutableName _name)
Test if the resource is opened, and owned or controlled by the ACS.

Parameters:
_name - ImmutableName of the resource to test in the ACS
Returns:
boolean true if the ACS knows this resource as opened

containsEligiblePartyName

boolean containsEligiblePartyName(ImmutableName _name)
Parameters:
_name - ImmutableName of the eligible party to test
Returns:
boolean true if the ACS knows this EP as its own or as an external one

containsOwnResourceName

boolean containsOwnResourceName(ImmutableName _name)
Parameters:
_name - ImmutableName of the own resource to test in the ACS
Returns:
boolean true if the ACS owns this resource

containsOwnEligiblePartyName

boolean containsOwnEligiblePartyName(ImmutableName _name)
Parameters:
_name - ImmutableName of the own eligible party to test in the ACS
Returns:
boolean true if the ACS owns this EP or this actor

containsAclEntry

boolean containsAclEntry(ImmutableAclEntry _acl)
Test if an AclEntry is known. Use '==' and not the equals() method.

Parameters:
_acl - AclEntry to test
Returns:
boolean true if the ACS has recorded this aclEntry instance

getEorM_Actors

java.util.SortedMap<ImmutableName,ImmutableActor> getEorM_Actors()
The actors here are the controlled ones, they are internal or external. They can't be external eligible actors, referenced in some aclEntries.

Returns:
unmodifiable SortedMap of registred actors. Return a subset of getM_Resources(), is slower than getM_Resources(). The actors are external object references.

getEorM_OwnActors

java.util.SortedMap<ImmutableName,ImmutableActor> getEorM_OwnActors()
Returns:
unmodifiable SortedMap of registred own actors, for which it is the main ACS. Return a subset of getM_OwnResources(), is slower than getM_OwnResources() and getEorM_Actors(). The actors are external object references.

getEorL_OwnActorBridgeSources

java.util.List<ImmutableActor> getEorL_OwnActorBridgeSources()
Gets all the own actors which are bridge sources for external actors.

Returns:
set of ImmutableActors. May be null.

getEorL_OwnActorBridgeTargets

java.util.List<ImmutableActor> getEorL_OwnActorBridgeTargets()
Gets all the own actors which are bridge targets for external actors.

Returns:
set of ImmutableActors. May be null.

getL_AcsControllers

ImmutableName[] getL_AcsControllers()
Get all the open ACS that have an external AclEntry or an external Linked Privilege for a resource or a virtual folder from this ACS.

Returns:
the open ACS controller names. May be empty but not null. No null value in the array.

getIncompleteStructureModeling

boolean getIncompleteStructureModeling()
The modeling of the structure is incomplete when some ACSObjects miss while they participate to the decision for some important access controls, or simply when these missed ACSObjects are important for the overall ACS security, or when their important relations with some other ACSObjects are not set. On the other hand, the modeling remains complete if some secondary ACSObjects are not modeled, like for instance image files in an operating system file system. When the modeling of an ACS structure is incomplete, all the views which use this ACS are set incomplete in their results.

Returns:
true if the modeling of the ACS structure is incomplete.

getIncompleteBehaviorModeling

boolean getIncompleteBehaviorModeling()
The modeling of the behavior is incomplete when important constraints on ACSObjects are not modeled, for instance to set their allowed rights, or their effective default rights. On the other hand, the modeling remains complete if some secondary relations or constraints are not modelled by the program, like for instance the presence of image files in an operating system file system for a given application software. The user may complements manually the properties of an ACSObject for which the behavior has not been totally defined in the ACS model. When the modeling of an ACS behavior is incomplete, the views which use this ACS remain complete in their results, but the creation or deletion of a new ACSObject should be reviewed by the user to ensure that all the properties are still well defined in the ACS.

Returns:
true if the modeling of the ACS behavior is incomplete.

getManageResources

boolean getManageResources()
Returns:
true if the resources are managed.

getManageResourceTrees

boolean getManageResourceTrees()
Returns:
true if the resource trees are managed.

getManageAccounts

boolean getManageAccounts()
Returns:
true if the accounts (or users) are managed.

getManageGroups

boolean getManageGroups()
Returns:
true if the GroupIDs are managed.

getManageGroupTrees

boolean getManageGroupTrees()
Caution: the name of this method is confusing, because a collection of nested groups may be more than one single group tree.

Returns:
true if the nested groups are managed.

getManageInternalAcls

boolean getManageInternalAcls()
Returns:
true if the internal acl entries are managed.

getManageExternalAcls

boolean getManageExternalAcls()
Returns:
true if the external acl entries are managed, as controler of other-acs objects, and/or as acs which is controled by other acs.

getManageFlexibleConditionalAcls

boolean getManageFlexibleConditionalAcls()
Returns:
true if the flexible conditional AclEntries are managed

getManageRightDefinedConditionalAcls

boolean getManageRightDefinedConditionalAcls()
Returns:
true if the right-defined conditional AclEntries are managed.

getManageACLRightsInheritance

boolean getManageACLRightsInheritance()
Returns:
true if the aclentry rights inheritance from the parent are managed (not necessary all these rights).

getManageActors

boolean getManageActors()
Returns:
true if the actors are managed.

getManageBridges

boolean getManageBridges()
Returns:
true if the ACS bridges are managed.

getManageSecGroupsForActor

boolean getManageSecGroupsForActor()
Returns:
true if the secondary groups are managed for actors (no answer on directoryEPs).

getManageDirectoryEPs

boolean getManageDirectoryEPs()
Returns:
true if the directoryEP are managed.

getManageAGORights

boolean getManageAGORights()
Returns:
true if some of the Account-Group-Other rights are managed (not necessary all these rights).

getManageAGORightsInheritance

boolean getManageAGORightsInheritance()
Returns:
true if Account-Group rights inheritance from the parent are managed (not necessary all these rights).

getManagePrivilegeRights

boolean getManagePrivilegeRights()
Returns:
true if the privileges are managed.

getManageVirtualFolders

boolean getManageVirtualFolders()
Returns:
true if the virtual folders are managed for the ACS.

getManageGrantRights

boolean getManageGrantRights()
Returns:
true if the Grant rights are managed.

getManageDenyRights

boolean getManageDenyRights()
Returns:
true if the Deny rights are managed.

getRunningOnParentACS

boolean getRunningOnParentACS()
Deprecated. 

Returns:
true if the acs is running on the parent acs.

getEmbeddedInParentACS

boolean getEmbeddedInParentACS()
Deprecated. 

Returns:
true if the acs is embedded in the parent acs.

getManagePrivilegesInResources

boolean getManagePrivilegesInResources()
Caution: if getManageExternalForOneToOneLinkedPrivileges() returns true, the privilege of another ACS may always have as target a Resource of this ACS.

Returns:
true if the privilege rights in Resources are managed.

getManagePrivilegesInVirtualFolders

boolean getManagePrivilegesInVirtualFolders()
Caution: if getManageExternalForOneToOneLinkedPrivileges() returns true, the privilege of another ACS may always have as target a VirtualFolder of this ACS.

Returns:
true if the privilege rights in VirtualFolders are managed.

getManageSimpleLinkedPrivileges

boolean getManageSimpleLinkedPrivileges()
Returns:
true if the simple linked privilege rights are managed.

getManageSimpleTypedPrivileges

boolean getManageSimpleTypedPrivileges()
Returns:
true if the simple typed privilege rights are managed.

getManageIfAllSourceLinkedPrivileges

boolean getManageIfAllSourceLinkedPrivileges()
Returns:
true if the if-all-sources linked privilege rights are managed.

getManageInternalForOneToOneLinkedPrivileges

boolean getManageInternalForOneToOneLinkedPrivileges()
Returns:
true if the internal for-one-to-one linked privilege rights are managed.

getManageExternalForOneToOneLinkedPrivileges

boolean getManageExternalForOneToOneLinkedPrivileges()
May be true if the privileges are managed but all the other privilege features are not managed, to allow an own component in the privilege of another ACS. Managing external privileges always implies that all the own sources of this ACS may have an inner external privilege. To allow an own resource or an own virtual folder of this ACS to get an inner external privilege, the privileges in resources or in virtual folders have to be managed. This allows to limit the inner external privileges to the own sources of the ACS, excluding the own targets, if there are no internal privileges to manage. On the other hand, having internal privileges means that the inner external privileges always accept as target an own resource or virtual folder.

Returns:
true if the external for-one-to-one linked privilege rights are managed as inner privileges or as privileges of another ACS.

getManageClassedTypedPrivileges

boolean getManageClassedTypedPrivileges()
Returns:
true if the classed typed privilege rights are managed.

getManageClassedSpecificTypedPrivileges

boolean getManageClassedSpecificTypedPrivileges()
Returns:
true if the classed specific typed privilege rights are managed, for designated source and target.

getManageAuthorizationServerTypedPrivileges

boolean getManageAuthorizationServerTypedPrivileges()
Returns:
true if the typed privilege rights for authorization servers are managed.

getManageGrantingRightPrivileges

boolean getManageGrantingRightPrivileges()
Returns:
true if the granting rights in privileges are managed.

getManageDenyingRightPrivileges

boolean getManageDenyingRightPrivileges()
Returns:
true if the denying rights in privileges are managed.

getManageLPRIRightsInheritance

boolean getManageLPRIRightsInheritance()
Returns:
true if the linked privilege rights inheritance from the parent are managed (not necessary all these rights).

getManageResourceVirtualFolders

boolean getManageResourceVirtualFolders()
Returns:
true if the virtual folders of resources are managed for the ACS, and where actors are forbidden.

getManageEPVirtualFolders

boolean getManageEPVirtualFolders()
Returns:
true if the virtual folders of actors are managed for the ACS, and where other resources are forbidden.

getManageSimpleResourceVirtualFolders

boolean getManageSimpleResourceVirtualFolders()
Returns:
true if the resource virtual folders manage simple resources for the ACS.

getManageDirectoryInResourceVirtualFolders

boolean getManageDirectoryInResourceVirtualFolders()
Returns:
true if the resource virtual folders manage the directories for the ACS.

getManageActorInEPVirtualFolders

boolean getManageActorInEPVirtualFolders()
Returns:
true if the virtual folders of eligible parties manage actors for the ACS.

getManageDirectoryEPinEPVirtualFolders

boolean getManageDirectoryEPinEPVirtualFolders()
Returns:
true if the EP virtual folders manage the directoryEPs for the ACS.

getManageVirtualFolderTrees

boolean getManageVirtualFolderTrees()
Returns:
true if the virtual folder trees are managed for the ACS.

getManageOneTimeInVirtualFolderTreeForMember

boolean getManageOneTimeInVirtualFolderTreeForMember()
Returns:
true if a member is no more than one time in each virtual folder tree.

getManageVirtualFolderRightsPropagationToMembers

boolean getManageVirtualFolderRightsPropagationToMembers()
Returns:
true if a virtual folder propagates its target rights to all its members.

getIsAuthorizationServer

boolean getIsAuthorizationServer()
Returns:
true if the acs is an authorization server.

getManageAcsRights

boolean getManageAcsRights()
Returns:
true if the acs manages ACS rights (it main manages metarights too).

getManageMetaRights

boolean getManageMetaRights()
Returns:
true if the acs manages metarights (it main manages ACS rights too).

getManageSoftAlias

boolean getManageSoftAlias()
Returns:
true if the acs manages the internal or external soft aliases

getManageInternalHardAlias

boolean getManageInternalHardAlias()
Returns:
true if the acs manages the internal hard aliases

getM_TypesAndGUIPolicy

java.util.Map<java.lang.String,java.lang.String[]> getM_TypesAndGUIPolicy()
Get the String values which define the allowed ACSObject types. The default value is always all the possible values, when there is no key to match. The types are used to manage the display of nodes in the explorer, and to forbid the creation of instances having some specified types for a given class. The 10 possible keys and values are:

- 'Resource.ResourceType' defines the allowed types for the Resources

- 'Actor.ResourceType' defines the allowed types for the Actors

- 'EligibleParty.EPType' defines the allowed types for the Eligible Parties

- 'VirtualFolder.VirtualFolderType' defines the allowed String types for the VirtualFolders of the ACS

- 'PrivilegeForType.SecondType' defines the allowed String types for the PrivilegeForTypes of the ACS

- 'PrivilegeForLinks.SecondType' defines the allowed String types for the PrivilegeForLinks of the ACS

- 'Explorer.NoAcsNode', where the values have the format 'ACSTree.XXX', to forbid the display in the explorer, of some standard nodes like 'AclEntries...' or 'GroupIDs',

- 'Explorer.SubAcsNode' sets some subacs nodes in the explorer, where the values have the format 'ResourceType. XXX' or 'GroupType. XXX', to specify the display under a dedicated node '', of all the resources or groups having a type starting with ' XXX'. This type starting is reserved to these children.

- 'Explorer.AcsGroupTree' sets some group trees in the explorer, where the values have the format 'GroupType. XXX', to specify the display under a dedicated node '' as its direct children, all the groupIDs having a type which starts with ' YYY'. This type starting is reserved to these children.

- 'CreationByBeamer.NoType' where the values are some forbidden types, to forbid the creation by the user and through the GUI, of ACSObjects having these types for a given class.

With the key 'CreationByBeamer.NoType', the user can create some ACSObjects only with the types the ACS authorizes. Typically, the types 'ResourceType.' and 'EPType.' are not allowed. After the first selection of allowed types, it may have a removing of some values from the getM_TypesAndGUIPolicy() key 'CreationByBeamer.NoType'. The forbidden types have one of the following forms : 'ResourceType.forbidden type', 'EPType.forbidden type', 'DirectoryType.forbidden type', 'ActorType.forbidden type', 'UserIDType.forbidden type', 'GroupIDType.forbidden type', 'VirtualFolderType.forbidden type', 'PrivilegeSecondType.forbidden type'. A forbidden type for EligibleParty is not forbidden to all the EligibleParty subclasses. This is also true for a forbidden type for Resource. Like the order of interfaces, the 'ActorType.forbidden type' list is the single list to applied to an Actor, just like 'DirectoryType.forbidden type' for the Directories, and 'UserIDType.forbidden type' for the UserID.

Returns:
an unmodifiable HashMap where the key is a String of ACSObject class interface (like Resource) ended by a bound property name (like ResourceType), with '.' as separator, and the value is a String array of the values for this key. May be null but never empty.

getM_TypeOrientedPolicy

java.util.Map<java.lang.String,java.lang.String[]> getM_TypeOrientedPolicy()
Gets the ACS constraints on the allowed or forbidden ACSObject types to set the GroupID, Node, Resource, AclEntry and Privilege policies. The values are types of ACSObject, that is the type of a Basic or a VirtualFolder, or the second type of a Privilege. The default value is always all the possible values, when there is no key to match. The keys are composed of a structured word which defines the application domain, like 'GroupID.NoPrimaryGroup', and there is sometimes a type at the end.

There are 29 forms for the key, presented hereinafter:

- 'GroupIDMember.NoMemberOf', where the values are the types of the groupmembers for which the role of member of another group is forbidden

- 'GroupIDMember.IsNotConditionalAclSource', where the values are the types of the GroupIDmembers for which the conditional ACL is forbidden as source

- 'GroupID.NoPrimaryGroup', where the values are the types of the groups for which the role of primary group for an account is forbidden

- 'GroupID.NoMainGroup' where the values are the types of the groups for which the role of main group of a resource is forbidden

- 'GroupID.NoSecondaryGroup' where the values are the types of the groups for which the role of secondary group of an actor is forbidden

- 'GroupID.MemberFromAdmin' where the values are the types of the groups where every member has to be an administrator

- 'GroupID.NoUserIDMember' where the values are the types of the groups where every member has to not be an UserID

- 'GroupID.NoGroupIDMember' where the values are the types of the groups where every member has to not be a GroupID

- 'GroupID.NoMoreThanOneMember' where the values are the types of the groups where only one member is allowed

- 'GroupID.ConditionalAclGroup' where the values are the types of the groups which may be condition groups in some conditional ACLs

- 'Resource.OneRightACL' where the values are the types of the resources which handled only AclEntries with no or one right

- 'Resource.NoAccount' where the values are the types of the resources which do not handle an account as owner (a group is possible from parent)

- 'Resource.NoConditionalACL' where the values are the types of the resources which never handle flexible or right-defined conditional AclEntries

- 'Resource.NoNonConditionalACL' where the values are the types of the resources for which an AclEntry without condition group(s) is never operational

- 'Resource.OneConditionGroupInACL' where the values are the types of the resources which handled only conditional AclEntries with no or one condition group

- 'Actor.NoCurrentAccount' where the values are the types of the actors for which a current account is forbidden

- 'Actor.NoNullCurrentAccount' where the values are the types of the actors for which a current account is mandatory

- 'Actor.NoCurrentGroup' where the values are the types of the actors for which a current group is forbidden

- 'Actor.IsNotBridgeTarget' where the values are the types of the actors which cannot be bridge targets

- 'Actor.IsNotBridgeSource' where the values are the types of the actors which cannot be bridge sources

- 'Actor.IsNotConditionalAclSource', where the values are the types of the Actors for which the conditional ACL is forbidden as source

The following keys include an ACSObject type, after the last point: - 'GroupID.TypesOfMemberFor.allowed_GroupID_type' where the values are the allowed types of the members for a group having this type

- 'GroupIDMember.NoMoreThanOneGroup.allowed_GroupIDMember_type' where the values are the GroupID types for which the groupIDmember may be member of one group of this type at most

- 'GroupIDMember.RecommandedGroupsAsMember.allowed_GroupIDMember_type' where the values are the GroupID types for which a message recommands to the user to put the groupIDMember as member; there, it is possible to describe some alternatives like 'group_type_onegroup_type_two'

- 'Directory.TypesOfChildFor.allowed_Directory_type' where the values are the allowed types of the children for a Directory having this type, or if the type is 'NULL', for a Resource without parent

- 'VirtualFolder.TypesOfMemberFor.allowed_VirtualFolder_type' where the values are the allowed types of the members for a VirtualFolder having this type

- 'VirtualFolder.TypesOfChildFor.allowed_VirtualFolder_type' where the values are the allowed types of the children for a VirtualFolder having this type, or if the type is 'NULL', for a VirtualFolder without parent

- 'Resource.SecondTypesOfPrivilegeFor.allowed_Resource_type' where the values are the allowed second types of the privileges for a Resource having this type

- 'EligibleParty.SecondTypesOfPrivilegeFor.allowed_EligibleParty_type' where the values are the allowed second types of the privileges for an EligibleParty having this type

- 'VirtualFolder.SecondTypesOfPrivilegeFor.allowed_VirtualFolder_type' where the values are the allowed second types of the privileges for a VirtualFolder having this type

- 'Resource.TypesOfSourceForConditionalACL.allowed_Resource_type' where the values are the allowed EligibleParty types as source of a conditional ACL in a Resource having this type

Returns:
an unmodifiable HashMap where the key is an ACSObject class interface (like Resource) ended by a bound property name (like ResourceType), with '.' as separator, and the value is a String array of the authorized types. May be null but never empty.

getM_StandardRights

java.util.Map<java.lang.String,StringRight[]> getM_StandardRights()
This map is initialized at the ACS creation to set the standard values for the ACSObject Right properties (for example, the Linux rights), but only when there is no matching specialized rights. The possible keys are:

- 'Resource.OwnerRights',

- 'Resource.GroupRights',

- 'Resource.OtherRights',

- 'Resource.AclRights',

- 'Actor.BridgeRights'.

An AcsAddon ACS may have complementary keys, like for instance 'Resource.OtherRights' in the ACSUbuntuImpl class. In all cases, these AcsAddon keys have to start with the name of an interface, to be detected by ACSFactoryUtilityImpl.getL_MapKeysForSpecializedRights(), and they have to end with a property change name containing 'Rights', to be detected by BaseUtilityImpl.getRestrictedValues().

Returns:
unmodifiable HashMap where the key is a String of ACSObject class interface (like Resource) ended by a bound property name including 'Rights'(like groupRights), with '.' as separator, and the value is a StringRight array of the authorized standard values for this bound property. May be null but never empty.
See Also:
getM_SpecializedRights()

getM_SpecializedRights

java.util.Map<java.lang.String,StringRight[]> getM_SpecializedRights()
Gets the specialized rights extending or constraining the allowed values which are defined for each right type set in getM_StandardRights(). The specialized rights are then superior to the standard ones, which are unworkable if some specialized rights are applicable. If several sets of specialized rights are applicable, it is their intersection which is workable.

As map keys, examples of quartets (object.domain.key.subkey) are:

- 'Target.AclRightsSet.Interface.Directory', for ACL rights when the target is a Directory instance

- 'Target.AccRightsSet.Type.script', for Account rights when the target has the type 'script'

- 'Source.AclRightsSet.Type.group', for ACL rights when the source has the type 'group'

- 'PFType.PrvRightsSet.Type.role one', for PrivilegeForTypes having the second type 'role one'

The object is Target or Source to indicate that these rights are for the target (or source) which has the correct interface or type.

For Privileges only, PFType indicates rights for PrivilegeForTypes, and PFLink indicates that it is for PrivilegeForLinks.

The domain may be one of the right categories: 'AccRightsSet' for Target only, 'GpORightsSet' for Target only, 'AclRightsSet' for Target only, 'BdgRightsSet', 'RooRightsSet' for root. 'PrvRightsSet' for Privileges only.

The key is 'Interface' or 'Type' to indicate that the subkey belongs to one of these categories.

The subkey is an interface name or a Basic type (or second type for a Privilege), for which the specialized rights have to be used.

The value in the returned map is an array of StringRight which may have a lenght of 0.

Returns:
an unmodifiable Map where the key is a quartet of Strings, and the value is an array of StringRights. May be null but never empty.

getL_ImmutableRules

java.util.List<java.lang.String> getL_ImmutableRules()
Returns:
the immutable rules which are derived from the ACS structure

getL_SelectedRights

StringRight[] getL_SelectedRights(java.lang.String _r1,
                                  java.lang.String _r2,
                                  java.lang.String _r3,
                                  java.lang.String _r4,
                                  java.lang.String _r5)
Gets the ACS or metarights having one of the arguments as nick name.

Parameters:
_r1 - nick name of an ACS right. May be null.
_r2 - nick name of an ACS right. May be null.
_r3 - nick name of an ACS right. May be null.
_r4 - nick name of an ACS right. May be null.
_r5 - nick name of an ACS right. May be null.
Returns:
from one to five required ACS rights

getOwnResourceFoldersRootName

ImmutableName getOwnResourceFoldersRootName()
The current root is the first non-finalized virtual folder for resources without parent which has been created. Returns name of the root for the recorded virtual folders in the ACS base.

Returns:
ImmutableName. May be equal to VectorNameImpl.EMPTY_INSTANCE.

getOwnEPFoldersRootName

ImmutableName getOwnEPFoldersRootName()
The current root is the first non-finalized virtual folder for eligible parties, without parent which has been created. Returns name of the root for the recorded virtual folders in the ACS base.

Returns:
ImmutableName. May be equal to VectorNameImpl.EMPTY_INSTANCE.

getOnePrivilegeFromDetailledName

Privilege getOnePrivilegeFromDetailledName(java.lang.String _detailledName)
Gets a privilege that is managed by this ACS.

Parameters:
_detailledName - privilege detailled name
Returns:
Privilege - May be null.

getEorL_Privileges

Privilege[] getEorL_Privileges()
Gets the privileges managed by this ACS. They may connect several resources and several eligible parties from this ACS.

Returns:
Privilege[] is a copy of the privileges of this ACS. May be null, with empty privileges, or equal to 'new Privilege[] {new Privilege()}'.

getEorL_PrivilegeForLinks

java.util.List<Privilege> getEorL_PrivilegeForLinks()
Gets all the privilegeForLinks of the ACS, not the privilegeForTypes.

Returns:
List of PrivilegeForLinks. May be empty, but never null.

getEorL_PrivilegeForTypes

java.util.List<Privilege> getEorL_PrivilegeForTypes()
Gets all the privilegeForTypes of the ACS, not the PrivilegeForLinks.

Returns:
List of PrivilegeForTypes. May be empty, but never null.

getEorL_PrivilegeForTypesForSource

java.util.List<Privilege> getEorL_PrivilegeForTypesForSource(java.lang.String _type)
Gets all the PrivilegeForTypes which have the right source type. The comparison returns true if a value starts with the key word ' ', and not the other value.

Parameters:
_type - is the searched source type. No action if null.
Returns:
List of PrivilegeForTypes. May be empty and then immutable, but never null.

getEorL_PrivilegeForTypesForTarget

java.util.List<Privilege> getEorL_PrivilegeForTypesForTarget(java.lang.String _type)
Gets all the PrivilegeForTypes which have the right target type. The comparison returns true if a value starts with the key word ' ', and not the other value.

Parameters:
_type - is the searched target type. No action if null.
Returns:
List of PrivilegeForTypes. May be empty and then immutable, but never null.

getEorL_VirtualFolders

VirtualFolder[] getEorL_VirtualFolders()
Gets the virtual folders managed by this ACS.

Returns:
VirtualFolder[]: copy of the virtual folders list. May be null or empty.

getOneVirtualFolder

VirtualFolder getOneVirtualFolder(ImmutableName _name)
Gets a virtual folder managed by this ACS.

Parameters:
_name - is the folder name
Returns:
VirtualFolder. May be null.

getEorL_ResourceVirtualFolders

java.util.List<VirtualFolder> getEorL_ResourceVirtualFolders()
Gets the virtual folders managed by this ACS and which contain only resources.

Returns:
full copy of the relevant virtual folders. May be empty but not null.

getEorL_EPVirtualFolders

java.util.List<VirtualFolder> getEorL_EPVirtualFolders()
Gets the virtual folders managed by this ACS and which contain only eligible parties.

Returns:
full copy of the virtual folders list. May be empty but not null.

getEorL_ExternalVirtualFolders

VirtualFolder[] getEorL_ExternalVirtualFolders()
Copy of the external virtual folders in a new array. They are defined as owned by another ACS but having rights through an external Privilege that is managed by this ACS.

Returns:
copy of the virtual folders list. May be null.

containsPrivilegeName

boolean containsPrivilegeName(ImmutableName _name)
Tests if a privilege is known.

Parameters:
_name - is an ImmutableName of the privilege to test
Returns:
boolean true if the ACS has recorded this privilege instance

containsVirtualFolderName

boolean containsVirtualFolderName(ImmutableName _name)
Tests if a virtual folder is known.

Parameters:
_name - is an ImmutableName of the virtual folder to test
Returns:
true if the ACS has recorded this virtual folder instance

containsOwnVirtualFolderName

boolean containsOwnVirtualFolderName(ImmutableName _name)
Tests if the ACS owns the virtual folder.

Parameters:
_name - of the virtual folder to test
Returns:
boolean true if this virtual folder is from this ACS

getM_Structure

java.util.SortedMap<java.lang.String,java.lang.Boolean> getM_Structure()
Gets the structure of this ACS. For the basic properties, there is a dedicated method to test them, like for instance the method getManageActors(). For the non-basic properties, they are included as keys and it is not necessary to have a Boolean.TRUE as value to use the property, since the presence of the key is simply tested.

Returns:
the immutable ACS structure. Never empty nor null.

getM_RightsOfInternalKey

java.util.SortedMap<java.lang.String,StringRight[]> getM_RightsOfInternalKey()
Gets the ACS rights and the metarights this ACS handles and for a given internal key value of the associated metaright. The map key is the metaright internal key.

Returns:
the unmodifiable rights map. Never empty nor null.

getEditorAndAddonNames

java.lang.String getEditorAndAddonNames()
The format is 'Editor: full_editor_name - AcsAddon: addon_name'. The AcsAddon name is 'NONE' if the ACS is not from an AcsAddon.

Returns:
the editor name and the AcsAddon name for the ACS. Never null.