|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface AclEntry
This interface is responsible for modeling the access control list entry which manages some access grantings or some access denyings from an EligibleParty to a Resource. An AclEntry is conditional when it uses condition group(s) for which the source has to be member for activating the AclEntry rights. There are two types of conditional AclEntry, the simple-condition and the right-condition AclEntry. The AclEntry, the EligibleParty and the Resource may belong to three different access control systems, or, in the simplest case, to only one ACS. An AclEntry is created by the resource, that specifies an eligible party as argument for the constructor.
An AclEntry may be conditioned by the groups of the source, and then, the returned rights are null if the source is not member of all the condition group(s). The conditional AclEntry is an alternative to the LINKED_IF_ALL_SOURCES privilege, but it is focused to deliver rights to one source which has to be member of condition groups. A conditional AclEntry has the same ACS for managing both the AclEntry, the condition group and the eligible party. Thus, a conditional AclEntry has never an external eligible party.
An AclEntry is created and managed by its resource, and it is deleted when the resource is deleted. An AclEntry is uniquely defined by the set (ACS, Resource, EligibleParty, first condition GroupID, sens of the right) where the first condition GroupID is null if it is not a conditional AclEntry. The AclEntry identity changes for a conditional AclEntry when its first condition GroupID changes, and this is why the first condition group is immutable after the creation of the AclEntry.
This interface manages the following ACS constraints on the ACSObject type policy:
- 'GroupID.ConditionalAclGroup' where the values are the types of the groups which may be condition groups in some flexible or right-defined conditional ACLs
- 'Resource.OneRightACL' where the values are the types of the resources which handled only AclEntries with no or one right
- 'Resource.NoConditionalACL' where the values are the types of the resources which never handle flexible or right-defined conditional AclEntries
- 'Resource.NoNonConditionalACL' where the values are the types of the resources for which an AclEntry without condition group(s) is never operational
- 'Resource.OneConditionGroupInACL' where the values are the types of the resources which handled only conditional AclEntries with no or one condition group
- 'Resource.TypesOfSourceForConditionalACL.allowed_Resource_type' where the values are the allowed EligibleParty types as source of a conditional ACL in a Resource having this type
It is a javabean with the following bound properties: 'Comment', 'AclRights', 'ConditionSourceGroups'.
EligibleParty
,
Resource
Method Summary | |
---|---|
void |
addForUserConditionSourceGroup(ImmutableGroupID _grp)
To activate the ACL rights, the EP has to be member of the conditionnal GroupIDs. |
void |
removeForUserConditionSourceGroup(ImmutableGroupID _grp)
To activate the ACL rights, the EP has to be member of the conditionnal GroupIDs, if it is a GroupIDMember. |
void |
setComment(java.lang.String _s)
Sets any comment related to this resource. |
void |
setL_RightsForUser(StringRight[] _st)
Sets the rights of the AclEntry, from which the effective rights given by getRight() are derived. |
Methods inherited from interface ARoad0.gBaseInterface.ImmutableAclEntry |
---|
clone, copy, equals, getEnabledRights, getEorACS, getEorEP, getEorResACS, getEorResource, getEpName, getL_ConditionSourceGroups, getL_Rights, getNameOfEpACS, getNameOfResACS, getNoConditionalRight, getPositiveRight, getPropertyChangeListeners, getResName, getResType, getSerialVersionUID, getSource, getTarget, hashCode, isConditionalAclEntry, isEmpty, isExternalAclEntry, isRightDefinedConditionalAclEntry, toString |
Methods inherited from interface ARoad0.gBaseInterface.ACSObject |
---|
getAcsName |
Methods inherited from interface ARoad0.gBaseInterface.BaseObject |
---|
getFullName, getName, getNickName |
Methods inherited from interface ARoad0.gBaseInterface.DetailledName |
---|
getDetailledName, getDetailledNameFromName, getKeyPropertiesFromDetailledName, getNameFromDetailledName |
Methods inherited from interface ARoad0.gBaseInterface.FinalizedObjectForUser |
---|
finalizeForUser |
Methods inherited from interface ARoad0.gBaseInterface.FinalizedObject |
---|
finalizeForBase |
Methods inherited from interface java.lang.Comparable |
---|
compareTo |
Methods inherited from interface ARoad0.gBaseInterface.BoundBean |
---|
addPropertyChangeListener, addPropertyChangeListener, removePropertyChangeListener, removePropertyChangeListener |
Method Detail |
---|
void setL_RightsForUser(StringRight[] _st) throws CreateError
Only non-null, non-empty rights are set as new rights. Creates a 0-size array if the argument is null. Controls if each right has the correct sens. Controls the ACS type policy on 'Resource.OneRightACL', 'Resource.NoConditionalACL', 'Resource.NoNonConditionalACL'.
A right-defined conditional AclEntry must have a single non-null right. For a conditinal AclEntry, _ep is a GroupIDMember, and the right is workable only if _ep is a member of each of these condition groups. Otherwise, the resulting effective right from getRight() is a 0-size array. Calls BaseUtilityImpl.getL_AcsRestrictedRights() and UtilityImpl.selectHeaders().
Fires a PropertyChangeEvent "AclRights" to the listeners. Note: 'AclRights' is also the bound property name of the ACLs in ResourceImpl, to allow the work of the Gui1 package. For Gui2.GraphicViewBaseListenerImpl that listens the 'AclRights' events both from the Resource and the AclEntry, the source and the value types in the event allows to process the event properly.
_st
- is an array of non-null, non-empty rights
for the couple (resource, EligibleParty) in the AclEntry ACS.
The authorized rights depend on the AclEntry ACS. May be null.
CreateError
- if a right is null, empty,
if the resource or the eligible party is immutable,
if a right is not allowed, has not the sens of getPositiveRight(),
or does not fulfil with the ACL constraints.void setComment(java.lang.String _s)
_s
- comment which is associated to the resource.void addForUserConditionSourceGroup(ImmutableGroupID _grp) throws UpDateError
_grp
- conditionnal group to add
UpDateError
- if the AclEntry ACS does not manage the flexible
conditional group, or the argument is null or not from the AclEntry ACSvoid removeForUserConditionSourceGroup(ImmutableGroupID _grp) throws UpDateError
_grp
- conditionnal group to remove. Never null.
UpDateError
- if the AclEntry uses static conditional group, or the argument
is null or not from the AclEntry ACS
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |