Provides the gWork classes for creating and analyzing a MySQL 5 database management system, as an extension of the generic ARoad0.gWork package, in the AcsAddon MySQL. It is responsible for processing the rights at the request of the ARoad0.gWork package. The MySQL ACS are built up by AcsFactoryMySQL in this package.

USING THE GENERIC CLASSES

To simulate the MySQL server, the features are provided first by a configuration of the Access Road generic functions, in the generic gBase package. This is the responsibility of the class ACSFactoryMySQLImpl, after its configuration by the class MySQL.gWork.AcsFactoryMySQL that provides:

FEATURES OF THE MySQL ACSADDON

The simulation of the MySQL server is then completed by the way of the MySQL AcsAddon, delivering the following features:

These features are presented mainly in the documentation page of the package MySQL.gBase.

THE MySQL NODERIGHTS AND LINKRIGHTS CLASSES

All the classes in this package are subclasses of the generic gWork package, except for AcsFactoryMySQL which simply implements ARoad0.Pattern.AcsFactoryForAcsAddon. The two classes NodeRightsMySQLImpl and LinkRightsMySQLImpl look for the original MySQL access paths. They add, remove or update the DisplayableLinkImpls of each Access Road view. NodeRightsMySQLImpl is quite complex to handle, because the calling sequence of its methods from the generic gWork classes has to be well understood.

The class NodeRightsMySQLImpl extends NodeRightsImpl. It has the responsability to set the properties of the access paths, and most of its methods come from its super class in the generic gWork package. The main specific methods of this class are presented now. This class overrides the method detectAddonFinalAllNodes() to add the properties AccessControlLink.C_FIST_RATE, AccessControlLink.C_WEAK_LINK and AccessControlLink.C_CONDITIONAL_ACL to some DisplayableLinkImpls. The aim is to precise the effective rights in an Access Road view having MySQL nodes.

The class NodeRightsMySQLImpl overrides the method detectL_aclEntryRights() to get all the rights of the relevant direct AclEntries managed by the ResourceMySQL object for a given EligibleParty, following the ACL sorting and the selection of the first matched ACL. This class overrides also the method getL_accessRightsThroughNodesTree() to return in an AccessControlLink the inherited rights that are given by the directory tree, as inherited rights on a ResourceMySQL. The result sets only the type AccessControlLink.ACL.

This class overrides the method selectAddonNewHiddenNodeForGroupIDMember() to detect the hidden actors that are linked to a GroupIDMember as access source. The aim is to extend the current DisplayableLinkImpls this GroupIDMember ends. This method covers two cases:

The class NodeRightsMySQLImpl contains a new method getConnectionPair(). It returns the first current user of an account, that is the pair (account, simple host or accounts-for-hosts group) under which the connection of an account is done on the MySQL server.

The class LinkRightsMySQLImpl extends LinkRightsImpl. It provides utilities about DisplayableLinkImpls. It operates on DisplayableLinkImpls and on the inherited rights. An important service is the adding of a DisplayableLinkImpl to the view map for these objects, and its filtering to follow the MySQL rules. This is the responsibility of the method addAndRemoveDisplayableLinks() (new in 0.7.3) to reject 7 patterns of DisplayableLinkImpls. 6 patterns are detected by isFirstStepForbiddenDLink(), called by addAndRemoveDisplayableLinks() with simply the DisplayableLinkImpl as argument.

The proper Actor AG context is required in the MySQL ACS, for any type of Actor as intermediate node in an access path, each time there is a non-null current UserID and there is an executing right on the Actor. This is the responsability of the method setNextNodeAGrunningContext().

To find the local UserID or GroupIDs a context switch has to run, the method getL_localAGfromContextSwitch() returns the default UserID 'anonymous' if the super method returns null.

Each node in a view and each intermediate node has one LinkRights instance for each view it belongs to. The implementation classes of this interface have properties that depend only on the class of the node ACS, then 2 nodes of the same view should use the same LinkRights instance, even if it is not the actual behavior in all cases. But there is an exception for the methods that detects the Account and AcsAddon priorities over all the links. They use RightsMediatorImpl.getAllLinkRights() which returns only one LinkRights instance per implied gWork package, and not one instance per view node.

EXEMPLE OF MySQL ACCESS PATH IN ACCESS ROAD 0.7.3

The use of the new 0.7.3 generic classes ExchangePointImpl and ContextSwitchImpl is demonstrated in the following 7-nodes access path. The default state of two ACS are used. one is an Ubuntu ACS and the second one is a MySQL ACS, as child of the first one. It shows how the Ubuntu account 'lp' has the MySQL rights UPDATE/SELECT/EXECUTE on the MySQL table column 'sales_amount column'. It is presented like in the 'See why' text, including some added comments:

FROM A RIGHT USER TO AN ACCESS TARGET

FROM IO:: two:: bb:: <U>:: lp

TO IO:: two:: bb:: my:: MySQL server:: BASE One:: Products table:: sales_amount column.

-- PATH NUMBER 1:

Link number 1:

Comment: The Ubuntu program 'mysqld' is executed by the Ubuntu account 'lp' through the Ubuntu AG Other rights:

AGO Other rights <inherited AG rights> <should limit rights> <Sets Owner>

Intermediate node:

IO:: two:: bb:: <files_tree>:: usr:: sbin:: mysqld

Link number 2:

Data Exchange -- AGO Other rights <inherited AG rights>

Comment: This creates a call through the ExchangePoint 'mysqld.sock' which is a Linux socket, as the conceptual calling point to the MySQL server by the way of a bridge ('lp' may also directly calls 'mysqld.sock'):

Intermediate node:

IO:: two:: bb:: <files_tree>:: var:: run:: mysqld:: mysqld.sock

Link number 3:

Bridge (<Sets Owner>)

Comment: The path enters now into the MySQL server ACS. '<entrance_gate>', as entry point of the ACS, is the ContextSwitch able to select the applicable MySQL account, taking account the calling Ubuntu account 'lp':

Intermediate node:

IO:: two:: bb:: my:: <connection_subacs>:: <entrance_gate>

Link number 4:

Runs Under

Intermediate node:

IO:: two:: bb:: my:: <U>:: lp

Comment: The ContextSwitch selects the ProxyMySQL 'lp' which is an image of the account 'jerry':

Link number 5:

Is alias (<modify owner>)

Intermediate node:

IO:: two:: bb:: my:: <U>:: jerry

Comment: The MySQL account 'jerry' under the MySQL group 'localhost' has some direct ACL rights and some inherited ACL rights on the MySQL target 'sales_amount column':

Link number 6:

ACL (UPDATE Current User: (jerry, localhost) <inherited ACL> USAGE SELECT EXECUTE <conditional ACL> through localhost) -- All Rights: UPDATE/SELECT /EXECUTE

GENERAL INFORMATION

Like any AcsAddon, this package offers classes which may be used by an ACS from another AcsAddon. Nonetheless, the classes in this package are designed to work together. A single class may be reused after a careful study of its code.

The limitations of the MySQL server simulation are described into the documentation of the MySQL.gBase package.

Ease-of-use: medium. There are simple algorithms in the rights processing, but the calling sequence from the generic gWork classes has to be well understood.

Reliability: high. There are no known bugs.