Package com.jalios.jcms.accesscontrol

Class AccessControlList

    • Field Detail

      • name

        protected java.lang.String name

      • isWorkspaceACL

        protected boolean isWorkspaceACL

      • isAdminOnly

        protected boolean isAdminOnly

      • explicitResourceToAuthorizationMap

        protected java.util.HashMap<java.lang.String,​java.lang.Boolean> explicitResourceToAuthorizationMap

    • Constructor Detail

      • AccessControlList

        public AccessControlList()
        Builds a new AccessControlList without any authorization and using default value.
        Since:
        jcms-7.0.0

      • AccessControlList

        public AccessControlList​(AccessControlList other)
        Builds a new AccessControlList by copying all authorization and option of the specified ACL.
        Parameters:
        other - the ACl from which to copy fields
        Since:
        jcms-7.0.0

    • Method Detail

      • getDataName

        public java.lang.String getDataName​(java.lang.String language)
        Description copied from class: Data
        Return the name of this Data, every sub class Data which will be displayed to user should implements this method already.
        • The Title (multi-language) for a Publication.
        • The Name (multi-language) for a Category.
        • The Name for a Group, a Member.
        • The Title (multi-language) for a Workspace.
        Can be seen as a smart multi-language toString(), but never returning null.
        Default behaviour is to return toFullString() of Data or empty string if toFullString is null.
        Overrides:
        getDataName in class Data
        Parameters:
        language - the language in which to return the name if multilang available for the data.
        Returns:
        name of ACL or empty String if not specified.
        Since:
        jcms-7.0
        See Also:
        getName(), Data.getDataName(String)

      • getName

        public java.lang.String getName()
        Gets the name of this ACL.
        Returns:
        the acl's name or an empty string if the name has not been set.
        Since:
        jcms-7.0.0

      • setName

        public void setName​(java.lang.String name)
        Set the name of this ACL.
        Parameters:
        name - the name to use.
        Since:
        jcms-7.0.0

      • isWorkspaceACL

        public boolean isWorkspaceACL()
        Check if this ACL is dedicated for Workspace's resource access control or any other right
        Returns:
        true if the acl is dedicated for Workspace's resource access (and only that), false if it is dedicated to anything else (excluding workspace's resource).
        Since:
        jcms-7.0.0

      • setWorkspaceACL

        public void setWorkspaceACL​(boolean isWorkspaceACL)
        Set if this ACL is dedicated for Workspace's resource access control.
        Parameters:
        isWorkspaceACL - true if the acl is dedicated for Workspace's resource access (and only that), false if it is dedicated to anything else (excluding workspace's resource).
        Since:
        jcms-7.0.0

      • isAdminOnly

        public boolean isAdminOnly()
        Check if this ACL can only be assigned by a global administrator. When this option is enabled (default behavior), only a global administrator can assign this ACL to users (via a group). By disabling this option, members with access to members global administration will have the ability to assign this ACL to users. In every case, workspace members administrators do not benefit from this authorization.

        This option has no effect for workspace ACL.

        Returns:
        true if option is enabled (default), false if assignement authorization has been granted to members with access to members global administration.
        Since:
        JCMS-6893 (for JCMS-6056)

      • setAdminOnly

        public void setAdminOnly​(boolean isAdminOnly)
        Set whether this ACL can be assigned only by a global administrator or more.

        This option has no effect for workspace ACL.

        Parameters:
        isAdminOnly - true to restrict to global admin only, false to grant authorization to members with access to members global administration.
        Since:
        JCMS-6893 (for JCMS-6056)

      • getAccessAuthorization

        public java.lang.Boolean getAccessAuthorization​(java.lang.String resource)
        Retrieve the authorization of the specified resource
        Parameters:
        resource - URI of the resource
        Returns:
        null if no authorization has been defined, TRUE if resource access is allowed, FALSE or null to apply default behavior.

      • isWorker

        public boolean isWorker()
        Check if any ACL provides worker right to the member using it.
        Returns:
        true if ACL provides isWorker right, false otherwise
        Since:
        jcms-7.0.0

      • getExplicitAccessAuthorization

        public java.lang.Boolean getExplicitAccessAuthorization​(java.lang.String resource)
        Retrieve the explicit authorization of the specified resource.

        Do not use this method for acces right check, see getAccessAuthorization(String).

        Parameters:
        resource - URI of the resource
        Returns:
        null if no authorization has been defined, TRUE if resource access is allowed, FALSE or null to apply default behavior.
        Since:
        jcms-7.0.0

      • setExplicitAccessAuthorization

        public void setExplicitAccessAuthorization​(java.lang.String resource,
                                           java.lang.Boolean authorization)
        Set the authorization of the specified resource
        Parameters:
        resource - URI of the resource
        authorization - TRUE to grant access, FALSE or null to apply default behavior. if null, the authorization is removed and default access will be applied.
        Since:
        jcms-7.0.0

      • removeExplicitAccessAuthorization

        public void removeExplicitAccessAuthorization​(java.lang.String resource)
        Remove all authorization for the specified resource
        Parameters:
        resource - URI of the resource
        Since:
        jcms-7.0.0

      • clearExplicitAccessAuthorization

        public void clearExplicitAccessAuthorization()
        Remove all authorization for this ACL
        Since:
        jcms-7.0.0

      • getExplicitResourceToAuthorizationMap

        public java.util.HashMap<java.lang.String,​java.lang.Boolean> getExplicitResourceToAuthorizationMap()
        Retrieve the internal map used to store authorization.
        Returns:
        a Map of resource URI to authorization boolean
        Since:
        jcms-7.0.0

      • setExplicitResourceToAuthorizationMap

        public void setExplicitResourceToAuthorizationMap​(java.util.HashMap<java.lang.String,​java.lang.Boolean> explicitResourceToAuthorizationMap)
        Set the value of the internal map used to store authorization.
        Parameters:
        explicitResourceToAuthorizationMap -
        Since:
        jcms-7.0.0

      • checkIntegrity

        public ControllerStatus checkIntegrity()
        Checks whether or not data integrity constraints are respected.
        Overrides:
        checkIntegrity in class Data
        Returns:
        a ControllerStatus
        Since:
        jcms-7.0.0

      • checkMember

        public ControllerStatus checkMember​(int op,
                                    Member mbr,
                                    java.util.Map context)
        Checks if the given member can perform the given operation.
        Overrides:
        checkMember in class Data
        Parameters:
        op - the operation (OP_CREATE, OP_UPDATE, ...)
        mbr - the member which requests the write operation
        context - a map which contains context parameters (may be null)
        Returns:
        a ControllerStatus
        Since:
        jcms-7.0.0

      • checkDelete

        public ControllerStatus checkDelete​(Member mbr,
                                    java.util.Map context)
        Checks if the deletion can be performed
        Overrides:
        checkDelete in class Data
        Parameters:
        mbr - the member which requests the write operation
        context - a map which contains context parameters (may be null)
        Returns:
        a ControllerStatus
        Since:
        jcms-7.0.0

      • updateGroupSet

        public void updateGroupSet​(Group group,
                           boolean add)
        Internal method used to update the (transient) set of Group using this ACL.
        Parameters:
        group - the Group to add or remove from the group set.
        add - true -> add, false -> remove
        Since:
        jcms-7.0.0

      • getGroupSet

        public java.util.Set<Group> getGroupSet()
        Retrieves the Set of Group using this ACL.
        Returns:
        a TreeSet of Group (internal variable exposed, do not modify the returned set)
        Since:
        jcms-7.0.0

      • exportXmlField

        public void exportXmlField​(java.lang.StringBuffer sb,
                           int indentLevel)
        Description copied from class: Data
        Fills the given StringBuffer with Xml export of fields of this data.
        Overrides:
        exportXmlField in class Data
        Parameters:
        sb - the StringBuffer
        indentLevel - the indent level

      • getWorkspaceAclSelector

        public static AccessControlList.WorkspaceAclSelector getWorkspaceAclSelector()
        Retrieve a DataSelector to select only workspace ACL in a collection.
        Returns:
        a new WorkspaceAclSelector
        Since:
        jcms-7.0.0

      • getNameComparator

        public static <T extends AccessControlList> java.util.Comparator<T> getNameComparator()
        Retrieve a Comparator to sort ACL alphabetically using their name.
        Returns:
        a new NameComparator
        Since:
        jcms-7.0.0