com.jalios.jcms.accesscontrol
Class AccessControlList

java.lang.Object
  com.jalios.jstore.BasicStorable
      com.jalios.jcms.Data
          com.jalios.jcms.accesscontrol.AccessControlList

All Implemented Interfaces:

AccessControlConstants, EditableData, JcmsConstants, ImportConstants, MashupConstants, Storable, JaliosConstants, Cloneable, Comparable<BasicStorable>

public class AccessControlList
extends Data
implements AccessControlConstants, EditableData

Define a collection of resources and their associated authorization.

Since:

jcms-7.0

Version:

$Revision: 28443 $

Nested Class Summary

static class	AccessControlList.NameComparator<T extends AccessControlList> Comparator sorting ACL alphabetically using their name.
static class	AccessControlList.NameSelector Select ACL by their name.
static class	AccessControlList.WorkspaceAclSelector DataSelector selecting only workspace ACL.

Nested classes/interfaces inherited from class com.jalios.jcms.Data

Data.AuthorComparator<T extends Data>, Data.AuthorSelector, Data.CdateSelector, Data.DataNameComparator<T extends Data>, Data.DeletableSelector, Data.ImportSelector, Data.MdateSelector, Data.OpAuthorComparator<T extends Data>, Data.RowIdComparator<T extends Data>, Data.StrongLockSelector

Nested classes/interfaces inherited from class com.jalios.jstore.BasicStorable

BasicStorable.CdateComparator<T extends Storable>, BasicStorable.IdComparator<T extends Storable>, BasicStorable.MdateComparator<T extends Storable>

Field Summary

protected HashMap<String,Boolean>	explicitResourceToAuthorizationMap
protected boolean	isWorkspaceACL
protected String	name
static String	REVISION

Fields inherited from class com.jalios.jcms.Data

author, authorDBID, channel, DISPLAY_URL_EXTRA_INFO, extension, extraDataMap, extraDBDataMapToSaveOnOp, importMap, opAuthor, opDelegate

Fields inherited from class com.jalios.jstore.BasicStorable

cdate, ddate, id, mdate, store

Fields inherited from interface com.jalios.jcms.accesscontrol.AccessControlConstants

ADMIN_RESOURCE, CTXT_DATA, CTXT_WORKSPACE, GRP_EDIT_RESOURCE, MBR_EDIT_RESOURCE, WORKSPACE_ADMIN_RESOURCE, WS_EDIT_RESOURCE, WSGRP_EDIT_RESOURCE, WSMBR_EDIT_RESOURCE

Fields inherited from interface com.jalios.jcms.JcmsConstants

ADATE_SEARCH, ADMIN_NOTES_PROP, ADVANCED_TAB, ARCHIVES_DIR, ASCII_WIDTH, CATEGORY_TAB, CDATE_SEARCH, COMMON_ALARM, CONTENT_TAB, COOKIE_MAX_AGE, CTRL_TOPIC_INTERNAL, CTRL_TOPIC_REF, CTRL_TOPIC_VALUE, CTRL_TOPIC_WRITE, CUSTOM_PROP, DOCCHOOSER_HEIGHT, DOCCHOOSER_WIDTH, DOCS_DIR, EDATE_SEARCH, EMAIL_REGEXP, ERROR_MSG, FORBIDDEN_FILE_ACCESS, FORBIDDEN_REDIRECT, FORCE_REDIRECT, ICON_ARCHIVE, ICON_LOCK, ICON_LOCK_STRONG, ICON_WARN, ICON_WH_BOOK_CLOSED, ICON_WH_BOOK_OPEN, INFORMATION_MSG, JALIOS_JUNIT_PROP, JCMS_CADDY, JCMS_MSG_LIST, JSYNC_DOWNLOAD_DIR, JSYNC_SYNC_ALARM, LOG_FILE, LOG_TOPIC_SECURITY, LOGGER_PROP, LOGGER_XMLPROP, MBR_PHOTO_DIR, MDATE_SEARCH, MONITOR_XML, OP_CREATE, OP_DEEP_COPY, OP_DEEP_DELETE, OP_DELETE, OP_MERGE, OP_UPDATE, PDATE_SEARCH, PHOTO_DIR, PHOTO_ICON, PHOTO_ICON_HEIGHT, PHOTO_ICON_WIDTH, PHOTO_LARGE, PHOTO_LARGE_HEIGHT, PHOTO_LARGE_WIDTH, PHOTO_NORMAL, PHOTO_NORMAL_HEIGHT, PHOTO_NORMAL_WIDTH, PHOTO_SMALL, PHOTO_SMALL_HEIGHT, PHOTO_SMALL_WIDTH, PHOTO_TINY, PHOTO_TINY_HEIGHT, PHOTO_TINY_WIDTH, PREVIOUS_TAB, PRINT_VIEW, PRIVATE_FILE_ACCESS, PUBLIC_FILE_ACCESS, READ_RIGHT_TAB, SDATE_SEARCH, SEARCHENGINE_ALARM, SESSION_AUTHORIZED_FILENAMES_SET, STATS_REPORT_DIR, STATUS_PROP, STORE_XML, TEMPLATE_TAB, THUMBNAIL_LARGE_HEIGHT, THUMBNAIL_LARGE_WIDTH, THUMBNAIL_SMALL_HEIGHT, THUMBNAIL_SMALL_WIDTH, UDATE_SEARCH, UPDATE_RIGHT_TAB, UPLOAD_DIR, URL_REGEXP, WARNING_MSG, WEBAPP_PROP, WFEXPRESS_ALARM, WFREMINDER_ALARM, WORKFLOW_TAB, WORKFLOW_XML

Fields inherited from interface com.jalios.util.JaliosConstants

CRLF, MILLIS_IN_ONE_DAY, MILLIS_IN_ONE_HOUR, MILLIS_IN_ONE_MINUTE, MILLIS_IN_ONE_MONTH, MILLIS_IN_ONE_SECOND, MILLIS_IN_ONE_WEEK, MILLIS_IN_ONE_YEAR

Fields inherited from interface com.jalios.jcms.mashup.ImportConstants

IMPORT_ALARM_MGR, IMPORT_AUTHOR_PROP, IMPORT_CATEGORY_DEFAULT, IMPORT_DC_ATTR, IMPORT_DC_STEP, IMPORT_DIR, IMPORT_ENABLED, IMPORT_JDOM_ELEMENT, IMPORT_LOG_FILE, IMPORT_LOG_MAX, IMPORT_OPTIONS, IMPORT_OPTIONS_DC_CONTEXT, IMPORT_ROOT_PROP, IMPORT_SOURCE_FILE, IMPORT_SOURCE_PREFIX_PROP, IMPORT_SOURCES_DIR, IMPORT_STEP_CLEAN, IMPORT_STEP_IMPORT, IMPORT_STEP_UPDATE_REF, IMPORT_WS_PROP

Fields inherited from interface com.jalios.jcms.mashup.MashupConstants

DATA_TAG, DATASET_TAG, FIELD_CLASS, FIELD_ENTRY, FIELD_ITEM, FIELD_KEY, FIELD_NAME, FIELD_TAG, FIELD_VALUE, FILE_FIELD, FILE_ID, FILE_MTIME, FILE_SIZE, FILE_TAG, FILE_TICKET, FILESET_TAG, RELATED_TAG

Constructor Summary

AccessControlList()
Builds a new AccessControlList without any authorization and using default value.

AccessControlList(AccessControlList other)
Builds a new AccessControlList by copying all authorization and option of the specified ACL.

Method Summary

ControllerStatus	checkDelete(Member mbr, Map context) Checks if the deletion can be performed
ControllerStatus	checkIntegrity() Checks whether or not data integrity constraints are respected.
ControllerStatus	checkMember(int op, Member mbr, Map context) Checks if the given member can perform the given operation.
void	clearExplicitAccessAuthorization() Remove all authorization for this ACL
Boolean	getAccessAuthorization(String resource) Retrieve the authorization of the specified resource
String	getDataName(String language) Return the name of this Data, every sub class Data which will be displayed to user should implements this method already.
Boolean	getExplicitAccessAuthorization(String resource) Retrieve the explicit authorization of the specified resource.
HashMap<String,Boolean>	getExplicitResourceToAuthorizationMap() Retrieve the internal map used to store authorization.
Set<Group>	getGroupSet() Retrieves the Set of Group using this ACL.
String	getName() Gets the name of this ACL.
static <T extends AccessControlList> Comparator<T>	getNameComparator() Retrieve a Comparator to sort ACL alphabetically using their name.
static AccessControlList.WorkspaceAclSelector	getWorkspaceAclSelector() Retrieve a DataSelector to select only workspace ACL in a collection.
boolean	isWorker() Check if any ACL provides worker right to the member using it.
boolean	isWorkspaceACL() Check if this ACL is dedicated for Workspace's resource access control or any other right
void	removeExplicitAccessAuthorization(String resource) Remove all authorization for the specified resource
void	setExplicitAccessAuthorization(String resource, Boolean authorization) Set the authorization of the specified resource
void	setExplicitResourceToAuthorizationMap(HashMap<String,Boolean> explicitResourceToAuthorizationMap) Set the value of the internal map used to store authorization.
void	setName(String name) Set the name of this ACL.
void	setWorkspaceACL(boolean isWorkspaceACL) Set if this ACL is dedicated for Workspace's resource access control.
void	updateGroupSet(Group group, boolean add) Internal method used to update the (transient) set of Group using this ACL.

Methods inherited from class com.jalios.jcms.Data

canRequestLock, checkCreate, checkCreate, checkDelete, checkIntegrity, checkLockMember, checkStrongLockMember, checkUpdate, checkUpdate, checkWrite, clone, computeDBIDArray, exportXml, exportXml, exportXml, exportXml, exportXmlField, exportXmlRelated, exportXmlRelated, fillExportXmlFieldAttributes, getAllReferrerSet, getAllReferrerSet, getAllTypeFieldEntry, getAuthor, getAuthor, getAuthorComparator, getAuthorDBID, getAuthorId, getAuthorSelector, getBooleanFieldValue, getBooleanFieldValue, getCaddyComparator, getCategoryFieldValue, getCategoryFieldValue, getCdateSelector, getComparator, getCSVHeader, getDataImage, getDataImage, getDataImage, getDataNameComparator, getDate, getDate, getDateSelector, getDeletableSelector, getDisplayLink, getDisplayLink, getDisplayUrl, getDoubleFieldValue, getDoubleFieldValue, getExportXmlDataValue, getExtension, getExtraData, getExtraDataMap, getExtraDBData, getExtraDBDataMap, getExtraInfo, getExtraInfoMap, getFieldStatusMap, getFieldValue, getFieldValue, getFieldValue, getFieldValue, getGenericThumbnail, getImportAuthor, getImportBatch, getImportDate, getImportDisplayUrl, getImportId, getImportMap, getImportMdate, getImportSelector, getImportSignature, getImportSource, getImportSourceUrl, getImportUrl, getIntFieldValue, getIntFieldValue, getLinkCount, getLinkIndexedDataSet, getLinkIndexedDataSet, getLockDate, getLockInfo, getLockMember, getLongFieldValue, getLongFieldValue, getMdateSelector, getNewDefaultExtraDataMap, getNewDefaultExtraDataMap, getNewDefaultExtraDataMap, getNewDefaultExtraDataMap, getNewDefaultExtraDBDataMap, getNewDefaultExtraDBDataMap, getNewDefaultExtraDBDataMap, getNewDefaultExtraDBDataMap, getOpAuthor, getOpAuthorComparator, getOpDelegate, getRowId, getRowIdComparator, getStrongLock, getStrongLockDate, getStrongLockInfo, getStrongLockMember, getStrongLockSelector, getTypeEntry, getTypeFieldsEntries, getUpdateInstance, hashCode, importXml, importXmlFieldsWithReferences, importXmlFiles, importXmlReferences, initializeDBDataCollections, isDBData, isImported, isImportUpdated, isInDatabase, isLocked, isPersisted, isStrongLocked, lock, markNewImport, mergeHybridLink, performAfterWrite, performBeforeWrite, performCreate, performCreate, performDelete, performDelete, performUpdate, performUpdate, prepareUpdateContext, printDataName, printDisplayLinkEnd, printDisplayLinkStart, printDisplayUrl, putStrongLock, releaseStrongLock, releaseStrongLock, removeExtraData, removeExtraDBData, removeExtraInfo, setAuthor, setAuthorDBID, setAuthorId, setBooleanFieldValue, setCategoryFieldValue, setDoubleFieldValue, setExtension, setExtraData, setExtraDataMap, setExtraDBData, setExtraDBDataMap, setExtraDBDataMap, setExtraInfo, setFieldValue, setFieldValue, setImportAuthor, setImportBatch, setImportDate, setImportDisplayUrl, setImportId, setImportMap, setImportMdate, setImportSignature, setImportSource, setImportSourceUrl, setImportUpdated, setIntFieldValue, setLongFieldValue, setMdate, setOpAuthor, setOpDelegate, setRowId, toCSV, toFullString, toString, unlock, unlock, unmarkNewImport, updateExtraDataMap, updateExtraDBDataMap, updateIndexTreeSet

Methods inherited from class com.jalios.jstore.BasicStorable

clearId, compareTo, equals, getAttribute, getAttributes, getCdate, getCdateComparator, getDdate, getId, getIdComparator, getMdate, getMdateComparator, getStore, getUrid, hasBeenUpdated, isStored, resolveAtt, resolveVal, setAttributes, setCdate, setDdate, setId, setStore, toXml

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

REVISION

public static final String REVISION

See Also:

Constant Field Values

name

protected String name

isWorkspaceACL

protected boolean isWorkspaceACL

explicitResourceToAuthorizationMap

protected HashMap<String,Boolean> explicitResourceToAuthorizationMap

Constructor Detail

AccessControlList

public AccessControlList()

Builds a new AccessControlList without any authorization and using default value.

Since:

jcms-7.0.0

AccessControlList

public AccessControlList(AccessControlList other)

Builds a new AccessControlList by copying all authorization and option of the specified ACL.

Parameters:

other - the ACl from which to copy fields

Since:

jcms-7.0.0

Method Detail

getDataName

public String getDataName(String language)

Description copied from class: Data

Return the name of this Data, every sub class Data which will be displayed to user should implements this method already.

• The Title (multi-language) for a Publication.
• The Name (multi-language) for a Category.
• The Name for a Group, a Member.
  
• The Title (multi-language) for a Workspace.

Can be seen as a smart multi-language toString(), but never returning null.
Default behaviour is to return toFullString() of Data or empty string if toFullString is null.

Overrides:

getDataName in class Data

Parameters:

language - the language in which to return the name if multilang available for the data.

Returns:

name of ACL or empty String if not specified.

Since:

jcms-7.0

See Also:

getName(), Data.getDataName(String)

getName

public String getName()

Gets the name of this ACL.

Returns:

the acl's name or an empty string if the name has not been set.

Since:

jcms-7.0.0

setName

public void setName(String name)

Set the name of this ACL.

Parameters:

name - the name to use.

Since:

jcms-7.0.0

isWorkspaceACL

public boolean isWorkspaceACL()

Check if this ACL is dedicated for Workspace's resource access control or any other right

Returns:

true if the acl is dedicated for Workspace's resource access (and only that), false if it is dedicated to anything else (excluding workspace's resource).

Since:

jcms-7.0.0

setWorkspaceACL

public void setWorkspaceACL(boolean isWorkspaceACL)

Set if this ACL is dedicated for Workspace's resource access control.

Parameters:

isWorkspaceACL - true if the acl is dedicated for Workspace's resource access (and only that), false if it is dedicated to anything else (excluding workspace's resource).

Since:

jcms-7.0.0

getAccessAuthorization

public Boolean getAccessAuthorization(String resource)

Retrieve the authorization of the specified resource

Parameters:

resource - URI of the resource

Returns:

null if no authorization has been defined, TRUE if resource access is allowed, FALSE or null to apply default behavior.

isWorker

public boolean isWorker()

Check if any ACL provides worker right to the member using it.

Returns:

true if ACL provides isWorker right, false otherwise

Since:

jcms-7.0.0

getExplicitAccessAuthorization

public Boolean getExplicitAccessAuthorization(String resource)

Retrieve the explicit authorization of the specified resource.

Do not use this method for acces right check, see getAccessAuthorization(String).

Parameters:

resource - URI of the resource

Returns:

null if no authorization has been defined, TRUE if resource access is allowed, FALSE or null to apply default behavior.

Since:

jcms-7.0.0

setExplicitAccessAuthorization

public void setExplicitAccessAuthorization(String resource,
                                           Boolean authorization)

Set the authorization of the specified resource

Parameters:

resource - URI of the resource

authorization - TRUE to grant access, FALSE or null to apply default behavior. if null, the authorization is removed and default access will be applied.

Since:

jcms-7.0.0

removeExplicitAccessAuthorization

public void removeExplicitAccessAuthorization(String resource)

Remove all authorization for the specified resource

Parameters:

resource - URI of the resource

Since:

jcms-7.0.0

clearExplicitAccessAuthorization

public void clearExplicitAccessAuthorization()

Remove all authorization for this ACL

Since:

jcms-7.0.0

getExplicitResourceToAuthorizationMap

public HashMap<String,Boolean> getExplicitResourceToAuthorizationMap()

Retrieve the internal map used to store authorization.

Returns:

a Map of resource URI to authorization boolean

Since:

jcms-7.0.0

setExplicitResourceToAuthorizationMap

public void setExplicitResourceToAuthorizationMap(HashMap<String,Boolean> explicitResourceToAuthorizationMap)

Set the value of the internal map used to store authorization.

Parameters:

explicitResourceToAuthorizationMap -

Since:

jcms-7.0.0

checkIntegrity

public ControllerStatus checkIntegrity()

Checks whether or not data integrity constraints are respected.

Overrides:

checkIntegrity in class Data

Returns:

a ControllerStatus

Since:

jcms-7.0.0

checkMember

public ControllerStatus checkMember(int op,
                                    Member mbr,
                                    Map context)

Checks if the given member can perform the given operation.

Overrides:

checkMember in class Data

Parameters:

op - the operation (OP_CREATE, OP_UPDATE, ...)

mbr - the member which requests the write operation

context - a map which contains context parameters (may be null)

Returns:

a ControllerStatus

Since:

jcms-7.0.0

checkDelete

public ControllerStatus checkDelete(Member mbr,
                                    Map context)

Checks if the deletion can be performed

Overrides:

checkDelete in class Data

Parameters:

mbr - the member which requests the write operation

context - a map which contains context parameters (may be null)

Returns:

a ControllerStatus

Since:

jcms-7.0.0

updateGroupSet

public void updateGroupSet(Group group,
                           boolean add)

Internal method used to update the (transient) set of Group using this ACL.

Parameters:

group - the Group to add or remove from the group set.

add - true -> add, false -> remove

Since:

jcms-7.0.0

getGroupSet

public Set<Group> getGroupSet()

Retrieves the Set of Group using this ACL.

Returns:

a TreeSet of Group (internal variable exposed, do not modify the returned set)

Since:

jcms-7.0.0

getWorkspaceAclSelector

public static AccessControlList.WorkspaceAclSelector getWorkspaceAclSelector()

Retrieve a DataSelector to select only workspace ACL in a collection.

Returns:

a new WorkspaceAclSelector

Since:

jcms-7.0.0

getNameComparator

public static <T extends AccessControlList> Comparator<T> getNameComparator()

Retrieve a Comparator to sort ACL alphabetically using their name.

Returns:

a new NameComparator

Since:

jcms-7.0.0