Package org.nuxeo.ecm.core.api.security

Interface ACL

All Superinterfaces:

Cloneable, Collection<ACE>, Iterable<ACE>, List<ACE>, Serializable

All Known Implementing Classes:

ACLImpl

public interface ACL
extends List<ACE>, Serializable, Cloneable

An ACL (Access Control List) is a list of ACEs (Access Control Entry).

An ACP may contain several ACL identified by a name. This is to let external modules add security rules. There are 2 default ACLs:

• the local ACL - this is the default type of ACL that may be defined by an user locally to a document (using a security UI).
  This is the only ACL an user can change
• the inherited - this is a special ACL generated by merging all document parents ACL. This ACL is read only (cannot be modified locally on the document since it is inherited.

ACLs that are used by external modules cannot be modified by the user through the security UI. These ACLs should be modified only programmatically by the tool that added them.

Author:

Bogdan Stefanescu

Field Summary

Fields

Modifier and Type	Field	Description
static String	INHERITED_ACL
static String	LOCAL_ACL

Method Summary

Modifier and Type	Method	Description
boolean	add(ACE ace)	Add an ACE.
boolean	blockInheritance(String username)	Block the inheritance.
Object	clone()	Returns a recursive copy of the ACL sharing no mutable substructure with the original.
ACE[]	getACEs()	Returns the ACEs defined by this list as an array.
String	getName()	Gets the ACL name.
boolean	removeByUsername(String username)	Remove all ACEs for username.
boolean	replace(ACE oldACE, ACE newACE)	Replace the oldACE with newACE, only if the oldACE exists.
void	replacePermission(String oldPerm, String newPerm)	Replaces a permission with another in this ACL.
void	setACEs(ACE[] aces)	Sets the ACEs defined by this ACL.
boolean	unblockInheritance()	Unblock the inheritance.

Methods inherited from interface java.util.Collection

parallelStream, removeIf, stream, toArray

Methods inherited from interface java.lang.Iterable

forEach

Methods inherited from interface java.util.List

add, addAll, addAll, clear, contains, containsAll, equals, get, hashCode, indexOf, isEmpty, iterator, lastIndexOf, listIterator, listIterator, remove, remove, removeAll, replaceAll, retainAll, set, size, sort, spliterator, subList, toArray, toArray

Field Detail

LOCAL_ACL

static final String LOCAL_ACL

See Also:

Constant Field Values

INHERITED_ACL

static final String INHERITED_ACL

See Also:

Constant Field Values

Method Detail

getName

String getName()

Gets the ACL name.

Returns:

the ACL name

getACEs

ACE[] getACEs()

Returns the ACEs defined by this list as an array.

setACEs

void setACEs(ACE[] aces)

Sets the ACEs defined by this ACL.

Parameters:

aces - the ACE array

blockInheritance

boolean blockInheritance(String username)

Block the inheritance.

Parameters:

username - the user blocking the inheritance

Returns:

true if the ACL was changed.

Since:

7.4

unblockInheritance

boolean unblockInheritance()

Unblock the inheritance.

Returns:

true if the ACL was changed.

Since:

7.4

add

boolean add(ACE ace)

Add an ACE.

Specified by:

add in interface Collection<ACE>

Specified by:

add in interface List<ACE>

Returns:

true if the ACL was changed.

Since:

7.4

replace

boolean replace(ACE oldACE,
                ACE newACE)

Replace the oldACE with newACE, only if the oldACE exists.

The newACE keeps the same index as oldACE.

Returns:

true if the ACL was changed.

Since:

7.4

removeByUsername

boolean removeByUsername(String username)

Remove all ACEs for username.

Returns:

true if the ACL was changed.

Since:

7.4

clone

Object clone()

Returns a recursive copy of the ACL sharing no mutable substructure with the original.

Returns:

a copy

replacePermission

void replacePermission(String oldPerm,
                       String newPerm)

Replaces a permission with another in this ACL.

Parameters:

oldPerm - the old permission

newPerm - the new permission

Since:

11.3