Package org.nuxeo.ecm.core.api.security.impl

Class ACPImpl

    • Field Detail

      • LEGACY_BEHAVIOR_PROPERTY

        public static final String LEGACY_BEHAVIOR_PROPERTY
        ConfigurationService property to enable legacy behavior.
        Since:
        10.2
        See Also:
        Constant Field Values

    • Constructor Detail

      • ACPImpl

        public ACPImpl()

    • Method Detail

      • addACL

        public void addACL​(ACL acl)
        This method must append the ACL and not insert it since it is used to append the inherited ACL which is the less significant ACL.
        Specified by:
        addACL in interface ACP

      • addACL

        public void addACL​(int pos,
                   ACL acl)
        Specified by:
        addACL in interface ACP

      • addACL

        public void addACL​(String afterMe,
                   ACL acl)
        Specified by:
        addACL in interface ACP

      • getACLs

        public ACL[] getACLs()
        Specified by:
        getACLs in interface ACP

      • newACL

        public static ACL newACL​(String name)

      • getAccess

        public Access getAccess​(String principal,
                        String permission)
        Description copied from interface: ACP
        Check whether this ACP grant the given permission on the given user, denies it or doesn't specify a rule.

        This is checking only the ACLs on that ACP. Parents if any are not checked.

        Specified by:
        getAccess in interface ACP
        Parameters:
        principal - the principal to check
        permission - the permission to check
        Returns:
        Access.GRANT if granted, Access.DENY if denied or Access.UNKNOWN if no rule for that permission exists. Never returns null.

      • getAccess

        public Access getAccess​(String[] principals,
                        String[] permissions)
        Description copied from interface: ACP
        Checks the access on the ACLs for each set of the given permissions and principals.

        This differs for an iterative check using getAccess(String principal, String permission) in the order of checks - so that in this case each ACE is fully checked against the given users and permissions before passing to the next ACE.

        Specified by:
        getAccess in interface ACP

      • addAccessRule

        public void addAccessRule​(String aclName,
                          ACE ace)

      • setRules

        public void setRules​(String aclName,
                     UserEntry[] userEntries)
        Description copied from interface: ACP
        Replaces the modifiable user entries (associated with the currentDocument) related to the ACP.

        Considers that all the passed entries are modifiable and attempts to set them as entries related to the current document.

        Specified by:
        setRules in interface ACP

      • setRules

        public void setRules​(String aclName,
                     UserEntry[] userEntries,
                     boolean overwrite)
        Description copied from interface: ACP
        Replaces the modifiable user entries (associated with the currentDocument) related to the ACP.

        Considers that all the passed entries are modifiable and attempts to set them as entries related to the current document.

        Specified by:
        setRules in interface ACP
        overwrite - if true, will overwrite the whole ACL

      • setRules

        public void setRules​(UserEntry[] userEntries)
        Description copied from interface: ACP
        Replaces the modifiable user entries (associated with the currentDocument) related to the current ACP.

        Considers that all the passed entries are modifiable and attempts to set them as local entries related to the current document.

        Specified by:
        setRules in interface ACP

      • setRules

        public void setRules​(UserEntry[] userEntries,
                     boolean overwrite)
        Description copied from interface: ACP
        Replaces the modifiable user entries (associated with the currentDocument) related to the current ACP.

        Considers that all the passed entries are modifiable and attempts to set them as local entries related to the current document.

        The current behavior reset completely the current ACL.

        Specified by:
        setRules in interface ACP
        overwrite - if true, will overwrite the whole current ACL

      • listUsernamesForAnyPermission

        public String[] listUsernamesForAnyPermission​(Set<String> perms)
        Description copied from interface: ACP
        Returns the usernames granted to perform an operation based on a list of permissions.
        Specified by:
        listUsernamesForAnyPermission in interface ACP
        Parameters:
        perms - the list of permissions.
        Returns:
        a list of usernames

      • clone

        public ACPImpl clone()
        Description copied from interface: ACP
        Return a recursive copy of the ACP sharing no mutable substructure with the original
        Specified by:
        clone in interface ACP
        Overrides:
        clone in class Object
        Returns:
        a copy

      • blockInheritance

        public boolean blockInheritance​(String aclName,
                                String username)
        Description copied from interface: ACP
        Block the inheritance on the given aclName.
        Specified by:
        blockInheritance in interface ACP
        username - the user blocking the inheritance
        Returns:
        true if the ACP was changed.

      • unblockInheritance

        public boolean unblockInheritance​(String aclName)
        Description copied from interface: ACP
        Unblock the inheritance on the given aclName.
        Specified by:
        unblockInheritance in interface ACP
        Returns:
        true if the ACP was changed.

      • addACE

        public boolean addACE​(String aclName,
                      ACE ace)
        Description copied from interface: ACP
        Add an ACE to the given aclName.
        Specified by:
        addACE in interface ACP
        Returns:
        true if the ACP was changed.

      • replaceACE

        public boolean replaceACE​(String aclName,
                          ACE oldACE,
                          ACE newACE)
        Description copied from interface: ACP
        Replace the oldACE with newACE on the given aclName, only if the oldACE exists.

        The newACE keeps the same index as oldACE.

        Specified by:
        replaceACE in interface ACP
        Returns:
        true if the ACP was changed.

      • removeACE

        public boolean removeACE​(String aclName,
                         ACE ace)
        Description copied from interface: ACP
        Remove an ACE on the given aclName.
        Specified by:
        removeACE in interface ACP
        Returns:
        true if the ACP was changed.

      • removeACEsByUsername

        public boolean removeACEsByUsername​(String aclName,
                                    String username)
        Description copied from interface: ACP
        Remove all ACEs for username on the given aclName.
        Specified by:
        removeACEsByUsername in interface ACP
        Returns:
        true if the ACP was changed.

      • removeACEsByUsername

        public boolean removeACEsByUsername​(String username)
        Description copied from interface: ACP
        Remove all ACEs for username on the whole ACP.
        Specified by:
        removeACEsByUsername in interface ACP
        Returns:
        true if the ACP was changed.

      • replacePermission

        public void replacePermission​(String oldPerm,
                              String newPerm)
        Description copied from interface: ACP
        Replaces a permission with another in this ACP.
        Specified by:
        replacePermission in interface ACP
        Parameters:
        oldPerm - the old permission
        newPerm - the new permission

      • useLegacyBehavior

        protected boolean useLegacyBehavior()