Interface ACP
- All Superinterfaces:
Cloneable
,Serializable
- All Known Implementing Classes:
ACPImpl
An ACP may contains several ACLs (access control list) identified by names.
The list of ACLs is ordered so that when checking permissions the ACL are consulted in an ascending order. (The ACL on position 0 is consulted first).
Every ACP has at least one ACL having the reserved name "local". This is the only user editable list (through the security UI).
Other ACLs are used internally and are editable only through the API.
Also an ACP may have a list named "inherited" that represents the ACLs inherited from the resource parents if any. These ACLs are merged in a single list that is always read only even through the API.
- Author:
- Bogdan Stefanescu, Julien Anguenot
-
Method Summary
Modifier and TypeMethodDescriptionboolean
Add an ACE to the givenaclName
.void
void
boolean
blockInheritance
(String aclName, String username) Block the inheritance on the givenaclName
.clone()
Return a recursive copy of the ACP sharing no mutable substructure with the originalChecks the access on the ACLs for each set of the given permissions and principals.Check whether this ACP grant the given permission on the given user, denies it or doesn't specify a rule.ACL[]
getACLs()
getMergedACLs
(String name) getOrCreateACL
(String name) boolean
Remove an ACE on the givenaclName
.boolean
removeACEsByUsername
(String username) Remove all ACEs forusername
on the whole ACP.boolean
removeACEsByUsername
(String aclName, String username) Remove all ACEs forusername
on the givenaclName
.boolean
replaceACE
(String aclName, ACE oldACE, ACE newACE) Replace theoldACE
withnewACE
on the givenaclName
, only if theoldACE
exists.void
replacePermission
(String oldPerm, String newPerm) Replaces a permission with another in this ACP.void
Replaces the modifiable user entries (associated with the currentDocument) related to the ACP.void
Replaces the modifiable user entries (associated with the currentDocument) related to the ACP.void
Replaces the modifiable user entries (associated with the currentDocument) related to the current ACP.void
Replaces the modifiable user entries (associated with the currentDocument) related to the current ACP.boolean
unblockInheritance
(String aclName) Unblock the inheritance on the givenaclName
.
-
Method Details
-
getAccess
Check whether this ACP grant the given permission on the given user, denies it or doesn't specify a rule.This is checking only the ACLs on that ACP. Parents if any are not checked.
- Parameters:
principal
- the principal to checkpermission
- the permission to check- Returns:
- Access.GRANT if granted, Access.DENY if denied or Access.UNKNOWN if no rule for that permission exists. Never returns null.
-
getAccess
Checks the access on the ACLs for each set of the given permissions and principals.This differs for an iterative check using getAccess(String principal, String permission) in the order of checks - so that in this case each ACE is fully checked against the given users and permissions before passing to the next ACE.
-
setRules
Replaces the modifiable user entries (associated with the currentDocument) related to the current ACP.Considers that all the passed entries are modifiable and attempts to set them as local entries related to the current document.
-
setRules
Replaces the modifiable user entries (associated with the currentDocument) related to the current ACP.Considers that all the passed entries are modifiable and attempts to set them as local entries related to the current document.
The current behavior reset completely the current ACL.
- Parameters:
overwrite
- if true, will overwrite the whole current ACL
-
setRules
Replaces the modifiable user entries (associated with the currentDocument) related to the ACP.Considers that all the passed entries are modifiable and attempts to set them as entries related to the current document.
-
setRules
Replaces the modifiable user entries (associated with the currentDocument) related to the ACP.Considers that all the passed entries are modifiable and attempts to set them as entries related to the current document.
- Parameters:
overwrite
- if true, will overwrite the whole ACL
-
addACL
-
addACL
-
removeACL
-
getACL
-
getACLs
ACL[] getACLs() -
getMergedACLs
-
getOrCreateACL
-
getOrCreateACL
ACL getOrCreateACL() -
clone
ACP clone()Return a recursive copy of the ACP sharing no mutable substructure with the original- Returns:
- a copy
-
blockInheritance
Block the inheritance on the givenaclName
.- Parameters:
username
- the user blocking the inheritance- Returns:
- true if the ACP was changed.
- Since:
- 7.4
-
unblockInheritance
Unblock the inheritance on the givenaclName
.- Returns:
- true if the ACP was changed.
- Since:
- 7.4
-
addACE
Add an ACE to the givenaclName
.- Returns:
- true if the ACP was changed.
- Since:
- 7.4
-
replaceACE
Replace theoldACE
withnewACE
on the givenaclName
, only if theoldACE
exists.The
newACE
keeps the same index asoldACE
.- Returns:
- true if the ACP was changed.
- Since:
- 7.4
-
removeACE
Remove an ACE on the givenaclName
.- Returns:
- true if the ACP was changed.
- Since:
- 7.4
-
removeACEsByUsername
Remove all ACEs forusername
on the givenaclName
.- Returns:
- true if the ACP was changed.
- Since:
- 7.4
-
removeACEsByUsername
Remove all ACEs forusername
on the whole ACP.- Returns:
- true if the ACP was changed.
- Since:
- 7.4
-
replacePermission
Replaces a permission with another in this ACP.- Parameters:
oldPerm
- the old permissionnewPerm
- the new permission- Since:
- 11.3
-