Class ACPImpl

java.lang.Object
org.nuxeo.ecm.core.api.security.impl.ACPImpl
All Implemented Interfaces:
Serializable, Cloneable, ACP

public class ACPImpl extends Object implements ACP
The ACP implementation uses a cache used when calling getAccess().
See Also:
  • Field Details

    • LEGACY_BEHAVIOR_PROPERTY

      public static final String LEGACY_BEHAVIOR_PROPERTY
      ConfigurationService property to enable legacy behavior.
      Since:
      10.2
      See Also:
  • Constructor Details

    • ACPImpl

      public ACPImpl()
  • Method Details

    • addACL

      public void addACL(ACL acl)
      This method must append the ACL and not insert it since it is used to append the inherited ACL which is the less significant ACL.
      Specified by:
      addACL in interface ACP
    • addACL

      public void addACL(int pos, ACL acl)
      Specified by:
      addACL in interface ACP
    • getACL

      public ACL getACL(String name)
      Specified by:
      getACL in interface ACP
    • getACLs

      public ACL[] getACLs()
      Specified by:
      getACLs in interface ACP
    • getMergedACLs

      public ACL getMergedACLs(String name)
      Specified by:
      getMergedACLs in interface ACP
    • newACL

      public static ACL newACL(String name)
    • removeACL

      public ACL removeACL(String name)
      Specified by:
      removeACL in interface ACP
    • getAccess

      public Access getAccess(String principal, String permission)
      Description copied from interface: ACP
      Check whether this ACP grant the given permission on the given user, denies it or doesn't specify a rule.

      This is checking only the ACLs on that ACP. Parents if any are not checked.

      Specified by:
      getAccess in interface ACP
      Parameters:
      principal - the principal to check
      permission - the permission to check
      Returns:
      Access.GRANT if granted, Access.DENY if denied or Access.UNKNOWN if no rule for that permission exists. Never returns null.
    • getAccess

      public Access getAccess(String[] principals, String[] permissions)
      Description copied from interface: ACP
      Checks the access on the ACLs for each set of the given permissions and principals.

      This differs for an iterative check using getAccess(String principal, String permission) in the order of checks - so that in this case each ACE is fully checked against the given users and permissions before passing to the next ACE.

      Specified by:
      getAccess in interface ACP
    • getAccess

      public static Access getAccess(ACE ace, String[] principals, String[] permissions)
    • addAccessRule

      public void addAccessRule(String aclName, ACE ace)
    • getOrCreateACL

      public ACL getOrCreateACL(String name)
      Specified by:
      getOrCreateACL in interface ACP
    • getOrCreateACL

      public ACL getOrCreateACL()
      Specified by:
      getOrCreateACL in interface ACP
    • setRules

      public void setRules(String aclName, UserEntry[] userEntries)
      Description copied from interface: ACP
      Replaces the modifiable user entries (associated with the currentDocument) related to the ACP.

      Considers that all the passed entries are modifiable and attempts to set them as entries related to the current document.

      Specified by:
      setRules in interface ACP
    • setRules

      public void setRules(String aclName, UserEntry[] userEntries, boolean overwrite)
      Description copied from interface: ACP
      Replaces the modifiable user entries (associated with the currentDocument) related to the ACP.

      Considers that all the passed entries are modifiable and attempts to set them as entries related to the current document.

      Specified by:
      setRules in interface ACP
      overwrite - if true, will overwrite the whole ACL
    • setRules

      public void setRules(UserEntry[] userEntries)
      Description copied from interface: ACP
      Replaces the modifiable user entries (associated with the currentDocument) related to the current ACP.

      Considers that all the passed entries are modifiable and attempts to set them as local entries related to the current document.

      Specified by:
      setRules in interface ACP
    • setRules

      public void setRules(UserEntry[] userEntries, boolean overwrite)
      Description copied from interface: ACP
      Replaces the modifiable user entries (associated with the currentDocument) related to the current ACP.

      Considers that all the passed entries are modifiable and attempts to set them as local entries related to the current document.

      The current behavior reset completely the current ACL.

      Specified by:
      setRules in interface ACP
      overwrite - if true, will overwrite the whole current ACL
    • clone

      public ACPImpl clone()
      Description copied from interface: ACP
      Return a recursive copy of the ACP sharing no mutable substructure with the original
      Specified by:
      clone in interface ACP
      Overrides:
      clone in class Object
      Returns:
      a copy
    • blockInheritance

      public boolean blockInheritance(String aclName, String username)
      Description copied from interface: ACP
      Block the inheritance on the given aclName.
      Specified by:
      blockInheritance in interface ACP
      username - the user blocking the inheritance
      Returns:
      true if the ACP was changed.
    • unblockInheritance

      public boolean unblockInheritance(String aclName)
      Description copied from interface: ACP
      Unblock the inheritance on the given aclName.
      Specified by:
      unblockInheritance in interface ACP
      Returns:
      true if the ACP was changed.
    • addACE

      public boolean addACE(String aclName, ACE ace)
      Description copied from interface: ACP
      Add an ACE to the given aclName.
      Specified by:
      addACE in interface ACP
      Returns:
      true if the ACP was changed.
    • replaceACE

      public boolean replaceACE(String aclName, ACE oldACE, ACE newACE)
      Description copied from interface: ACP
      Replace the oldACE with newACE on the given aclName, only if the oldACE exists.

      The newACE keeps the same index as oldACE.

      Specified by:
      replaceACE in interface ACP
      Returns:
      true if the ACP was changed.
    • removeACE

      public boolean removeACE(String aclName, ACE ace)
      Description copied from interface: ACP
      Remove an ACE on the given aclName.
      Specified by:
      removeACE in interface ACP
      Returns:
      true if the ACP was changed.
    • removeACEsByUsername

      public boolean removeACEsByUsername(String aclName, String username)
      Description copied from interface: ACP
      Remove all ACEs for username on the given aclName.
      Specified by:
      removeACEsByUsername in interface ACP
      Returns:
      true if the ACP was changed.
    • removeACEsByUsername

      public boolean removeACEsByUsername(String username)
      Description copied from interface: ACP
      Remove all ACEs for username on the whole ACP.
      Specified by:
      removeACEsByUsername in interface ACP
      Returns:
      true if the ACP was changed.
    • replacePermission

      public void replacePermission(String oldPerm, String newPerm)
      Description copied from interface: ACP
      Replaces a permission with another in this ACP.
      Specified by:
      replacePermission in interface ACP
      Parameters:
      oldPerm - the old permission
      newPerm - the new permission
    • useLegacyBehavior

      protected boolean useLegacyBehavior()