Overview  Package   Class  Deprecated 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.opencms.security
Class CmsAccessControlList

java.lang.Object
  extended by org.opencms.security.CmsAccessControlList

public class CmsAccessControlList
extends java.lang.Object

An access control list contains the permission sets of all principals for a distinct resource that are calculated on the permissions defined by various access control entries.

To each single resource, access control entries of type CmsAccessControlEntry can be assigned. An access control entry defines the permissions (both allowed and explicitly denied) of a user or group for this resource.

By calling the method getAccessControlList the list is generated on the resource. It contains the result of merging both access control entries defined immediately on the resource and inherited along the folder hierarchie in the OpenCms virtual file system (controlled by flags in the entry).

To check the permissions of a user on a distinct resource, the method hasPermissions in the driver manager is called in each operation. This method acts as access guard and matches the required permissions for the operation against the allowed and denied permissions defined for the user or groups of this user.

Since:
6.0.0
Version:
$Revision: 1.27 $
Author:
Carsten Weinholz

Constructor Summary
CmsAccessControlList()
          Constructor to create an empty access control list for a given resource.
 
Method Summary
 void add(CmsAccessControlEntry entry)
          Adds an access control entry to the access control list.
 java.lang.Object clone()
          Returns a clone of this Objects instance.
 java.util.HashMap getPermissionMap()
          Returns the permission map of this access control list.
 CmsPermissionSetCustom getPermissions(CmsUser user, java.util.List groups, java.util.List roles)
          Calculates the permissions of the given user and his groups from the access control list.
 CmsPermissionSetCustom getPermissions(CmsUUID principalId)
          Returns the permission set of a principal as stored in the access control list.
 java.lang.String getPermissionString(CmsUser user, java.util.List groups, java.util.List roles)
          Calculates the permissions of the given user and his groups from the access control list.
 java.util.List getPrincipals()
          Returns the principals with specific permissions stored in this access control list.
 void setAllowedPermissions(CmsAccessControlEntry entry)
          Sets the allowed permissions of a given access control entry as allowed permissions in the access control list.
 void setDeniedPermissions(CmsAccessControlEntry entry)
          Sets the denied permissions of a given access control entry as denied permissions in the access control list.
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CmsAccessControlList

public CmsAccessControlList()
Constructor to create an empty access control list for a given resource.

Method Detail

add

public void add(CmsAccessControlEntry entry)
Adds an access control entry to the access control list.

Parameters:
entry - the access control entry to add

clone

public java.lang.Object clone()
Returns a clone of this Objects instance.

Overrides:
clone in class java.lang.Object
Returns:
a clone of this instance

getPermissionMap

public java.util.HashMap getPermissionMap()
Returns the permission map of this access control list.

Returns:
permission map

getPermissions

public CmsPermissionSetCustom getPermissions(CmsUser user,
                                             java.util.List groups,
                                             java.util.List roles)
Calculates the permissions of the given user and his groups from the access control list.

Parameters:
user - the user
groups - the groups of this user
roles - the roles of this user
Returns:
the summarized permission set of the user

getPermissions

public CmsPermissionSetCustom getPermissions(CmsUUID principalId)
Returns the permission set of a principal as stored in the access control list.

Parameters:
principalId - the id of the principal (group or user)
Returns:
the current permissions of this single principal

getPermissionString

public java.lang.String getPermissionString(CmsUser user,
                                            java.util.List groups,
                                            java.util.List roles)
Calculates the permissions of the given user and his groups from the access control list.

The permissions are returned as permission string in the format {{+|-}{r|w|v|c|i}}*.

Parameters:
user - the user
groups - the groups of this user
roles - the roles of this user
Returns:
a string that displays the permissions

getPrincipals

public java.util.List getPrincipals()
Returns the principals with specific permissions stored in this access control list.

Returns:
enumeration of principals (each group or user)

setAllowedPermissions

public void setAllowedPermissions(CmsAccessControlEntry entry)
Sets the allowed permissions of a given access control entry as allowed permissions in the access control list.

The denied permissions are left unchanged.

Parameters:
entry - the access control entry

setDeniedPermissions

public void setDeniedPermissions(CmsAccessControlEntry entry)
Sets the denied permissions of a given access control entry as denied permissions in the access control list.

The allowed permissions are left unchanged.

Parameters:
entry - the access control entry
Overview  Package   Class  Deprecated 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD