public interface ACP extends Serializable, Cloneable
An ACP may contains several ACLs (access control list) identified by names.
The list of ACLs is ordered so that when checking permissions the ACL are consulted in an ascending order. (The ACL on position 0 is consulted first).
Every ACP has at least one ACL having the reserved name "local". This is the only user editable list (through the security UI).
Other ACLs are used internally and are editable only through the API.
Also an ACP may have a list named "inherited" that represents the ACLs inherited from the resource parents if any. These ACLs are merged in a single list that is always read only even through the API.
Modifier and Type | Method and Description |
---|---|
boolean |
addACE(String aclName,
ACE ace)
Add an ACE to the given
aclName . |
void |
addACL(ACL acl) |
void |
addACL(int pos,
ACL acl) |
void |
addACL(String afterMe,
ACL acl)
Deprecated.
since 7.4. Always use
addACL(ACL) to have correctly ordered acls. To force by-passing the
order, use addACL(int, ACL) . |
boolean |
blockInheritance(String aclName,
String username)
Block the inheritance on the given
aclName . |
ACP |
clone()
Return a recursive copy of the ACP sharing no mutable substructure with the original
|
Access |
getAccess(String[] principals,
String[] permissions)
Checks the access on the ACLs for each set of the given permissions and principals.
|
Access |
getAccess(String principal,
String permission)
Check whether this ACP grant the given permission on the given user, denies it or doesn't specify a rule.
|
ACL |
getACL(String name) |
ACL[] |
getACLs() |
ACL |
getMergedACLs(String name) |
ACL |
getOrCreateACL() |
ACL |
getOrCreateACL(String name) |
String[] |
listUsernamesForAnyPermission(Set<String> perms)
Deprecated.
since 5.4.2 Use the method from UserManager service getUsersForPermission instead
|
boolean |
removeACE(String aclName,
ACE ace)
Remove an ACE on the given
aclName . |
boolean |
removeACEsByUsername(String username)
Remove all ACEs for
username on the whole ACP. |
boolean |
removeACEsByUsername(String aclName,
String username)
Remove all ACEs for
username on the given aclName . |
ACL |
removeACL(String name) |
boolean |
replaceACE(String aclName,
ACE oldACE,
ACE newACE)
Replace the
oldACE with newACE on the given aclName , only if the oldACE exists. |
void |
setRules(String aclName,
UserEntry[] userEntries)
Replaces the modifiable user entries (associated with the currentDocument) related to the ACP.
|
void |
setRules(String aclName,
UserEntry[] userEntries,
boolean overwrite)
Replaces the modifiable user entries (associated with the currentDocument) related to the ACP.
|
void |
setRules(UserEntry[] userEntries)
Replaces the modifiable user entries (associated with the currentDocument) related to the current ACP.
|
void |
setRules(UserEntry[] userEntries,
boolean overwrite)
Replaces the modifiable user entries (associated with the currentDocument) related to the current ACP.
|
boolean |
unblockInheritance(String aclName)
Unblock the inheritance on the given
aclName . |
Access getAccess(String principal, String permission)
This is checking only the ACLs on that ACP. Parents if any are not checked.
principal
- the principal to checkpermission
- the permission to checkAccess getAccess(String[] principals, String[] permissions)
This differs for an iterative check using getAccess(String principal, String permission) in the order of checks - so that in this case each ACE is fully checked against the given users and permissions before passing to the next ACE.
void setRules(UserEntry[] userEntries)
Considers that all the passed entries are modifiable and attempts to set them as local entries related to the current document.
void setRules(UserEntry[] userEntries, boolean overwrite)
Considers that all the passed entries are modifiable and attempts to set them as local entries related to the current document.
The current behavior reset completely the current ACL.
overwrite
- if true, will overwrite the whole current ACLvoid setRules(String aclName, UserEntry[] userEntries)
Considers that all the passed entries are modifiable and attempts to set them as entries related to the current document.
void setRules(String aclName, UserEntry[] userEntries, boolean overwrite)
Considers that all the passed entries are modifiable and attempts to set them as entries related to the current document.
overwrite
- if true, will overwrite the whole ACL@Deprecated void addACL(String afterMe, ACL acl)
addACL(ACL)
to have correctly ordered acls. To force by-passing the
order, use addACL(int, ACL)
.ACL getMergedACLs(String name)
ACL getOrCreateACL(String name)
ACL getOrCreateACL()
@Deprecated String[] listUsernamesForAnyPermission(Set<String> perms)
perms
- the list of permissions.ACP clone()
boolean blockInheritance(String aclName, String username)
aclName
.username
- the user blocking the inheritanceboolean unblockInheritance(String aclName)
aclName
.boolean addACE(String aclName, ACE ace)
aclName
.boolean replaceACE(String aclName, ACE oldACE, ACE newACE)
oldACE
with newACE
on the given aclName
, only if the oldACE
exists.
The newACE
keeps the same index as oldACE
.
boolean removeACE(String aclName, ACE ace)
aclName
.boolean removeACEsByUsername(String aclName, String username)
username
on the given aclName
.boolean removeACEsByUsername(String username)
username
on the whole ACP.Copyright © 2017 Nuxeo. All rights reserved.