Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Oracle Content Management SDK
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

oracle.ifs.beans
Class AccessControlList

java.lang.Object
  |
  +--oracle.ifs.beans.LibraryObject
        |
        +--oracle.ifs.beans.TieLibraryObject
              |
              +--oracle.ifs.beans.PublicObject
                    |
                    +--oracle.ifs.beans.TiePublicObject
                          |
                          +--oracle.ifs.beans.AccessControlList
All Implemented Interfaces:
IfsEventHandler, LibraryObjectInterface, PublicObjectInterface, Traceable
Direct Known Subclasses:
TieAccessControlList
public class AccessControlList
extends TiePublicObject

The AccessControlList (ACL) class represents a set of AccessControlEntries (ACE). Each ACE represents a single grant/revoke of a privilege or AccessLevel. The complete list of ACEs, that is the ACL itself, represents the cumulative list of who (DirectoryObjects) has what access to a specified PublicObject. An ACL may be referenced (shared) by more than one PublicObject.

The order of the ACEs is significant. Access is resolved in ascending order. If a user is first granted a privilege, then revoked, the result is the user will not have that privilege.

For example, the first ACE grants a group complete access to a PublicObject. The second ACE revokes specific privileges to distinct members of the group. The result would be some members having full privileges and others having restricted privileges. Had the order of the ACEs been reversed, the result would be the whole group having full privileges.

See Also:
AccessLevel, DirectoryObject, DirectoryUser, PublicObject

Field Summary
static java.lang.String CLASS_NAME
          This class name for this class.
static java.lang.String COMPONENTACLS_ATTRIBUTE
          The component ACLs for a composite ACL.
static java.lang.String OWNERUNIQUENAME_ATTRIBUTE
          A system-set attribute used to ensure no ACLs owned by a user have duplicate names.
static java.lang.String SHARED_ATTRIBUTE
          An indicator of whether more than one PublicObject refers to this AccessControlList.
 
Fields inherited from class oracle.ifs.beans.PublicObject
ACL_ATTRIBUTE, ADMINISTRATIONGROUP_ATTRIBUTE, CREATEDATE_ATTRIBUTE, CREATOR_ATTRIBUTE, DELETOR_ATTRIBUTE, DESCRIPTION_ATTRIBUTE, EXPIRATIONDATE_ATTRIBUTE, FAMILY_ATTRIBUTE, FLAGS_ATTRIBUTE, LASTMODIFIER_ATTRIBUTE, LASTMODIFYDATE_ATTRIBUTE, LOCKEDFORSESSION_ATTRIBUTE, LOCKOBJECT_ATTRIBUTE, LOCKSTATE_ATTRIBUTE, LOCKSTATE_HARDLOCK, LOCKSTATE_SESSIONLOCK, LOCKSTATE_SOFTLOCK, LOCKSTATE_UNLOCK, LOCKSTATE_USERLOCK, NAME_ATTRIBUTE, OWNER_ATTRIBUTE, POLICYBUNDLE_ATTRIBUTE, PROPERTYBUNDLE_ATTRIBUTE, RESOLVEDPUBLICOBJECT_ATTRIBUTE, SECURINGPUBLICOBJECT_ATTRIBUTE
 
Method Summary
 boolean checkEffectiveAccess(DirectoryObject obj, AccessLevel level)
          Check to see if specified user has the specified access level on this object.
 boolean checkGrantedAccess(AccessLevel level)
          Check if current user has the specified access level on this object.
 boolean checkGrantedAccess(DirectoryObject obj, AccessLevel requestedLevel)
          Check to see if specified user/group has the specified access level on this object.
 AccessControlEntry[] getAccessControlEntrys()
          Returns an array of AccessControlEntry objects that are part of this ACL.
 AccessControlEntry getAccessControlEntrys(int index)
          Returns the ACE at specified index in array of ACEs.
 AccessControlList[] getComponentAcls()
          Returns all AccessControlLists that are components of the target ACL.
 AccessControlList[] getCompositeAcls()
          Gets the set of composite ACLs which reference the target ACL as a "component".
 AccessLevel getEffectiveAccessLevel(DirectoryObject obj)
          Returns the effective access level on this object for the specified user.
 AccessLevel getGrantedAccessLevel()
          Returns the access level on this object for the current user.
 AccessLevel getGrantedAccessLevel(DirectoryObject obj)
          Returns the access level on this object for a specified DirectoryObject.
 AccessControlEntry grantAccess(AccessControlEntryDefinition aceDef)
          Add or extend an ACE for this ACL.
 void handleEvent(IfsEvent event)
          Handles the specified event.
 boolean isComposite()
          Returns indication as to whether the target ACL is considered a "composite ACL", that is if it has one of more component ACLs.
 boolean isShared()
          Returns indication as to whether this is a shared ACL, meaning more than one PublicObject refers to it.
 void removeAccessControlEntry(AccessControlEntry ace)
          Remove an ACE from this ACL.
 AccessControlEntry revokeAccess(AccessControlEntryDefinition aceDef)
          Remove or restrict an ACE for this ACL.
 void revokeAllAccess()
          Remove all ACEs for this ACL.
 void setComponentAcls(AccessControlList[] acls)
          Sets the AccessControlLists that are components of the target ACL.
 void updateAccessControlEntry(AccessControlEntry ace, AccessControlEntryDefinition aceDef)
          Update an ACE in this ACL.
 
Methods inherited from class oracle.ifs.beans.PublicObject
addCategory, addRelationship, checkEffectiveAccess, copy, getAcl, getAllFolderPaths, getAllFolderPaths, getAnyFolderPath, getAnyFolderPath, getCategories, getCategories, getCategories, getCategories, getCreateDate, getCreator, getDefaultAccessLevel, getDescription, getEffectiveAccessLevel, getExpirationDate, getFamily, getFlags, getFolderReferences, getFolderReferencesSortSpecification, getLastModifier, getLastModifyDate, getLeftwardRelationshipObjects, getLeftwardRelationshipObjects, getLeftwardRelationships, getLeftwardRelationships, getLockObject, getLockState, getLockStateLabel, getOwner, getPolicyBundle, getPropertyBundle, getResolvedPublicObject, getRightwardRelationshipObjects, getRightwardRelationshipObjects, getRightwardRelationships, getRightwardRelationships, getSecuringPublicObject, hasNameAttribute, isLocked, isLockedForSession, isLockedForSessionByCurrentSession, isVersionable, isVersioned, lock, lock, lock, putPolicy, putProperty, putProperty, removeAllPolicies, removeAllProperties, removePolicy, removePolicy, removeProperty, removeRelationship, setAcl, setDescription, setExpirationDate, setFlags, setFolderReferencesSortSpecification, setOwner, setPolicyBundle, setPropertyBundle, setSecuringPublicObject, toLockStateLabel, toLockStateLabel, toLockStateLabel, unlock, updateLock
 
Methods inherited from class oracle.ifs.beans.LibraryObject
equals, free, free, getAttribute, getAttributeByUpperCaseName, getAttributes, getAttributesByUpperCaseNames, getClassId, getClassObject, getDefinition, getId, getLabel, getName, getSession, invokeServerMethod, isInstanceOf, isTraced, lookupInstanceLabel, postEvent, postEvent, renderAsReader, renderAsStream, setAttribute, setAttribute, setAttributes, setAttributes, setName, toString, trace, update
 
Methods inherited from interface oracle.ifs.common.LibraryObjectInterface
getId
 
Methods inherited from interface oracle.ifs.common.Traceable
getTraceLogger, isTraced, trace
 

Field Detail

CLASS_NAME

public static final java.lang.String CLASS_NAME
This class name for this class. Useful for methods that take a class name argument.

SHARED_ATTRIBUTE

public static final java.lang.String SHARED_ATTRIBUTE
An indicator of whether more than one PublicObject refers to this AccessControlList.

OWNERUNIQUENAME_ATTRIBUTE

public static final java.lang.String OWNERUNIQUENAME_ATTRIBUTE
A system-set attribute used to ensure no ACLs owned by a user have duplicate names.

COMPONENTACLS_ATTRIBUTE

public static final java.lang.String COMPONENTACLS_ATTRIBUTE
The component ACLs for a composite ACL.
Method Detail

isShared

public boolean isShared()
                 throws IfsException
Returns indication as to whether this is a shared ACL, meaning more than one PublicObject refers to it.
Returns:
true if more than one PublicObject refers to this ACL.
Throws:
IfsException - if operation fails.

getComponentAcls

public AccessControlList[] getComponentAcls()
                                     throws IfsException
Returns all AccessControlLists that are components of the target ACL. If there are one or more component ACLs, the target ACL is considered a "composite ACL". If the target ACL is not a composite ACL, this method returns null.
Returns:
the set of component AccessControlLists
Throws:
IfsException - if operation fails.

isComposite

public boolean isComposite()
                    throws IfsException
Returns indication as to whether the target ACL is considered a "composite ACL", that is if it has one of more component ACLs.
Returns:
true if the target ACL is a composite ACL
Throws:
IfsException - if operation fails.

getCompositeAcls

public AccessControlList[] getCompositeAcls()
                                     throws IfsException
Gets the set of composite ACLs which reference the target ACL as a "component".
Returns:
the set of composite ACLs that include the target ACL as a component
Throws:
IfsException - if operation fails.

setComponentAcls

public void setComponentAcls(AccessControlList[] acls)
                      throws IfsException
Sets the AccessControlLists that are components of the target ACL. If the array specified is not null or empty, the target ACL will become a "composite ACL" composed of the specified ACLs. Otherwise, any previous component ACLs will be cleared, and the target ACL will no longer be a composite ACL.
Parameters:
acls - the set of component AccessControlLists, or null if none
Throws:
IfsException - if operation fails.

getGrantedAccessLevel

public AccessLevel getGrantedAccessLevel()
                                  throws IfsException
Returns the access level on this object for the current user.
Returns:
the AccessLevel set for the current user.
Throws:
IfsException - if operation fails.

getGrantedAccessLevel

public AccessLevel getGrantedAccessLevel(DirectoryObject obj)
                                  throws IfsException
Returns the access level on this object for a specified DirectoryObject.
Parameters:
obj - the DirectoryObject
Returns:
the AccessLevel set for the specified DirectoryObject.
Throws:
IfsException - if operation fails.

checkGrantedAccess

public boolean checkGrantedAccess(AccessLevel level)
                           throws IfsException
Check if current user has the specified access level on this object.
Parameters:
level - specified level.
Returns:
true if current user has at least the specified access.
Throws:
IfsException - if operation fails.

checkGrantedAccess

public boolean checkGrantedAccess(DirectoryObject obj,
                                  AccessLevel requestedLevel)
                           throws IfsException
Check to see if specified user/group has the specified access level on this object.
Parameters:
obj - the DirectoryObject
level - specified level.
Returns:
true if specified user has at least the specified access.
Throws:
IfsException - if operation fails.

getEffectiveAccessLevel

public AccessLevel getEffectiveAccessLevel(DirectoryObject obj)
                                    throws IfsException
Returns the effective access level on this object for the specified user. This override will include the Grant standard permission if grant is available to the specified user inthe defined set of ACEs.
Overrides:
getEffectiveAccessLevel in class PublicObject
Parameters:
user - specified user on which to check Access Control
Returns:
the AccessLevel set for the specified user
Throws:
IfsException - if operation fails.

checkEffectiveAccess

public boolean checkEffectiveAccess(DirectoryObject obj,
                                    AccessLevel level)
                             throws IfsException
Check to see if specified user has the specified access level on this object.
Overrides:
checkEffectiveAccess in class PublicObject
Parameters:
user - specified user on which to check Access Control
level - specified level.
Returns:
true if specified user has at least the specified access.
Throws:
IfsException - if operation fails.

getAccessControlEntrys

public AccessControlEntry[] getAccessControlEntrys()
                                            throws IfsException
Returns an array of AccessControlEntry objects that are part of this ACL.
Returns:
array of AccessControlEntrys
Throws:
IfsException - if operation fails.

getAccessControlEntrys

public AccessControlEntry getAccessControlEntrys(int index)
                                          throws IfsException
Returns the ACE at specified index in array of ACEs.
Parameters:
index - index into the array of AccessControlEntrys
Returns:
the requested AccessControlEntry
Throws:
IfsException - if operation fails.

grantAccess

public AccessControlEntry grantAccess(AccessControlEntryDefinition aceDef)
                               throws IfsException
Add or extend an ACE for this ACL. This adds an ACE which specifies grant access. This method implicitly sets the "granted" indication on the AccessControlEntryDefinition to true.
Overrides:
grantAccess in class PublicObject
Parameters:
aceDef - AccessControlEntry definition
Returns:
newly added AccessControlEntry
Throws:
IfsException - if operation fails.

revokeAccess

public AccessControlEntry revokeAccess(AccessControlEntryDefinition aceDef)
                                throws IfsException
Remove or restrict an ACE for this ACL. This adds a revoke ACE to this ACL. This method implicitly sets the "granted" indication on the AccessControlEntryDefinition to false.
Overrides:
revokeAccess in class PublicObject
Parameters:
aceDef - AccessControlEntry definition
Returns:
newly added AccessControlEntry
Throws:
IfsException - if operation fails.

revokeAllAccess

public void revokeAllAccess()
                     throws IfsException
Remove all ACEs for this ACL.
Overrides:
revokeAllAccess in class PublicObject
Throws:
IfsException - if operation fails.

removeAccessControlEntry

public void removeAccessControlEntry(AccessControlEntry ace)
                              throws IfsException
Remove an ACE from this ACL.
Parameters:
ace - AccessControlEntry to be removed
Throws:
IfsException - if operation fails.

updateAccessControlEntry

public void updateAccessControlEntry(AccessControlEntry ace,
                                     AccessControlEntryDefinition aceDef)
                              throws IfsException
Update an ACE in this ACL.
Parameters:
ace - AccessControlEntry to be updated
aceDef - the definition of the updates
Throws:
IfsException - if operation fails.

handleEvent

public void handleEvent(IfsEvent event)
                 throws IfsException
Handles the specified event.
Overrides:
handleEvent in class PublicObject
Parameters:
event - the event
Throws:
IfsException - if the operation fails
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Oracle Content Management SDK
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
(c) 2002 Copyright Oracle Corporation. All rights reserved.