AccessControl

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Qizx/db 2.1 API

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.qizx.api
Interface AccessControl

All Known Implementing Classes:: AccessControlBase

public interface AccessControl

Abstract access control to the members of a Library.

An object implementing this interface can be plugged in a Library Manager to check whether a User may read or modify contents or properties of Documents and Collections.

Attention: AccessControl is not in charge of authenticating the User. This is the responsibility of the application.

Authenticating means creating an implementation of a User based on verified credentials.
Access Control means checking if an authenticated User may or may not access a particular object in the Library.

Implementation remarks:

A concrete AccessControl should attempt to implement each check method in the fastest possible way, because each method in the API can involve one or several access checks. The utility abstract class AccessControlBase provides a basis with caching for implementing an actual AccessControl class.
A separate instance is used for each session (instance of Library), so an implementation is not required to be thread-safe.

Method Summary
`AccessControl`	`copy()` Creates a new instance of the Access Control.
`boolean`	`mayChangeContent(User user, LibraryMember member)` Checks if a User has the permission to modify the contents of a Library Object.
`boolean`	`mayChangeProperty(User user, LibraryMember member, String propertyName)` Checks if a User has the permission to modify the value of a property of a Library member.
`boolean`	`mayReadContent(User user, LibraryMember member)` Checks if a User has the permission to get the contents of a Library member.
`boolean`	`mayReadProperty(User user, LibraryMember member, String propertyName)` Checks if a User has the permission to get the value of a property of a Library member.
`void`	`reset()` Resets the internal state when the Library session is updated by a commit(), rollback(), refresh() or lock().

Method Detail

mayReadContent

public boolean mayReadContent(User user,
                              LibraryMember member)

Checks if a User has the permission to get the contents of a Library member.

For a Document: permission to read and query the XML contents
For a Collection: permission to list contained members and to perform queries.

Parameters:: user - an implementation of a User, suitable for this AccessControl; member - Library object to check for permission
Returns:: true if the permission is granted.

mayChangeContent

public boolean mayChangeContent(User user,
                                LibraryMember member)

Checks if a User has the permission to modify the contents of a Library Object.

For a Document: permission to replace the XML contents
For a Collection: permission to add or suppress contained members.

Parameters:: user - an implementation of a User, suitable for this AccessControl; member - Library object to check for permission
Returns:: true if the permission is granted.

mayReadProperty

public boolean mayReadProperty(User user,
                               LibraryMember member,
                               String propertyName)

Checks if a User has the permission to get the value of a property of a Library member.

Parameters:: user - an implementation of a User, suitable for this AccessControl; member - Library Object to check for permission; propertyName - name of the property to get. Attention: it may be null, meaning 'any property' (for example when controlling for the method getPropertyNames() of LibraryMember).
Returns:: true if the permission is granted.

mayChangeProperty

public boolean mayChangeProperty(User user,
                                 LibraryMember member,
                                 String propertyName)

Checks if a User has the permission to modify the value of a property of a Library member.

Parameters:: user - an implementation of a User, suitable for this AccessControl; member - Library Object to check for permission; propertyName - name of the property to set. Never null
Returns:: true if the permission is granted.

copy

public AccessControl copy()

Creates a new instance of the Access Control.

This method is used when a new session is created. Typically it would initialize the new instance with settings copied from the master AccessControl specified on the LibraryManager.

Returns:: an AccessControl instance specific to a session

reset

public void reset()

Resets the internal state when the Library session is updated by a commit(), rollback(), refresh() or lock().

This method typically clears internal permission caches in order to recompute permissions properly.