com.qizx.api.util.accesscontrol
Class UnixStyleAccessControl

java.lang.Object
  com.qizx.api.util.accesscontrol.AccessControlBase
      com.qizx.api.util.accesscontrol.UnixStyleAccessControl

All Implemented Interfaces:

AccessControl

public class UnixStyleAccessControl

extends AccessControlBase

AccessControl example: a simplified Unix-style access control.

It can hardly be used in production, because groups or roles are not supported. But this class serves mainly as an example of implementation.

Each Library Member has a special property "user-id" which is a user name, and a special property "access-rights", which is a bit mask of permissions.

Nested Class Summary

static class

UnixStyleAccessControl.User Simple model of a Unix-style User.

Field Summary

static int	OTHER_ALL Read/Write access permission for the rest of the world.
static int	OTHER_READ Read access permission for the rest of the world.
static int	OTHER_WRITE Write access permission for the rest of the world.
static int	OWNER_ALL Read/Write access permission for the User.
static int	OWNER_READ Read access permission for the User.
static int	OWNER_WRITE Write access permission for the User.

Fields inherited from class com.qizx.api.util.accesscontrol.AccessControlBase

CONTENT_CHANGE, CONTENT_READ, DEFINED, PROPERTY_CHANGE, PROPERTY_READ

Constructor Summary

UnixStyleAccessControl()
Builds a default access control with moderate cache size.

UnixStyleAccessControl(int cacheSize)
Builds an access control with specified cache size.

Method Summary

protected int	computePermissions(LibraryMember member, User user) Specific implementation of permission computation.
AccessControl	copy() Creates a new instance of the Access Control.
boolean	mayChangeContent(User user, LibraryMember member) Checks if a User has the permission to modify the contents of a Library Object.
boolean	mayChangeProperty(User user, LibraryMember member, String propertyName) Checks if a User has the permission to modify the value of a property of a Library member.
boolean	mayReadContent(User user, LibraryMember member) Checks if a User has the permission to get the contents of a Library member.
boolean	mayReadProperty(User user, LibraryMember member, String propertyName) Checks if a User has the permission to get the value of a property of a Library member.

Methods inherited from class com.qizx.api.util.accesscontrol.AccessControlBase

cachePermissions, clearPermissions, findPermissions, getCachedPermissions, getCacheSize, reset

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

OWNER_READ

public static final int OWNER_READ

Read access permission for the User.

See Also:

Constant Field Values

OWNER_WRITE

public static final int OWNER_WRITE

Write access permission for the User.

See Also:

Constant Field Values

OWNER_ALL

public static final int OWNER_ALL

Read/Write access permission for the User.

See Also:

Constant Field Values

OTHER_READ

public static final int OTHER_READ

Read access permission for the rest of the world.

See Also:

Constant Field Values

OTHER_WRITE

public static final int OTHER_WRITE

Write access permission for the rest of the world.

See Also:

Constant Field Values

OTHER_ALL

public static final int OTHER_ALL

Read/Write access permission for the rest of the world.

See Also:

Constant Field Values

Constructor Detail

UnixStyleAccessControl

public UnixStyleAccessControl()

Builds a default access control with moderate cache size.

UnixStyleAccessControl

public UnixStyleAccessControl(int cacheSize)

Builds an access control with specified cache size.

Method Detail

mayReadContent

public boolean mayReadContent(User user,
                              LibraryMember member)

Description copied from interface: AccessControl

Checks if a User has the permission to get the contents of a Library member.

• For a Document: permission to read and query the XML contents
• For a Collection: permission to list contained members and to perform queries.

Parameters:

user - an implementation of a User, suitable for this AccessControl

member - Library object to check for permission

Returns:

true if the permission is granted.

mayChangeContent

public boolean mayChangeContent(User user,
                                LibraryMember member)

Description copied from interface: AccessControl

Checks if a User has the permission to modify the contents of a Library Object.

• For a Document: permission to replace the XML contents
• For a Collection: permission to add or suppress contained members.

Parameters:

user - an implementation of a User, suitable for this AccessControl

member - Library object to check for permission

Returns:

true if the permission is granted.

mayReadProperty

public boolean mayReadProperty(User user,
                               LibraryMember member,
                               String propertyName)

Description copied from interface: AccessControl

Checks if a User has the permission to get the value of a property of a Library member.

Parameters:

user - an implementation of a User, suitable for this AccessControl

member - Library Object to check for permission

propertyName - name of the property to get. Attention: it may be null, meaning 'any property' (for example when controlling for the method getPropertyNames() of LibraryMember).

Returns:

true if the permission is granted.

mayChangeProperty

public boolean mayChangeProperty(User user,
                                 LibraryMember member,
                                 String propertyName)

Description copied from interface: AccessControl

Checks if a User has the permission to modify the value of a property of a Library member.

Parameters:

user - an implementation of a User, suitable for this AccessControl

member - Library Object to check for permission

propertyName - name of the property to set. Never null

Returns:

true if the permission is granted.

computePermissions

protected int computePermissions(LibraryMember member,
                                 User user)
                          throws DataModelException

Specific implementation of permission computation.

Distinguishes between Owner and Other-User (no groups or roles).

Also sets permissions for new Library members by using the default permission mask associated with a user.

Specified by:

computePermissions in class AccessControlBase

Parameters:

member - concerned object of the Library

user - user concerned by the access control

Returns:

a mask of basic permissions CONTENT_READ, CONTENT_CHANGE, PROPERTY_READ, PROPERTY_CHANGE

Throws:

DataModelException - if access problem

See Also:

AccessControlBase.computePermissions(com.qizx.api.LibraryMember, com.qizx.api.User)

copy

public AccessControl copy()

Description copied from interface: AccessControl

Creates a new instance of the Access Control.

This method is used when a new session is created. Typically it would initialize the new instance with settings copied from the master AccessControl specified on the LibraryManager.

Returns:

an AccessControl instance specific to a session