public interface IAccessService extends IMetaComponent
Modifier and Type | Field and Description |
---|---|
static int |
MODEL_PERMISSIVE
permissive model ignores group deny
|
static int |
MODEL_RESTRICTIVE
restrictive model evaluates group deny over group grant rights
|
static int |
MODEL_UNSET
initial state.
|
Modifier and Type | Method and Description |
---|---|
boolean |
checkAccess(IThingID thingID,
IThingID userID,
IRightSet rightSet)
Check that a user is granted all of the rights in rightSet.
|
boolean[] |
filterList(IThingIDList thingIDs,
IThingID userID,
IRightSet rightSet)
Filter a list of thing IDs for a set of rights.
|
IRightSet |
getAccess(IThingID thingID,
IThingID userID,
IRightSet rightSet)
Evaluates user's rights on thing.
|
IRightSet[] |
getAccessList(IThingIDList thingIDs,
IThingID userID)
Retrieve the rights that a user has on the list of thingIDs.
|
int |
getAccessModel()
Get the access control model--mainly used for verification in tests
Model should be set at startup
|
HashMap<IThingID,IAce> |
getAcl(IThingID thingID)
Get the Acl for a thing.
|
IAcl |
getAclView(IThingID thingID)
Get the Acl for a thing.
|
IRightSet |
getAllRights() |
IRightSet |
getDelegatable(IThingID thingID,
IThingID userID,
IRightSet rightSet)
Evaluates which rights a user can delegate on this thing
|
IThingID |
getSecurityRealm(IThingID itemID)
Returns policy ID.
|
IThingIDList |
listSecurityRealmObjects(IThingID securityRealmID)
Returns list of object IDs which have assiged to this security realm.
|
IAce |
newAce(IThingID principalID,
IRightSet grantedRights,
IRightSet deniedRights,
IRightSet exclusiveRights)
Create a new IAce
|
void |
removeAces(IThingID thingID,
Collection<IAce> aces,
boolean fRecursive)
Remove the passed in Collection of aces from a thing.
|
void |
removeSecurityRealm(IThingID itemID,
boolean fRecursive)
Unsets policy object from the given item.
|
void |
setAccessModel(int model)
Set the access control model (usually permissive or restrictive).
|
void |
setAces(IThingID thingID,
Collection<IAce> aces,
boolean fRecursive)
Set the passed in Collection of aces on a thing.
|
void |
setSecurityRealm(IThingID itemID,
IThingID policyObjectID,
boolean fRecursive)
Assigns policy object for the given item.
|
void |
setSecurityRealm(IThingID itemID,
IThingID policyObjectID,
boolean fRecursive,
boolean disableOverwrite)
Assigns policy object for the given item.
|
getMetaContext, setMetaContext
getComponentData, getComponentName, getComponentProvider, getURI, isInitialized, setComponentData, setComponentProvider
init, shutdown
static final int MODEL_UNSET
static final int MODEL_PERMISSIVE
static final int MODEL_RESTRICTIVE
void setAccessModel(int model) throws MetaException
model
- IAccessRight constantMetaException
- if invalid model IDint getAccessModel() throws MetaException
MetaException
- if invalid model IDIRightSet getAllRights()
IRightSet getAccess(IThingID thingID, IThingID userID, IRightSet rightSet) throws MetaException
thingID
- thing to checkuserID
- user contextrightSet
- rights to checkMetaException
- on DB error or no model setIRightSet getDelegatable(IThingID thingID, IThingID userID, IRightSet rightSet) throws MetaException
thingID
- thing to checkuserID
- user contextrightSet
- rights to checkMetaException
- on DB error or no model setboolean checkAccess(IThingID thingID, IThingID userID, IRightSet rightSet) throws MetaException
thingID
- thing to checkuserID
- user contextrightSet
- rights to checkMetaException
- on DB error or no model setboolean[] filterList(IThingIDList thingIDs, IThingID userID, IRightSet rightSet) throws MetaException
thingIDs
- array of thingIDs, ignores 0userID
- user contextrightSet
- bitset of rights to checkMetaException
- on DB errorIRightSet[] getAccessList(IThingIDList thingIDs, IThingID userID) throws MetaException
thingIDs
- array of thingIDs, ignores 0userID
- user contextMetaException
- on DB errorvoid setAces(IThingID thingID, Collection<IAce> aces, boolean fRecursive) throws MetaException
thingID
- The ID of a thingaces
- A Collection where the members are IAcesfRecursive
- Adds this ace to children if thingID is containerMetaException
- on DB errorvoid removeAces(IThingID thingID, Collection<IAce> aces, boolean fRecursive) throws MetaException
thingID
- The ID of a thingaces
- A Collection where the members are IAcesfRecursive
- removes aces to children of thingID if containerMetaException
- on DB errorvoid setSecurityRealm(IThingID itemID, IThingID policyObjectID, boolean fRecursive) throws MetaException
itemID
- item to assign policy onpolicyObjectID
- ID of the actual policy objectfRecursive
- whether to assign this object recursivelyMetaException
void setSecurityRealm(IThingID itemID, IThingID policyObjectID, boolean fRecursive, boolean disableOverwrite) throws MetaException
itemID
- item to assign policy onpolicyObjectID
- ID of the actual policy objectfRecursive
- whether to assign this object recursivelydisableOverwrite
- disable overwrite of policy selectionsMetaException
void removeSecurityRealm(IThingID itemID, boolean fRecursive) throws MetaException
itemID
- item to remove policy object fromfRecursive
- whether to remove it recursivelyMetaException
IThingID getSecurityRealm(IThingID itemID) throws MetaException
itemID
- item thing IDMetaException
IThingIDList listSecurityRealmObjects(IThingID securityRealmID) throws MetaException
securityRealmID
- thing ID of the security realmMetaException
HashMap<IThingID,IAce> getAcl(IThingID thingID) throws MetaException
thingID
- The ID of a thing.MetaException
- If thingID not found or DB errorIAcl getAclView(IThingID thingID) throws MetaException
thingID
- ID of objectMetaException
- If thingID not valid or DB errorIAce newAce(IThingID principalID, IRightSet grantedRights, IRightSet deniedRights, IRightSet exclusiveRights)
principalID
- user or group thingIDgrantedRights
- bitset of granted rightsdeniedRights
- bitset of denied rightsexclusiveRights
- bitset of exclusive rights