| org.outerj.daisy.repository.acl.AccessManager
All known Subclasses: org.outerj.daisy.repository.commonimpl.acl.AccessManagerImpl,
AccessManager | public interface AccessManager (Code) | | Provides functionality for maintaining the ACL (Access Control List) and
checking permissions.
The AccessManager can be retrieved via
org.outerj.daisy.repository.Repository.getAccessManager .
See Daisy's documentation for background information on the ACL system.
Basically, instead of associating an ACL with each document in the
repository, there is one global ACL. Which ACL entries applies to which
documents is based on conditions selecting documents based on eg
their document type or collection membership. The structure of the
ACL is thus as follows:
object expression
acl entry
acl entry
...
object expression
acl entry
acl entry
...
...
wherin the "object expression" is the expression selecting a set
of documents. Each "acl entry" specifies for a certain subject
(user, role or everyone) the allowed action (deny/grant) for a
certain operation (read/write).
Two ACL's are managed: a staging ACL and a live ACL. Only
the staging ACL can be directly modified, the live ACL can
be updated by replacing it with the staging ACL.
About access to these functions: all users can read the ACL,
only the Administrator can save (modify) it. All users can retrieve
access information (ie using the getAclInfo* methods) for themselves,
the Administrator can retrieve this information for whatever user.
|
Method Summary | |
void | copyLiveToStaging() Reverts changes to the staging ACL. | void | copyStagingToLive() Puts the staging ACL live. | long[] | filterDocumentTypes(long[] documentTypeIds, long collectionId) Filters the given list of document type ids to the ones for which the user
is potentially able to create new documents. | VariantKey[] | filterDocuments(VariantKey[] variantKeys, AclPermission permission, boolean nonLive) Filters the given list of document variants so that only document variants to which the
current user has the given ACL permission remains. | VariantKey[] | filterDocuments(VariantKey[] variantKeys, AclPermission permission) Filter documents assuming access to non-live versions is not required. | VariantKey[] | filterDocuments(VariantKey[] variantKeys) Filters documents based on 'read' permission and without requiring access to all versions. | AclResultInfo | getAclInfo(Document document) Gets ACL info for the current user, by evaluating the (live) ACL rules
on the given document object. | AclResultInfo | getAclInfoOnLive(long userId, long[] roleIds, String documentId, long branchId, long languageId) Gets ACL info for the specified user acting in the specified role, for the specified
document variant, by evaluating the live ACL. | AclResultInfo | getAclInfoOnLive(long userId, long[] roleIds, VariantKey key) Gets ACL info for the specified user acting in the specified role, for the specified
document variant, by evaluating the live ACL. | AclResultInfo | getAclInfoOnLive(long userId, long[] roleIds, String documentId) Gets the ACL info for the branch "main" and language "default" of the document. | AclResultInfo | getAclInfoOnLive(long userId, long[] roleIds, Document document) Checks the ACL using the supplied document object. | AclResultInfo | getAclInfoOnStaging(long userId, long[] roleIds, String documentId, long branchId, long languageId) Gets ACL info for the specified user acting in the specified role, for the specified
document variant, by evaluating the staging ACL. | AclResultInfo | getAclInfoOnStaging(long userId, long[] roleIds, VariantKey key) Gets ACL info for the specified user acting in the specified role, for the specified
document variant, by evaluating the staging ACL. | AclResultInfo | getAclInfoOnStaging(long userId, long[] roleIds, String documentId) Gets the ACL info for the branch "main" and language "default" of the document. | AclResultInfo | getAclInfoOnStaging(long userId, long[] roleIds, Document document) Equivalent of
AccessManager.getAclInfoOnLive(long,long[],org.outerj.daisy.repository.Document) . | Acl | getLiveAcl() Gets the currently active, live ACL. | Acl | getStagingAcl() Gets the staging ACL. |
filterDocumentTypes | long[] filterDocumentTypes(long[] documentTypeIds, long collectionId) throws RepositoryException(Code) | | Filters the given list of document type ids to the ones for which the user
is potentially able to create new documents. This does not guarantee that the
user will be able to save a newly created document, as this could depend
on the values of document fields or the collections to which the document belongs.
The collectionId parameter is optional (specify -1 to ignore) and allows
to specify the collection to which the document will be added, which allows
for a better filtered result.
|
filterDocuments | VariantKey[] filterDocuments(VariantKey[] variantKeys, AclPermission permission, boolean nonLive) throws RepositoryException(Code) | | Filters the given list of document variants so that only document variants to which the
current user has the given ACL permission remains.
Non-existing documents/variants will also be excluded.
Especially in the remote API implementation, this is more efficient then
retrieving this information for individual documents, since it only requires
one backend HTTP call.
Parameters: nonLive - set to true when read access to all versions of the document is required(rather than just the live version). |
getAclInfoOnLive | AclResultInfo getAclInfoOnLive(long userId, long[] roleIds, String documentId, long branchId, long languageId) throws RepositoryException(Code) | | Gets ACL info for the specified user acting in the specified role, for the specified
document variant, by evaluating the live ACL.
|
getAclInfoOnLive | AclResultInfo getAclInfoOnLive(long userId, long[] roleIds, VariantKey key) throws RepositoryException(Code) | | Gets ACL info for the specified user acting in the specified role, for the specified
document variant, by evaluating the live ACL.
|
getAclInfoOnLive | AclResultInfo getAclInfoOnLive(long userId, long[] roleIds, String documentId) throws RepositoryException(Code) | | Gets the ACL info for the branch "main" and language "default" of the document. This method
is mainly provided for backwards compatibility.
|
getAclInfoOnLive | AclResultInfo getAclInfoOnLive(long userId, long[] roleIds, Document document) throws RepositoryException(Code) | | Checks the ACL using the supplied document object. The current content of the
document is used during ACL evaluation, even if it includes unsaved changes.
This allows to check the ACL result before saving the document.
This method does not work in the remote API implementation.
|
getAclInfoOnStaging | AclResultInfo getAclInfoOnStaging(long userId, long[] roleIds, String documentId, long branchId, long languageId) throws RepositoryException(Code) | | Gets ACL info for the specified user acting in the specified role, for the specified
document variant, by evaluating the staging ACL.
|
getAclInfoOnStaging | AclResultInfo getAclInfoOnStaging(long userId, long[] roleIds, VariantKey key) throws RepositoryException(Code) | | Gets ACL info for the specified user acting in the specified role, for the specified
document variant, by evaluating the staging ACL.
|
getAclInfoOnStaging | AclResultInfo getAclInfoOnStaging(long userId, long[] roleIds, String documentId) throws RepositoryException(Code) | | Gets the ACL info for the branch "main" and language "default" of the document. This method
is mainly provided for backwards compatibility.
|
|
|