|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface AccessManager
Provides functionality for maintaining the ACL (Access Control List) and checking permissions.
See Daisy's documentation for background information on the ACL system.
Basically, instead of associating an ACL with each document in the repository, there is one global ACL. Which ACL entries applies to which documents is based on conditions selecting documents based on eg their document type or collection membership. The structure of the ACL is thus as follows:
object expression acl entry acl entry ... object expression acl entry acl entry ... ...
wherin the "object expression" is the expression selecting a set of documents. Each "acl entry" specifies for a certain subject (user, role or everyone) the allowed action (deny/grant) for a certain operation (read/write).
Two ACL's are managed: a staging ACL and a live ACL. Only the staging ACL can be directly modified, the live ACL can be updated by replacing it with the staging ACL.
About access to these functions: all users can read the ACL, only the Administrator can save (modify) it. All users can retrieve access information (ie using the getAclInfo* methods) for themselves, the Administrator can retrieve this information for whatever user.
Method Summary | |
---|---|
void |
copyLiveToStaging()
Reverts changes to the staging ACL. |
void |
copyStagingToLive()
Puts the staging ACL live. |
VariantKey[] |
filterDocuments(VariantKey[] variantKeys)
Filters documents based on 'read live' permission. |
VariantKey[] |
filterDocuments(VariantKey[] variantKeys,
AclPermission permission)
Filters the given list of document variants so that only document variants to which the current user has the given ACL permission remains. |
long[] |
filterDocumentTypes(long[] documentTypeIds,
long collectionId)
Filters the given list of document type ids to the ones for which the user is potentially able to create new documents. |
AclResultInfo |
getAclInfo(Document document)
Gets ACL info for the current user, by evaluating the (live) ACL rules on the given document object. |
AclResultInfo |
getAclInfoOnLive(long userId,
long[] roleIds,
Document document)
Checks the ACL using the supplied document object. |
AclResultInfo |
getAclInfoOnLive(long userId,
long[] roleIds,
long documentId)
Gets the ACL info for the branch "main" and language "default" of the document. |
AclResultInfo |
getAclInfoOnLive(long userId,
long[] roleIds,
long documentId,
long branchId,
long languageId)
Gets ACL info for the specified user acting in the specified role, for the specified document variant, by evaluating the live ACL. |
AclResultInfo |
getAclInfoOnLive(long userId,
long[] roleIds,
VariantKey key)
Gets ACL info for the specified user acting in the specified role, for the specified document variant, by evaluating the live ACL. |
AclResultInfo |
getAclInfoOnStaging(long userId,
long[] roleIds,
Document document)
Equivalent of getAclInfoOnLive(long, long[], org.outerj.daisy.repository.Document) . |
AclResultInfo |
getAclInfoOnStaging(long userId,
long[] roleIds,
long documentId)
Gets the ACL info for the branch "main" and language "default" of the document. |
AclResultInfo |
getAclInfoOnStaging(long userId,
long[] roleIds,
long documentId,
long branchId,
long languageId)
Gets ACL info for the specified user acting in the specified role, for the specified document variant, by evaluating the staging ACL. |
AclResultInfo |
getAclInfoOnStaging(long userId,
long[] roleIds,
VariantKey key)
Gets ACL info for the specified user acting in the specified role, for the specified document variant, by evaluating the staging ACL. |
Acl |
getLiveAcl()
Gets the currently active, live ACL. |
Acl |
getStagingAcl()
Gets the staging ACL. |
Method Detail |
---|
Acl getLiveAcl() throws RepositoryException
copyLiveToStaging()
.
RepositoryException
Acl getStagingAcl() throws RepositoryException
RepositoryException
void copyStagingToLive() throws RepositoryException
RepositoryException
void copyLiveToStaging() throws RepositoryException
RepositoryException
AclResultInfo getAclInfo(Document document) throws RepositoryException
RepositoryException
AclResultInfo getAclInfoOnLive(long userId, long[] roleIds, long documentId, long branchId, long languageId) throws RepositoryException
RepositoryException
AclResultInfo getAclInfoOnLive(long userId, long[] roleIds, VariantKey key) throws RepositoryException
RepositoryException
AclResultInfo getAclInfoOnLive(long userId, long[] roleIds, long documentId) throws RepositoryException
RepositoryException
AclResultInfo getAclInfoOnStaging(long userId, long[] roleIds, long documentId, long branchId, long languageId) throws RepositoryException
RepositoryException
AclResultInfo getAclInfoOnStaging(long userId, long[] roleIds, VariantKey key) throws RepositoryException
RepositoryException
AclResultInfo getAclInfoOnStaging(long userId, long[] roleIds, long documentId) throws RepositoryException
RepositoryException
AclResultInfo getAclInfoOnLive(long userId, long[] roleIds, Document document) throws RepositoryException
This method does not work in the remote API implementation.
RepositoryException
AclResultInfo getAclInfoOnStaging(long userId, long[] roleIds, Document document) throws RepositoryException
getAclInfoOnLive(long, long[], org.outerj.daisy.repository.Document)
.
RepositoryException
long[] filterDocumentTypes(long[] documentTypeIds, long collectionId) throws RepositoryException
The collectionId parameter is optional (specify -1 to ignore) and allows to specify the collection to which the document will be added, which allows for a better filtered result.
RepositoryException
VariantKey[] filterDocuments(VariantKey[] variantKeys, AclPermission permission) throws RepositoryException
Especially in the remote API implementation, this is more efficient then retrieving this information for individual documents, since it only requires one backend HTTP call.
RepositoryException
VariantKey[] filterDocuments(VariantKey[] variantKeys) throws RepositoryException
filterDocuments(org.outerj.daisy.repository.VariantKey[], AclPermission)
.
RepositoryException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |