|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Provides functionality for maintaining the ACL (Access Control List) and checking permissions.
See Daisy's documentation for background information on the ACL system.
Basically, instead of associating an ACL with each document in the repository, there is one global ACL. Which ACL entries applies to which documents is based on conditions selecting documents based on eg their document type or collection membership. The structure of the ACL is thus as follows:
object expression acl entry acl entry ... object expression acl entry acl entry ... ...
wherin the "object expression" is the expression selecting a set of documents. Each "acl entry" specifies for a certain subject (user, role or everyone) the allowed action (deny/grant) for a certain operation (read/write).
Two ACL's are managed: a staging ACL and a live ACL. Only the staging ACL can be directly modified, the live ACL can be updated by replacing it with the staging ACL.
About access to these functions: all users can read the ACL, only the Administrator can save (modify) it. All users can retrieve access information (ie using the getAclInfo* methods) for themselves, the Administrator can retrieve this information for whatever user.
Method Summary | |
void |
copyLiveToStaging()
Reverts changes to the staging ACL. |
void |
copyStagingToLive()
Puts the staging ACL live. |
VariantKey[] |
filterDocuments(VariantKey[] variantKeys)
Filters the given list of document variants so that only document variants to which the current user has access remains. |
long[] |
filterDocumentTypes(long[] documentTypeIds,
long collectionId)
Filters the given list of document type ids to the ones for which the user is potentially able to create new documents. |
AclResultInfo |
getAclInfo(Document document)
Gets ACL info for the current user, by evaluating the (live) ACL rules on the given document object. |
AclResultInfo |
getAclInfoOnLive(long userId,
long[] roleIds,
Document document)
Checks the ACL using the supplied document object. |
AclResultInfo |
getAclInfoOnLive(long userId,
long[] roleIds,
long documentId)
Gets the ACL info for the branch "main" and language "default" of the document. |
AclResultInfo |
getAclInfoOnLive(long userId,
long[] roleIds,
long documentId,
long branchId,
long languageId)
Gets ACL info for the specified user acting in the specified role, for the specified document variant, by evaluating the live ACL. |
AclResultInfo |
getAclInfoOnLive(long userId,
long[] roleIds,
VariantKey key)
Gets ACL info for the specified user acting in the specified role, for the specified document variant, by evaluating the live ACL. |
AclResultInfo |
getAclInfoOnStaging(long userId,
long[] roleIds,
Document document)
Equivalent of getAclInfoOnLive(long, long[], org.outerj.daisy.repository.Document) . |
AclResultInfo |
getAclInfoOnStaging(long userId,
long[] roleIds,
long documentId)
Gets the ACL info for the branch "main" and language "default" of the document. |
AclResultInfo |
getAclInfoOnStaging(long userId,
long[] roleIds,
long documentId,
long branchId,
long languageId)
Gets ACL info for the specified user acting in the specified role, for the specified document variant, by evaluating the staging ACL. |
AclResultInfo |
getAclInfoOnStaging(long userId,
long[] roleIds,
VariantKey key)
Gets ACL info for the specified user acting in the specified role, for the specified document variant, by evaluating the staging ACL. |
Acl |
getLiveAcl()
Gets the currently active, live ACL. |
Acl |
getStagingAcl()
Gets the staging ACL. |
Method Detail |
public Acl getLiveAcl() throws RepositoryException
copyLiveToStaging()
.
RepositoryException
public Acl getStagingAcl() throws RepositoryException
RepositoryException
public void copyStagingToLive() throws RepositoryException
RepositoryException
public void copyLiveToStaging() throws RepositoryException
RepositoryException
public AclResultInfo getAclInfo(Document document) throws RepositoryException
RepositoryException
public AclResultInfo getAclInfoOnLive(long userId, long[] roleIds, long documentId, long branchId, long languageId) throws RepositoryException
RepositoryException
public AclResultInfo getAclInfoOnLive(long userId, long[] roleIds, VariantKey key) throws RepositoryException
RepositoryException
public AclResultInfo getAclInfoOnLive(long userId, long[] roleIds, long documentId) throws RepositoryException
RepositoryException
public AclResultInfo getAclInfoOnStaging(long userId, long[] roleIds, long documentId, long branchId, long languageId) throws RepositoryException
RepositoryException
public AclResultInfo getAclInfoOnStaging(long userId, long[] roleIds, VariantKey key) throws RepositoryException
RepositoryException
public AclResultInfo getAclInfoOnStaging(long userId, long[] roleIds, long documentId) throws RepositoryException
RepositoryException
public AclResultInfo getAclInfoOnLive(long userId, long[] roleIds, Document document) throws RepositoryException
This method does not work in the remote API implementation.
RepositoryException
public AclResultInfo getAclInfoOnStaging(long userId, long[] roleIds, Document document) throws RepositoryException
getAclInfoOnLive(long, long[], org.outerj.daisy.repository.Document)
.
RepositoryException
public long[] filterDocumentTypes(long[] documentTypeIds, long collectionId) throws RepositoryException
The collectionId parameter is optional (specify -1 to ignore) and allows to specify the collection to which the document will be added, which allows for a better filtered result.
RepositoryException
public VariantKey[] filterDocuments(VariantKey[] variantKeys) throws RepositoryException
Especially in the remote API implementation, this is more efficient then retrieving this information for individual documents, since it only requires one backend HTTP call.
RepositoryException
|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |