Package org.opencms.security

Class CmsAccessControlEntry

  • public class CmsAccessControlEntry
extends java.lang.Object
    An access control entry defines the permissions of a user or group for a distinct resource.

    Besides the CmsPermissionSet to define the permissions, the access control entry contains the UUID of the resource and of the principal (user or group) who has the defined permissions. Since the principal is identified by its UUID, any other entity may act as principal also.

    Additionally, the entry stores various flags:
    ACCESS_FLAGS_DELETED indicates that this entry is deleted
    ACCESS_FLAGS_INHERIT indicates that this entry should be inherited
    ACCESS_FLAGS_OVERWRITE indicates that this entry overwrites inherited settings
    ACCESS_FLAGS_INHERITED indicates that this entry is inherited
    ACCESS_FLAGS_USER indicates that the principal is a single user
    ACCESS_FLAGS_GROUP indicates that the principal is a group

    Since:
    6.0.0

    • Constructor Detail

      • CmsAccessControlEntry

        public CmsAccessControlEntry​(CmsUUID resource,
                             CmsAccessControlEntry base)
        Constructor to create a new access control entry for a given resource based on an existing access control entry.

        Parameters:
        resource - the resource
        base - the base for the created access control entry

      • CmsAccessControlEntry

        public CmsAccessControlEntry​(CmsUUID resource,
                             CmsUUID principal,
                             CmsPermissionSet permissions,
                             int flags)
        Constructor to create a new access control entry on a given resource and a given principal.

        Permissions are specified as permission set, flags as bitset.

        Parameters:
        resource - the resource
        principal - the id of a principal (user or group)
        permissions - the set of allowed and denied permissions as permission set
        flags - additional flags of the access control entry

      • CmsAccessControlEntry

        public CmsAccessControlEntry​(CmsUUID resource,
                             CmsUUID principal,
                             int allowed,
                             int denied,
                             int flags)
        Constructor to create a new access control entry on a given resource and a given principal.

        Permissions and flags are specified as bitsets.

        Parameters:
        resource - the resource
        principal - the id of a principal (user or group)
        allowed - the set of allowed permissions
        denied - set set of explicitly denied permissions
        flags - additional flags of the access control entry
        See Also:
        CmsPermissionSet

      • CmsAccessControlEntry

        public CmsAccessControlEntry​(CmsUUID resource,
                             CmsUUID principal,
                             java.lang.String acPermissionString)
        Constructor to create a new access control entry on a given resource and a given principal.

        Permission and flags are specified as string of the format {{+|-}{r|w|v|c|i}}*

        Parameters:
        resource - the resource
        principal - the id of a principal (user or group)
        acPermissionString - allowed and denied permissions and also flags

    • Method Detail

      • denyPermissions

        public void denyPermissions​(int denied)
        Sets the explicitly denied permissions in the access control entry.

        Parameters:
        denied - the denied permissions as bitset

      • equals

        public boolean equals​(java.lang.Object obj)
        Overrides:
        equals in class java.lang.Object
        See Also:
        Object.equals(java.lang.Object)

      • getAllowedPermissions

        public int getAllowedPermissions()
        Returns the currently allowed permissions as bitset.

        Returns:
        the allowed permissions

      • getDeniedPermissions

        public int getDeniedPermissions()
        Returns the currently denied permissions as bitset.

        Returns:
        the denied permissions

      • getFlags

        public int getFlags()
        Returns the current flags of the access control entry.

        Returns:
        bitset with flag values

      • getInheritingString

        public java.lang.String getInheritingString()
        Returns the string representation of the "inherit" flag.

        Returns:
        string of the format {{+|-}i}*

      • getPermissions

        public CmsPermissionSet getPermissions()
        Returns the current permission set (both allowed and denied permissions).

        Returns:
        the set of permissions

      • getPrincipal

        public CmsUUID getPrincipal()
        Returns the principal assigned with this access control entry.

        Returns:
        the principal

      • getResource

        public CmsUUID getResource()
        Returns the resource assigned with this access control entry.

        Returns:
        the resource

      • getResponsibleString

        public java.lang.String getResponsibleString()
        Returns the string representation of the "responsible" flag.

        Returns:
        string of the format {{+|-}l}*

      • grantPermissions

        public void grantPermissions​(int allowed)
        Sets the allowed permissions in the access control entry.

        Parameters:
        allowed - the allowed permissions as bitset

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class java.lang.Object
        See Also:
        Object.hashCode()

      • isInherited

        public boolean isInherited()
        Returns if this access control entry has the inherited flag set.

        Note: to check if an access control entry is inherited, also the resource id and the id of the current resource must be different.

        Returns:
        true, if the inherited flag is set

      • isInheriting

        public boolean isInheriting()
        Returns if this ace is being inherited to the folder subresources.

        Returns:
        true, if this ace is being inherited to the folder subresources

      • isResponsible

        public boolean isResponsible()
        Returns if the principal is responsible for the current resource.

        Returns:
        true ,if the principal is responsible for the current resource

      • resetFlags

        public void resetFlags​(int flags)
        Resets the given flags in the access control entry.

        Parameters:
        flags - bitset with flag values to reset

      • setFlags

        public void setFlags​(int flags)
        Sets the given flags in the access control entry.

        Parameters:
        flags - bitset with flag values to set

      • setFlagsForPrincipal

        public void setFlagsForPrincipal​(I_CmsPrincipal principal)
        Sets the access flags to identify the given principal type.

        Parameters:
        principal - the principal to set the flags for

      • setPermissions

        public void setPermissions​(CmsPermissionSet permissions)
        Sets the allowed and denied permissions of the access control entry.

        Parameters:
        permissions - the set of permissions

      • toString

        public java.lang.String toString()
        Returns the String representation of this access control entry object.

        Overrides:
        toString in class java.lang.Object
        See Also:
        Object.toString()

      • withNulledResource

        public CmsAccessControlEntry withNulledResource()
        Returns a copy of the access control entry with the resource id nulled.

        Returns:
        a copy of this entry with a nulled resource id