Package org.opencms.security

Class CmsAccessControlEntry

java.lang.Object
org.opencms.security.CmsAccessControlEntry
public class CmsAccessControlEntry extends Object
An access control entry defines the permissions of a user or group for a distinct resource.

Besides the CmsPermissionSet to define the permissions, the access control entry contains the UUID of the resource and of the principal (user or group) who has the defined permissions. Since the principal is identified by its UUID, any other entity may act as principal also.

Additionally, the entry stores various flags:
ACCESS_FLAGS_DELETED indicates that this entry is deleted
ACCESS_FLAGS_INHERIT indicates that this entry should be inherited
ACCESS_FLAGS_OVERWRITE indicates that this entry overwrites inherited settings
ACCESS_FLAGS_INHERITED indicates that this entry is inherited
ACCESS_FLAGS_USER indicates that the principal is a single user
ACCESS_FLAGS_GROUP indicates that the principal is a group

Since:
6.0.0

  • Field Details

  • Constructor Details

    • CmsAccessControlEntry

      public CmsAccessControlEntry(CmsUUID resource, CmsAccessControlEntry base)
      Constructor to create a new access control entry for a given resource based on an existing access control entry.

      Parameters:
      resource - the resource
      base - the base for the created access control entry

    • CmsAccessControlEntry

      public CmsAccessControlEntry(CmsUUID resource, CmsUUID principal, CmsPermissionSet permissions, int flags)
      Constructor to create a new access control entry on a given resource and a given principal.

      Permissions are specified as permission set, flags as bitset.

      Parameters:
      resource - the resource
      principal - the id of a principal (user or group)
      permissions - the set of allowed and denied permissions as permission set
      flags - additional flags of the access control entry

    • CmsAccessControlEntry

      public CmsAccessControlEntry(CmsUUID resource, CmsUUID principal, int allowed, int denied, int flags)
      Constructor to create a new access control entry on a given resource and a given principal.

      Permissions and flags are specified as bitsets.

      Parameters:
      resource - the resource
      principal - the id of a principal (user or group)
      allowed - the set of allowed permissions
      denied - set set of explicitly denied permissions
      flags - additional flags of the access control entry
      See Also:

    • CmsAccessControlEntry

      public CmsAccessControlEntry(CmsUUID resource, CmsUUID principal, String acPermissionString)
      Constructor to create a new access control entry on a given resource and a given principal.

      Permission and flags are specified as string of the format {{+|-}{r|w|v|c|i}}*

      Parameters:
      resource - the resource
      principal - the id of a principal (user or group)
      acPermissionString - allowed and denied permissions and also flags

  • Method Details

    • denyPermissions

      public void denyPermissions(int denied)
      Sets the explicitly denied permissions in the access control entry.

      Parameters:
      denied - the denied permissions as bitset

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object
      See Also:

    • getAllowedPermissions

      public int getAllowedPermissions()
      Returns the currently allowed permissions as bitset.

      Returns:
      the allowed permissions

    • getDeniedPermissions

      public int getDeniedPermissions()
      Returns the currently denied permissions as bitset.

      Returns:
      the denied permissions

    • getFlags

      public int getFlags()
      Returns the current flags of the access control entry.

      Returns:
      bitset with flag values

    • getInheritingString

      public String getInheritingString()
      Returns the string representation of the "inherit" flag.

      Returns:
      string of the format {{+|-}i}*

    • getPermissions

      public CmsPermissionSet getPermissions()
      Returns the current permission set (both allowed and denied permissions).

      Returns:
      the set of permissions

    • getPrincipal

      public CmsUUID getPrincipal()
      Returns the principal assigned with this access control entry.

      Returns:
      the principal

    • getResource

      public CmsUUID getResource()
      Returns the resource assigned with this access control entry.

      Returns:
      the resource

    • getResponsibleString

      public String getResponsibleString()
      Returns the string representation of the "responsible" flag.

      Returns:
      string of the format {{+|-}l}*

    • grantPermissions

      public void grantPermissions(int allowed)
      Sets the allowed permissions in the access control entry.

      Parameters:
      allowed - the allowed permissions as bitset

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object
      See Also:

    • isAllOthers

      public boolean isAllOthers()
      Checks if the ACCESS_FLAGS_ALLOTHERS flag is set.

      Returns:
      true if the ACCESS_FLAGS_ALLOTHERS flag is set

    • isInherited

      public boolean isInherited()
      Returns if this access control entry has the inherited flag set.

      Note: to check if an access control entry is inherited, also the resource id and the id of the current resource must be different.

      Returns:
      true, if the inherited flag is set

    • isInheriting

      public boolean isInheriting()
      Returns if this ace is being inherited to the folder subresources.

      Returns:
      true, if this ace is being inherited to the folder subresources

    • isOverwriteAll

      public boolean isOverwriteAll()
      Checks if the ACCESS_FLAGS_OVERWRITE_ALL flag is set.

      Returns:
      true if the ACCESS_FLAGS_OVERWRITE_ALL flag is set

    • isResponsible

      public boolean isResponsible()
      Returns if the principal is responsible for the current resource.

      Returns:
      true ,if the principal is responsible for the current resource

    • resetFlags

      public void resetFlags(int flags)
      Resets the given flags in the access control entry.

      Parameters:
      flags - bitset with flag values to reset

    • setFlags

      public void setFlags(int flags)
      Sets the given flags in the access control entry.

      Parameters:
      flags - bitset with flag values to set

    • setFlagsForPrincipal

      public void setFlagsForPrincipal(I_CmsPrincipal principal)
      Sets the access flags to identify the given principal type.

      Parameters:
      principal - the principal to set the flags for

    • setPermissions

      public void setPermissions(CmsPermissionSet permissions)
      Sets the allowed and denied permissions of the access control entry.

      Parameters:
      permissions - the set of permissions

    • toString

      public String toString()
      Returns the String representation of this access control entry object.

      Overrides:
      toString in class Object
      See Also:

    • withNulledResource

      public CmsAccessControlEntry withNulledResource()
      Returns a copy of the access control entry with the resource id nulled.

      Returns:
      a copy of this entry with a nulled resource id