Class CmsAccessControlList
- java.lang.Object
-
- org.opencms.security.CmsAccessControlList
-
- All Implemented Interfaces:
java.io.Serializable
public class CmsAccessControlList extends java.lang.Object implements java.io.Serializable
An access control list contains the permission sets of all principals for a distinct resource that are calculated on the permissions defined by various access control entries.To each single resource, access control entries of type
CmsAccessControlEntry
can be assigned. An access control entry defines the permissions (both allowed and explicitly denied) of a user or group for this resource.By calling the method
getAccessControlList
the list is generated on the resource. It contains the result of merging both access control entries defined immediately on the resource and inherited along the folder hierarchie in the OpenCms virtual file system (controlled by flags in the entry).To check the permissions of a user on a distinct resource, the method
hasPermissions
in the driver manager is called in each operation. This method acts as access guard and matches the required permissions for the operation against the allowed and denied permissions defined for the user or groups of this user.- Since:
- 6.0.0
- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description CmsAccessControlList()
Constructor to create an empty access control list for a given resource.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
add(CmsAccessControlEntry entry)
Adds an access control entry to the access control list.java.lang.Object
clone()
Returns a clone of this Objects instance.java.util.Map<CmsUUID,CmsPermissionSetCustom>
getPermissionMap()
Returns the permission map of this access control list.CmsPermissionSetCustom
getPermissions(CmsUser user, java.util.List<CmsGroup> groups, java.util.List<CmsRole> roles)
Calculates the permissions of the given user and his groups from the access control list.CmsPermissionSetCustom
getPermissions(CmsUUID principalId)
Returns the permission set of a principal as stored in the access control list.java.lang.String
getPermissionString(CmsUser user, java.util.List<CmsGroup> groups, java.util.List<CmsRole> roles)
Calculates the permissions of the given user and his groups from the access control list.java.util.List<CmsUUID>
getPrincipals()
Returns the principals with specific permissions stored in this access control list.void
setAllowedPermissions(CmsAccessControlEntry entry)
Sets the allowed permissions of a given access control entry as allowed permissions in the access control list.void
setDeniedPermissions(CmsAccessControlEntry entry)
Sets the denied permissions of a given access control entry as denied permissions in the access control list.
-
-
-
Constructor Detail
-
CmsAccessControlList
public CmsAccessControlList()
Constructor to create an empty access control list for a given resource.
-
-
Method Detail
-
add
public void add(CmsAccessControlEntry entry)
Adds an access control entry to the access control list.- Parameters:
entry
- the access control entry to add
-
clone
public java.lang.Object clone()
Returns a clone of this Objects instance.- Overrides:
clone
in classjava.lang.Object
- Returns:
- a clone of this instance
-
getPermissionMap
public java.util.Map<CmsUUID,CmsPermissionSetCustom> getPermissionMap()
Returns the permission map of this access control list.- Returns:
- permission map
-
getPermissions
public CmsPermissionSetCustom getPermissions(CmsUser user, java.util.List<CmsGroup> groups, java.util.List<CmsRole> roles)
Calculates the permissions of the given user and his groups from the access control list.- Parameters:
user
- the usergroups
- the groups of this userroles
- the roles of this user- Returns:
- the summarized permission set of the user
-
getPermissions
public CmsPermissionSetCustom getPermissions(CmsUUID principalId)
Returns the permission set of a principal as stored in the access control list.- Parameters:
principalId
- the id of the principal (group or user)- Returns:
- the current permissions of this single principal
-
getPermissionString
public java.lang.String getPermissionString(CmsUser user, java.util.List<CmsGroup> groups, java.util.List<CmsRole> roles)
Calculates the permissions of the given user and his groups from the access control list.The permissions are returned as permission string in the format {{+|-}{r|w|v|c|i}}*.
- Parameters:
user
- the usergroups
- the groups of this userroles
- the roles of this user- Returns:
- a string that displays the permissions
-
getPrincipals
public java.util.List<CmsUUID> getPrincipals()
Returns the principals with specific permissions stored in this access control list.- Returns:
- enumeration of principals (each group or user)
-
setAllowedPermissions
public void setAllowedPermissions(CmsAccessControlEntry entry)
Sets the allowed permissions of a given access control entry as allowed permissions in the access control list.The denied permissions are left unchanged.
- Parameters:
entry
- the access control entry
-
setDeniedPermissions
public void setDeniedPermissions(CmsAccessControlEntry entry)
Sets the denied permissions of a given access control entry as denied permissions in the access control list.The allowed permissions are left unchanged.
- Parameters:
entry
- the access control entry
-
-