AclManager

java.lang.Object
- lumis.util.security.acl.AclManager

All Implemented Interfaces:

IConfigKeyChecker, IAclManager

Direct Known Subclasses:

ChannelAclManager, GenericAclManager, GroupAclManager, PageAclManager, PageTemplateAclManager, PortalAclManager, ServiceAclManager, ServiceInstanceAclManager
```
public abstract class AclManager
extends Object
implements IAclManager
```
Base AclManager implementation. This is an abstract implementation, that contains the logic that all acls should have. Specific acl managers should extend this class.

Since:

4.0.0

Version:

$Revision: 23228 $ $Date: 2019-10-02 21:21:58 +0000 (Wed, 02 Oct 2019) $

Field Summary

Fields
Modifier and Type Field and Description

protected static PortalCache<AccessControlList> aclCache

protected static ThreadLocal<Boolean> checkRequiredPermissionsInternalFlag

Fields
Modifier and Type	Field and Description
`protected static PortalCache<AccessControlList>`	`aclCache`
`protected static ThreadLocal<Boolean>`	`checkRequiredPermissionsInternalFlag`

Constructor Summary

Constructors
Constructor and Description

AclManager()

Constructors
Constructor and Description
`AclManager()`

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method and Description
`protected String`	`add(AccessControlList parentAcl, HashMap<Integer,Integer> permissionsMap, int[] implies, ITransaction transaction)`
`void`	`add(AccessControlList acl, ITransaction transaction)`
`void`	`addOrUpdate(AccessControlList acl, ITransaction transaction)`
`boolean`	`checkPermission(SessionConfig sessionConfig, String itemId, IPermission permission, ITransaction transaction)` Verify if the permission is valid for the sessionConfig's user.
`boolean`	`checkPermission(SessionConfig sessionConfig, String userId, String itemId, IPermission permission, ITransaction transaction)` For the given principalId, all the groups that the principal is member of (recursively) are collected and permission is calculated on this collection.
`protected void`	`checkRequiredPermissionsInternal(AccessControlList acl)` Checks if the required permissions were given for someone.
`protected void`	`cleanupInvalidData(AccessControlList acl)`
`void`	`clearCache(ITransaction transaction)` Clears all ACL cache.
`void`	`delete(String aclId, ITransaction transaction)` Deletes an acl.
`void`	`deleteAclEntryByPrincipalId(String principalId, ITransaction transaction)` Delete ACL entries in all ACLs for the specified principal.
`String`	`deserialize(SessionConfig sessionConfig, DeserializationConfig deserializationConfig, Node accessControlListNode, boolean onlyAddSimpleAcls, ITransaction transaction)`
`boolean`	`exists(String aclId, ITransaction transaction)`
`abstract AccessControlList`	`get(SessionConfig sessionConfig, String id, ITransaction transaction)`
`protected abstract AccessControlList`	`getAclInternal(SessionConfig sessionConfig, String itemId, ITransaction transaction)`
`protected abstract int`	`getRequiredPermissions()`
`boolean`	`keyExists(SessionConfig sessionConfig, Object configKey, Object config, ITransaction transaction)` Checks if configId matches an already persisted object
`void`	`removeFromCache(String aclId, ITransaction transaction)` Allows removal of cached items
`void`	`serialize(SessionConfig sessionConfig, String securableId, OutputStream outputStream, ITransaction transaction)`
`protected void`	`update(AccessControlList acl, ITransaction transaction)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

aclCache

protected static PortalCache<AccessControlList> aclCache

checkRequiredPermissionsInternalFlag

protected static final ThreadLocal<Boolean> checkRequiredPermissionsInternalFlag

Constructor Detail
- AclManager
```
public AclManager()
```

Method Detail

get

public abstract AccessControlList get(SessionConfig sessionConfig,
                                      String id,
                                      ITransaction transaction)
                               throws ManagerException,
                                      PortalException

Throws:: ManagerException; PortalException

getAclInternal

protected abstract AccessControlList getAclInternal(SessionConfig sessionConfig,
                                                    String itemId,
                                                    ITransaction transaction)
                                             throws ManagerException,
                                                    PortalException

Throws:: ManagerException; PortalException

getRequiredPermissions

protected abstract int getRequiredPermissions()
                                       throws PortalException

Throws:: PortalException

checkRequiredPermissionsInternal
```
protected void checkRequiredPermissionsInternal(AccessControlList acl)
                                         throws PortalException
```
Checks if the required permissions were given for someone. If not an exception is thrown.

Parameters:

acl - the acl to be checked.

Throws:

PortalException - if the required permissions were not given.

add

protected String add(AccessControlList parentAcl,
                     HashMap<Integer,Integer> permissionsMap,
                     int[] implies,
                     ITransaction transaction)
              throws PortalException

Throws:: PortalException

add

public void add(AccessControlList acl,
                ITransaction transaction)
         throws PortalException

Specified by:: add in interface IAclManager
Throws:: PortalException

exists

public boolean exists(String aclId,
                      ITransaction transaction)
               throws DaoException,
                      PortalException

Specified by:: exists in interface IAclManager
Throws:: DaoException; PortalException

update

protected void update(AccessControlList acl,
                      ITransaction transaction)
               throws ManagerException,
                      PortalException

Throws:: ManagerException; PortalException

addOrUpdate

public void addOrUpdate(AccessControlList acl,
                        ITransaction transaction)
                 throws ManagerException,
                        PortalException

Specified by:: addOrUpdate in interface IAclManager
Throws:: ManagerException; PortalException

cleanupInvalidData

protected void cleanupInvalidData(AccessControlList acl)
                           throws PortalException

Throws:: PortalException

delete
```
public void delete(String aclId,
                   ITransaction transaction)
            throws PortalException
```
Description copied from interface: IAclManager

Deletes an acl.
This method does not delete the acl's children. They must have been deleted or the foreign key constraints will not allow their parent to be deleted.

Specified by:

delete in interface IAclManager

Parameters:

aclId - the id of the acl to be deleted from persistence.

transaction - the transaction for persistence access.

Throws:

PortalException

deleteAclEntryByPrincipalId

public void deleteAclEntryByPrincipalId(String principalId,
                                        ITransaction transaction)
                                 throws PortalException

Description copied from interface: IAclManager

Delete ACL entries in all ACLs for the specified principal.

Specified by:: deleteAclEntryByPrincipalId in interface IAclManager
Throws:: DaoException; PortalException

removeFromCache

public void removeFromCache(String aclId,
                            ITransaction transaction)
                     throws DaoException,
                            PortalException

Description copied from interface: IAclManager

Allows removal of cached items

Specified by:: removeFromCache in interface IAclManager
Throws:: DaoException; PortalException

clearCache
```
public void clearCache(ITransaction transaction)
                throws PortalException
```
Description copied from interface: IAclManager

Clears all ACL cache.

Specified by:

clearCache in interface IAclManager

Parameters:

transaction - the transaction for persistence access. If null, the cache is just cleared, else it is cleared as a transactional operation as specified in PortalCache.clear(ITransaction).

Throws:

PortalException

checkPermission

public boolean checkPermission(SessionConfig sessionConfig,
                               String itemId,
                               IPermission permission,
                               ITransaction transaction)
                        throws ManagerException,
                               PortalException

Description copied from interface: IAclManager

Verify if the permission is valid for the sessionConfig's user.

Specified by:: checkPermission in interface IAclManager
Returns:: Returns the true or false value.
Throws:: ManagerException; PortalException

checkPermission

public boolean checkPermission(SessionConfig sessionConfig,
                               String userId,
                               String itemId,
                               IPermission permission,
                               ITransaction transaction)
                        throws ManagerException,
                               PortalException

For the given principalId, all the groups that the principal is member of (recursively) are collected and permission is calculated on this collection.

Specified by:: checkPermission in interface IAclManager
Returns:
Throws:: ManagerException; PortalException

serialize

public void serialize(SessionConfig sessionConfig,
                      String securableId,
                      OutputStream outputStream,
                      ITransaction transaction)
               throws ManagerException,
                      PortalException

Specified by:: serialize in interface IAclManager
Throws:: ManagerException; PortalException

deserialize

public String deserialize(SessionConfig sessionConfig,
                          DeserializationConfig deserializationConfig,
                          Node accessControlListNode,
                          boolean onlyAddSimpleAcls,
                          ITransaction transaction)
                   throws ManagerException,
                          PortalException

Specified by:: deserialize in interface IAclManager
Throws:: ManagerException; PortalException

keyExists
```
public boolean keyExists(SessionConfig sessionConfig,
                         Object configKey,
                         Object config,
                         ITransaction transaction)
```
Description copied from interface: IConfigKeyChecker

Checks if configId matches an already persisted object

Specified by:

keyExists in interface IConfigKeyChecker

config - Optional, allows a checker to read aditional fields to check composed keys

Returns:

true if configId matches an already persisted object

Class AclManager

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

aclCache

checkRequiredPermissionsInternalFlag

Constructor Detail

AclManager

Method Detail

get

getAclInternal

getRequiredPermissions

checkRequiredPermissionsInternal

add

add

exists

update

addOrUpdate

cleanupInvalidData

delete

deleteAclEntryByPrincipalId

removeFromCache

clearCache

checkPermission

checkPermission

serialize

deserialize

keyExists