oracle.ifs.server

Class S_AccessControlList

java.lang.Object

oracle.ifs.server.S_LibraryObject

oracle.ifs.server.S_TieLibraryObject

oracle.ifs.server.S_PublicObject

oracle.ifs.server.S_TiePublicObject

oracle.ifs.server.S_AccessControlList

All Implemented Interfaces:

IfsEventHandler, LibraryObjectInterface, LooselyBoundedCacheable, PublicObjectInterface, Traceable

Direct Known Subclasses:

S_TieAccessControlList

public class S_AccessControlList
extends S_TiePublicObject

Server side representation of the AccessControlList class.

Version:

1.0

Author:

Dave Long

(Published)

Nested Class Summary

Nested classes/interfaces inherited from class oracle.ifs.server.S_LibraryObject

S_LibraryObject.MapInfo

Field Summary

Fields inherited from class oracle.ifs.server.S_PublicObject

ACL_ATTRIBUTE, CLASS_NAME, CREATEDATE_ATTRIBUTE, CREATOR_ATTRIBUTE, DELETOR_ATTRIBUTE, EXPIRATIONDATE_ATTRIBUTE, FAMILY_ATTRIBUTE, LASTMODIFIER_ATTRIBUTE, LASTMODIFYDATE_ATTRIBUTE, NAME_ATTRIBUTE, OWNER_ATTRIBUTE, POLICY_ENUM_EXTENDEDFREE_IGNORE_OWNERSHIP, POLICY_ENUM_EXTENDEDFREE_INVALID_VALUE, POLICY_ENUM_EXTENDEDFREE_REQUIRE_ADMIN, POLICYBUNDLE_ATTRIBUTE, RESOLVED_OBJECT_ATTRIBUTE, SECURINGPUBLICOBJECT_ATTRIBUTE

Fields inherited from class oracle.ifs.server.S_LibraryObject

CASCADE_OP_COPY_PUBLICOBJECT_TO_CATEGORY, CASCADE_OP_COPY_PUBLICOBJECT_TO_RIGHT_RELATIONSHIP, CASCADE_OP_DELETE_FAMILY_TO_VERSIONSERIES, CASCADE_OP_DELETE_PUBLICOBJECT_TO_LEFT_RELATIONSHIP, CASCADE_OP_DELETE_PUBLICOBJECT_TO_RIGHT_RELATIONSHIP, CASCADE_OP_DELETE_PUBLICOBJECT_TO_VERSIONDESCRIPTION, CASCADE_OP_DELETE_RELATIONSHIP_TO_LEFT_PUBLICOBJECT, CASCADE_OP_DELETE_RELATIONSHIP_TO_RIGHT_PUBLICOBJECT, CASCADE_OP_DELETE_VERSIONDESCRIPTION_TO_PUBLICOBJECT, CASCADE_OP_DELETE_VERSIONDESCRIPTION_TO_VERSIONSERIES, CASCADE_OP_DELETE_VERSIONSERIES_TO_FAMILY, CASCADE_OP_DELETE_VERSIONSERIES_TO_VERSIONDESCRIPTION, CASCADE_OP_FREE_CATEGORY_TO_PUBLICOBJECT, CASCADE_OP_FREE_CATEGORY_TO_SCHEMAOBJECT, CASCADE_OP_FREE_CATEGORY_TO_SYSTEMOBJECT, CASCADE_OP_FREE_FAMILY_TO_VERSIONSERIES, CASCADE_OP_FREE_PUBLICOBJECT_TO_CATEGORY, CASCADE_OP_FREE_PUBLICOBJECT_TO_LEFT_RELATIONSHIP, CASCADE_OP_FREE_PUBLICOBJECT_TO_RIGHT_RELATIONSHIP, CASCADE_OP_FREE_PUBLICOBJECT_TO_VERSIONDESCRIPTION, CASCADE_OP_FREE_RELATIONSHIP_TO_LEFT_PUBLICOBJECT, CASCADE_OP_FREE_RELATIONSHIP_TO_RIGHT_PUBLICOBJECT, CASCADE_OP_FREE_SCHEMAOBJECT_TO_CATEGORY, CASCADE_OP_FREE_SYSTEMOBJECT_TO_CATEGORY, CASCADE_OP_FREE_VERSIONDESCRIPTION_TO_PUBLICOBJECT, CASCADE_OP_FREE_VERSIONDESCRIPTION_TO_VERSIONSERIES, CASCADE_OP_FREE_VERSIONSERIES_TO_FAMILY, CASCADE_OP_FREE_VERSIONSERIES_TO_VERSIONDESCRIPTION, CASCADE_OP_UNDEFINED, CASCADE_OP_UNDELETE_FAMILY_TO_VERSIONSERIES, CASCADE_OP_UNDELETE_PUBLICOBJECT_TO_LEFT_RELATIONSHIP, CASCADE_OP_UNDELETE_PUBLICOBJECT_TO_RIGHT_RELATIONSHIP, CASCADE_OP_UNDELETE_PUBLICOBJECT_TO_VERSIONDESCRIPTION, CASCADE_OP_UNDELETE_RELATIONSHIP_TO_LEFT_PUBLICOBJECT, CASCADE_OP_UNDELETE_RELATIONSHIP_TO_RIGHT_PUBLICOBJECT, CASCADE_OP_UNDELETE_VERSIONDESCRIPTION_TO_PUBLICOBJECT, CASCADE_OP_UNDELETE_VERSIONDESCRIPTION_TO_VERSIONSERIES, CASCADE_OP_UNDELETE_VERSIONSERIES_TO_FAMILY, CASCADE_OP_UNDELETE_VERSIONSERIES_TO_VERSIONDESCRIPTION, CASCADE_OP_UPDATE_CATEGORY_TO_PUBLICOBJECT, CASCADE_OP_UPDATE_CATEGORY_TO_SCHEMAOBJECT, CASCADE_OP_UPDATE_CATEGORY_TO_SYSTEMOBJECT, CASCADE_OP_UPDATE_PUBLICOBJECT_TO_CATEGORY, CASCADE_OP_UPDATE_SCHEMAOBJECT_TO_CATEGORY, CASCADE_OP_UPDATE_SYSTEMOBJECT_TO_CATEGORY, DEFAULT_RENDERER, m_ClassId, m_Id, m_Session

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	S_AccessControlList(S_LibrarySession session, Long classId) Construct a S_AccessControlList object.
protected	S_AccessControlList(S_LibrarySession session, S_LibraryObjectData data) Construct a S_AccessControlList object.

Method Summary

Modifier and Type	Method and Description
S_LibraryObjectData	addACE(S_LibraryObjectDefinition sdef) Adds an ACE to the this object.
protected S_LibraryObjectData	addACE(S_LibraryObjectDefinition sdef, boolean updateAclDiscTable) Adds an ACE to the this object.
protected static S_AccessControlList[]	constructAccessControlListArray(S_LibrarySession sess, Long[] ids) Construct a ACL array from an array of object IDs.
protected void	deriveDefinition(S_LibraryObjectDefinition sdef) Add to the S_LibraryObjectDefinition for this class.
Serializable	DYNRemoveAcesForFreedGrantees(Serializable payload) Removes obsolete ACEs that correspond to grantees that no longer exist.
Serializable	DYNUpdateOwnerBypassUniquenessCheck(Serializable payload) Updates the owner and clears the ownerUniqueName attribute.
void	enforceNameUniquenessByOwner(S_LibraryObjectDefinition def) Perform name uniqueness enforcement, by owner.
protected void	extendedPostFree(OperationState opState, S_LibraryObjectDefinition def) Operations to be performed after freeing an object.
protected void	extendedPostInsert(OperationState opState, S_LibraryObjectDefinition sdef) Insert into odmz_acl_discoverer table after insert succeeds.
protected void	extendedPostUpdate(OperationState opState, S_LibraryObjectDefinition def) extended operations to be performed after updating an object.
protected void	extendedPreInsert(OperationState opState, S_LibraryObjectDefinition def) Updates any system attributes appropriate for creating this object; in this case, set the is_shared attribute to true if it is not set explicitly.
protected void	extendedPreUpdate(OperationState opState, S_LibraryObjectDefinition sdef) Update any system attributes appropriate for updating this ACL
Long[]	getAccessControlEntryIds() Returns the set of S_AccessControlEntry IDs associated with this ACL.
S_AccessControlEntry[]	getAccessControlEntrys() Returns the set of S_AccessControlEntry objects associated with this ACL.
protected AccessLevel	getAccessLevel() Returns the accesslevel for the current user.
AccessLevel	getAccessLevel(Long userId) Returns the access level for the specified user.
S_AccessControlList[]	getComponentAcls() Returns all AccessControlLists that are components of the target ACL.
Long[]	getCompositeAclIds() Gets the set of composite ACLs IDs which reference the target ACL as a "component".
S_AccessControlList[]	getCompositeAcls() Gets the set of composite ACLs which reference the target ACL as a "component".
S_AccessControlList[]	getCompositeAcls(SortSpecification sort) Gets the set of composite ACLs which reference the target ACL as a "component", sorted according to a specification.
AccessLevel	getGrantedAccessLevel() Returns the access level for the current user.
AccessLevel	getGrantedAccessLevel(S_DirectoryUser user) Returns the access level for the specified user.
protected boolean	hasDiscoverAccess(Long userId) Returns true if the specified user has discover access specified in this object.
protected void	invalidateResolution() Invalidates the ACL.
void	invalidateState() Invalidate any information cached for this ACL.
boolean	isAccessLevelEnabled(AccessLevel level) Checks if a specified set of permissions is enabled for the current user.
boolean	isComposite() Returns indication as to whether the target ACL is considered a "composite ACL", that is if it has one of more component ACLs.
boolean	isShared() Returns true if this ACL is shared.
protected boolean	isStandardPermissionEnabled(long permission) Checks if a particular permission is enabled for the current user.
void	removeACE(S_AccessControlEntry ace) Remove a specific ACE from this object.
void	removeAllACE() Removes all ACEs in this object.
protected Long[]	selectCompositeAclIds(SortSpecification sort) Select the set of composite ACLs IDs which reference the target ACL as a "component".
void	updateACE(S_AccessControlEntry ace, S_LibraryObjectDefinition sdef) Updates an ACE in the current object using the definition that is passed in.
protected void	updateAclDiscovererTable() Updates the ACL discoverer table.
void	verifyAccessLevelEnabled(AccessLevel level) Verifies if a specified set of permissions is enabled for the current user.
protected void	verifyCanAddAces() Verifies that ACEs can be added to the instance.
protected void	verifyCanModifyAces(long accessLevel, int errorCode) Verifies that ACEs can be added or removed from the instance.
protected void	verifyCanRemoveAces() Verifies that ACEs can be removed from the instance.
protected void	verifyStandardPermissionEnabled(long permission) Verifies if a particular permission is enabled for the current user.

Methods inherited from class oracle.ifs.server.S_PublicObject

addCategory, addRelationship, addRelationship, canUseContentQuota, cascadeCopy, cascadeDelete, cascadeFree, cascadeUndelete, checkAccess, constructPublicObjectArray, createCategories, createDefaultPolicyPropertyBundle, createDefaultPropertyBundle, delete, delete, determineResolvedObject, DYNReplaceCreator, DYNReplaceDeletor, DYNReplaceModifier, extendedPostDelete, extendedPostUndelete, extendedPreCopy, extendedPreDelete, extendedPreFree, extendedPreUndelete, forceSecuredObjectsToClear, freeIfNoFolderReferences, freeNonsharedAcl, freeNonsharedLockObject, getAcl, getAllFolderPaths, getAllFolderPaths, getAllFolderPaths, getAllFolderPaths, getAllLeftRelationships, getAllRightRelationships, getAnyFolderPath, getAnyFolderPath, getAnyFolderPath, getAnyFolderPath, getAuditEventFolderContext, getCategories, getCategories, getCategories, getCategory, getConsumedStorage, getDefaultAclFromUserProfile, getFamily, getFlags, getLeftRelationships, getLeftwardRelationshipDatas, getLeftwardRelationshipDatas, getLeftwardRelationshipObjectDatas, getLeftwardRelationshipObjectDatas, getLeftwardRelationshipObjects, getLeftwardRelationshipObjects, getLeftwardRelationships, getLeftwardRelationships, getLeftwardRelationshipsCount, getLeftwardRelationshipsCount, getLinkIds, getLinks, getLockedForSessionId, getLockEntries, getLockObject, getLockRestrictions, getOwner, getPrimaryParentFolder, getPropagatedSecurityAttributeNames, getPropagatedSecurityColumnNames, getReferencingFolderIds, getReferencingFolders, getResolvedObject, getRightRelationships, getRightwardRelationshipDatas, getRightwardRelationshipDatas, getRightwardRelationshipObjectDatas, getRightwardRelationshipObjectDatas, getRightwardRelationshipObjects, getRightwardRelationshipObjects, getRightwardRelationships, getRightwardRelationships, getSpecificLeftRelationships, getSpecificRightRelationships, getVersionDescriptions, handleCascade, handleExtendedFreePolicy, hasNameAttribute, invokeLockingPolicy, isAuditCertificateSecured, isDeleted, isLocked, isLockedForSession, isLockedForSessionByCurrentSession, isLockObjectEnabled, isLockObjectEnabled, isOwner, isVersionable, postCreateAddToFolder, postDelete, postSecurityChangeAuditEvent, postUndelete, preDelete, preUndelete, propagateFreeIfNoFolderReferences, propagateNameChanges, propagateSecurityChanges, propogateSettingsToProxyService, putProperty, reassociateLinks, relationshipExists, removeRelationship, removeRelationship, removeRowFromAclProxyIfSecured, resolveACLSetting, resolveResolvedObject, resolveSecuredBySettings, signalLeftRelationshipFreed, signalRightRelationshipFreed, undelete, undelete, unlockForSession, updateFamily, updateFlags, updateLastModifiedInfo, updatePrimaryParentFolder, vectorToSPublicObjectArray, verifyCanAddRelationship, verifyCanCreate, verifyCanFree, verifyCanLock, verifyCanRemoveRelationship, verifyCanSetPolicy, verifyCanUnlock, verifyCanUpdatePublicObject, verifyCanUseContentQuota, verifyGrantAccess, verifyObjectNotLocked, verifyObjectNotLocked, verifyPublicObjectPermission

Methods inherited from class oracle.ifs.server.S_LibraryObject

added, applyValueDefault, associatedPostFree, associatedPostInsert, associatedPreInsert, canPurge, cascadeUpdate, checkRequiredForInsert, checkSettable, clearArrayTypeAttributeValues, clearMapTypeAttributeValues, clonePublicObjectAttribute, constructIdArray, constructIdArray, copy, copy, copyVectorToLibraryObjectArray, createDefaultPropertyBundle, createInstance, deleteRows, deriveOwnerUniqueName, deriveOwnerUniqueName, deriveUppercasedAttribute, determineClassDomain, determinePolicy, determinePolicy, determineValueDefault, determineValueDomain, dispose, DYNInvalidateState, DYNLockRows, equals, equals, executePolicyOperation, findPolicyFromPropertyBundleAv, free, free, getAttribute, getAttributeByUpperCaseName, getAuditCertificateName, getAuditDomainContext, getClassData, getClassId, getClassName, getClassObject, getContentStorageManager, getData, getDefinition, getEffectivePolicyActionContexts, getEffectivePolicyListElements, getEventualAttributeByUpperCaseName, getId, getLibraryConnection, getName, getObjectReferenceAttribute, getPropertyBundle, getPropertyValue, getResourceString, getResourceString, getService, getSession, getSessionInterface, getTraceLogger, handleEvent, hashCode, insertReferenceAttributes, insertRow, insertRows, invokeOperation, invokePolicyMethod, isBroadcastCreateEventEnabled, isInstanceOf, isPersistent, issueCascade, isTraced, lockRows, postEvent, postEvent, postFree, postInsert, postUpdate, preFree, preInsert, preUpdate, privilegedUpdate, removed, renderAsReader, renderAsStream, setAttribute, setAttribute, setAttributes, toString, trace, update, updateRows, validateStringArray, verifyCanGetContent, verifyCanSetContent, verifyCanUpdate, verifyPersistent, verifyWriteableTransactionInProgress

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface oracle.ifs.common.LibraryObjectInterface

getAttributeByUpperCaseName, getClassId, getId, getSessionInterface

Methods inherited from interface oracle.ifs.common.Traceable

getTraceLogger, isTraced, trace

Constructor Detail

S_AccessControlList

protected S_AccessControlList(S_LibrarySession session,
                              S_LibraryObjectData data)
                       throws IfsException

Construct a S_AccessControlList object. This is the standard variant.

Parameters:

session - current LibrarySession

data - Data component

Throws:

IfsException

(Unpublished)

S_AccessControlList

protected S_AccessControlList(S_LibrarySession session,
                              Long classId)
                       throws IfsException

Construct a S_AccessControlList object. This variant is used for objects taht have not been created in the database yet.

Parameters:

session - current LibrarySession

Throws:

IfsException

(Unpublished)

Method Detail

isShared

public boolean isShared()
                 throws IfsException

Returns true if this ACL is shared.

Returns:

the ACL

Throws:

IfsException - if the operation fails

(Unpublished)

getComponentAcls

public S_AccessControlList[] getComponentAcls()
                                       throws IfsException

Returns all AccessControlLists that are components of the target ACL. If there are one or more component ACLs, the target ACL is considered a "composite ACL". If the target ACL is not a composite ACL, this method returns null.

Returns:

the set of component AccessControlLists

Throws:

IfsException - if operation fails.

(Published)

isComposite

public boolean isComposite()
                    throws IfsException

Returns indication as to whether the target ACL is considered a "composite ACL", that is if it has one of more component ACLs.

Returns:

true if the target ACL is a composite ACL

Throws:

IfsException - if operation fails.

(Published)

getCompositeAcls

public S_AccessControlList[] getCompositeAcls(SortSpecification sort)
                                       throws IfsException

Gets the set of composite ACLs which reference the target ACL as a "component", sorted according to a specification. This variant is considerably slower than the unsorted variant.

Parameters:

sort - the sort specification

Returns:

the set of composite ACLs that include the target ACL as a component

Throws:

IfsException - if operation fails.

(Unpublished)

getCompositeAcls

public S_AccessControlList[] getCompositeAcls()
                                       throws IfsException

Gets the set of composite ACLs which reference the target ACL as a "component".

Returns:

the set of composite ACLs that include the target ACL as a component

Throws:

IfsException - if operation fails.

(Published)

getCompositeAclIds

public Long[] getCompositeAclIds()
                          throws IfsException

Gets the set of composite ACLs IDs which reference the target ACL as a "component".

Returns:

array of IDs

Throws:

IfsException - if the operation fails

(Unpublished)

selectCompositeAclIds

protected Long[] selectCompositeAclIds(SortSpecification sort)
                                throws IfsException

Select the set of composite ACLs IDs which reference the target ACL as a "component".

Returns:

Array of Ids representing the composite ACLs

Throws:

IfsException - if the operation fails

(Unpublished)

deriveDefinition

protected void deriveDefinition(S_LibraryObjectDefinition sdef)
                         throws IfsException

Add to the S_LibraryObjectDefinition for this class. This this called by getDefinition() on S_LibraryObject. This must call super.deriveDefinition() before applying any class-specific changes to the S_LibraryObjectDefinition object.

Overrides:

deriveDefinition in class S_PublicObject

Parameters:

sdef - the definition of the target object.

Throws:

IfsException - if operation fails.

(Published)

extendedPostFree

protected void extendedPostFree(OperationState opState,
                                S_LibraryObjectDefinition def)
                         throws IfsException

Operations to be performed after freeing an object. This is overridden by classes that need to perform operations after successfully deleting the rows for the freed instance. For S_ACL, remove any ACLD rows, and tell S_LSV to remove any ACLResolver that might be cached.

Overrides:

extendedPostFree in class S_PublicObject

Parameters:

opState - current operation state

def - current object definition

Throws:

IfsException - if operation fails.

(Unpublished)

extendedPreInsert

protected void extendedPreInsert(OperationState opState,
                                 S_LibraryObjectDefinition def)
                          throws IfsException

Updates any system attributes appropriate for creating this object; in this case, set the is_shared attribute to true if it is not set explicitly.

Overrides:

extendedPreInsert in class S_PublicObject

Parameters:

opState - current operation state

def - current object definition to be updated with system attributes

Throws:

IfsException - if operation fails.

(Published)

extendedPostInsert

protected void extendedPostInsert(OperationState opState,
                                  S_LibraryObjectDefinition sdef)
                           throws IfsException

Insert into odmz_acl_discoverer table after insert succeeds.

Overrides:

extendedPostInsert in class S_PublicObject

Parameters:

sdef - the S_LibraryObjectDefinition that contains the settings for the new instance.

opState - current operation state

Throws:

IfsException - if operation fails.

(Unpublished)

extendedPreUpdate

protected void extendedPreUpdate(OperationState opState,
                                 S_LibraryObjectDefinition sdef)
                          throws IfsException

Update any system attributes appropriate for updating this ACL

Overrides:

extendedPreUpdate in class S_PublicObject

Parameters:

opState - current operation state

sdef - current object definition to be updated with system attributes

Throws:

IfsException - if operation fails.

(Published)

extendedPostUpdate

protected void extendedPostUpdate(OperationState opState,
                                  S_LibraryObjectDefinition def)
                           throws IfsException

extended operations to be performed after updating an object. This is overridden by classes that need to perform operations after updating this object in the database, but before commit.

Overrides:

extendedPostUpdate in class S_PublicObject

Parameters:

opState - the Operation state

def - the S_LibraryObjectDefinition that contains the updates.

Throws:

IfsException - if operation fails.

(Published)

enforceNameUniquenessByOwner

public void enforceNameUniquenessByOwner(S_LibraryObjectDefinition def)
                                  throws IfsException

Perform name uniqueness enforcement, by owner.

Parameters:

def - current object definition to be updated with system attributes

Throws:

IfsException - if operation fails.

(Unpublished)

DYNRemoveAcesForFreedGrantees

public Serializable DYNRemoveAcesForFreedGrantees(Serializable payload)
                                           throws IfsException

Removes obsolete ACEs that correspond to grantees that no longer exist.

Used by GarbageCollecitonAgent to periodically clean-up the internal representation of the ACL, e.g. in odmz_acl_discoverer. Admin mode must be enabled.

Parameters:

payload - ignored

Returns:

null

Throws:

IfsException - if operation fails.

(Unpublished)

DYNUpdateOwnerBypassUniquenessCheck

public Serializable DYNUpdateOwnerBypassUniquenessCheck(Serializable payload)
                                                 throws IfsException

Updates the owner and clears the ownerUniqueName attribute. Used by GarbageCollecitonAgent to reset an owner without failing because of a duplicate name. Admin mode must be enabled.

Parameters:

payload - the id of the new user

Returns:

null

Throws:

IfsException - if operation fails.

(Unpublished)

getAccessControlEntrys

public S_AccessControlEntry[] getAccessControlEntrys()
                                              throws IfsException

Returns the set of S_AccessControlEntry objects associated with this ACL.

Returns:

array of AccessControlEntry objects associated with this ACL

Throws:

IfsException - if operation fails.

(Published)

getAccessControlEntryIds

public Long[] getAccessControlEntryIds()
                                throws IfsException

Returns the set of S_AccessControlEntry IDs associated with this ACL.

Returns:

array of AccessControlEntry objects associated with this ACL

Throws:

IfsException - if operation fails.

(Unpublished)

verifyCanAddAces

protected void verifyCanAddAces()
                         throws IfsException

Verifies that ACEs can be added to the instance. This requires that the user has Grant Access on the object's acl, or has been granted GRANT permisson in the current set of ACEs.

Throws:

IfsException - if the operation fails

(Unpublished)

verifyCanRemoveAces

protected void verifyCanRemoveAces()
                            throws IfsException

Verifies that ACEs can be removed from the instance. This requires that the user has Grant Access on the object's acl, or has been granted GRANT permisson in the current set of ACEs.

Throws:

IfsException - if the operation fails

(Unpublished)

verifyCanModifyAces

protected void verifyCanModifyAces(long accessLevel,
                                   int errorCode)
                            throws IfsException

Verifies that ACEs can be added or removed from the instance.

This requires that the user has Grant Access on the object's acl, or has been granted GRANT permisson in the current set of ACEs.

Parameters:

accessLevel - the accesslevel required for the operation.

errorCode - the exception to throw if access is denied

Throws:

IfsException - if the operation fails

(Unpublished)

addACE

public S_LibraryObjectData addACE(S_LibraryObjectDefinition sdef)
                           throws IfsException

Adds an ACE to the this object.

Parameters:

sdef - definition for the ACE to be added.

Returns:

data corresponding to the ace

Throws:

IfsException - if the operation fails

(Unpublished)

addACE

protected S_LibraryObjectData addACE(S_LibraryObjectDefinition sdef,
                                     boolean updateAclDiscTable)
                              throws IfsException

Adds an ACE to the this object.

Parameters:

sdef - definition for the ACE to be added.

updateAclDiscTable - true if ACL discoverers table should be updated

Returns:

data corresponding to the ace

Throws:

IfsException - if the operation fails

(Unpublished)

updateACE

public void updateACE(S_AccessControlEntry ace,
                      S_LibraryObjectDefinition sdef)
               throws IfsException

Updates an ACE in the current object using the definition that is passed in.

Parameters:

ace - ACE to be updated

sdef - definition that is used to update the ACE

Throws:

IfsException - if the operation fails

(Unpublished)

removeACE

public void removeACE(S_AccessControlEntry ace)
               throws IfsException

Remove a specific ACE from this object.

Parameters:

ace - ACE to be removed

Throws:

IfsException - if the operation fails

(Unpublished)

removeAllACE

public void removeAllACE()
                  throws IfsException

Removes all ACEs in this object.

Throws:

IfsException - if the operation fails

(Unpublished)

getGrantedAccessLevel

public AccessLevel getGrantedAccessLevel()
                                  throws IfsException

Returns the access level for the current user.

Returns:

AccessLevel corresponding to the current user

Throws:

IfsException - if the operation fails

(Published)

getGrantedAccessLevel

public AccessLevel getGrantedAccessLevel(S_DirectoryUser user)
                                  throws IfsException

Returns the access level for the specified user.

Parameters:

user - user whose access level is to be determined

Returns:

AccessLevel corresponding to the specified user

Throws:

IfsException - if the operation fails

(Published)

getAccessLevel

protected AccessLevel getAccessLevel()
                              throws IfsException

Returns the accesslevel for the current user.

Returns:

AccessLevel corresponding to the current user

Throws:

IfsException - if the operation fails

(Unpublished)

getAccessLevel

public AccessLevel getAccessLevel(Long userId)
                           throws IfsException

Returns the access level for the specified user.

Parameters:

userId - user whose access level is to be determined

Returns:

AccessLevel corresponding to the specified user

Throws:

IfsException - if the operation fails

(Unpublished)

isStandardPermissionEnabled

protected boolean isStandardPermissionEnabled(long permission)
                                       throws IfsException

Checks if a particular permission is enabled for the current user.

Parameters:

permission - the permission which needs to verified.

Returns:

true if the current user has this permission granted in this ACL

Throws:

IfsException - if the operation fails

(Unpublished)

verifyStandardPermissionEnabled

protected void verifyStandardPermissionEnabled(long permission)
                                        throws IfsException

Verifies if a particular permission is enabled for the current user.

Parameters:

permission - the permission which needs to verified.

Throws:

IfsException - (IFS-30030) if the operation fails

(Unpublished)

isAccessLevelEnabled

public boolean isAccessLevelEnabled(AccessLevel level)
                             throws IfsException

Checks if a specified set of permissions is enabled for the current user.

Parameters:

level - the set of permissions to check

Returns:

true if the current user has this permission granted in this ACL

Throws:

IfsException - if the operation fails

(Published)

verifyAccessLevelEnabled

public void verifyAccessLevelEnabled(AccessLevel level)
                              throws IfsException

Verifies if a specified set of permissions is enabled for the current user.

Parameters:

level - the set of permissions to check

Throws:

IfsException - (IFS-30030) if the operation fails

(Published)

hasDiscoverAccess

protected boolean hasDiscoverAccess(Long userId)
                             throws IfsException

Returns true if the specified user has discover access specified in this object.

Parameters:

userId - user who needs to be verified for discover access

Returns:

true if the user has discover access

Throws:

IfsException - if the operation fails

(Unpublished)

updateAclDiscovererTable

protected void updateAclDiscovererTable()
                                 throws IfsException

Updates the ACL discoverer table.

Throws:

IfsException - if the operation fails

(Unpublished)

invalidateState

public void invalidateState()
                     throws IfsException

Invalidate any information cached for this ACL.

In addition to the invalidation performed by our superclasses, invalidate the entries in the committed and uncommitted ACL resolution cache.

Overrides:

invalidateState in class S_LibraryObject

Throws:

IfsException - if operation fails.

(Unpublished)

invalidateResolution

protected void invalidateResolution()
                             throws IfsException

Invalidates the ACL. Does not attempt to re-construct the ACL discoverers table. This is called when in async resolution mode by a group who has its membership changed.

Throws:

IfsException - if the operation fails

(Unpublished)

constructAccessControlListArray

protected static S_AccessControlList[] constructAccessControlListArray(S_LibrarySession sess,
                                                                       Long[] ids)
                                                                throws IfsException

Construct a ACL array from an array of object IDs.

Parameters:

sess - the requesting session

ids - the array of object IDs

Returns:

the array of ACLs

Throws:

IfsException - if operation fails.

(Unpublished)