Public Member Functions | |
ACL (ArrayList< Link > contents) | |
Constructor. | |
boolean | validLabel (Link lr) |
Return whether an ACL element is valid. | |
boolean | publiclyReadable () |
Placeholder for public content. | |
boolean | publiclyWritable () |
Placeholder for public content. | |
boolean | validate () |
Return whether an ACL is valid. | |
void | addReader (Link reader) |
Add a specified reader to the ACL. | |
boolean | removeReader (Link reader) |
Remove a specified reader from the ACL. | |
void | addWriter (Link writer) |
Add a specified writer to the ACL. | |
boolean | removeWriter (Link writer) |
Remove a specified writer from the ACL. | |
void | addManager (Link manager) |
Add a specified manager to the ACL This method does nothing if the manager is already a manager. | |
boolean | removeManager (Link manager) |
Remove a specified manager from the ACL. | |
LinkedList< Link > | update (ArrayList< ACLOperation > ACLUpdates) |
Batch perform a set of ACL update Operations. | |
void | add (Link link) |
void | add (ArrayList< Link > contents) |
Link | remove (int i) |
boolean | remove (Link content) |
void | removeAll () |
long | getElementLabel () |
Allow the encoder/decoder to retrieve the top-level element name programmatically. | |
Static Public Attributes | |
static final String | LABEL_READER = "r" |
Readers can read content. | |
static final String | LABEL_WRITER = "rw" |
Writers can read and write (or edit) content. | |
static final String | LABEL_MANAGER = "rw+" |
Managers can read and write content, and edit access rights to content. | |
static final String[] | ROLE_LABELS = {LABEL_READER, LABEL_WRITER, LABEL_MANAGER} |
Protected Attributes | |
TreeSet< Link > | _readers = new TreeSet<Link>(_comparator) |
TreeSet< Link > | _writers = new TreeSet<Link>(_comparator) |
TreeSet< Link > | _managers = new TreeSet<Link>(_comparator) |
Static Package Attributes | |
static SuperficialLinkComparator | _comparator = new SuperficialLinkComparator() |
Classes | |
class | ACLObject |
ACL CCN objects; as it only makes sense right now to operate on ACLs in repositories, it writes all data to repositories. More... | |
class | ACLOperation |
This class represents the operations that can be performed on an ACL, such as add or delete readers, writers or managers. More... | |
class | SuperficialLinkComparator |
This class is for matching on unversioned link target name only, not label and potentially not signer if specified. More... |
It offers a limited degree of expressibility -- it can grant read, write, or manage privileges to named users or groups (where users and groups are effectively public keys stored in locations defined by the profile). Permissions are supersets of one another -- writers can read, managers can read and write. Managers have the additional capability to change rights -- to create and edit ACLs. An ACL applies to all the content below it in the name tree until it is superseded by another ACL below it in that tree.
org.ccnx.ccn.profiles.security.access.group.ACL.ACL | ( | ArrayList< Link > | contents | ) |
boolean org.ccnx.ccn.profiles.security.access.group.ACL.validLabel | ( | Link | lr | ) |
boolean org.ccnx.ccn.profiles.security.access.group.ACL.publiclyReadable | ( | ) |
Placeholder for public content.
These will be represented by some form of marker entry, and need to be handled specially.
boolean org.ccnx.ccn.profiles.security.access.group.ACL.publiclyWritable | ( | ) |
Placeholder for public content.
These will be represented by some form of marker entry, and need to be handled specially.
boolean org.ccnx.ccn.profiles.security.access.group.ACL.validate | ( | ) | [virtual] |
void org.ccnx.ccn.profiles.security.access.group.ACL.addReader | ( | Link | reader | ) |
Add a specified reader to the ACL.
The method does nothing if the reader is already a reader, a writer or a manager.
reader | the reader |
boolean org.ccnx.ccn.profiles.security.access.group.ACL.removeReader | ( | Link | reader | ) |
void org.ccnx.ccn.profiles.security.access.group.ACL.addWriter | ( | Link | writer | ) |
Add a specified writer to the ACL.
The method does nothing if the writer is already a writer or a manager. If the writer is already a reader, it is deleted from _readers and added to _writers.
writer | the writer |
boolean org.ccnx.ccn.profiles.security.access.group.ACL.removeWriter | ( | Link | writer | ) |
void org.ccnx.ccn.profiles.security.access.group.ACL.addManager | ( | Link | manager | ) |
Add a specified manager to the ACL This method does nothing if the manager is already a manager.
If the manager is already a reader or a writer, it is removed from _readers or _writers and added to _managers.
manager | the manager |
boolean org.ccnx.ccn.profiles.security.access.group.ACL.removeManager | ( | Link | manager | ) |
LinkedList<Link> org.ccnx.ccn.profiles.security.access.group.ACL.update | ( | ArrayList< ACLOperation > | ACLUpdates | ) |
Batch perform a set of ACL update Operations.
ACLUpdates,: | ordered set of ACL update operations |
long org.ccnx.ccn.profiles.security.access.group.ACL.getElementLabel | ( | ) | [virtual] |
Allow the encoder/decoder to retrieve the top-level element name programmatically.
This allows subclasses to rename elements without changing their encoder/decoders.
Reimplemented from org.ccnx.ccn.io.content.Collection.