org.ccnx.ccn.profiles.security.access.group.ACL Class Reference

This class represents an Access Control List (ACLs) for CCN content, for use with the Group-based access control scheme (though it might be useful to other schemes as well). More...

List of all members.

Classes

class  ACLObject
 ACL CCN objects; as it only makes sense right now to operate on ACLs in repositories, it writes all data to repositories. More...
class  ACLOperation
 This class represents the operations that can be performed on an ACL, such as add or delete readers, writers or managers. More...
class  SuperficialLinkComparator
 This class is for matching on unversioned link target name only, not label and potentially not signer if specified. More...

Public Member Functions

 ACL (ArrayList< Link > contents)
 Constructor.
boolean validLabel (Link lr)
 Return whether an ACL element is valid.
boolean publiclyReadable ()
 Placeholder for public content.
boolean publiclyWritable ()
 Placeholder for public content.
boolean validate ()
 Return whether an ACL is valid.
void addReader (Link reader)
 Add a specified reader to the ACL.
boolean removeReader (Link reader)
 Remove a specified reader from the ACL.
void addWriter (Link writer)
 Add a specified writer to the ACL.
boolean removeWriter (Link writer)
 Remove a specified writer from the ACL.
void addManager (Link manager)
 Add a specified manager to the ACL This method does nothing if the manager is already a manager.
boolean removeManager (Link manager)
 Remove a specified manager from the ACL.
LinkedList< Linkupdate (ArrayList< ACLOperation > ACLUpdates)
 Batch perform a set of ACL update Operations.
void add (Link link)
void add (ArrayList< Link > contents)
Link remove (int i)
boolean remove (Link content)
void removeAll ()
long getElementLabel ()
 Allow the encoder/decoder to retrieve the top-level element name programmatically.

Static Public Attributes

static final String LABEL_READER = "r"
 Readers can read content.
static final String LABEL_WRITER = "rw"
 Writers can read and write (or edit) content.
static final String LABEL_MANAGER = "rw+"
 Managers can read and write content, and edit access rights to content.
static final String[] ROLE_LABELS = {LABEL_READER, LABEL_WRITER, LABEL_MANAGER}

Protected Attributes

TreeSet< Link_readers = new TreeSet<Link>(_comparator)
TreeSet< Link_writers = new TreeSet<Link>(_comparator)
TreeSet< Link_managers = new TreeSet<Link>(_comparator)

Static Package Attributes

static SuperficialLinkComparator _comparator = new SuperficialLinkComparator()

Detailed Description

This class represents an Access Control List (ACLs) for CCN content, for use with the Group-based access control scheme (though it might be useful to other schemes as well).

It offers a limited degree of expressibility -- it can grant read, write, or manage privileges to named users or groups (where users and groups are effectively public keys stored in locations defined by the profile). Permissions are supersets of one another -- writers can read, managers can read and write. Managers have the additional capability to change rights -- to create and edit ACLs. An ACL applies to all the content below it in the name tree until it is superseded by another ACL below it in that tree.


Constructor & Destructor Documentation

org.ccnx.ccn.profiles.security.access.group.ACL.ACL ( ArrayList< Link contents  ) 

Constructor.

Parameters:
contents the contents of the ACL

Member Function Documentation

void org.ccnx.ccn.profiles.security.access.group.ACL.addManager ( Link  manager  ) 

Add a specified manager to the ACL This method does nothing if the manager is already a manager.

If the manager is already a reader or a writer, it is removed from _readers or _writers and added to _managers.

Parameters:
manager the manager
void org.ccnx.ccn.profiles.security.access.group.ACL.addReader ( Link  reader  ) 

Add a specified reader to the ACL.

The method does nothing if the reader is already a reader, a writer or a manager.

Parameters:
reader the reader
void org.ccnx.ccn.profiles.security.access.group.ACL.addWriter ( Link  writer  ) 

Add a specified writer to the ACL.

The method does nothing if the writer is already a writer or a manager. If the writer is already a reader, it is deleted from _readers and added to _writers.

Parameters:
writer the writer
long org.ccnx.ccn.profiles.security.access.group.ACL.getElementLabel (  )  [virtual]

Allow the encoder/decoder to retrieve the top-level element name programmatically.

This allows subclasses to rename elements without changing their encoder/decoders.

Returns:
the element label to use, as a key in a loaded encoding dictionary

Reimplemented from org.ccnx.ccn.io.content.Collection.

boolean org.ccnx.ccn.profiles.security.access.group.ACL.publiclyReadable (  ) 

Placeholder for public content.

These will be represented by some form of marker entry, and need to be handled specially.

Returns:
boolean org.ccnx.ccn.profiles.security.access.group.ACL.publiclyWritable (  ) 

Placeholder for public content.

These will be represented by some form of marker entry, and need to be handled specially.

Returns:
boolean org.ccnx.ccn.profiles.security.access.group.ACL.removeManager ( Link  manager  ) 

Remove a specified manager from the ACL.

Parameters:
manager the manager
boolean org.ccnx.ccn.profiles.security.access.group.ACL.removeReader ( Link  reader  ) 

Remove a specified reader from the ACL.

Parameters:
reader the reader
boolean org.ccnx.ccn.profiles.security.access.group.ACL.removeWriter ( Link  writer  ) 

Remove a specified writer from the ACL.

Parameters:
writer the writer
LinkedList<Link> org.ccnx.ccn.profiles.security.access.group.ACL.update ( ArrayList< ACLOperation ACLUpdates  ) 

Batch perform a set of ACL update Operations.

Parameters:
ACLUpdates,: ordered set of ACL update operations
Returns:
We return a LinkedList<Link> of the principals newly granted read access on this ACL. If no individuals are granted read access, we return a 0-length LinkedList. If any individuals are completely removed, requiring the caller to generate a new node key or otherwise update cryptographic data, we return null. (We could return the removed principals, but it's a little weird -- some people are removed from a role and added to others. For now, we just return the thing we need for our current implementation, which is whether anyone lost read access entirely.)
boolean org.ccnx.ccn.profiles.security.access.group.ACL.validate (  )  [virtual]

Return whether an ACL is valid.

Returns:

Reimplemented from org.ccnx.ccn.io.content.Collection.

boolean org.ccnx.ccn.profiles.security.access.group.ACL.validLabel ( Link  lr  ) 

Return whether an ACL element is valid.

Parameters:
lr the element
Returns:

The documentation for this class was generated from the following file:
Generated on Fri May 13 16:27:48 2011 for Content-Centric Networking in Java by  doxygen 1.6.3