org.ccnx.ccn.profiles.security.access.group.ACL Class Reference
This class represents an Access Control List (ACLs) for CCN content, for use with the Group-based access control scheme (though it might be useful to other schemes as well).
More...
List of all members.
Classes |
class | ACLObject |
| ACL CCN objects; as it only makes sense right now to operate on ACLs in repositories, it writes all data to repositories. More...
|
class | ACLOperation |
| This class represents the operations that can be performed on an ACL, such as add or delete readers, writers or managers. More...
|
class | SuperficialLinkComparator |
| This class is for matching on unversioned link target name only, not label and potentially not signer if specified. More...
|
Public Member Functions |
| ACL (ArrayList< Link > contents) |
| Constructor.
|
boolean | validLabel (Link lr) |
| Return whether an ACL element is valid.
|
boolean | publiclyReadable () |
| Placeholder for public content.
|
boolean | publiclyWritable () |
| Placeholder for public content.
|
boolean | validate () |
| Return whether an ACL is valid.
|
void | addReader (Link reader) |
| Add a specified reader to the ACL.
|
boolean | removeReader (Link reader) |
| Remove a specified reader from the ACL.
|
void | addWriter (Link writer) |
| Add a specified writer to the ACL.
|
boolean | removeWriter (Link writer) |
| Remove a specified writer from the ACL.
|
void | addManager (Link manager) |
| Add a specified manager to the ACL This method does nothing if the manager is already a manager.
|
boolean | removeManager (Link manager) |
| Remove a specified manager from the ACL.
|
LinkedList< Link > | update (ArrayList< ACLOperation > ACLUpdates) |
| Batch perform a set of ACL update Operations.
|
void | add (Link link) |
void | add (ArrayList< Link > contents) |
Link | remove (int i) |
boolean | remove (Link content) |
void | removeAll () |
long | getElementLabel () |
| Allow the encoder/decoder to retrieve the top-level element name programmatically.
|
Static Public Attributes |
static final String | LABEL_READER = "r" |
| Readers can read content.
|
static final String | LABEL_WRITER = "rw" |
| Writers can read and write (or edit) content.
|
static final String | LABEL_MANAGER = "rw+" |
| Managers can read and write content, and edit access rights to content.
|
static final String[] | ROLE_LABELS = {LABEL_READER, LABEL_WRITER, LABEL_MANAGER} |
Protected Attributes |
TreeSet< Link > | _readers = new TreeSet<Link>(_comparator) |
TreeSet< Link > | _writers = new TreeSet<Link>(_comparator) |
TreeSet< Link > | _managers = new TreeSet<Link>(_comparator) |
Static Package Attributes |
static SuperficialLinkComparator | _comparator = new SuperficialLinkComparator() |
Detailed Description
This class represents an Access Control List (ACLs) for CCN content, for use with the Group-based access control scheme (though it might be useful to other schemes as well).
It offers a limited degree of expressibility -- it can grant read, write, or manage privileges to named users or groups (where users and groups are effectively public keys stored in locations defined by the profile). Permissions are supersets of one another -- writers can read, managers can read and write. Managers have the additional capability to change rights -- to create and edit ACLs. An ACL applies to all the content below it in the name tree until it is superseded by another ACL below it in that tree.
Constructor & Destructor Documentation
org.ccnx.ccn.profiles.security.access.group.ACL.ACL |
( |
ArrayList< Link > |
contents |
) |
|
Constructor.
- Parameters:
-
| contents | the contents of the ACL |
Member Function Documentation
void org.ccnx.ccn.profiles.security.access.group.ACL.addManager |
( |
Link |
manager |
) |
|
Add a specified manager to the ACL This method does nothing if the manager is already a manager.
If the manager is already a reader or a writer, it is removed from _readers or _writers and added to _managers.
- Parameters:
-
void org.ccnx.ccn.profiles.security.access.group.ACL.addReader |
( |
Link |
reader |
) |
|
Add a specified reader to the ACL.
The method does nothing if the reader is already a reader, a writer or a manager.
- Parameters:
-
void org.ccnx.ccn.profiles.security.access.group.ACL.addWriter |
( |
Link |
writer |
) |
|
Add a specified writer to the ACL.
The method does nothing if the writer is already a writer or a manager. If the writer is already a reader, it is deleted from _readers and added to _writers.
- Parameters:
-
long org.ccnx.ccn.profiles.security.access.group.ACL.getElementLabel |
( |
|
) |
[virtual] |
Allow the encoder/decoder to retrieve the top-level element name programmatically.
This allows subclasses to rename elements without changing their encoder/decoders.
- Returns:
- the element label to use, as a key in a loaded encoding dictionary
Reimplemented from org.ccnx.ccn.io.content.Collection.
boolean org.ccnx.ccn.profiles.security.access.group.ACL.publiclyReadable |
( |
|
) |
|
Placeholder for public content.
These will be represented by some form of marker entry, and need to be handled specially.
- Returns:
boolean org.ccnx.ccn.profiles.security.access.group.ACL.publiclyWritable |
( |
|
) |
|
Placeholder for public content.
These will be represented by some form of marker entry, and need to be handled specially.
- Returns:
boolean org.ccnx.ccn.profiles.security.access.group.ACL.removeManager |
( |
Link |
manager |
) |
|
Remove a specified manager from the ACL.
- Parameters:
-
boolean org.ccnx.ccn.profiles.security.access.group.ACL.removeReader |
( |
Link |
reader |
) |
|
Remove a specified reader from the ACL.
- Parameters:
-
boolean org.ccnx.ccn.profiles.security.access.group.ACL.removeWriter |
( |
Link |
writer |
) |
|
Remove a specified writer from the ACL.
- Parameters:
-
LinkedList<Link> org.ccnx.ccn.profiles.security.access.group.ACL.update |
( |
ArrayList< ACLOperation > |
ACLUpdates |
) |
|
Batch perform a set of ACL update Operations.
- Parameters:
-
| ACLUpdates,: | ordered set of ACL update operations |
- Returns:
- We return a LinkedList<Link> of the principals newly granted read access on this ACL. If no individuals are granted read access, we return a 0-length LinkedList. If any individuals are completely removed, requiring the caller to generate a new node key or otherwise update cryptographic data, we return null. (We could return the removed principals, but it's a little weird -- some people are removed from a role and added to others. For now, we just return the thing we need for our current implementation, which is whether anyone lost read access entirely.)
boolean org.ccnx.ccn.profiles.security.access.group.ACL.validate |
( |
|
) |
[virtual] |
boolean org.ccnx.ccn.profiles.security.access.group.ACL.validLabel |
( |
Link |
lr |
) |
|
Return whether an ACL element is valid.
- Parameters:
-
- Returns:
The documentation for this class was generated from the following file:
- src/org/ccnx/ccn/profiles/security/access/group/ACL.java