Package io.continual.iam.access

Class AccessControlList

  • public class AccessControlList
extends Object
    An access control list, which has an owner and an ordered list of ACL entries.

    • Constructor Detail

      • AccessControlList

        public AccessControlList()
        Construct an empty ACL

      • AccessControlList

        public AccessControlList​(AccessControlList that)
        Construct an empty ACL

      • AccessControlList

        public AccessControlList​(AclUpdateListener listener)
        Construct an ACL with the given update listener
        Parameters:
        listener - a listener, which may be null

    • Method Detail

      • createOpenAcl

        public static AccessControlList createOpenAcl()
        Return an ACL that allows any user to perform any operation
        Returns:
        an ACL

      • getOwner

        public String getOwner()
        Get the owner ID for this ACL
        Returns:
        the owner, which may be null

      • setOwner

        public AccessControlList setOwner​(String userOrGroupId)
        Set the owner ID for this ACL. The listener is updated if provided.
        Parameters:
        userOrGroupId - The ID to use as owner. This may be null.
        Returns:
        this ACL

      • permit

        public AccessControlList permit​(String userOrGroupId,
                                String... ops)
        Permit the given ID to perform the given operations by adding a new entry to the end of the ACL entry list. Note that a conflicting entry earlier in the list will take precedence.
        Parameters:
        userOrGroupId - the user or group ID
        ops - one or more operations
        Returns:
        this ACL

      • deny

        public AccessControlList deny​(String userOrGroupId,
                              String... ops)
        Deny the given ID from performing the given operations by adding a new entry to the end of the ACL entry list. Note that a conflicting entry earlier in the list will take precedence.
        Parameters:
        userOrGroupId - the user or group ID
        ops - one or more operations
        Returns:
        this ACL

      • clear

        public AccessControlList clear​(String userOrGroupId,
                               String... ops)
        Clear matching entries. This method removes a matching entry and is different from deny(), which adds an entry that explicitly denies access.
        Parameters:
        userOrGroupId - the user or group to clear entries for
        ops - the operations to clear entries for
        Returns:
        this ACL

      • clear

        public AccessControlList clear()
        Clear all entries from this ACL and notify the listener if present
        Returns:
        this ACL

      • getEntries

        public List<AccessControlEntry> getEntries()
        Get the list of ACL entries on this ACL
        Returns:
        a list of 0 or more entries

      • canUser

        public boolean canUser​(Identity user,
                       String op)
                throws IamSvcException
        Can the given user perform the given operation based on this ACL?
        Parameters:
        user - a user
        op - an operation
        Returns:
        true if the user can perform the given operation
        Throws:
        IamSvcException - if there's an error during processing

      • canUser

        public boolean canUser​(String userId,
                       Set<String> groups,
                       String op)
        Can the given user ID or group set perform the given operation based on this ACL?
        Parameters:
        userId - a user ID
        groups - a set of 0 or more groups
        op - an operation
        Returns:
        true if the user or group set can perform the given operation

      • addAclEntry

        public AccessControlList addAclEntry​(AccessControlEntry acle)
        Add the given ACL entry to this ACL's list of entries.
        Parameters:
        acle - an ACL entry
        Returns:
        this ACL

      • asJson

        public org.json.JSONObject asJson()
        Serialize to JSON
        Returns:
        a JSON object

      • serialize

        public String serialize()
        Serialize to a JSON String
        Returns:
        a string

      • deserialize

        public static AccessControlList deserialize​(String s,
                                            AclUpdateListener listener)
        Deserialize a string created by serialize()
        Parameters:
        s - a string serialized ACL
        listener - an optional listener
        Returns:
        an ACL

      • deserialize

        public static AccessControlList deserialize​(org.json.JSONObject o,
                                            AclUpdateListener listener)
        Deserialize a JSON object created by serialize() or asJson()
        Parameters:
        o - a JSON object serialized ACL
        listener - an optional listener
        Returns:
        an ACL

      • getListener

        public AclUpdateListener getListener()
        Get the listener on this ACL if present
        Returns:
        a listener or null