io.continual.iam.access

Class AccessControlList

java.lang.Object

io.continual.iam.access.AccessControlList

public class AccessControlList
extends Object

An access control list, which has an owner and an ordered list of ACL entries.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AccessControlList.Builder

Field Summary

Fields

Modifier and Type	Field and Description
static String	CREATE
static String	DELETE
static String	READ
static String	UPDATE

Constructor Summary

Constructors

Constructor and Description
AccessControlList() Construct an empty ACL
AccessControlList(AccessControlList that) Construct an empty ACL
AccessControlList(AclUpdateListener listener) Construct an ACL with the given update listener

Method Summary

Modifier and Type	Method and Description
AccessControlList	addAclEntry(AccessControlEntry acle) Add the given ACL entry to this ACL's list of entries.
org.json.JSONObject	asJson() Serialize to JSON
static AccessControlList.Builder	builder() Create a builder for an ACL
boolean	canUser(Identity user, String op) Can the given user perform the given operation based on this ACL?
boolean	canUser(String userId, Set<String> groups, String op) Can the given user ID or group set perform the given operation based on this ACL?
AccessControlList	clear() Clear all entries from this ACL and notify the listener if present
AccessControlList	clear(String userOrGroupId, String... ops) Clear matching entries.
static AccessControlList	createOpenAcl() Return an ACL that allows any user to perform any operation
AccessControlList	deny(String userOrGroupId, String... ops) Deny the given ID from performing the given operations by adding a new entry to the end of the ACL entry list.
static AccessControlList	deserialize(org.json.JSONObject o, AclUpdateListener listener) Deserialize a JSON object created by serialize() or asJson()
static AccessControlList	deserialize(String s, AclUpdateListener listener) Deserialize a string created by serialize()
List<AccessControlEntry>	getEntries() Get the list of ACL entries on this ACL
AclUpdateListener	getListener() Get the listener on this ACL if present
String	getOwner() Get the owner ID for this ACL
static AccessControlList	initialize(AclUpdateListener listener)
AccessControlList	permit(String userOrGroupId, String... ops) Permit the given ID to perform the given operations by adding a new entry to the end of the ACL entry list.
String	serialize() Serialize to a JSON String
AccessControlList	setOwner(String userOrGroupId) Set the owner ID for this ACL.
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

CREATE

public static final String CREATE

See Also:

Constant Field Values

READ

public static final String READ

See Also:

Constant Field Values

UPDATE

public static final String UPDATE

See Also:

Constant Field Values

DELETE

public static final String DELETE

See Also:

Constant Field Values

Constructor Detail

AccessControlList

public AccessControlList()

Construct an empty ACL

AccessControlList

public AccessControlList(AccessControlList that)

Construct an empty ACL

AccessControlList

public AccessControlList(AclUpdateListener listener)

Construct an ACL with the given update listener

Parameters:

listener - a listener, which may be null

Method Detail

builder

public static AccessControlList.Builder builder()

Create a builder for an ACL

Returns:

a new builder

createOpenAcl

public static AccessControlList createOpenAcl()

Return an ACL that allows any user to perform any operation

Returns:

an ACL

getOwner

public String getOwner()

Get the owner ID for this ACL

Returns:

the owner, which may be null

setOwner

public AccessControlList setOwner(String userOrGroupId)

Set the owner ID for this ACL. The listener is updated if provided.

Parameters:

userOrGroupId - The ID to use as owner. This may be null.

Returns:

this ACL

permit

public AccessControlList permit(String userOrGroupId,
                                String... ops)

Permit the given ID to perform the given operations by adding a new entry to the end of the ACL entry list. Note that a conflicting entry earlier in the list will take precedence.

Parameters:

userOrGroupId - the user or group ID

ops - one or more operations

Returns:

this ACL

deny

public AccessControlList deny(String userOrGroupId,
                              String... ops)

Deny the given ID from performing the given operations by adding a new entry to the end of the ACL entry list. Note that a conflicting entry earlier in the list will take precedence.

Parameters:

userOrGroupId - the user or group ID

ops - one or more operations

Returns:

this ACL

clear

public AccessControlList clear(String userOrGroupId,
                               String... ops)

Clear matching entries. This method removes a matching entry and is different from deny(), which adds an entry that explicitly denies access.

Parameters:

userOrGroupId - the user or group to clear entries for

ops - the operations to clear entries for

Returns:

this ACL

clear

public AccessControlList clear()

Clear all entries from this ACL and notify the listener if present

Returns:

this ACL

getEntries

public List<AccessControlEntry> getEntries()

Get the list of ACL entries on this ACL

Returns:

a list of 0 or more entries

canUser

public boolean canUser(Identity user,
                       String op)
                throws IamSvcException

Can the given user perform the given operation based on this ACL?

Parameters:

user - a user

op - an operation

Returns:

true if the user can perform the given operation

Throws:

IamSvcException - if there's an error during processing

canUser

public boolean canUser(String userId,
                       Set<String> groups,
                       String op)

Can the given user ID or group set perform the given operation based on this ACL?

Parameters:

userId - a user ID

groups - a set of 0 or more groups

op - an operation

Returns:

true if the user or group set can perform the given operation

addAclEntry

public AccessControlList addAclEntry(AccessControlEntry acle)

Add the given ACL entry to this ACL's list of entries.

Parameters:

acle - an ACL entry

Returns:

this ACL

toString

public String toString()

Overrides:

toString in class Object

asJson

public org.json.JSONObject asJson()

Serialize to JSON

Returns:

a JSON object

serialize

public String serialize()

Serialize to a JSON String

Returns:

a string

initialize

public static AccessControlList initialize(AclUpdateListener listener)

deserialize

public static AccessControlList deserialize(String s,
                                            AclUpdateListener listener)

Deserialize a string created by serialize()

Parameters:

s - a string serialized ACL

listener - an optional listener

Returns:

an ACL

deserialize

public static AccessControlList deserialize(org.json.JSONObject o,
                                            AclUpdateListener listener)

Deserialize a JSON object created by serialize() or asJson()

Parameters:

o - a JSON object serialized ACL

listener - an optional listener

Returns:

an ACL

getListener

public AclUpdateListener getListener()

Get the listener on this ACL if present

Returns:

a listener or null