Package io.continual.iam.access

Class AccessControlList

java.lang.Object
io.continual.iam.access.AccessControlList
public class AccessControlList extends Object
An access control list, which has an owner and an ordered list of ACL entries.

  • Field Details

  • Constructor Details

    • AccessControlList

      public AccessControlList()
      Construct an empty ACL

    • AccessControlList

      public AccessControlList(AccessControlList that)
      Construct an empty ACL

    • AccessControlList

      public AccessControlList(AclUpdateListener listener)
      Construct an ACL with the given update listener
      Parameters:
      listener - a listener, which may be null

  • Method Details

    • builder

      public static AccessControlList.Builder builder()
      Create a builder for an ACL
      Returns:
      a new builder

    • createOpenAcl

      public static AccessControlList createOpenAcl()
      Return an ACL that allows any user to perform any operation
      Returns:
      an ACL

    • getOwner

      public String getOwner()
      Get the owner ID for this ACL
      Returns:
      the owner, which may be null

    • setOwner

      public AccessControlList setOwner(String userOrGroupId)
      Set the owner ID for this ACL. The listener is updated if provided.
      Parameters:
      userOrGroupId - The ID to use as owner. This may be null.
      Returns:
      this ACL

    • permit

      public AccessControlList permit(String userOrGroupId, String... ops)
      Permit the given ID to perform the given operations by adding a new entry to the end of the ACL entry list. Note that a conflicting entry earlier in the list will take precedence.
      Parameters:
      userOrGroupId - the user or group ID
      ops - one or more operations
      Returns:
      this ACL

    • deny

      public AccessControlList deny(String userOrGroupId, String... ops)
      Deny the given ID from performing the given operations by adding a new entry to the end of the ACL entry list. Note that a conflicting entry earlier in the list will take precedence.
      Parameters:
      userOrGroupId - the user or group ID
      ops - one or more operations
      Returns:
      this ACL

    • clear

      public AccessControlList clear(String userOrGroupId, String... ops)
      Clear matching entries. This method removes a matching entry and is different from deny(), which adds an entry that explicitly denies access.
      Parameters:
      userOrGroupId - the user or group to clear entries for
      ops - the operations to clear entries for
      Returns:
      this ACL

    • clear

      public AccessControlList clear()
      Clear all entries from this ACL and notify the listener if present
      Returns:
      this ACL

    • getEntries

      public List<AccessControlEntry> getEntries()
      Get the list of ACL entries on this ACL
      Returns:
      a list of 0 or more entries

    • canUser

      public boolean canUser(Identity user, String op) throws IamSvcException
      Can the given user perform the given operation based on this ACL?
      Parameters:
      user - a user
      op - an operation
      Returns:
      true if the user can perform the given operation
      Throws:
      IamSvcException - if there's an error during processing

    • canUser

      public boolean canUser(String userId, Set<String> groups, String op)
      Can the given user ID or group set perform the given operation based on this ACL?
      Parameters:
      userId - a user ID
      groups - a set of 0 or more groups
      op - an operation
      Returns:
      true if the user or group set can perform the given operation

    • addAclEntry

      public AccessControlList addAclEntry(AccessControlEntry acle)
      Add the given ACL entry to this ACL's list of entries.
      Parameters:
      acle - an ACL entry
      Returns:
      this ACL

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • asJson

      public org.json.JSONObject asJson()
      Serialize to JSON
      Returns:
      a JSON object

    • serialize

      public String serialize()
      Serialize to a JSON String
      Returns:
      a string

    • initialize

      public static AccessControlList initialize(AclUpdateListener listener)

    • deserialize

      public static AccessControlList deserialize(String s, AclUpdateListener listener)
      Deserialize a string created by serialize()
      Parameters:
      s - a string serialized ACL
      listener - an optional listener
      Returns:
      an ACL

    • deserialize

      public static AccessControlList deserialize(org.json.JSONObject o, AclUpdateListener listener)
      Deserialize a JSON object created by serialize() or asJson()
      Parameters:
      o - a JSON object serialized ACL
      listener - an optional listener
      Returns:
      an ACL

    • getListener

      public AclUpdateListener getListener()
      Get the listener on this ACL if present
      Returns:
      a listener or null