Package org.bedework.webdav.servlet.access

Class AccessHelper

  • All Implemented Interfaces:
    Serializable, org.bedework.access.PrivilegeDefs, org.bedework.util.logging.Logged, AccessHelperI
    public class AccessHelper
extends Object
implements org.bedework.util.logging.Logged, AccessHelperI
    An access helper class. This class makes some assumptions about the classes it deals with but there are no explicit hibernate, or other persistence engine, dependencies.

    It assumes access to the parent object when needed, continuing on up to the root. For systems which do not allow for a retrieval of the parent on calls to the getCalendar method, the getParent method for this class will need to be overridden. This would presumably take place within the core implementation.

    Author:
    Mike Douglass
    See Also:
    Serialized Form

    • Field Summary

      • Fields inherited from interface org.bedework.access.PrivilegeDefs

        allowed, allowedInherited, denied, deniedInherited, inheritedFlag, oldAllowed, oldDenied, privAll, privAny, privBind, privEncoding, privMaxType, privNone, privRead, privReadAcl, privReadCurrentUserPrivilegeSet, privReadFreeBusy, privSchedule, privScheduleDeliver, privScheduleDeliverInvite, privScheduleDeliverReply, privScheduleFreeBusy, privScheduleQueryFreebusy, privScheduleReply, privScheduleRequest, privScheduleSend, privScheduleSendFreebusy, privScheduleSendInvite, privScheduleSendReply, privUnbind, privUnlock, privWrite, privWriteAcl, privWriteContent, privWriteProperties, unspecified

    • Constructor Summary

      Constructors 
      Constructor Description
      AccessHelper()  

    • Constructor Detail

      • AccessHelper

        public AccessHelper()

    • Method Detail

      • setSuperUser

        public void setSuperUser​(boolean val)
        Description copied from interface: AccessHelperI
        Indicate if we are in superuser mode.
        Specified by:
        setSuperUser in interface AccessHelperI
        Parameters:
        val - true for superuser

      • setMaximumAllowedPrivs

        public void setMaximumAllowedPrivs​(org.bedework.access.PrivilegeSet val)
        Parameters:
        val - priv set

      • setAuthPrincipal

        public void setAuthPrincipal​(org.bedework.access.AccessPrincipal val)
        Description copied from interface: AccessHelperI
        Set the current authenticated user.
        Specified by:
        setAuthPrincipal in interface AccessHelperI
        Parameters:
        val - principal

      • changeAccess

        public void changeAccess​(SharedEntity ent,
                         Collection<org.bedework.access.Ace> aces,
                         boolean replaceAll)
                  throws WebdavException
        Description copied from interface: AccessHelperI
        Change the access to the given calendar entity using the supplied aces. We are changing access so we remove all access for each who in the list and then add the new aces.
        Specified by:
        changeAccess in interface AccessHelperI
        Parameters:
        ent - DbEntity
        aces - Collection of ace objects
        replaceAll - true to replace the entire access list.
        Throws:
        WebdavException - on error

      • checkAccess

        public Collection<? extends SharedEntity> checkAccess​(Collection<? extends SharedEntity> ents,
                                                      int desiredAccess,
                                                      boolean alwaysReturn)
                                               throws WebdavException
        Description copied from interface: AccessHelperI
        Return a Collection of the objects after checking access
        Specified by:
        checkAccess in interface AccessHelperI
        Parameters:
        ents - Collection of DbEntity
        desiredAccess - access we want
        alwaysReturn - boolean flag behaviour on no access
        Returns:
        Collection of checked objects
        Throws:
        WebdavException - for no access or other failure

      • checkAccess

        public org.bedework.access.CurrentAccess checkAccess​(SharedEntity ent,
                                                     int desiredAccess,
                                                     boolean alwaysReturnResult)
                                              throws WebdavException
        Description copied from interface: AccessHelperI
        Check access for the given entity. Returns the current access

        We special case the access to the user root e.g /user and the home directory, e.g. /user/douglm We deny access to /user to anybody without superuser access. This prevents user browsing. This could be made a system property if the organization wants user browsing. Default access to the home directory is read, write-content to the owner only and unlimited to superuser. Specific access should be no more than read, write-content to the home directory.

        Specified by:
        checkAccess in interface AccessHelperI
        Parameters:
        ent - shred entity
        desiredAccess - access
        alwaysReturnResult - true to return always
        Returns:
        CurrentAccess
        Throws:
        WebdavException - on error

      • getLogger

        public org.bedework.util.logging.BwLogger getLogger()
        Specified by:
        getLogger in interface org.bedework.util.logging.Logged