Package org.bedework.webdav.servlet.access

Interface AccessHelperI

  • All Superinterfaces:
    org.bedework.access.PrivilegeDefs, Serializable
    All Known Implementing Classes:
    AccessHelper
    public interface AccessHelperI
extends org.bedework.access.PrivilegeDefs, Serializable
    An access helper interface. This interface makes some assumptions about the classes it deals with but there is no explicit hibernate, or other persistence engine, dependencies.

    It assumes that it has access to the parent object when needed, continuing on up to the root. For systems which do not allow for a retrieval of the parent on calls to the getCalendar method, the getParent method for this class will need to be overridden. This would presumably take place within the core implementation.

    Author:
    Mike Douglass douglm rpi.edu

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Interface Description
      static class  AccessHelperI.CallBack
      Methods called to obtain system information.

    • Field Summary

      • Fields inherited from interface org.bedework.access.PrivilegeDefs

        allowed, allowedInherited, denied, deniedInherited, inheritedFlag, oldAllowed, oldDenied, privAll, privAny, privBind, privEncoding, privMaxType, privNone, privRead, privReadAcl, privReadCurrentUserPrivilegeSet, privReadFreeBusy, privSchedule, privScheduleDeliver, privScheduleDeliverInvite, privScheduleDeliverReply, privScheduleFreeBusy, privScheduleQueryFreebusy, privScheduleReply, privScheduleRequest, privScheduleSend, privScheduleSendFreebusy, privScheduleSendInvite, privScheduleSendReply, privUnbind, privUnlock, privWrite, privWriteAcl, privWriteContent, privWriteProperties, unspecified

    • Method Detail

      • setSuperUser

        void setSuperUser​(boolean val)
        Indicate if we are in superuser mode.
        Parameters:
        val - true for superuser

      • getSuperUser

        boolean getSuperUser()
        Returns:
        boolean

      • setAuthPrincipal

        void setAuthPrincipal​(org.bedework.access.AccessPrincipal val)
        Set the current authenticated user.
        Parameters:
        val - principal

      • open

        void open()
        Called at request start

      • close

        void close()
        Called at request end

      • getDefaultPublicAccess

        String getDefaultPublicAccess()
        Get the default public access
        Returns:
        String value for default access

      • getDefaultPersonalAccess

        String getDefaultPersonalAccess()
        Returns:
        String default user access

      • changeAccess

        void changeAccess​(SharedEntity ent,
                  Collection<org.bedework.access.Ace> aces,
                  boolean replaceAll)
           throws WebdavException
        Change the access to the given calendar entity using the supplied aces. We are changing access so we remove all access for each who in the list and then add the new aces.
        Parameters:
        ent - DbEntity
        aces - Collection of ace objects
        replaceAll - true to replace the entire access list.
        Throws:
        WebdavException - on error

      • defaultAccess

        void defaultAccess​(SharedEntity ent,
                   org.bedework.access.AceWho who)
            throws WebdavException
        Remove any explicit access for the given who to the given calendar entity.
        Parameters:
        ent - DbEntity
        who - AceWho
        Throws:
        WebdavException - on error

      • checkAccess

        Collection<? extends SharedEntity> checkAccess​(Collection<? extends SharedEntity> ents,
                                               int desiredAccess,
                                               boolean alwaysReturn)
                                        throws WebdavException
        Return a Collection of the objects after checking access
        Parameters:
        ents - Collection of DbEntity
        desiredAccess - access we want
        alwaysReturn - boolean flag behaviour on no access
        Returns:
        Collection of checked objects
        Throws:
        WebdavException - for no access or other failure

      • checkAccess

        org.bedework.access.CurrentAccess checkAccess​(SharedEntity ent,
                                              int desiredAccess,
                                              boolean alwaysReturnResult)
                                       throws WebdavException
        Check access for the given entity. Returns the current access

        We special case the access to the user root e.g /user and the home directory, e.g. /user/douglm We deny access to /user to anybody without superuser access. This prevents user browsing. This could be made a system property if the organization wants user browsing. Default access to the home directory is read, write-content to the owner only and unlimited to superuser. Specific access should be no more than read, write-content to the home directory.

        Parameters:
        ent - shred entity
        desiredAccess - access
        alwaysReturnResult - true to return always
        Returns:
        CurrentAccess
        Throws:
        WebdavException - on error