Package org.bedework.webdav.servlet.access

Interface AccessHelperI

All Superinterfaces:
org.bedework.access.PrivilegeDefs, Serializable
All Known Implementing Classes:
AccessHelper
public interface AccessHelperI extends org.bedework.access.PrivilegeDefs, Serializable
An access helper interface. This interface makes some assumptions about the classes it deals with but there is no explicit hibernate, or other persistence engine, dependencies.

It assumes that it has access to the parent object when needed, continuing on up to the root. For systems which do not allow for a retrieval of the parent on calls to the getCalendar method, the getParent method for this class will need to be overridden. This would presumably take place within the core implementation.

Author:
Mike Douglass douglm rpi.edu

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Interface
    Description
    static class 
    AccessHelperI.CallBack
    Methods called to obtain system information.

  • Field Summary

    Fields inherited from interface org.bedework.access.PrivilegeDefs

    allowed, allowedInherited, denied, deniedInherited, inheritedFlag, oldAllowed, oldDenied, privAll, privAny, privBind, privEncoding, privMaxType, privNone, privRead, privReadAcl, privReadCurrentUserPrivilegeSet, privReadFreeBusy, privSchedule, privScheduleDeliver, privScheduleDeliverInvite, privScheduleDeliverReply, privScheduleFreeBusy, privScheduleQueryFreebusy, privScheduleReply, privScheduleRequest, privScheduleSend, privScheduleSendFreebusy, privScheduleSendInvite, privScheduleSendReply, privUnbind, privUnlock, privWrite, privWriteAcl, privWriteContent, privWriteProperties, unspecified

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    changeAccess(SharedEntity ent, Collection<org.bedework.access.Ace> aces, boolean replaceAll)
    Change the access to the given calendar entity using the supplied aces.
    Collection<? extends SharedEntity>
    checkAccess(Collection<? extends SharedEntity> ents, int desiredAccess, boolean alwaysReturn)
    Return a Collection of the objects after checking access
    org.bedework.access.CurrentAccess
    checkAccess(SharedEntity ent, int desiredAccess, boolean alwaysReturnResult)
    Check access for the given entity.
    void
    close()
    Called at request end
    void
    defaultAccess(SharedEntity ent, org.bedework.access.AceWho who)
    Remove any explicit access for the given who to the given calendar entity.
    String
    getDefaultPersonalAccess()
     
    String
    getDefaultPublicAccess()
    Get the default public access
    SharedEntity
    getParent(SharedEntity val)
    Called to get the parent object for a shared entity.
    boolean
    getSuperUser()
     
    void
    init(AccessHelperI.CallBack cb)
     
    void
    open()
    Called at request start
    void
    setAuthPrincipal(org.bedework.access.AccessPrincipal val)
    Set the current authenticated user.
    void
    setSuperUser(boolean val)
    Indicate if we are in superuser mode.

  • Method Details

    • init

      void init(AccessHelperI.CallBack cb)
      Parameters:
      cb - callback

    • setSuperUser

      void setSuperUser(boolean val)
      Indicate if we are in superuser mode.
      Parameters:
      val - true for superuser

    • getSuperUser

      boolean getSuperUser()
      Returns:
      boolean

    • setAuthPrincipal

      void setAuthPrincipal(org.bedework.access.AccessPrincipal val)
      Set the current authenticated user.
      Parameters:
      val - principal

    • open

      void open()
      Called at request start

    • close

      void close()
      Called at request end

    • getParent

      SharedEntity getParent(SharedEntity val)
      Called to get the parent object for a shared entity.
      Parameters:
      val - entity
      Returns:
      parent calendar or null.

    • getDefaultPublicAccess

      String getDefaultPublicAccess()
      Get the default public access
      Returns:
      String value for default access

    • getDefaultPersonalAccess

      String getDefaultPersonalAccess()
      Returns:
      String default user access

    • changeAccess

      void changeAccess(SharedEntity ent, Collection<org.bedework.access.Ace> aces, boolean replaceAll)
      Change the access to the given calendar entity using the supplied aces. We are changing access so we remove all access for each who in the list and then add the new aces.
      Parameters:
      ent - DbEntity
      aces - Collection of ace objects
      replaceAll - true to replace the entire access list.

    • defaultAccess

      void defaultAccess(SharedEntity ent, org.bedework.access.AceWho who)
      Remove any explicit access for the given who to the given calendar entity.
      Parameters:
      ent - DbEntity
      who - AceWho

    • checkAccess

      Collection<? extends SharedEntity> checkAccess(Collection<? extends SharedEntity> ents, int desiredAccess, boolean alwaysReturn)
      Return a Collection of the objects after checking access
      Parameters:
      ents - Collection of DbEntity
      desiredAccess - access we want
      alwaysReturn - boolean flag behaviour on no access
      Returns:
      Collection of checked objects

    • checkAccess

      org.bedework.access.CurrentAccess checkAccess(SharedEntity ent, int desiredAccess, boolean alwaysReturnResult)
      Check access for the given entity. Returns the current access

      We special case the access to the user root e.g /user and the home directory, e.g. /user/douglm We deny access to /user to anybody without superuser access. This prevents user browsing. This could be made a system property if the organization wants user browsing. Default access to the home directory is read, write-content to the owner only and unlimited to superuser. Specific access should be no more than read, write-content to the home directory.

      Parameters:
      ent - shred entity
      desiredAccess - access
      alwaysReturnResult - true to return always
      Returns:
      CurrentAccess