wt.access
Interface AccessControlManagerSvr

All Known Implementing Classes:

StandardAccessControlManager

public interface AccessControlManagerSvr

AccessControlManagerSvr provides methods for access control services that can only be invoked from classes running on the server. These methods are executed on the server side.

Supported API: false

Extendable: false

Method Summary

void	addPermission(WTCollection objects, WTPrincipalReference principal_ref, AccessPermission permission, AdHocAccessKey owner_key) Adds an ad hoc access control rule for each of the objects in a collection, granting a principal the specified permission to the objects.
void	addPermission(WTCollection objects, WTPrincipalReference principal_ref, AccessPermission permission, AdHocAccessKey owner_key, long owner_id) Adds an ad hoc access control rule for each of the objects in a collection, granting a principal the specified permission to the objects.
void	addPermissions(WTCollection objects, WTPrincipalReference principal_ref, Collection permissions, AdHocAccessKey owner_key) Adds an ad hoc access control rule for each of the objects in a collection, granting a principal the specified permissions to the objects.
void	addPermissions(WTCollection objects, WTPrincipalReference principal_ref, Collection permissions, AdHocAccessKey owner_key, long owner_id) Adds an ad hoc access control rule for each of the objects in a collection, granting a principal the specified permissions to the objects.
AdHocControlled	copyPermissions(AdHocControlled source, AdHocControlled target) Copies permissions from a source object to a target object.
void	copyPermissions(AdHocControlled source, WTCollection targets, AdHocAccessKey owner_key) Copies permissions from a source object to a collection of target objects.
void	copyPermissions(AdHocControlled source, WTCollection targets, AdHocAccessKey owner_key, long owner_id) Copies permissions from a source object to a collection of target objects.
void	createAllRule(AdminDomainRef domain_ref, String type_id, WTPrincipalReference principal_ref) To be used only by wt.admin.Install Supported API: false
void	reassignPermissions(AdHocControlled obj, WTPrincipalReference old_principal_ref, WTPrincipalReference new_principal_ref, AdHocAccessKey owner_key) Reassigns permissions a principal has for an object to another principal, for all ad hoc access control rules with the specified owner.
void	reassignPermissions(AdHocControlled obj, WTPrincipalReference old_principal_ref, WTPrincipalReference new_principal_ref, AdHocAccessKey owner_key, long owner_id) Reassigns permissions a principal has for an object to another principal, for all ad hoc access control rules with the specified owner.
void	removePermission(WTCollection objects, WTPrincipalReference principal_ref, AccessPermission permission, AdHocAccessKey owner_key) Removes the specified permission from the set of permissions granted to a principal for each of the objects in a collection.
void	removePermission(WTCollection objects, WTPrincipalReference principal_ref, AccessPermission permission, AdHocAccessKey owner_key, long owner_id) Removes the specified permission from the set of permissions granted to a principal for each of the objects in a collection.
void	removePermissions(WTCollection objects, WTPrincipalReference principal_ref, Collection permissions, AdHocAccessKey owner_key) Removes the specified permissions from the set of permissions granted to a principal for an object.
void	removePermissions(WTCollection objects, WTPrincipalReference principal_ref, Collection permissions, AdHocAccessKey owner_key, long owner_id) Removes the specified permissions from the set of permissions granted to a principal for each of the objects in a collection.
void	setPermissions(AdHocControlled obj, AdHocAclSpec specification, WTRoleHolder2 role_holder, AdHocAccessKey owner_key) Creates ad hoc access control rules granting principals permissions to an object, based on an ad hoc access specification (AdHocAclSpec).
void	setPermissions(List objects, List specifications, List principal_maps, AdHocAccessKey owner_key) Creates ad hoc access control rules granting principals permissions to objects, based on an ad hoc access specification (AdHocAclSpec) and a role to principal mapping.

Method Detail

createAllRule

public void createAllRule(AdminDomainRef domain_ref,
                          String type_id,
                          WTPrincipalReference principal_ref)
                   throws WTException

To be used only by wt.admin.Install

Supported API: false

Parameters:

domain_ref -

type_id -

principal_ref -

Throws:

WTException

addPermission

public void addPermission(WTCollection objects,
                          WTPrincipalReference principal_ref,
                          AccessPermission permission,
                          AdHocAccessKey owner_key)
                   throws WTException

Adds an ad hoc access control rule for each of the objects in a collection, granting a principal the specified permission to the objects. If a rule with the specified owner already exists for the principal, the permission is added to the set of permissions already granted to the object. If the principal already has the specified permission to an object in the collection, this method returns without making any changes to the object.

Note: If the objects in the collection are persistent, this method must be called from within a transaction that includes an update to the objects.

Supported API: false

Parameters:

objects - objects the rules are for

principal_ref - principal the permission applies to

permission - permission to be granted

owner_key - key identifying the rule's owner

Throws:

WTException

addPermission

public void addPermission(WTCollection objects,
                          WTPrincipalReference principal_ref,
                          AccessPermission permission,
                          AdHocAccessKey owner_key,
                          long owner_id)
                   throws WTException

Adds an ad hoc access control rule for each of the objects in a collection, granting a principal the specified permission to the objects. If a rule with the specified owner already exists for the principal, the permission is added to the set of permissions already granted to the object. If the principal already has the specified permission to an object in the collection, this method returns without making any changes to the object.

Note: If the objects in the collection are persistent, this method must be called from within a transaction that includes an update to the objects.

Supported API: false

Parameters:

objects - objects the rules are for

principal_ref - principal the permission applies to

permission - permission to be granted

owner_key - key identifying the rule's owner

owner_id - identifier used by the rule's owner to qualify the key

Throws:

WTException

addPermissions

public void addPermissions(WTCollection objects,
                           WTPrincipalReference principal_ref,
                           Collection permissions,
                           AdHocAccessKey owner_key)
                    throws WTException

Adds an ad hoc access control rule for each of the objects in a collection, granting a principal the specified permissions to the objects. If a rule with the specified owner already exists for the principal, the permissions are added to the set of permissions already granted to the object. If the principal already has the specified permissions to an object in the collection, this method returns without making any changes to the object.

Note: If the objects in the collection are persistent, this method must be called from within a transaction that includes an update to the objects.

Supported API: false

Parameters:

objects - objects the rules are for

principal_ref - principal the permission applies to

permissions - permissions to be granted (Collection of AccessPermission)

owner_key - key identifying the rule's owner

Throws:

WTException

addPermissions

public void addPermissions(WTCollection objects,
                           WTPrincipalReference principal_ref,
                           Collection permissions,
                           AdHocAccessKey owner_key,
                           long owner_id)
                    throws WTException

Adds an ad hoc access control rule for each of the objects in a collection, granting a principal the specified permissions to the objects. If a rule with the specified owner already exists for the principal, the permissions are added to the set of permissions already granted to the object. If the principal already has the specified permissions to an object in the collection, this method returns without making any changes to the object.

Note: If the objects in the collection are persistent, this method must be called from within a transaction that includes an update to the objects.

Supported API: false

Parameters:

objects - objects the rules are for

principal_ref - principal the permission applies to

permissions - permissions to be granted (Collection of AccessPermission)

owner_key - key identifying the rule's owner

owner_id - identifier used by the rule's owner to qualify the key

Throws:

WTException

copyPermissions

public AdHocControlled copyPermissions(AdHocControlled source,
                                       AdHocControlled target)
                                throws WTException

Copies permissions from a source object to a target object. The source object must be persistent. All ad hoc access control rules granting principals permissions are copied (that is, rules with all owners). If rules already exist for the target object, the copied permissions replace any previously granted. If the source object has no ad hoc rules, this method returns without making any changes. This method bypasses access control checks.

Note: This method is to be used for duplicating permissions when creating a new object based on another object (for example, checking in a new iteration of a RevisionControlled object). It must be called from within a transaction that includes an update to the target object.

Supported API: false

Parameters:

source - source object

target - target object

Returns:

AdHocControlled

Throws:

WTException

copyPermissions

public void copyPermissions(AdHocControlled source,
                            WTCollection targets,
                            AdHocAccessKey owner_key)
                     throws WTException

Copies permissions from a source object to a collection of target objects. Only those enabled ad hoc access control rules with the specified owner are copied. If rules with the owner already exist for the target objects, the copied permissions replace any previously granted. If the source object has no ad hoc rules, this method returns without making any changes.

Note: The source object must be persistent. If the target objects are persistent, this method must be called from within a transaction that includes an update to the target objects.

Supported API: false

Parameters:

source - source object

targets - target objects

owner_key - key identifying the rule's owner

Throws:

WTException

copyPermissions

public void copyPermissions(AdHocControlled source,
                            WTCollection targets,
                            AdHocAccessKey owner_key,
                            long owner_id)
                     throws WTException

Copies permissions from a source object to a collection of target objects. Only those enabled ad hoc access control rules with the specified owner are copied. If rules with the owner already exist for the target objects, the copied permissions replace any previously granted. If the source object has no ad hoc rules, this method returns without making any changes.

Note: The source object must be persistent. If the target objects are persistent, this method must be called from within a transaction that includes an update to the target objects.

Supported API: false

Parameters:

source - source object

targets - target objects

owner_key - key identifying the rule's owner

owner_id - identifier used by the rule's owner to qualify the key

Throws:

WTException

reassignPermissions

public void reassignPermissions(AdHocControlled obj,
                                WTPrincipalReference old_principal_ref,
                                WTPrincipalReference new_principal_ref,
                                AdHocAccessKey owner_key)
                         throws WTException

Reassigns permissions a principal has for an object to another principal, for all ad hoc access control rules with the specified owner. This method bypasses access control checks.

Supported API: false

Parameters:

obj - object the rules are for

old_principal_ref - principal whose permissions are to be reassigned

new_principal_ref - principal to reassign permissions to

owner_key - key identifying the rules' owner

Throws:

WTException

reassignPermissions

public void reassignPermissions(AdHocControlled obj,
                                WTPrincipalReference old_principal_ref,
                                WTPrincipalReference new_principal_ref,
                                AdHocAccessKey owner_key,
                                long owner_id)
                         throws WTException

Reassigns permissions a principal has for an object to another principal, for all ad hoc access control rules with the specified owner. This method bypasses access control checks.

Supported API: false

Parameters:

obj - object the rules are for

old_principal_ref - principal whose permissions are to be reassigned

new_principal_ref - principal to reassign permissions to

owner_key - key identifying the rules' owner

owner_id - identifier used by the rule's owner to qualify the key

Throws:

WTException

removePermission

public void removePermission(WTCollection objects,
                             WTPrincipalReference principal_ref,
                             AccessPermission permission,
                             AdHocAccessKey owner_key)
                      throws WTException

Removes the specified permission from the set of permissions granted to a principal for each of the objects in a collection. If AccessPermission.ALL is specified, all permissions are removed. If no permissions remain, the ad hoc access control rule for the principal is removed. The permission is only removed from a rule with the specified owner. If there is no matching rule, this method returns without making any changes to the object.

Note: If the objects are persistent, this method must be called from within a transaction that includes an update to the objects.

Supported API: false

Parameters:

objects - objects the rules are for

principal_ref - principal the permission applies to

permission - permission to be removed

owner_key - key identifying the rule's owner

Throws:

WTException

removePermission

public void removePermission(WTCollection objects,
                             WTPrincipalReference principal_ref,
                             AccessPermission permission,
                             AdHocAccessKey owner_key,
                             long owner_id)
                      throws WTException

Removes the specified permission from the set of permissions granted to a principal for each of the objects in a collection. If AccessPermission.ALL is specified, all permissions are removed. If no permissions remain, the ad hoc access control rule for the principal is removed. The permission is only removed from a rule with the specified owner. If there is no matching rule, this method returns without making any changes to the object.

Note: If the objects are persistent, this method must be called from within a transaction that includes an update to the objects.

Supported API: false

Parameters:

objects - objects the rules are for

principal_ref - principal the permission applies to

permission - permission to be removed

owner_key - key identifying the rule's owner

owner_id - identifier used by the rule's owner to qualify the key

Throws:

WTException

removePermissions

public void removePermissions(WTCollection objects,
                              WTPrincipalReference principal_ref,
                              Collection permissions,
                              AdHocAccessKey owner_key)
                       throws WTException

Removes the specified permissions from the set of permissions granted to a principal for an object. If AccessPermission.ALL is specified, all permissions are removed. If no permissions remain, the ad hoc access control rule for the principal is removed. The permissions are only removed from a rule with the specified owner. If there is no matching rule, this method returns without making any changes.

Note: If the object is persistent, this method must be called from within a transaction that includes an update to the object.

Supported API: false

Parameters:

objects - objects the rules are for

principal_ref - principal the permission applies to

permissions - permissions to be removed (Collection of AccessPermission)

owner_key - key identifying the rule's owner

Throws:

WTException

removePermissions

public void removePermissions(WTCollection objects,
                              WTPrincipalReference principal_ref,
                              Collection permissions,
                              AdHocAccessKey owner_key,
                              long owner_id)
                       throws WTException

Removes the specified permissions from the set of permissions granted to a principal for each of the objects in a collection. If AccessPermission.ALL is specified, all permissions are removed. If no permissions remain, the ad hoc access control rule for the principal is removed. The permissions are only removed from a rule with the specified owner. If there is no matching rule, this method returns without making any changes to the object.

Note: If the objects are persistent, this method must be called from within a transaction that includes an update to the objects.

Supported API: false

Parameters:

objects - objects the rules are for

principal_ref - principal the permission applies to

permissions - permissions to be removed (Collection of AccessPermission)

owner_key - key identifying the rule's owner

owner_id - identifier used by the rule's owner to qualify the key

Throws:

WTException

setPermissions

public void setPermissions(AdHocControlled obj,
                           AdHocAclSpec specification,
                           WTRoleHolder2 role_holder,
                           AdHocAccessKey owner_key)
                    throws WTException

Creates ad hoc access control rules granting principals permissions to an object, based on an ad hoc access specification (AdHocAclSpec). If rules with the specified owner already exist, the new rules replace the existing rules. Changes to the entrySet attribute of the object are persisted. This method bypasses access control checks.

Supported API: false

Parameters:

obj - object the rules are for

specification - ad hoc access specification

role_holder - role to principal mapping

owner_key - key identifying the rules' owner

Throws:

WTException

setPermissions

public void setPermissions(List objects,
                           List specifications,
                           List principal_maps,
                           AdHocAccessKey owner_key)
                    throws WTException

Creates ad hoc access control rules granting principals permissions to objects, based on an ad hoc access specification (AdHocAclSpec) and a role to principal mapping. If rules with the specified owner already exist for the principals, the new rules replace the existing rules. Changes to the entrySet attribute of the objects are persisted. This method bypasses access control checks.

The objects parameter is a list where the elements are each a WTList of objects to be associated with the ad hoc access specification and role to principal mapping at the same index in the specifications and principal_map lists.

Supported API: false

Parameters:

objects - list of objects the rules are for

specifications - list of ad hoc access specifications

principal_maps - list of role to principal mappings

owner_key - key identifying the rules' owner

Throws:

WTException