|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.filenet.wcm.toolkit.util.security.WcmSecurityAccessUtil
com.filenet.wcm.apps.server.util.WcmSecurityUtil
The WcmSecurityUtil class is a utility to interpret the object security.
The purpose of this class is to provide convenient methods for interpreting the complex security access rights. It is also to provide simple methods to add, modify and remove security. This class extends the WcmSecurityAccessUtil class.
WcmSecurityAccessUtil
Field Summary | |
static java.lang.String[] |
directSources
|
static java.lang.String |
MODIFIED
This constant indicates the grantee's security has been modified. |
static java.lang.String |
REMOVED
This constant indicates the grantee's security has been marked for removal. |
static java.lang.String |
UNCHANGED
This constant indicates the grantee's security has not been modified. |
Fields inherited from class com.filenet.wcm.toolkit.util.security.WcmSecurityAccessUtil |
accessLevels, ADD_TO_FOLDER, ADVANCE_DENY, ADVANCE_GRANT, ADVANCE_SETTINGS, allow, CUSTOMOBJECT_MODIFY_PROPERTIES, CUSTOMOBJECT_OWNER_CONTROL, DEFAULT_CUSTOMOBJECT_ALLOW_ACCESS, DEFAULT_DOCUMENT_ALLOW_ACCESS, DEFAULT_FOLDER_ALLOW_ACCESS, DEFAULT_LINK_ALLOW_ACCESS, DEFAULT_MODIFY_PROPERTIES, DEFAULT_OWNER_CONTROL, DEFAULT_SEARCH_ALLOW_ACCESS, DEFAULT_WORKFLOW_SECURITY_POLICY_ALLOW_ACCESS, DEFAULT_WORKFLOW_SUBSCRIPTION_ALLOW_ACCESS, deny, DENY, DOCUMENT_MODIFY_CONTENT, DOCUMENT_MODIFY_PROPERTIES, DOCUMENT_OWNER_CONTROL, FOLDER_MODIFY_PROPERTIES, FOLDER_OWNER_CONTROL, GRANT, INHERITED_ADVANCE_SETTINGS, INHERITED_DENY, INHERITED_GRANT, inheritedAllow, inheritedDeny, NAME_ADDTOFOLDER, NAME_MODIFYCONTENT, NAME_MODIFYPROPS, NAME_OWNERCTRL, NAME_PROMOTEVERSION, NAME_PUBLISH, NAME_VIEWCONTENT, NAME_VIEWPROPS, objType, PROMOTE_VERSION, PUBLISH, REVOKE, SEARCH_MODIFY_CONTENT, SEARCH_MODIFY_PROPERTIES, SEARCH_OWNER_CONTROL, SECURITY_POLICY_DENY, SECURITY_POLICY_GRANT, securityPolicyAllow, securityPolicyDeny, VIEW_CONTENT, VIEW_PROPERTIES |
Constructor Summary | |
WcmSecurityUtil(org.w3c.dom.Document objectXml,
java.util.Locale locale)
Creates a new WcmSecurityUtil object to process the object security. |
|
WcmSecurityUtil(org.w3c.dom.Document xmlDocument,
java.lang.String applyStateId,
java.util.Locale locale)
Creates a new WcmSecurityUtil object to process the security template permissions. |
Method Summary | |
boolean |
addNewGrantee(java.util.Locale locale,
java.lang.String granteeName,
java.lang.String granteeId,
java.lang.String displayName,
java.lang.String granteeType,
java.lang.String inheritDepth)
Adds a new grantee to the permission XML if not found in the permission XML yet. |
static boolean |
canEditMarking(org.w3c.dom.NodeList markingValues,
org.w3c.dom.NodeList markingAccessmasks,
org.w3c.dom.NodeList propertyValues)
Check if the user has rights to remove the existing marking or add another one |
static boolean |
canEditMarking(org.w3c.dom.NodeList markingValues,
org.w3c.dom.NodeList markingAccessmasks,
java.lang.String propertyValue)
Check if the user has rights to remove the existing marking or add another one |
protected int |
computeExplicitAccessRight(java.util.Locale locale,
int accessLevel)
Overrides the base class method to computes the object permission and returns a simplified access right for the specified access level. |
protected int |
computeInheritedAccessRight(java.util.Locale locale,
int accessLevel)
Overrides to computes the object inherited permissions and returns a simplified access right for the specified access level. |
org.w3c.dom.NodeList |
getAccessLevels(java.util.Locale locale)
Returns the security access level values in a NodeList with text nodes. |
org.w3c.dom.NodeList |
getAccessLevels(java.util.Locale locale,
int objectType)
Returns the security access level values in a NodeList with text nodes. |
java.lang.String |
getApplyStateId()
Returns the apply state id if it was set. |
static java.lang.String |
getDefaultRealmId(org.w3c.dom.Document realmXML)
Returns the default realm id in the realm xml |
protected int |
getDeltaMask(java.util.Locale locale,
int accessLevel,
int objectType)
Overrides the base class method to support the new Create Subfolder access levels by computing the appropriate delta masks for the folder modify properties and create subfolder access levels. |
protected int |
getDenyMask(java.util.Locale locale,
int accessLevel)
Overrides to calculates the access mask for denying an access level. |
java.util.List |
getDirectPermissionNodeList()
Returns all direct permissions that are not marked for deletion from the permission xml. |
org.w3c.dom.Document |
getDocument()
|
int |
getObjectType()
Returns the object type of the selected object. |
org.w3c.dom.NodeList |
getPermissionItems()
Returns the permission nodelist that is used to render the summary view of the security ui page. |
org.w3c.dom.Node |
getPermissionsNode()
Returns the permissions node of the permission xml |
static java.util.Map |
getRealmMap(org.w3c.dom.Document realmXML)
Returns a map of available realm. |
org.w3c.dom.Document |
getSecurity(java.util.Locale locale,
java.lang.String granteeName,
java.lang.String granteeId,
java.lang.String displayName,
java.lang.String granteeType,
java.lang.String inheritDepth,
java.lang.String permissionSource)
Returns the security for the selected grantee as a DOM Document. |
static java.lang.String[] |
getSecurityProxyData(org.w3c.dom.Document propDescsXML,
org.w3c.dom.Document propertiesXML)
Returns the security proxy object data if a security proxy has been set. |
static boolean |
isAccessLevelGranted(java.util.Locale locale,
org.w3c.dom.NodeList allow,
org.w3c.dom.NodeList deny,
int accessLevel,
int objectType)
Returns true if the access level is granted. |
boolean |
isExplicitDenySetByCurrentUser()
Returns true if the current selected grantee has been explicitly denied by the current authenticated user. |
static boolean |
isMarkingsSet(org.w3c.dom.Document propDescsXML,
org.w3c.dom.Document propertiesXML)
Returns true if property markings are set. |
boolean |
isModified()
Returns true if the Secuirty Settings have been changed. |
boolean |
isRemoved(java.lang.String sid,
java.lang.String inheritDepth)
Returns true if the selected grantee is marked by the user for deletion. |
static java.lang.String |
mapAccessLevelToName(java.util.Locale locale,
int accessLevel)
Overrides the base class method and provides and different name for View Properties and Modify Properties access level. |
static java.lang.String |
mapAccessLevelToName(java.util.Locale locale,
int accessLevel,
boolean shortName)
Gets the localized access name of the given access level mask. |
void |
mergeInheritedPermissions(org.w3c.dom.Document parentPermissionXML)
Merges the parent inheritance permissions into the the object permissions. |
boolean |
mergeSecurityPolicyPermissions(org.w3c.dom.NodeList templatePermissions)
Merges the template permissions into the object permission. |
void |
removeInheritedPermissions()
Removes all inherited permissions from the object permissions. |
void |
removeSecurity()
Removes the current selected grantee from the current object security setting. |
void |
removeSecurity(java.lang.String granteeId,
java.lang.String inheritDepth)
Marks the specified grantee for removal by setting its state to REMOVED. |
void |
removeSecurityPolicyPermissions()
Removes all security policy permissions from the permission XML. |
void |
resetSecurity()
Resets the selected grantee to blank and its access rights to zeros. |
void |
restoreSecurity(java.lang.String granteeId,
java.lang.String inheritDepth)
Restores the specified grantee from a removed state (REMOVED) to a modified state (MODIFIED). |
protected void |
setAccessLevels(java.util.Locale locale,
int objType)
Overrides the base method to set the folder access levels accordingly. |
void |
setCreatorOwnerName(java.lang.String distinguishedName,
java.lang.String shortName,
java.lang.String displayName,
java.lang.String sid)
Converts the the CREATOR OWNER grantee name to the name of the specified user. |
void |
updateSecurity()
Updates the current selected grantee's Security Access Levels. |
Methods inherited from class com.filenet.wcm.toolkit.util.security.WcmSecurityAccessUtil |
canAddAMarking, canAddMarking, canRemoveMarking, computeAccessRight, computeAccessRight, computeAccessRight, computeAccessRight, computeExplicitAccessRight, computeExplicitAccessRight, computeExplicitAccessRight, computeExplicitAccessRight, computeExplicitAccessRight, computeInheritedAccessRight, computeInheritedAccessRight, computeInheritedAccessRight, computeInheritedAccessRight, computeInheritedAccessRight, denyAccess, denyAccess, getDefaultAllowMask, getDefaultAllowMask, getDefaultDenyMask, getDefaultDenyMask, getDeltaMask, getDenyMask, getSecurityRight, getSystemNotes, getSystemNotes, grantAccess, isGranted, isGranted, isGranted, isGranted, mapAccessLevelToName, revokeAccess, revokeAccess, setAccessLevels |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final java.lang.String UNCHANGED
public static final java.lang.String MODIFIED
public static final java.lang.String REMOVED
public static java.lang.String[] directSources
Constructor Detail |
public WcmSecurityUtil(org.w3c.dom.Document objectXml, java.util.Locale locale) throws java.lang.Exception
objectXml
- The XML DOM object that contains the object's security settings
java.lang.Exception
- All errors.public WcmSecurityUtil(org.w3c.dom.Document xmlDocument, java.lang.String applyStateId, java.util.Locale locale) throws java.lang.Exception
xmlDocument
- The XML DOM object that contains the object permisions.applyStateId
- The id of the selected templatelocale
- The client locale
java.lang.Exception
- All errors.Method Detail |
public org.w3c.dom.Node getPermissionsNode() throws java.lang.Exception
java.lang.Exception
- All errors.public org.w3c.dom.Document getSecurity(java.util.Locale locale, java.lang.String granteeName, java.lang.String granteeId, java.lang.String displayName, java.lang.String granteeType, java.lang.String inheritDepth, java.lang.String permissionSource) throws java.lang.Exception
This method calculates the access rights for the selected grantee returned in the
the Object Permission XML. The method interprets the grantees access
rights and creates a new result XML that provides a simplified value corresponding
to the more complicated Security Access masks. The result XML is returned
as an XML document, i.e.:
name: The Security Access name. access: The Security Access Mask. value: The interpreted value of the Security Access. 0=Implicit Deny 1=Allow 2=Security Policy Allow 3=Inherited Allow 4=Deny 5=Security Policy Deny 6=Inherited Deny 7=Advanced System Defined Settings
granteeName
- The selected grantee name.granteeId
- The selected grantee id.displayName
- The selected grantee display name.granteeType
- The selected grantee type (2000 = User, 2001 = Group).
java.lang.Exception
- All Errors.public static boolean isAccessLevelGranted(java.util.Locale locale, org.w3c.dom.NodeList allow, org.w3c.dom.NodeList deny, int accessLevel, int objectType) throws java.lang.Exception
This method uses the specified allow and deny bit fields to calculate the result.
allow
- The allow access nodelist.deny
- The deny access nodelist.accessLevel
- The access level bit field.objectType
- The object type of the selected object.
java.lang.Exception
- All Errors.public static boolean canEditMarking(org.w3c.dom.NodeList markingValues, org.w3c.dom.NodeList markingAccessmasks, org.w3c.dom.NodeList propertyValues)
markingValues
- The available marking valuesmarkingAccessmasks
- The accessmasks that correspond to the available marking valuespropertyValues
- The property values
public static boolean canEditMarking(org.w3c.dom.NodeList markingValues, org.w3c.dom.NodeList markingAccessmasks, java.lang.String propertyValue)
markingValues
- The available marking valuesmarkingAccessmasks
- The accessmasks that correspond to the available marking valuespropertyValue
- The property value
public void updateSecurity() throws java.lang.Exception
java.lang.Exception
- All Errors.public void removeSecurity() throws java.lang.Exception
java.lang.Exception
- All Errors.public void removeSecurity(java.lang.String granteeId, java.lang.String inheritDepth) throws java.lang.Exception
granteeId
- The grantee id (sid).
java.lang.Exception
- All Errors.public void restoreSecurity(java.lang.String granteeId, java.lang.String inheritDepth) throws java.lang.Exception
granteeId
- The grantee id (sid).
java.lang.Exception
- All Errors.public boolean isExplicitDenySetByCurrentUser() throws java.lang.Exception
java.lang.Exception
- All Errors.public boolean isModified()
public boolean isRemoved(java.lang.String sid, java.lang.String inheritDepth) throws java.lang.Exception
sid
- The grantee sid.
java.lang.Exception
- All Errors.public void resetSecurity()
public org.w3c.dom.NodeList getAccessLevels(java.util.Locale locale) throws java.lang.Exception
java.lang.Exception
- All Errors.public org.w3c.dom.NodeList getAccessLevels(java.util.Locale locale, int objectType) throws java.lang.Exception
objectType
- The object type.
java.lang.Exception
- All Errors.protected void setAccessLevels(java.util.Locale locale, int objType) throws java.lang.Exception
objType
- The object type.
java.lang.Exception
- All Errors.BaseObject.TYPE_DOCUMENT
,
BaseObject.TYPE_FOLDER
,
BaseObject.TYPE_STORED_SEARCH
,
BaseObject.TYPE_PUBLISH_TEMPLATE
,
BaseObject.TYPE_CUSTOMOBJECT
,
BaseObject.TYPE_WORKFLOW_CLASS_SUBSCRIPTION
,
BaseObject.TYPE_WORKFLOW_INSTANCE_SUBSCRIPTION
,
BaseObject.TYPE_SECURITY_POLICY
,
BaseObject.TYPE_SECURITY_TEMPLATE
,
BaseObject.TYPE_LINK
protected int computeExplicitAccessRight(java.util.Locale locale, int accessLevel) throws java.lang.Exception
This method uses the allow, and deny bit fields for computing the simplified access right.
The simplified values of the Security Access are: 0=Implicit Deny 1=Allow 2=Deny 9=Advanced System Defined Settings
accessLevel
- The access level bit field.
java.lang.Exception
- All Errors.protected int computeInheritedAccessRight(java.util.Locale locale, int accessLevel) throws java.lang.Exception
This method uses the security policy allow, security policy deny, inherited allow, and inherited deny bit fields for computing the simplified access right.
The simplified inherited values of the Security Access are: 0=Implicit Deny 3=Allow due to security policy 4=Deny due to security policy 5=Inherited Allow 6=Inherited Deny 7=Allow due Advanced System Defined Settings 8=Deny due Advanced System Defined Settings 10=Advanced System Defined Settings
accessLevel
- The access level bit field.
java.lang.Exception
- All Errors.protected int getDeltaMask(java.util.Locale locale, int accessLevel, int objectType) throws java.lang.Exception
java.lang.Exception
protected int getDenyMask(java.util.Locale locale, int accessLevel) throws java.lang.Exception
accessLevel
- The access level bit field.
java.lang.Exception
- All Exceptions.public int getObjectType()
public java.lang.String getApplyStateId()
public static java.lang.String getDefaultRealmId(org.w3c.dom.Document realmXML) throws java.lang.Exception
realmXML
- A realm xml where to search for the default realm id.
java.lang.Exception
- All Errors.public static java.util.Map getRealmMap(org.w3c.dom.Document realmXML) throws java.lang.Exception
realmXML
- A realm xml where to search for the default realm id.
java.lang.Exception
public void mergeInheritedPermissions(org.w3c.dom.Document parentPermissionXML) throws java.lang.Exception
parentPermissionXML
- Parent folder permission XML.
java.lang.Exception
- All Errors.public void removeInheritedPermissions() throws java.lang.Exception
java.lang.Exception
- All Errors.public boolean mergeSecurityPolicyPermissions(org.w3c.dom.NodeList templatePermissions) throws java.lang.Exception
templatePermissions
- A security template permission nodelist.
java.lang.Exception
- All Errors.public void removeSecurityPolicyPermissions() throws java.lang.Exception
java.lang.Exception
- All Errors.public void setCreatorOwnerName(java.lang.String distinguishedName, java.lang.String shortName, java.lang.String displayName, java.lang.String sid) throws java.lang.Exception
distinguishedName
- String The unique grantee name.shortName
- String The unique grantee short name.displayName
- String The grantee display name.sid
- String The unique grantee sid.
java.lang.Exception
- All Errors.public java.util.List getDirectPermissionNodeList() throws java.lang.Exception
java.lang.Exception
- All Errors.public static java.lang.String mapAccessLevelToName(java.util.Locale locale, int accessLevel) throws java.lang.Exception
accessLevel
- The access level bit field.
java.lang.Exception
- All Errors.
public org.w3c.dom.NodeList getPermissionItems() throws java.lang.Exception
java.lang.Exception
- All Errors.public static java.lang.String mapAccessLevelToName(java.util.Locale locale, int accessLevel, boolean shortName) throws java.lang.Exception
accessLevel
- The access level bit field.
java.lang.Exception
- All Errors.public static boolean isMarkingsSet(org.w3c.dom.Document propDescsXML, org.w3c.dom.Document propertiesXML) throws java.lang.Exception
propDescsXML
- Document Property Description xml.propertiesXML
- Document Object property xml
java.lang.Exception
- All Errors.public static java.lang.String[] getSecurityProxyData(org.w3c.dom.Document propDescsXML, org.w3c.dom.Document propertiesXML) throws java.lang.Exception
item[0] = objectStoreId item[1] = objectId item[2] = objectType
propDescsXML
- Document Property Description xml.propertiesXML
- Document Object property xml
java.lang.Exception
- All Errors.public boolean addNewGrantee(java.util.Locale locale, java.lang.String granteeName, java.lang.String granteeId, java.lang.String displayName, java.lang.String granteeType, java.lang.String inheritDepth) throws java.lang.Exception
granteeName
- The selected grantee name.granteeId
- The selected grantee id.displayName
- The selected grantee display name.granteeType
- The selected grantee type (2000 = User, 2001 = Group).
java.lang.Exception
public org.w3c.dom.Document getDocument()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |