com.filenet.wcm.toolkit.util.security
Class WcmSecurityAccessUtil

java.lang.Object
  extended bycom.filenet.wcm.toolkit.util.security.WcmSecurityAccessUtil

public class WcmSecurityAccessUtil
extends java.lang.Object

The WcmSecurityAccessUtil class is a utility to compute the object security for the client application.


Field Summary
protected  int[] accessLevels
          Hold the security access levels.
protected static int ADD_TO_FOLDER
          This constant defines the Add To Folder Access Level mask.
static int ADVANCE_DENY
          This constant indicates a deny state set by some inherited Advanced System Defined Settings.
static int ADVANCE_GRANT
          This constant indicates a grant state set by some inherited Advanced System Defined Settings.
static int ADVANCE_SETTINGS
          This constant indicates an Advanced System Defined Settings state.
protected  int allow
          Bit field indicating access allow rights.
protected static int CUSTOMOBJECT_MODIFY_PROPERTIES
          This constant defines the Custom Object Modify Properties Access Level mask.
protected static int CUSTOMOBJECT_OWNER_CONTROL
          This constant defines the Custom Object Owner Control Access Level mask.
protected static int DEFAULT_CUSTOMOBJECT_ALLOW_ACCESS
          This constant defines the custom object object default access right of a new grantee.
protected static int DEFAULT_DOCUMENT_ALLOW_ACCESS
          This constant defines the document object default access right of a new grantee.
protected static int DEFAULT_FOLDER_ALLOW_ACCESS
          This constant defines the folder object default access right of a new grantee.
protected static int DEFAULT_LINK_ALLOW_ACCESS
          This constant defines the link object default access right of a new grantee.
protected static int DEFAULT_MODIFY_PROPERTIES
          This constant defines the default Modify Properties Access Level mask.
protected static int DEFAULT_OWNER_CONTROL
          This constant defines the default Owner Control Access Level mask.
protected static int DEFAULT_SEARCH_ALLOW_ACCESS
          This constant defines the search/publish template object default access right of a new grantee.
protected static int DEFAULT_WORKFLOW_SECURITY_POLICY_ALLOW_ACCESS
          This constant defines the security policy object default access right of a new grantee.
protected static int DEFAULT_WORKFLOW_SUBSCRIPTION_ALLOW_ACCESS
          This constant defines the workflow subscription object default access right of a new grantee.
protected  int deny
          Bit field indicating access deny rights.
static int DENY
          This constant indicates a deny state.
protected static int DOCUMENT_MODIFY_CONTENT
          This constant defines the Document Modify Content Access Level mask.
protected static int DOCUMENT_MODIFY_PROPERTIES
          This constant defines the Document Modify Properties Access Level mask.
protected static int DOCUMENT_OWNER_CONTROL
          This constant defines the Document Owner Control Access Level mask.
protected static int FOLDER_MODIFY_PROPERTIES
          This constant defines the Folder Modify Properties Access Level mask.
protected static int FOLDER_OWNER_CONTROL
          This constant defines the Folder Owner Control Access Level mask.
static int GRANT
          This constant indicates a grant state.
static int INHERITED_ADVANCE_SETTINGS
          This constant indicates an inherited Advanced System Defined Settings state.
static int INHERITED_DENY
          This constant indicates a deny state set by the inherited parent permissions.
static int INHERITED_GRANT
          This constant indicates a grant state set by the inherited parent permissions.
protected  int inheritedAllow
          Bit field indicating inherited access allow rights.
protected  int inheritedDeny
          Bit field indicating inherited access deny rights.
static WcmString NAME_ADDTOFOLDER
          This constant specifies the Add To Folder access name.
static WcmString NAME_MODIFYCONTENT
          This constant specifies the Modify Content access name.
static WcmString NAME_MODIFYPROPS
          This constant specifies the Modify Properties access name.
static WcmString NAME_OWNERCTRL
          This constant specifies the Owner Control access name.
static WcmString NAME_PROMOTEVERSION
          This constant specifies the Promote Version access name.
static WcmString NAME_PUBLISH
          This constant specifies the Publish access name.
static WcmString NAME_VIEWCONTENT
          This constant specifies the View Content access name.
static WcmString NAME_VIEWPROPS
          This constant specifies the View Properties access name.
protected  int objType
          Type of object.
protected static int PROMOTE_VERSION
          This constant defines the Document Publish Access Level mask.
protected static int PUBLISH
          This constant defines the Document Publish Access Level mask.
static int REVOKE
          This constant indicates a revoke state.
protected static int SEARCH_MODIFY_CONTENT
          This constant defines the Search/Publish Template Modify Content Access Level mask.
protected static int SEARCH_MODIFY_PROPERTIES
          This constant defines the Search/Publish Template Modify Properties Access Level mask.
protected static int SEARCH_OWNER_CONTROL
          This constant defines the Search/Publish Template Owner Control Access Level mask.
static int SECURITY_POLICY_DENY
          This constant indicates a deny state set by security policy.
static int SECURITY_POLICY_GRANT
          This constant indicates a grant state set by security policy.
protected  int securityPolicyAllow
          Bit field indicating security policy access allow rights.
protected  int securityPolicyDeny
          Bit field indicating security policy access deny rights.
protected static int VIEW_CONTENT
          This constant defines the View Content Access Level mask.
protected static int VIEW_PROPERTIES
          This constant defines the View Properties Access Level mask.
 
Constructor Summary
WcmSecurityAccessUtil()
           
 
Method Summary
static boolean canAddAMarking(org.w3c.dom.NodeList markingsList)
          Can someone add one of these markings with the given user access?
static boolean canAddMarking(int userAccess)
          Can someone add the marking with the given user access?
static boolean canRemoveMarking(int userAccess)
          Can someone remove the marking with the given user access?
protected  WcmSecurityAccess computeAccessRight(int accessLevel)
          Computes and returns a WcmSecurityAccess object that contains the simplified access rights for the specified access level.
static WcmSecurityAccess computeAccessRight(int allowBits, int denyBits, int securityPolicyAllowBits, int securityPolicyDenyBits, int inheritedAllowBits, int inheritedDenyBits, int accessLevel, int objectType)
          Computes and returns a WcmSecurityAccess object that contains the simplified access rights for the specified access level.
protected  WcmSecurityAccess computeAccessRight(java.util.Locale locale, int accessLevel)
          Computes and returns a WcmSecurityAccess object that contains the simplified access rights for the specified access level.
static WcmSecurityAccess computeAccessRight(java.util.Locale locale, int allowBits, int denyBits, int securityPolicyAllowBits, int securityPolicyDenyBits, int inheritedAllowBits, int inheritedDenyBits, int accessLevel, int objectType)
          Computes and returns a WcmSecurityAccess object that contains the simplified access rights for the specified access level.
protected  int computeExplicitAccessRight(int accessLevel)
          Computes the object permission and returns a simplified access right for the specified access level.
 int computeExplicitAccessRight(int accessLevel, int objectType)
          Computes and returns a simplified access right set by the allow bits and deny bits for a given access level.
static int computeExplicitAccessRight(int allowBits, int denyBits, int accessLevel, int objectType)
          Computes and returns a simplified access right set by the allow bits and deny bits for a given access level.
protected  int computeExplicitAccessRight(java.util.Locale locale, int accessLevel)
          Computes the object permission and returns a simplified access right for the specified access level.
 int computeExplicitAccessRight(java.util.Locale locale, int accessLevel, int objectType)
          Computes and returns a simplified access right set by the allow bits and deny bits for a given access level.
static int computeExplicitAccessRight(java.util.Locale locale, int allowBits, int denyBits, int accessLevel, int objectType)
          Computes and returns a simplified access right set by the allow bits and deny bits for a given access level.
protected  int computeInheritedAccessRight(int accessLevel)
          Computes the object inherited permissions and returns a simplified access right for the specified access level.
 int computeInheritedAccessRight(int accessLevel, int objectType)
          Computes and returns a simplified access right set by the security policy allow bits, security policy deny bits, inherited deny bits and inherited allow bits for a given access level.
static int computeInheritedAccessRight(int securityPolicyAllowBits, int securityPolicyDenyBits, int inheritedAllowBits, int inheritedDenyBits, int accessLevel, int objectType)
          Computes and returns a simplified access right set by the security policy allow bits, security policy deny bits, inherited deny bits and inherited allow bits for a given access level.
protected  int computeInheritedAccessRight(java.util.Locale locale, int accessLevel)
          Computes the object inherited permissions and returns a simplified access right for the specified access level.
 int computeInheritedAccessRight(java.util.Locale locale, int accessLevel, int objectType)
          Computes and returns a simplified access right set by the security policy allow bits, security policy deny bits, inherited deny bits and inherited allow bits for a given access level.
static int computeInheritedAccessRight(java.util.Locale locale, int securityPolicyAllowBits, int securityPolicyDenyBits, int inheritedAllowBits, int inheritedDenyBits, int accessLevel, int objectType)
          Computes and returns a simplified access right set by the security policy allow bits, security policy deny bits, inherited deny bits and inherited allow bits for a given access level.
 void denyAccess(int accessLevel)
          Explicitly deny the selected grantee the specified access level by setting the deny bit field.
 void denyAccess(java.util.Locale locale, int accessLevel)
          Explicitly deny the selected grantee the specified access level by setting the deny bit field.
 int getDefaultAllowMask()
          Gets the default allow access rights for a new grantee.
 int getDefaultAllowMask(java.util.Locale locale)
          Gets the default allow access rights for a new grantee.
 int getDefaultDenyMask()
          Gets the default deny access rights for a new grantee.
 int getDefaultDenyMask(java.util.Locale locale)
          Gets the default deny access rights for a new grantee.
protected  int getDeltaMask(int accessLevel, int objectType)
          Calculates the delta between the specified access level and its immediate lower access level.
protected  int getDeltaMask(java.util.Locale locale, int accessLevel, int objectType)
          Calculates the delta between the specified access level and its immediate lower access level.
protected  int getDenyMask(int accessLevel)
          Calculates the access mask for denying an access level.
protected  int getDenyMask(java.util.Locale locale, int accessLevel)
          Calculates the access mask for denying an access level.
static boolean getSecurityRight(int userAccess, int accessMask)
          Checks the user Access versus the property access mask
static java.lang.String getSystemNotes(int accessRights)
          Returns the simplified access right system note.
static java.lang.String getSystemNotes(java.util.Locale locale, int accessRights)
          Returns the simplified access right system note.
 void grantAccess(int accessLevel)
          Explicitly grant the selected grantee the specified access level by setting the allow bit field.
 boolean isGranted(int accessLevel)
          Computes and returns a true if access has been granted for the selected access level.
static boolean isGranted(int allowBits, int denyBits, int securityPolicyAllowBits, int securityPolicyDenyBits, int inheritedAllowBits, int inheritedDenyBits, int accessLevel, int objectType)
          Computes and returns a true if access has been granted for the selected access level.
 boolean isGranted(java.util.Locale locale, int accessLevel)
          Computes and returns a true if access has been granted for the selected access level.
static boolean isGranted(java.util.Locale locale, int allowBits, int denyBits, int securityPolicyAllowBits, int securityPolicyDenyBits, int inheritedAllowBits, int inheritedDenyBits, int accessLevel, int objectType)
          Computes and returns a true if access has been granted for the selected access level.
static java.lang.String mapAccessLevelToName(int accessLevel)
          Gets the localized access name of the given access level mask.
static java.lang.String mapAccessLevelToName(java.util.Locale locale, int accessLevel)
          Gets the localized access name of the given access level mask.
 void revokeAccess(int accessLevel, int accessType)
          Revokes the explicit allow or the explicit deny access settings.
 void revokeAccess(java.util.Locale locale, int accessLevel, int accessType)
          Revokes the explicit allow or the explicit deny access settings.
protected  void setAccessLevels(int objType)
          Set access levels for an object.
protected  void setAccessLevels(java.util.Locale locale, int objType)
          Set access levels for an object.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

NAME_OWNERCTRL

public static final WcmString NAME_OWNERCTRL
This constant specifies the Owner Control access name.


NAME_MODIFYCONTENT

public static final WcmString NAME_MODIFYCONTENT
This constant specifies the Modify Content access name.


NAME_MODIFYPROPS

public static final WcmString NAME_MODIFYPROPS
This constant specifies the Modify Properties access name.


NAME_VIEWCONTENT

public static final WcmString NAME_VIEWCONTENT
This constant specifies the View Content access name.


NAME_VIEWPROPS

public static final WcmString NAME_VIEWPROPS
This constant specifies the View Properties access name.


NAME_ADDTOFOLDER

public static final WcmString NAME_ADDTOFOLDER
This constant specifies the Add To Folder access name.


NAME_PROMOTEVERSION

public static final WcmString NAME_PROMOTEVERSION
This constant specifies the Promote Version access name.


NAME_PUBLISH

public static final WcmString NAME_PUBLISH
This constant specifies the Publish access name.


REVOKE

public static final int REVOKE
This constant indicates a revoke state.

See Also:
Constant Field Values

GRANT

public static final int GRANT
This constant indicates a grant state.

See Also:
Constant Field Values

DENY

public static final int DENY
This constant indicates a deny state.

See Also:
Constant Field Values

SECURITY_POLICY_GRANT

public static final int SECURITY_POLICY_GRANT
This constant indicates a grant state set by security policy.

See Also:
Constant Field Values

SECURITY_POLICY_DENY

public static final int SECURITY_POLICY_DENY
This constant indicates a deny state set by security policy.

See Also:
Constant Field Values

INHERITED_GRANT

public static final int INHERITED_GRANT
This constant indicates a grant state set by the inherited parent permissions.

See Also:
Constant Field Values

INHERITED_DENY

public static final int INHERITED_DENY
This constant indicates a deny state set by the inherited parent permissions.

See Also:
Constant Field Values

ADVANCE_GRANT

public static final int ADVANCE_GRANT
This constant indicates a grant state set by some inherited Advanced System Defined Settings.

See Also:
Constant Field Values

ADVANCE_DENY

public static final int ADVANCE_DENY
This constant indicates a deny state set by some inherited Advanced System Defined Settings.

See Also:
Constant Field Values

ADVANCE_SETTINGS

public static final int ADVANCE_SETTINGS
This constant indicates an Advanced System Defined Settings state.

See Also:
Constant Field Values

INHERITED_ADVANCE_SETTINGS

public static final int INHERITED_ADVANCE_SETTINGS
This constant indicates an inherited Advanced System Defined Settings state.

See Also:
Constant Field Values

VIEW_PROPERTIES

protected static final int VIEW_PROPERTIES
This constant defines the View Properties Access Level mask.

See Also:
Constant Field Values

VIEW_CONTENT

protected static final int VIEW_CONTENT
This constant defines the View Content Access Level mask.

See Also:
Constant Field Values

ADD_TO_FOLDER

protected static final int ADD_TO_FOLDER
This constant defines the Add To Folder Access Level mask.

See Also:
Constant Field Values

FOLDER_MODIFY_PROPERTIES

protected static final int FOLDER_MODIFY_PROPERTIES
This constant defines the Folder Modify Properties Access Level mask.

See Also:
Constant Field Values

CUSTOMOBJECT_MODIFY_PROPERTIES

protected static final int CUSTOMOBJECT_MODIFY_PROPERTIES
This constant defines the Custom Object Modify Properties Access Level mask.

See Also:
Constant Field Values

DEFAULT_MODIFY_PROPERTIES

protected static final int DEFAULT_MODIFY_PROPERTIES
This constant defines the default Modify Properties Access Level mask.

See Also:
Constant Field Values

DOCUMENT_MODIFY_PROPERTIES

protected static final int DOCUMENT_MODIFY_PROPERTIES
This constant defines the Document Modify Properties Access Level mask.

See Also:
Constant Field Values

SEARCH_MODIFY_PROPERTIES

protected static final int SEARCH_MODIFY_PROPERTIES
This constant defines the Search/Publish Template Modify Properties Access Level mask.

See Also:
Constant Field Values

DOCUMENT_MODIFY_CONTENT

protected static final int DOCUMENT_MODIFY_CONTENT
This constant defines the Document Modify Content Access Level mask.

See Also:
Constant Field Values

SEARCH_MODIFY_CONTENT

protected static final int SEARCH_MODIFY_CONTENT
This constant defines the Search/Publish Template Modify Content Access Level mask.

See Also:
Constant Field Values

FOLDER_OWNER_CONTROL

protected static final int FOLDER_OWNER_CONTROL
This constant defines the Folder Owner Control Access Level mask.

See Also:
Constant Field Values

CUSTOMOBJECT_OWNER_CONTROL

protected static final int CUSTOMOBJECT_OWNER_CONTROL
This constant defines the Custom Object Owner Control Access Level mask.

See Also:
Constant Field Values

DEFAULT_OWNER_CONTROL

protected static final int DEFAULT_OWNER_CONTROL
This constant defines the default Owner Control Access Level mask.

See Also:
Constant Field Values

DOCUMENT_OWNER_CONTROL

protected static final int DOCUMENT_OWNER_CONTROL
This constant defines the Document Owner Control Access Level mask.

See Also:
Constant Field Values

SEARCH_OWNER_CONTROL

protected static final int SEARCH_OWNER_CONTROL
This constant defines the Search/Publish Template Owner Control Access Level mask.

See Also:
Constant Field Values

PROMOTE_VERSION

protected static final int PROMOTE_VERSION
This constant defines the Document Publish Access Level mask.

See Also:
Constant Field Values

PUBLISH

protected static final int PUBLISH
This constant defines the Document Publish Access Level mask.

See Also:
Constant Field Values

DEFAULT_DOCUMENT_ALLOW_ACCESS

protected static final int DEFAULT_DOCUMENT_ALLOW_ACCESS
This constant defines the document object default access right of a new grantee.

See Also:
Constant Field Values

DEFAULT_FOLDER_ALLOW_ACCESS

protected static final int DEFAULT_FOLDER_ALLOW_ACCESS
This constant defines the folder object default access right of a new grantee.

See Also:
Constant Field Values

DEFAULT_SEARCH_ALLOW_ACCESS

protected static final int DEFAULT_SEARCH_ALLOW_ACCESS
This constant defines the search/publish template object default access right of a new grantee.

See Also:
Constant Field Values

DEFAULT_CUSTOMOBJECT_ALLOW_ACCESS

protected static final int DEFAULT_CUSTOMOBJECT_ALLOW_ACCESS
This constant defines the custom object object default access right of a new grantee.

See Also:
Constant Field Values

DEFAULT_LINK_ALLOW_ACCESS

protected static final int DEFAULT_LINK_ALLOW_ACCESS
This constant defines the link object default access right of a new grantee.

See Also:
Constant Field Values

DEFAULT_WORKFLOW_SUBSCRIPTION_ALLOW_ACCESS

protected static final int DEFAULT_WORKFLOW_SUBSCRIPTION_ALLOW_ACCESS
This constant defines the workflow subscription object default access right of a new grantee.

See Also:
Constant Field Values

DEFAULT_WORKFLOW_SECURITY_POLICY_ALLOW_ACCESS

protected static final int DEFAULT_WORKFLOW_SECURITY_POLICY_ALLOW_ACCESS
This constant defines the security policy object default access right of a new grantee.

See Also:
Constant Field Values

accessLevels

protected int[] accessLevels
Hold the security access levels.


allow

protected int allow
Bit field indicating access allow rights.


deny

protected int deny
Bit field indicating access deny rights.


securityPolicyAllow

protected int securityPolicyAllow
Bit field indicating security policy access allow rights.


securityPolicyDeny

protected int securityPolicyDeny
Bit field indicating security policy access deny rights.


inheritedAllow

protected int inheritedAllow
Bit field indicating inherited access allow rights.


inheritedDeny

protected int inheritedDeny
Bit field indicating inherited access deny rights.


objType

protected int objType
Type of object.

See Also:
BaseObject.TYPE_DOCUMENT, BaseObject.TYPE_FOLDER, BaseObject.TYPE_STORED_SEARCH, BaseObject.TYPE_PUBLISH_TEMPLATE, BaseObject.TYPE_CUSTOMOBJECT, BaseObject.TYPE_WORKFLOW_CLASS_SUBSCRIPTION, BaseObject.TYPE_WORKFLOW_INSTANCE_SUBSCRIPTION, BaseObject.TYPE_SECURITY_POLICY, BaseObject.TYPE_SECURITY_TEMPLATE, BaseObject.TYPE_LINK
Constructor Detail

WcmSecurityAccessUtil

public WcmSecurityAccessUtil()
Method Detail

canAddMarking

public static boolean canAddMarking(int userAccess)
Can someone add the marking with the given user access?

Parameters:
userAccess - user access on a given marking
Returns:
can add

canAddAMarking

public static boolean canAddAMarking(org.w3c.dom.NodeList markingsList)
Can someone add one of these markings with the given user access?

Parameters:
markingsList - list of markings
Returns:
can add any

canRemoveMarking

public static boolean canRemoveMarking(int userAccess)
Can someone remove the marking with the given user access?

Parameters:
userAccess - user access on a given marking
Returns:
can remove

getSecurityRight

public static boolean getSecurityRight(int userAccess,
                                       int accessMask)
Checks the user Access versus the property access mask

Parameters:
userAccess - User Access rights on object
accessMask - The access mask for an individual property
Returns:
true if the user has access rights on the property

getDefaultAllowMask

public int getDefaultAllowMask()
                        throws java.lang.Exception
Gets the default allow access rights for a new grantee.

Returns:
The default allow access bit field for a new grantee.
Throws:
java.lang.Exception - All Errors.

getDefaultAllowMask

public int getDefaultAllowMask(java.util.Locale locale)
                        throws java.lang.Exception
Gets the default allow access rights for a new grantee.

Returns:
The default allow access bit field for a new grantee.
Throws:
java.lang.Exception - All Errors.

getDefaultDenyMask

public int getDefaultDenyMask(java.util.Locale locale)
                       throws java.lang.Exception
Gets the default deny access rights for a new grantee.

Parameters:
locale - the client locale
Returns:
The default deny access bit field for a new grantee.
Throws:
java.lang.Exception - All Errors.

getDefaultDenyMask

public int getDefaultDenyMask()
                       throws java.lang.Exception
Gets the default deny access rights for a new grantee.

Returns:
The default deny access bit field for a new grantee.
Throws:
java.lang.Exception - All Errors.

mapAccessLevelToName

public static java.lang.String mapAccessLevelToName(java.util.Locale locale,
                                                    int accessLevel)
                                             throws java.lang.Exception
Gets the localized access name of the given access level mask.

Parameters:
locale - The client locale.
accessLevel - The access level bit field.
Returns:
The name of access level.
Throws:
java.lang.Exception - All Errors.


mapAccessLevelToName

public static java.lang.String mapAccessLevelToName(int accessLevel)
                                             throws java.lang.Exception
Gets the localized access name of the given access level mask.

Parameters:
accessLevel - The access level bit field.
Returns:
The name of access level.
Throws:
java.lang.Exception - All Errors.


computeAccessRight

public static WcmSecurityAccess computeAccessRight(java.util.Locale locale,
                                                   int allowBits,
                                                   int denyBits,
                                                   int securityPolicyAllowBits,
                                                   int securityPolicyDenyBits,
                                                   int inheritedAllowBits,
                                                   int inheritedDenyBits,
                                                   int accessLevel,
                                                   int objectType)
                                            throws java.lang.Exception
Computes and returns a WcmSecurityAccess object that contains the simplified access rights for the specified access level.

The simplified values of the security access are:

      0=Implicit Deny
      1=Allow
      2=Deny
      3=Allow due to security policy
      4=Deny due to security policy
      5=Inherited Allow
      6=Inherited Deny
      7=Allow due Advanced System Defined Settings
      8=Deny due Advanced System Defined Settings
      9=Advanced System Defined Settings
     10=Inherited Advanced System Defined Settings
 

Parameters:
locale - The client locale.
allowBits - The allow bit field.
denyBits - The deny bit field.
securityPolicyAllowBits - The security policy allow bit field.
securityPolicyDenyBits - The security policy deny bit field.
inheritedAllowBits - The inherited allow bit field.
inheritedDenyBits - The inherited deny bit field.
accessLevel - The access level bit field.
objectType - The object type.
Returns:
WcmSecurityAccess The WcmSecurityAccess object that contains the simplified explicit right, system right and the system notes.
Throws:
java.lang.Exception - All Errors.

computeAccessRight

public static WcmSecurityAccess computeAccessRight(int allowBits,
                                                   int denyBits,
                                                   int securityPolicyAllowBits,
                                                   int securityPolicyDenyBits,
                                                   int inheritedAllowBits,
                                                   int inheritedDenyBits,
                                                   int accessLevel,
                                                   int objectType)
                                            throws java.lang.Exception
Computes and returns a WcmSecurityAccess object that contains the simplified access rights for the specified access level.

The simplified values of the security access are:

      0=Implicit Deny
      1=Allow
      2=Deny
      3=Allow due to security policy
      4=Deny due to security policy
      5=Inherited Allow
      6=Inherited Deny
      7=Allow due Advanced System Defined Settings
      8=Deny due Advanced System Defined Settings
      9=Advanced System Defined Settings
     10=Inherited Advanced System Defined Settings
 

Parameters:
allowBits - The allow bit field.
denyBits - The deny bit field.
securityPolicyAllowBits - The security policy allow bit field.
securityPolicyDenyBits - The security policy deny bit field.
inheritedAllowBits - The inherited allow bit field.
inheritedDenyBits - The inherited deny bit field.
accessLevel - The access level bit field.
objectType - The object type.
Returns:
WcmSecurityAccess The WcmSecurityAccess object that contains the simplified explicit right, system right and the system notes.
Throws:
java.lang.Exception - All Errors.

computeExplicitAccessRight

public int computeExplicitAccessRight(java.util.Locale locale,
                                      int accessLevel,
                                      int objectType)
                               throws java.lang.Exception
Computes and returns a simplified access right set by the allow bits and deny bits for a given access level.

The simplified values of the Security Access are:

      0=Implicit Deny
      1=Allow
      2=Deny
      9=Advanced System Defined Settings
 

Parameters:
locale - The client locale.
accessLevel - The access level bit field.
objectType - The object type.
Returns:
A simplified access right status.
Throws:
java.lang.Exception - All Errors.

computeExplicitAccessRight

public int computeExplicitAccessRight(int accessLevel,
                                      int objectType)
                               throws java.lang.Exception
Computes and returns a simplified access right set by the allow bits and deny bits for a given access level.

The simplified values of the Security Access are:

      0=Implicit Deny
      1=Allow
      2=Deny
      9=Advanced System Defined Settings
 

Parameters:
accessLevel - The access level bit field.
objectType - The object type.
Returns:
A simplified access right status.
Throws:
java.lang.Exception - All Errors.

computeExplicitAccessRight

public static int computeExplicitAccessRight(java.util.Locale locale,
                                             int allowBits,
                                             int denyBits,
                                             int accessLevel,
                                             int objectType)
                                      throws java.lang.Exception
Computes and returns a simplified access right set by the allow bits and deny bits for a given access level.

The simplified values of the Security Access are:

      0=Implicit Deny
      1=Allow
      2=Deny
      9=Advanced System Defined Settings
 

Parameters:
locale - The client locale.
allowBits - The allow bit field.
denyBits - The deny bit field.
accessLevel - The access level bit field.
objectType - The object type.
Returns:
A simplified access right status.
Throws:
java.lang.Exception - All Errors.

computeExplicitAccessRight

public static int computeExplicitAccessRight(int allowBits,
                                             int denyBits,
                                             int accessLevel,
                                             int objectType)
                                      throws java.lang.Exception
Computes and returns a simplified access right set by the allow bits and deny bits for a given access level.

The simplified values of the Security Access are:

      0=Implicit Deny
      1=Allow
      2=Deny
      9=Advanced System Defined Settings
 

Parameters:
allowBits - The allow bit field.
denyBits - The deny bit field.
accessLevel - The access level bit field.
objectType - The object type.
Returns:
A simplified access right status.
Throws:
java.lang.Exception - All Errors.

computeInheritedAccessRight

public int computeInheritedAccessRight(java.util.Locale locale,
                                       int accessLevel,
                                       int objectType)
                                throws java.lang.Exception
Computes and returns a simplified access right set by the security policy allow bits, security policy deny bits, inherited deny bits and inherited allow bits for a given access level.

The simplified values of the Security Access are:

      0=Implicit Deny
      3=Allow due to security policy
      4=Deny due to security policy
      5=Inherited Allow
      6=Inherited Deny
      7=Allow due to Advanced System Defined Settings
      8=Deny due to Advanced System Defined Settings
     10=Inherited Advanced System Defined Settings
 

Parameters:
locale - The client locale.
accessLevel - The access level bit field.
objectType - The object type.
Returns:
A simplified access right status.
Throws:
java.lang.Exception - All Errors.

computeInheritedAccessRight

public int computeInheritedAccessRight(int accessLevel,
                                       int objectType)
                                throws java.lang.Exception
Computes and returns a simplified access right set by the security policy allow bits, security policy deny bits, inherited deny bits and inherited allow bits for a given access level.

The simplified values of the Security Access are:

      0=Implicit Deny
      3=Allow due to security policy
      4=Deny due to security policy
      5=Inherited Allow
      6=Inherited Deny
      7=Allow due to Advanced System Defined Settings
      8=Deny due to Advanced System Defined Settings
     10=Inherited Advanced System Defined Settings
 

Parameters:
accessLevel - The access level bit field.
objectType - The object type.
Returns:
A simplified access right status.
Throws:
java.lang.Exception - All Errors.

computeInheritedAccessRight

public static int computeInheritedAccessRight(java.util.Locale locale,
                                              int securityPolicyAllowBits,
                                              int securityPolicyDenyBits,
                                              int inheritedAllowBits,
                                              int inheritedDenyBits,
                                              int accessLevel,
                                              int objectType)
                                       throws java.lang.Exception
Computes and returns a simplified access right set by the security policy allow bits, security policy deny bits, inherited deny bits and inherited allow bits for a given access level.

The simplified values of the Security Access are:

      0=Implicit Deny
      3=Allow due to security policy
      4=Deny due to security policy
      5=Inherited Allow
      6=Inherited Deny
      7=Allow due to Advanced System Defined Settings
      8=Deny due to Advanced System Defined Settings
     10=Inherited Advanced System Defined Settings
 

Parameters:
locale - The client locale.
securityPolicyAllowBits - The security policy allow bit field.
securityPolicyDenyBits - The security policy deny bit field.
inheritedAllowBits - The inherited allow bit field.
inheritedDenyBits - The inherited deny bit field.
accessLevel - The access level bit field.
objectType - The object type.
Returns:
A simplified access right status.
Throws:
java.lang.Exception - All Errors.

computeInheritedAccessRight

public static int computeInheritedAccessRight(int securityPolicyAllowBits,
                                              int securityPolicyDenyBits,
                                              int inheritedAllowBits,
                                              int inheritedDenyBits,
                                              int accessLevel,
                                              int objectType)
                                       throws java.lang.Exception
Computes and returns a simplified access right set by the security policy allow bits, security policy deny bits, inherited deny bits and inherited allow bits for a given access level.

The simplified values of the Security Access are:

      0=Implicit Deny
      3=Allow due to security policy
      4=Deny due to security policy
      5=Inherited Allow
      6=Inherited Deny
      7=Allow due to Advanced System Defined Settings
      8=Deny due to Advanced System Defined Settings
     10=Inherited Advanced System Defined Settings
 

Parameters:
securityPolicyAllowBits - The security policy allow bit field.
securityPolicyDenyBits - The security policy deny bit field.
inheritedAllowBits - The inherited allow bit field.
inheritedDenyBits - The inherited deny bit field.
accessLevel - The access level bit field.
objectType - The object type.
Returns:
A simplified access right status.
Throws:
java.lang.Exception - All Errors.

isGranted

public boolean isGranted(java.util.Locale locale,
                         int accessLevel)
                  throws java.lang.Exception
Computes and returns a true if access has been granted for the selected access level.

This method uses the allow, deny, security policy allow, security policy deny, inherited allow, and inherited deny bit fields for computing the simplified access right.

Parameters:
locale - The client locale.
accessLevel - The access level bit field.
Returns:
boolean true if the access level is granted by the allow permissions.
Throws:
java.lang.Exception - All Errors.

isGranted

public boolean isGranted(int accessLevel)
                  throws java.lang.Exception
Computes and returns a true if access has been granted for the selected access level.

This method uses the allow, deny, security policy allow, security policy deny, inherited allow, and inherited deny bit fields for computing the simplified access right.

Parameters:
accessLevel - The access level bit field.
Returns:
boolean true if the access level is granted by the allow permissions.
Throws:
java.lang.Exception - All Errors.

isGranted

public static boolean isGranted(java.util.Locale locale,
                                int allowBits,
                                int denyBits,
                                int securityPolicyAllowBits,
                                int securityPolicyDenyBits,
                                int inheritedAllowBits,
                                int inheritedDenyBits,
                                int accessLevel,
                                int objectType)
                         throws java.lang.Exception
Computes and returns a true if access has been granted for the selected access level.

Parameters:
locale - The client locale.
allowBits - The allow bit field.
denyBits - The deny bit field.
securityPolicyAllowBits - The security policy allow bit field.
securityPolicyDenyBits - The security policy deny bit field.
inheritedAllowBits - The inherited allow bit field.
inheritedDenyBits - The inherited deny bit field.
accessLevel - The access level bit field.
objectType - The object type.
Returns:
boolean true if the access level is granted by the allow permissions.
Throws:
java.lang.Exception - All Errors.

isGranted

public static boolean isGranted(int allowBits,
                                int denyBits,
                                int securityPolicyAllowBits,
                                int securityPolicyDenyBits,
                                int inheritedAllowBits,
                                int inheritedDenyBits,
                                int accessLevel,
                                int objectType)
                         throws java.lang.Exception
Computes and returns a true if access has been granted for the selected access level.

Parameters:
allowBits - The allow bit field.
denyBits - The deny bit field.
securityPolicyAllowBits - The security policy allow bit field.
securityPolicyDenyBits - The security policy deny bit field.
inheritedAllowBits - The inherited allow bit field.
inheritedDenyBits - The inherited deny bit field.
accessLevel - The access level bit field.
objectType - The object type.
Returns:
boolean true if the access level is granted by the allow permissions.
Throws:
java.lang.Exception - All Errors.

getSystemNotes

public static java.lang.String getSystemNotes(java.util.Locale locale,
                                              int accessRights)
Returns the simplified access right system note. The system note is used to further explain the current security settings defined by the system.

Parameters:
locale - The client locale.
accessRights - The simplified access right value
      0=Implicit Deny
      1=Allow
      2=Deny
      3=Allow due to security policy
      4=Deny due to security policy
      5=Allow due to inherited security
      6=Deny due to inherited security
      7=Allow due Advanced System Defined Settings
      8=Deny due Advanced System Defined Settings
      9=Advanced System Defined Settings
     10=Advanced System Defined Settings
 
Returns:
The system note associates with the specified access right status.

getSystemNotes

public static java.lang.String getSystemNotes(int accessRights)
Returns the simplified access right system note. The system note is used to further explain the current security settings defined by the system.

Parameters:
accessRights - The simplified access right value
      0=Implicit Deny
      1=Allow
      2=Deny
      3=Allow due to security policy
      4=Deny due to security policy
      5=Allow due to inherited security
      6=Deny due to inherited security
      7=Allow due Advanced System Defined Settings
      8=Deny due Advanced System Defined Settings
      9=Advanced System Defined Settings
     10=Advanced System Defined Settings
 
Returns:
The system note associates with the specified access right status.

grantAccess

public final void grantAccess(int accessLevel)
                       throws java.lang.Exception
Explicitly grant the selected grantee the specified access level by setting the allow bit field.

Parameters:
accessLevel - The access level bit field.
Throws:
java.lang.Exception - All Errors.

denyAccess

public final void denyAccess(java.util.Locale locale,
                             int accessLevel)
                      throws java.lang.Exception
Explicitly deny the selected grantee the specified access level by setting the deny bit field.

Parameters:
accessLevel - The access level bit field.
Throws:
java.lang.Exception - All Errors.

denyAccess

public final void denyAccess(int accessLevel)
                      throws java.lang.Exception
Explicitly deny the selected grantee the specified access level by setting the deny bit field.

Parameters:
accessLevel - The access level bit field.
Throws:
java.lang.Exception - All Errors.

revokeAccess

public void revokeAccess(java.util.Locale locale,
                         int accessLevel,
                         int accessType)
                  throws java.lang.Exception
Revokes the explicit allow or the explicit deny access settings.

Parameters:
locale - The client locale.
accessLevel - The access level bit field.
accessType - The access type (allow or deny type)
Throws:
java.lang.Exception - All Errors.

revokeAccess

public void revokeAccess(int accessLevel,
                         int accessType)
                  throws java.lang.Exception
Revokes the explicit allow or the explicit deny access settings.

Parameters:
accessLevel - The access level bit field.
accessType - The access type (allow or deny type)
Throws:
java.lang.Exception - All Errors.

setAccessLevels

protected void setAccessLevels(java.util.Locale locale,
                               int objType)
                        throws java.lang.Exception
Set access levels for an object. This method must be called before calling other methods in this class.

Parameters:
locale - The client locale.
objType - int The object type.
Throws:
java.lang.Exception - All Errors.
See Also:
BaseObject.TYPE_DOCUMENT, BaseObject.TYPE_FOLDER, BaseObject.TYPE_STORED_SEARCH, BaseObject.TYPE_PUBLISH_TEMPLATE, BaseObject.TYPE_CUSTOMOBJECT, BaseObject.TYPE_WORKFLOW_CLASS_SUBSCRIPTION, BaseObject.TYPE_WORKFLOW_INSTANCE_SUBSCRIPTION, BaseObject.TYPE_SECURITY_POLICY, BaseObject.TYPE_SECURITY_TEMPLATE, BaseObject.TYPE_LINK

setAccessLevels

protected void setAccessLevels(int objType)
                        throws java.lang.Exception
Set access levels for an object. This method must be called before calling other methods in this class.

Parameters:
objType - int The object type.
Throws:
java.lang.Exception - All Errors.
See Also:
BaseObject.TYPE_DOCUMENT, BaseObject.TYPE_FOLDER, BaseObject.TYPE_STORED_SEARCH, BaseObject.TYPE_PUBLISH_TEMPLATE, BaseObject.TYPE_CUSTOMOBJECT, BaseObject.TYPE_WORKFLOW_CLASS_SUBSCRIPTION, BaseObject.TYPE_WORKFLOW_INSTANCE_SUBSCRIPTION, BaseObject.TYPE_SECURITY_POLICY, BaseObject.TYPE_SECURITY_TEMPLATE, BaseObject.TYPE_LINK

computeAccessRight

protected WcmSecurityAccess computeAccessRight(java.util.Locale locale,
                                               int accessLevel)
                                        throws java.lang.Exception
Computes and returns a WcmSecurityAccess object that contains the simplified access rights for the specified access level.

This method uses the allow, deny, security policy allow, security policy deny, inherited allow, and inherited deny bit fields for computing the simplified access right.

Parameters:
locale - The client locale.
accessLevel - The access level bit field.
Returns:
WcmSecurityAccess A WcmSecurityAccess object that contains the simplified explicit and system settings.
Throws:
java.lang.Exception - All Errors.

computeAccessRight

protected WcmSecurityAccess computeAccessRight(int accessLevel)
                                        throws java.lang.Exception
Computes and returns a WcmSecurityAccess object that contains the simplified access rights for the specified access level.

This method uses the allow, deny, security policy allow, security policy deny, inherited allow, and inherited deny bit fields for computing the simplified access right.

Parameters:
accessLevel - The access level bit field.
Returns:
WcmSecurityAccess A WcmSecurityAccess object that contains the simplified explicit and system settings.
Throws:
java.lang.Exception - All Errors.

computeExplicitAccessRight

protected int computeExplicitAccessRight(java.util.Locale locale,
                                         int accessLevel)
                                  throws java.lang.Exception
Computes the object permission and returns a simplified access right for the specified access level.

This method uses the allow, and deny bit fields for computing the simplified access right.

The simplified values of the Security Access are: 0=Implicit Deny 1=Allow 2=Deny 9=Advanced System Defined Settings

Parameters:
locale - The client locale.
accessLevel - The access level bit field.
Returns:
A simplified access right status.
Throws:
java.lang.Exception - All Errors.

computeExplicitAccessRight

protected int computeExplicitAccessRight(int accessLevel)
                                  throws java.lang.Exception
Computes the object permission and returns a simplified access right for the specified access level.

This method uses the allow, and deny bit fields for computing the simplified access right.

The simplified values of the Security Access are: 0=Implicit Deny 1=Allow 2=Deny 9=Advanced System Defined Settings

Parameters:
accessLevel - The access level bit field.
Returns:
A simplified access right status.
Throws:
java.lang.Exception - All Errors.

computeInheritedAccessRight

protected int computeInheritedAccessRight(java.util.Locale locale,
                                          int accessLevel)
                                   throws java.lang.Exception
Computes the object inherited permissions and returns a simplified access right for the specified access level.

This method uses the security policy allow, security policy deny, inherited allow, and inherited deny bit fields for computing the simplified access right.

The simplified inherited values of the Security Access are: 0=Implicit Deny 3=Allow due to security policy 4=Deny due to security policy 5=Inherited Allow 6=Inherited Deny 7=Allow due Advanced System Defined Settings 8=Deny due Advanced System Defined Settings 10=Advanced System Defined Settings

Parameters:
locale - The client locale.
accessLevel - The access level bit field.
Returns:
A simplified access right status.
Throws:
java.lang.Exception - All Errors.

computeInheritedAccessRight

protected int computeInheritedAccessRight(int accessLevel)
                                   throws java.lang.Exception
Computes the object inherited permissions and returns a simplified access right for the specified access level.

This method uses the security policy allow, security policy deny, inherited allow, and inherited deny bit fields for computing the simplified access right.

The simplified inherited values of the Security Access are: 0=Implicit Deny 3=Allow due to security policy 4=Deny due to security policy 5=Inherited Allow 6=Inherited Deny 7=Allow due Advanced System Defined Settings 8=Deny due Advanced System Defined Settings 10=Advanced System Defined Settings

Parameters:
accessLevel - The access level bit field.
Returns:
A simplified access right status.
Throws:
java.lang.Exception - All Errors.

getDeltaMask

protected int getDeltaMask(java.util.Locale locale,
                           int accessLevel,
                           int objectType)
                    throws java.lang.Exception
Calculates the delta between the specified access level and its immediate lower access level. This extracts out the additional access value between two adjacent access levels.

Parameters:
locale - The client locale.
accessLevel - The access level bit field.
objectType - int The object type.
Throws:
java.lang.Exception - All Exceptions.

getDeltaMask

protected int getDeltaMask(int accessLevel,
                           int objectType)
                    throws java.lang.Exception
Calculates the delta between the specified access level and its immediate lower access level. This extracts out the additional access value between two adjacent access levels.

Parameters:
accessLevel - The access level bit field.
objectType - int The object type.
Throws:
java.lang.Exception - All Exceptions.

getDenyMask

protected int getDenyMask(java.util.Locale locale,
                          int accessLevel)
                   throws java.lang.Exception
Calculates the access mask for denying an access level.

Parameters:
locale - The client locale.
accessLevel - The access level bit field.
Throws:
java.lang.Exception - All Exceptions.

getDenyMask

protected int getDenyMask(int accessLevel)
                   throws java.lang.Exception
Calculates the access mask for denying an access level.

Parameters:
accessLevel - The access level bit field.
Throws:
java.lang.Exception - All Exceptions.


© Copyright IBM Corp. 2002, 2007. All Rights Reserved.