Package com.isode.dsapi.aci

Class SimpleACIRule.Tuple

java.lang.Object
com.isode.dsapi.aci.SimpleACIRule.Tuple
Enclosing class:
SimpleACIRule
public static class SimpleACIRule.Tuple extends Object
Representation of one rule tuple

The fields of this class may be accessed directly. There are also methods available to simplify access to some of the fields.

  • Field Details

    • label

      public String label
      Label of this rule tuple.

    • permissions

      public int permissions
      Permissions bit-set; each bit is 0 for off, 1 for on. On means 'grant' or 'deny' depending on whether this is a grant or deny rule. Off means 'unaffected'. Bit values are specified in the PermBit enumeration.

    • prot_entry

      public boolean prot_entry
      Protect entry access. This must not be set 'true' in combination with any of the other prot_* variables. This keeps entry-level permissions separate from attribute-level permissions.

    • prot_all_type

      public boolean prot_all_type
      Protect access to all user attribute types.

    • prot_all_type_value

      public boolean prot_all_type_value
      Protect access to all user attribute types and also their values. Implies 'prot_all_type' even if it isn't explicitly set.

    • prot_type

      public List<String> prot_type
      Protect access to the given list of user attribute types, either just the types, or types-and-values according to prot_type_values.

    • prot_type_values

      public boolean prot_type_values
      Modifier for prot_type: 'true' to protect attribute types-and-values, or 'false' to protect just the types.

    • prot_self

      public List<String> prot_self
      Protect access to the specific attribute value, within the listed attributes, that matches the user's bound DN.

    • subentry

      public boolean subentry
      If 'true', only applies to subentries of admin points. Otherwise applies to normal entries.

      If 'true', then the anticipated use is that the subentry permissions would be set for a wide area, and that any ACSAs within that area would pick up those permissions. It is not necessary to specify a separate region for each ACSA.

    • refinement

      public BAC.Refinement refinement
      If an objectclass filter is specified here, then the rule is only applied to entries that match. Use 'null' if no objectclass filter is required.

    • user_entry

      public boolean user_entry
      If 'true', rule applies only to the user's own entry: that is, the entry with the same DN as the user's DN. The role used in combination with this rule must specify 'user_all' or otherwise the combination will be rejected.

  • Constructor Details

    • Tuple

      public Tuple(String label)
      Construct a tuple with the given label.
      Parameters:
      label - Name of tuple

  • Method Details

    • setPermBits

      public void setPermBits(PermBit... bits)
      Set one or more permission bits.
      Parameters:
      bits - Array or argument-list of PermBits to set

    • clearPermBits

      public void clearPermBits(PermBit... bits)
      Clear one or more permission bits.
      Parameters:
      bits - Array or argument-list of PermBits to clear

    • clearAllPermBits

      public void clearAllPermBits()
      Clear all permission bits.

    • setAllEntryPermBits

      public void setAllEntryPermBits()
      Set all the permission bits related to entry access-control.

    • setEntryReadPermBits

      public void setEntryReadPermBits()
      Set the read-related permission bits for entry access control, that is: read, browse, return-DN and disclose-on-error.

    • setEntryChangePermBits

      public void setEntryChangePermBits()
      Set the change-related permission bits for entry access control, that is: add, remove and modify.

    • setEntryRenamePermBits

      public void setEntryRenamePermBits()
      Set the rename-related permission bits for entry access control, that is: rename, import and export.

    • setAllAttrPermBits

      public void setAllAttrPermBits()
      Set all the permission bits related to attribute access-control.

    • setAttrReadPermBits

      public void setAttrReadPermBits()
      Set the read-related permission bits for attribute access control, that is: read, compare, match and disclose-on-error.

    • protectAllUserAttrs

      public void protectAllUserAttrs()
      Protect all user attributes. Sets 'prot_all_type' and 'prot_all_type_value' to true.

    • protectAttrs

      public void protectAttrs(String... attrs)
      Protect the given list of attribute types and also their values. Adds these attributes to 'prot_type' and sets 'prot_type_values'.
      Parameters:
      attrs - Array or argument-list of attribute type names to protect

    • protectBaseOpAttrs

      public void protectBaseOpAttrs()
      Protect all of the standard Isode base list of operational attributes that a user would need to read, or a manager need to modify. Adds this list to 'prot_type' and sets 'prot_type_values'.

    • protectR15OpAttrs

      public void protectR15OpAttrs()
      Protect all of the standard Isode base list of operational attributes that a user would need to read, or a manager need to modify in R15. Adds this list to 'prot_type' and sets 'prot_type_values'.

    • protectSelfAttrs

      public void protectSelfAttrs(String... attrs)
      Protect the given list of attributes in the user's own entry. Adds these attributes to 'prot_self'.
      Parameters:
      attrs - Array or argument-list of attribute type names to protect

    • deepCopy

      public SimpleACIRule.Tuple deepCopy()
      Copy this tuple, but not the 'original' reference. This is cheap slow code -- it copies it by converting it via XML. It could perhaps be improved if there was ever a need to do a lot of copying.

    • sort

      public void sort()
      Sort the protected attribute names into a consistent order. If all Tuple instances are sorted, then .equals() and .contentsEqual() will work consistently even if the tuples were originally loaded in a different order. Otherwise comparisons are sensitive to the loading order.

    • contentsEqual

      public boolean contentsEqual(SimpleACIRule.Tuple bb)
      Test whether two rules are identical, apart from their names.
      Parameters:
      bb - Tuple to compare to
      Returns:
      Test result

    • setOriginal

      public void setOriginal(SimpleACIRule.Tuple tup)
      Set the original Tuple. This is only used to support hasChanges().

    • getOriginal

      public SimpleACIRule.Tuple getOriginal()
      Get the original Tuple, that was set with setOriginal(com.isode.dsapi.aci.SimpleACIRule.Tuple).

    • hasChanges

      public boolean hasChanges()
      Test whether there have been changes compared to the original tuple. The tuple is sorted internally to allow the comparison. If the original tuple was not set, this method returns false.
      Returns:
      TRUE if there have been changes compared to the original tuple; FALSE otherwise or if the original tuple was not set.

    • equals

      public boolean equals(Object o)
      Test whether two tuples are identical.
      Overrides:
      equals in class Object
      Parameters:
      o - Object to compare to
      Returns:
      Test result

    • contentsHashCode

      public int contentsHashCode()
      Return a hashCode that depends on the 'contents' of the rule tuple, but not the name.
      Returns:
      Hash code

    • hashCode

      public int hashCode()
      Return a hashCode that depends on both the 'contents' and the name of the rule tuple.
      Overrides:
      hashCode in class Object
      Returns:
      Hash code

    • dumpXML

      public void dumpXML(com.isode.util.XMLOutput out) throws IOException
      Dump tuple as XML.
      Throws:
      IOException

    • loadXML

      public static SimpleACIRule.Tuple loadXML(com.isode.util.XMLInput in)
      Try to load tuple from XML. Return null if not found.

    • copyFrom

      public void copyFrom(SimpleACIRule.Tuple tup)
      Copy data from the given tuple.
      Parameters:
      tup - Tuple to copy data from, must not be null.

    • toString

      public String toString()
      Debugging dump.
      Overrides:
      toString in class Object
      Returns:
      Debugging dump