public class AdminResource extends AbstractResource
The following access modes are defined for the /accounts/users:
Rights objects for this resource are made of one mandatory bitfield having 2 bits for the non-leaf nodes and various number of bits for the leaf nodes.
For the non-leaf nodes, the permissions bits are defined as follows:
The security package uses the package private methods defined in this class for access rights checks. The interpretation of various access modes and the meaning of particular operations is beyond control of this resource plugin.
objectPointer, resourceIndex, sm
Constructor and Description |
---|
AdminResource()
Constructor.
|
Modifier and Type | Method and Description |
---|---|
private int |
adminAccessWorker(java.lang.String name,
int permission)
Access rights check worker.
|
(package private) int |
checkAdminAccess(java.lang.String name,
int mode)
Generalized Access rights check.
|
(package private) boolean |
checkAnyAdminAccess()
Checks whether the current subject has any admin rights.
|
(package private) boolean |
checkAnyAdminAccess(java.lang.String name)
Checks whether the current subject has any admin rights on the specified
non-leaf resource instance.
|
(package private) boolean |
checkPasswordAdminAccess()
Checks the access rights of the current subject with regards to the
PASSWORD permission in the "/accounts/users" instance of the "admin"
abstract resource.
|
private int |
checkSingle(AdminRights rights,
int type,
int mode)
Performs access rights check on a single
instance of the Rights object.
|
(package private) boolean |
checkUnlimitedAdminAccess()
Checks whether the current subject has the unlimited admin rights.
|
(package private) boolean |
checkUnlimitedAdminAccess(java.lang.String name)
Checks whether the current subject has the unlimited admin rights on
the specified non-leaf resource instance.
|
Description[] |
describeRights()
Returns an array of descriptions, one object per the plugin's access
rights item.
|
Rights |
getRightsInstance(java.lang.Object[] rights)
Instantiates a plugin's class that implements the Rights interface,
using the array of objects representing a set of access rights fields.
|
java.lang.String |
getTypeName()
Returns the plugin resource type name as a string.
|
boolean |
isInstanceNameValid(java.lang.String resource)
Checks whether a given string is a valid resource name
for this resource type.
|
boolean |
isRightsSetValid(java.lang.Object[] rights)
Checks whether a given array of objects representing a set of access
rights fields is acceptable.
|
(package private) int |
nodeWorker(java.lang.String instanceName,
int type,
int mode)
Node access rights check worker.
|
associate, attach, disassociate, getEnclosingScope, getLibrary, getLink, getPermissions, init, refresh, registeredAs, toString
public java.lang.String getTypeName()
public Description[] describeRights()
This method was not designed to give descriptions of all possible variations of rights, so it returns the most used one.
Description
s, one per each plugin's access
rights item.public Rights getRightsInstance(java.lang.Object[] rights)
rights
- an array of objects of proper types representing items in a set
of access rightspublic boolean isInstanceNameValid(java.lang.String resource)
Valid names are those that belong to the namespace tree.
resource
- string naming a resourcetrue
if the name is validpublic boolean isRightsSetValid(java.lang.Object[] rights)
This method returns true
only if:
rights
- an array of objects of proper types representing items in a set
of access rights
This implementation expects an Integer encoding the bitfield type and a bitfield of the corresponding size.
true
if the array is acceptable for an instance
of access rightsboolean checkAnyAdminAccess()
true
if some admin rights are grantedboolean checkAnyAdminAccess(java.lang.String name)
name
- resource instance nametrue
if some admin rights are grantedboolean checkUnlimitedAdminAccess()
true
if the unlimited rights are grantedboolean checkUnlimitedAdminAccess(java.lang.String name)
name
- resource instance nametrue
if the unlimited rights are grantedboolean checkPasswordAdminAccess()
true
if access is allowed.int checkAdminAccess(java.lang.String name, int mode)
name
- resource instance namemode
- access mode (requested permission)private int adminAccessWorker(java.lang.String name, int permission)
name
- resource instance namepermission
- requested permission; used for the leaf nodes onlyint nodeWorker(java.lang.String instanceName, int type, int mode)
instanceName
- resource instance nametype
- node typemode
- requested permission; used for the leaf nodes onlyprivate int checkSingle(AdminRights rights, int type, int mode)
rights
- The instance of AdminRights to check, must not be
null
.type
- node type to compare the rights withmode
- used for the leaf nodes only; permission to check or -1;
the latter means any permission and not denied access