Google Git
Sign in
code / plexi / hourly / 5cf54f0e4a27185f4e7aee0447804f7a03385ecd / . / javadoc / com / google / enterprise / adaptor / Acl.html
blob: d0b4623eff9c82fe406451b14c1c7764b48581a1 [file] [log] [blame]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<title>Acl</title>
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="Acl";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar_top">
<!-- -->
</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../overview-summary.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../com/google/enterprise/adaptor/AbstractDocumentTransform.html" title="class in com.google.enterprise.adaptor"><span class="strong">PREV CLASS</span></a></li>
<li><a href="../../../../com/google/enterprise/adaptor/Acl.BatchRetriever.html" title="interface in com.google.enterprise.adaptor"><span class="strong">NEXT CLASS</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/google/enterprise/adaptor/Acl.html" target="_top">FRAMES</a></li>
<li><a href="Acl.html" target="_top">NO FRAMES</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>SUMMARY:&nbsp;</li>
<li><a href="#nested_class_summary">NESTED</a>&nbsp;|&nbsp;</li>
<li><a href="#field_summary">FIELD</a>&nbsp;|&nbsp;</li>
<li>CONSTR&nbsp;|&nbsp;</li>
<li><a href="#method_summary">METHOD</a></li>
</ul>
<ul class="subNavList">
<li>DETAIL:&nbsp;</li>
<li><a href="#field_detail">FIELD</a>&nbsp;|&nbsp;</li>
<li>CONSTR&nbsp;|&nbsp;</li>
<li><a href="#method_detail">METHOD</a></li>
</ul>
</div>
<a name="skip-navbar_top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<!-- ======== START OF CLASS DATA ======== -->
<div class="header">
<p class="subTitle">com.google.enterprise.adaptor</p>
<h2 title="Class Acl" class="title">Class Acl</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li><a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">java.lang.Object</a></li>
<li>
<ul class="inheritance">
<li>com.google.enterprise.adaptor.Acl</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<hr>
<br>
<pre>public class <strong>Acl</strong>
extends <a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></pre>
<div class="block">Immutable access control list. For description of the semantics of the
various fields, see <a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)"><code>isAuthorizedLocal</code></a> and
<a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorized(com.google.enterprise.adaptor.AuthnIdentity, java.util.List)"><code>isAuthorized</code></a>. Users and groups must not be <code>null</code>, <code>""</code>, or have surrounding whitespace. These values are
disallowed to prevent confusion since <code>null</code> doesn't make sense, <code>""</code> would be ignored by the GSA, and surrounding whitespace is automatically
trimmed by the GSA.</div>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- ======== NESTED CLASS SUMMARY ======== -->
<ul class="blockList">
<li class="blockList"><a name="nested_class_summary">
<!-- -->
</a>
<h3>Nested Class Summary</h3>
<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Nested Class Summary table, listing nested classes, and an explanation">
<caption><span>Nested Classes</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Class and Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static interface&nbsp;</code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.BatchRetriever.html" title="interface in com.google.enterprise.adaptor">Acl.BatchRetriever</a></strong></code>
<div class="block">Batch retrieval of ACLs for efficent processing of many authz checks at
once.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static class&nbsp;</code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.Builder.html" title="class in com.google.enterprise.adaptor">Acl.Builder</a></strong></code>
<div class="block">Mutable ACL for creating instances of <a href="../../../../com/google/enterprise/adaptor/Acl.html" title="class in com.google.enterprise.adaptor"><code>Acl</code></a>.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static class&nbsp;</code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.InheritanceType.html" title="enum in com.google.enterprise.adaptor">Acl.InheritanceType</a></strong></code>
<div class="block">The rule for combining a parent's authz response with its child's.</div>
</td>
</tr>
</table>
</li>
</ul>
<!-- =========== FIELD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="field_summary">
<!-- -->
</a>
<h3>Field Summary</h3>
<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Field Summary table, listing fields, and an explanation">
<caption><span>Fields</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Field and Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="../../../../com/google/enterprise/adaptor/Acl.html" title="class in com.google.enterprise.adaptor">Acl</a></code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#EMPTY">EMPTY</a></strong></code>
<div class="block">Empty convenience instance with all defaults used.</div>
</td>
</tr>
</table>
</li>
</ul>
<!-- ========== METHOD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="method_summary">
<!-- -->
</a>
<h3>Method Summary</h3>
<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
<caption><span>Methods</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Method and Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>boolean</code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#equals(java.lang.Object)">equals</a></strong>(<a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a>&nbsp;o)</code>
<div class="block">Equality is determined if all the permit/deny sets are equal and the
inheritance is equal.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code><a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a>&lt;<a href="../../../../com/google/enterprise/adaptor/Principal.html" title="class in com.google.enterprise.adaptor">Principal</a>&gt;</code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getDenies()">getDenies</a></strong>()</code>
<div class="block">Returns immutable set of denied users and groups;</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code><a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a>&lt;<a href="../../../../com/google/enterprise/adaptor/GroupPrincipal.html" title="class in com.google.enterprise.adaptor">GroupPrincipal</a>&gt;</code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getDenyGroups()">getDenyGroups</a></strong>()</code>
<div class="block">Returns immutable set of denied groups.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code><a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a>&lt;<a href="../../../../com/google/enterprise/adaptor/UserPrincipal.html" title="class in com.google.enterprise.adaptor">UserPrincipal</a>&gt;</code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getDenyUsers()">getDenyUsers</a></strong>()</code>
<div class="block">Returns immutable set of denied users.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code><a href="../../../../com/google/enterprise/adaptor/Acl.InheritanceType.html" title="enum in com.google.enterprise.adaptor">Acl.InheritanceType</a></code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getInheritanceType()">getInheritanceType</a></strong>()</code>
<div class="block">Returns the inheritance type used to combine authz decisions of these ACLs
with its <em>child</em>.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code><a href="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</a></code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getInheritFrom()">getInheritFrom</a></strong>()</code>
<div class="block">Returns <code>DocId</code> these ACLs are inherited from.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code><a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a>&lt;<a href="../../../../com/google/enterprise/adaptor/GroupPrincipal.html" title="class in com.google.enterprise.adaptor">GroupPrincipal</a>&gt;</code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getPermitGroups()">getPermitGroups</a></strong>()</code>
<div class="block">Returns immutable set of permitted groups.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code><a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a>&lt;<a href="../../../../com/google/enterprise/adaptor/Principal.html" title="class in com.google.enterprise.adaptor">Principal</a>&gt;</code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getPermits()">getPermits</a></strong>()</code>
<div class="block">Returns immutable set of permitted users and groups.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code><a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a>&lt;<a href="../../../../com/google/enterprise/adaptor/UserPrincipal.html" title="class in com.google.enterprise.adaptor">UserPrincipal</a>&gt;</code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#getPermitUsers()">getPermitUsers</a></strong>()</code>
<div class="block">Returns immutable set of permitted users.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>int</code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#hashCode()">hashCode</a></strong>()</code>
<div class="block">Returns a hash code for this object that agrees with <code>equals</code>.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</a></code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorized(com.google.enterprise.adaptor.AuthnIdentity, java.util.List)">isAuthorized</a></strong>(<a href="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</a>&nbsp;userIdentity,
<a href="http://download.oracle.com/javase/6/docs/api/java/util/List.html?is-external=true" title="class or interface in java.util">List</a>&lt;<a href="../../../../com/google/enterprise/adaptor/Acl.html" title="class in com.google.enterprise.adaptor">Acl</a>&gt;&nbsp;aclChain)</code>
<div class="block">Determine if the provided <code>userIdentity</code> belonging to <code>groups</code> is authorized for the provided <code>aclChain</code>.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="http://download.oracle.com/javase/6/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util">Map</a>&lt;<a href="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</a>,<a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</a>&gt;</code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedBatch(com.google.enterprise.adaptor.AuthnIdentity, java.util.Collection, com.google.enterprise.adaptor.Acl.BatchRetriever)">isAuthorizedBatch</a></strong>(<a href="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</a>&nbsp;userIdentity,
<a href="http://download.oracle.com/javase/6/docs/api/java/util/Collection.html?is-external=true" title="class or interface in java.util">Collection</a>&lt;<a href="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</a>&gt;&nbsp;ids,
<a href="../../../../com/google/enterprise/adaptor/Acl.BatchRetriever.html" title="interface in com.google.enterprise.adaptor">Acl.BatchRetriever</a>&nbsp;retriever)</code>
<div class="block">Check authz for many DocIds at once.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code><a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</a></code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)">isAuthorizedLocal</a></strong>(<a href="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</a>&nbsp;userIdentity)</code>
<div class="block">Determine if the provided <code>userIdentifier</code> belonging to <code>groups</code> is authorized, ignoring inheritance.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>boolean</code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#isEverythingCaseInsensitive()">isEverythingCaseInsensitive</a></strong>()</code>
<div class="block">Says whether letter casing doesn't matter during authorization.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>boolean</code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#isEverythingCaseSensitive()">isEverythingCaseSensitive</a></strong>()</code>
<div class="block">Says whether letter casing differentiates names during authorization.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><strong><a href="../../../../com/google/enterprise/adaptor/Acl.html#toString()">toString</a></strong>()</code>
<div class="block">Generates a string useful for debugging that contains users and groups
along with inheritance information.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a name="methods_inherited_from_class_java.lang.Object">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;java.lang.<a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></h3>
<code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#clone()" title="class or interface in java.lang">clone</a>, <a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#finalize()" title="class or interface in java.lang">finalize</a>, <a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#getClass()" title="class or interface in java.lang">getClass</a>, <a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#notify()" title="class or interface in java.lang">notify</a>, <a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#notifyAll()" title="class or interface in java.lang">notifyAll</a>, <a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#wait()" title="class or interface in java.lang">wait</a>, <a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#wait(long)" title="class or interface in java.lang">wait</a>, <a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#wait(long, int)" title="class or interface in java.lang">wait</a></code></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ============ FIELD DETAIL =========== -->
<ul class="blockList">
<li class="blockList"><a name="field_detail">
<!-- -->
</a>
<h3>Field Detail</h3>
<a name="EMPTY">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>EMPTY</h4>
<pre>public static final&nbsp;<a href="../../../../com/google/enterprise/adaptor/Acl.html" title="class in com.google.enterprise.adaptor">Acl</a> EMPTY</pre>
<div class="block">Empty convenience instance with all defaults used.</div>
<dl><dt><span class="strong">See Also:</span></dt><dd><a href="../../../../com/google/enterprise/adaptor/Acl.Builder.html#Acl.Builder()"><code>Acl.Builder.Acl.Builder()</code></a></dd></dl>
</li>
</ul>
</li>
</ul>
<!-- ============ METHOD DETAIL ========== -->
<ul class="blockList">
<li class="blockList"><a name="method_detail">
<!-- -->
</a>
<h3>Method Detail</h3>
<a name="getPermitGroups()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getPermitGroups</h4>
<pre>public&nbsp;<a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a>&lt;<a href="../../../../com/google/enterprise/adaptor/GroupPrincipal.html" title="class in com.google.enterprise.adaptor">GroupPrincipal</a>&gt;&nbsp;getPermitGroups()</pre>
<div class="block">Returns immutable set of permitted groups.</div>
</li>
</ul>
<a name="getDenyGroups()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getDenyGroups</h4>
<pre>public&nbsp;<a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a>&lt;<a href="../../../../com/google/enterprise/adaptor/GroupPrincipal.html" title="class in com.google.enterprise.adaptor">GroupPrincipal</a>&gt;&nbsp;getDenyGroups()</pre>
<div class="block">Returns immutable set of denied groups.</div>
</li>
</ul>
<a name="getPermitUsers()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getPermitUsers</h4>
<pre>public&nbsp;<a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a>&lt;<a href="../../../../com/google/enterprise/adaptor/UserPrincipal.html" title="class in com.google.enterprise.adaptor">UserPrincipal</a>&gt;&nbsp;getPermitUsers()</pre>
<div class="block">Returns immutable set of permitted users.</div>
</li>
</ul>
<a name="getDenyUsers()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getDenyUsers</h4>
<pre>public&nbsp;<a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a>&lt;<a href="../../../../com/google/enterprise/adaptor/UserPrincipal.html" title="class in com.google.enterprise.adaptor">UserPrincipal</a>&gt;&nbsp;getDenyUsers()</pre>
<div class="block">Returns immutable set of denied users.</div>
</li>
</ul>
<a name="getPermits()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getPermits</h4>
<pre>public&nbsp;<a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a>&lt;<a href="../../../../com/google/enterprise/adaptor/Principal.html" title="class in com.google.enterprise.adaptor">Principal</a>&gt;&nbsp;getPermits()</pre>
<div class="block">Returns immutable set of permitted users and groups.</div>
</li>
</ul>
<a name="getDenies()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getDenies</h4>
<pre>public&nbsp;<a href="http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a>&lt;<a href="../../../../com/google/enterprise/adaptor/Principal.html" title="class in com.google.enterprise.adaptor">Principal</a>&gt;&nbsp;getDenies()</pre>
<div class="block">Returns immutable set of denied users and groups;</div>
</li>
</ul>
<a name="getInheritFrom()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getInheritFrom</h4>
<pre>public&nbsp;<a href="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</a>&nbsp;getInheritFrom()</pre>
<div class="block">Returns <code>DocId</code> these ACLs are inherited from. This is also known as
the "parent's" ACLs. Note that the parent's <code>InheritanceType</code>
determines how to combine results with this ACL.</div>
<dl><dt><span class="strong">See Also:</span></dt><dd><a href="../../../../com/google/enterprise/adaptor/Acl.html#getInheritanceType()"><code>getInheritanceType()</code></a></dd></dl>
</li>
</ul>
<a name="getInheritanceType()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getInheritanceType</h4>
<pre>public&nbsp;<a href="../../../../com/google/enterprise/adaptor/Acl.InheritanceType.html" title="enum in com.google.enterprise.adaptor">Acl.InheritanceType</a>&nbsp;getInheritanceType()</pre>
<div class="block">Returns the inheritance type used to combine authz decisions of these ACLs
with its <em>child</em>. The inheritance type applies to the interaction
between this ACL and any <em>children</em> it has.</div>
<dl><dt><span class="strong">See Also:</span></dt><dd><a href="../../../../com/google/enterprise/adaptor/Acl.html#getInheritFrom()"><code>getInheritFrom()</code></a></dd></dl>
</li>
</ul>
<a name="isEverythingCaseSensitive()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>isEverythingCaseSensitive</h4>
<pre>public&nbsp;boolean&nbsp;isEverythingCaseSensitive()</pre>
<div class="block">Says whether letter casing differentiates names during authorization.</div>
</li>
</ul>
<a name="isEverythingCaseInsensitive()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>isEverythingCaseInsensitive</h4>
<pre>public&nbsp;boolean&nbsp;isEverythingCaseInsensitive()</pre>
<div class="block">Says whether letter casing doesn't matter during authorization.</div>
</li>
</ul>
<a name="isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>isAuthorizedLocal</h4>
<pre>public&nbsp;<a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</a>&nbsp;isAuthorizedLocal(<a href="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</a>&nbsp;userIdentity)</pre>
<div class="block">Determine if the provided <code>userIdentifier</code> belonging to <code>groups</code> is authorized, ignoring inheritance. Deny trumps permit,
independent of how specific the rule is. So if a user is in permitUsers and
one of the user's groups is in denyGroups, that user will be denied. If a
user and his groups are unspecified in the ACL, then the response is
indeterminate.</div>
</li>
</ul>
<a name="isAuthorized(com.google.enterprise.adaptor.AuthnIdentity, java.util.List)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>isAuthorized</h4>
<pre>public static&nbsp;<a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</a>&nbsp;isAuthorized(<a href="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</a>&nbsp;userIdentity,
<a href="http://download.oracle.com/javase/6/docs/api/java/util/List.html?is-external=true" title="class or interface in java.util">List</a>&lt;<a href="../../../../com/google/enterprise/adaptor/Acl.html" title="class in com.google.enterprise.adaptor">Acl</a>&gt;&nbsp;aclChain)</pre>
<div class="block">Determine if the provided <code>userIdentity</code> belonging to <code>groups</code> is authorized for the provided <code>aclChain</code>. The chain should
be in order of root to leaf; that means that the particular file or folder
you are checking for authz will be at the end of the chain.
<p>If you have an ACL and wish to determine if a user is authorized, you
should manually generate an aclChain by recursively retrieving the ACLs of
the <code>inheritFrom</code> <a href="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor"><code>DocId</code></a>. The ACL you started with should be
at the end of the chain. Alternatively, you can use <a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedBatch(com.google.enterprise.adaptor.AuthnIdentity, java.util.Collection, com.google.enterprise.adaptor.Acl.BatchRetriever)"><code>isAuthorizedBatch()</code></a>.
<p>If the entire chain has empty permit/deny sets, then the result is
<a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html#INDETERMINATE"><code>AuthzStatus.INDETERMINATE</code></a>.
<p>The result of the entire chain is the non-local decision of the root.
The non-local decision of any entry in the chain is the local decision of
that entry (as calculated with <a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)"><code>isAuthorizedLocal()</code></a>) combined with the non-local decision of the next
entry in the chain via the <code>InheritanceType</code> of the original entry.
To repeat, the non-local decision of an entry is that entry's local
decision combined using its <code>InheritanceType</code> with its child's
non-local decision (which is recursive). Thus, if the root's inheritance
type is <a href="../../../../com/google/enterprise/adaptor/Acl.InheritanceType.html#PARENT_OVERRIDES"><code>Acl.InheritanceType.PARENT_OVERRIDES</code></a> and its local decision is
<a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html#DENY"><code>AuthzStatus.DENY</code></a>, then independent of any decendant's local
decision, the decision of the chain will be <code>DENY</code>.
<p>It should also be noted that the leaf's inheritance type does not matter
and is ignored.
<p>It is very important to note that a completely empty ACL (one that has
all defaults) is equivalent to having no ACLs. The GSA considers content
from the Adaptor as public unless it provides an ACL. Thus, empty ACLs
cause a document to become public and the GSA does not use ACLs when
considering public documents (and all results are PERMIT). However, for
non-Adaptor situations, you can get a document to be private and have no
ACLs. In these situations the ACLs are checked, but the result is
INDETERMINATE and different authz checks must be made.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>userIdentity</code> - identity containing the user's username and all the
groups the user belongs to</dd><dd><code>aclChain</code> - ordered list of ACLs from root to leaf</dd>
<dt><span class="strong">Throws:</span></dt>
<dd><code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/IllegalArgumentException.html?is-external=true" title="class or interface in java.lang">IllegalArgumentException</a></code> - if the chain is empty, the first element
of the chain's <code>getInheritFrom() != null</code>, or if any element but
the first has <code>getInheritFrom() == null</code>.</dd><dt><span class="strong">See Also:</span></dt><dd><a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)"><code>isAuthorizedLocal(com.google.enterprise.adaptor.AuthnIdentity)</code></a>,
<a href="../../../../com/google/enterprise/adaptor/Acl.InheritanceType.html" title="enum in com.google.enterprise.adaptor"><code>Acl.InheritanceType</code></a></dd></dl>
</li>
</ul>
<a name="isAuthorizedBatch(com.google.enterprise.adaptor.AuthnIdentity, java.util.Collection, com.google.enterprise.adaptor.Acl.BatchRetriever)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>isAuthorizedBatch</h4>
<pre>public static&nbsp;<a href="http://download.oracle.com/javase/6/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util">Map</a>&lt;<a href="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</a>,<a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html" title="enum in com.google.enterprise.adaptor">AuthzStatus</a>&gt;&nbsp;isAuthorizedBatch(<a href="../../../../com/google/enterprise/adaptor/AuthnIdentity.html" title="interface in com.google.enterprise.adaptor">AuthnIdentity</a>&nbsp;userIdentity,
<a href="http://download.oracle.com/javase/6/docs/api/java/util/Collection.html?is-external=true" title="class or interface in java.util">Collection</a>&lt;<a href="../../../../com/google/enterprise/adaptor/DocId.html" title="class in com.google.enterprise.adaptor">DocId</a>&gt;&nbsp;ids,
<a href="../../../../com/google/enterprise/adaptor/Acl.BatchRetriever.html" title="interface in com.google.enterprise.adaptor">Acl.BatchRetriever</a>&nbsp;retriever)
throws <a href="http://download.oracle.com/javase/6/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</a></pre>
<div class="block">Check authz for many DocIds at once. This will only fetch ACL information
for a DocId once, even when considering inheritFrom. It will then create
the appropriate chains and call <a href="../../../../com/google/enterprise/adaptor/Acl.html#isAuthorized(com.google.enterprise.adaptor.AuthnIdentity, java.util.List)"><code>isAuthorized()</code></a>.
<p>If there is an inheritance cycle, an ACL for a DocId in <code>ids</code> was
not returned by <code>retriever</code> when requested, or an inherited ACL was
not returned by <code>retriever</code> when requested, its response will be
<a href="../../../../com/google/enterprise/adaptor/AuthzStatus.html#INDETERMINATE"><code>AuthzStatus.INDETERMINATE</code></a> for that DocId.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>userIdentity</code> - identity containing the user's username and all the
groups the user belongs to</dd><dd><code>ids</code> - collection of DocIds that need authz performed</dd><dd><code>retriever</code> - object to use to obtain an ACL for a given DocId</dd>
<dt><span class="strong">Throws:</span></dt>
<dd><code><a href="http://download.oracle.com/javase/6/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</a></code> - if the retriever throws an IOException</dd></dl>
</li>
</ul>
<a name="equals(java.lang.Object)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>equals</h4>
<pre>public&nbsp;boolean&nbsp;equals(<a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a>&nbsp;o)</pre>
<div class="block">Equality is determined if all the permit/deny sets are equal and the
inheritance is equal.</div>
<dl>
<dt><strong>Overrides:</strong></dt>
<dd><code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#equals(java.lang.Object)" title="class or interface in java.lang">equals</a></code>&nbsp;in class&nbsp;<code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></code></dd>
</dl>
</li>
</ul>
<a name="hashCode()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>hashCode</h4>
<pre>public&nbsp;int&nbsp;hashCode()</pre>
<div class="block">Returns a hash code for this object that agrees with <code>equals</code>.</div>
<dl>
<dt><strong>Overrides:</strong></dt>
<dd><code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#hashCode()" title="class or interface in java.lang">hashCode</a></code>&nbsp;in class&nbsp;<code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></code></dd>
</dl>
</li>
</ul>
<a name="toString()">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>toString</h4>
<pre>public&nbsp;<a href="http://download.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;toString()</pre>
<div class="block">Generates a string useful for debugging that contains users and groups
along with inheritance information.</div>
<dl>
<dt><strong>Overrides:</strong></dt>
<dd><code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true#toString()" title="class or interface in java.lang">toString</a></code>&nbsp;in class&nbsp;<code><a href="http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></code></dd>
</dl>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<!-- ========= END OF CLASS DATA ========= -->
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar_bottom">
<!-- -->
</a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../overview-summary.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../com/google/enterprise/adaptor/AbstractDocumentTransform.html" title="class in com.google.enterprise.adaptor"><span class="strong">PREV CLASS</span></a></li>
<li><a href="../../../../com/google/enterprise/adaptor/Acl.BatchRetriever.html" title="interface in com.google.enterprise.adaptor"><span class="strong">NEXT CLASS</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../../index.html?com/google/enterprise/adaptor/Acl.html" target="_top">FRAMES</a></li>
<li><a href="Acl.html" target="_top">NO FRAMES</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>SUMMARY:&nbsp;</li>
<li><a href="#nested_class_summary">NESTED</a>&nbsp;|&nbsp;</li>
<li><a href="#field_summary">FIELD</a>&nbsp;|&nbsp;</li>
<li>CONSTR&nbsp;|&nbsp;</li>
<li><a href="#method_summary">METHOD</a></li>
</ul>
<ul class="subNavList">
<li>DETAIL:&nbsp;</li>
<li><a href="#field_detail">FIELD</a>&nbsp;|&nbsp;</li>
<li>CONSTR&nbsp;|&nbsp;</li>
<li><a href="#method_detail">METHOD</a></li>
</ul>
</div>
<a name="skip-navbar_bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</body>
</html>