Acl

public class Acl extends Object

Represents all aspects of access permissions for an uploaded document.

The Access Control List (ACL) contains a list of both users and groups that have either read access or denied access to an Item. Additionally, the access can be dependent on an "inherit from" parent ACL corresponding to the Acl.InheritanceType value. A parent can also have multiple ACLs associated with it as defined by its fragments set in setInheritFrom(String, String).

Instances are immutable.

Nested Class Summary

class Acl.Builder Mutable ACL for creating instances of Acl
class Acl.GroupPrincipalParser Parser used to extract a group principal of either "google" or "external" type. 
enum Acl.InheritanceType The enum that presents the type of inheritance. 
enum Acl.PrincipalType Represents type of a Principal  
class Acl.UserPrincipalParser Parser used to extract a user principal of either "google" or "external" type. 

Constant Summary

String GOOGLE_ACCOUNT_PREFIX Configuration value prefix to indicate Google principal
String GROUP_NAME_FORMAT Format to construct external group principal name
String IDENTITY_RESOURCE_NAME_FORMAT Format to construct identity source ID
String IDENTITY_SOURCES_PREFIX Prefix for identity source ID
String USER_RESOURCE_NAME_FORMAT Format to construct external user principal name

Field Summary

public static final Acl.GroupPrincipalParser GROUP_PARSER Configuration.Parser to parse string value as external group or Google group principal
public static final Acl.UserPrincipalParser USER_PARSER Configuration.Parser to parse string value as external user or Google user principal

Public Method Summary

static boolean
addResourcePrefixGroup(Principal group, String identitySourceId)
Adds resource prefix "identitysources/identitySourceId/groups/" to setGroupResourceName(String).
static boolean
addResourcePrefixUser(Principal user, String identitySourceId)
Adds resource prefix "identitysources/identitySourceId/users/" to setUserResourceName(String).
Item
applyTo(Item item)
Applies current ACL information to the passed Item.
static Acl
createAcl(String permittedUsers, String permittedGroups, String deniedUsers, String deniedGroups)
Creates an Acl from comma delimited strings.
Item
createFragmentItemOf(String id, String fragment)
Creates an Item from an id and fragment to be used for its ACL.
boolean
equals(Object obj)
static String
fragmentId(String id, String fragment)
Creates a fragment id using the pattern %s#%s.
static Principal
getCustomerPrincipal()
Returns a customer principal instance.
Set<Principal>
getDeniedReaders()
Returns the denied readers.
static Principal
getGoogleGroupPrincipal(String groupId)
Returns a Google group principal.
static Principal
getGoogleUserPrincipal(String userId)
Returns a Google user principal.
static Principal
getGroupPrincipal(String groupId, String identitySourceId)
Returns an external group principal under specified identity source ID.
static Principal
getGroupPrincipal(String groupId)
Returns an external group principal.
String
getInheritFrom()
Returns the "inherit from" parent name.
String
getInheritFromFragment()
Returns the "inherit from" fragment.
Acl.InheritanceType
Set<Principal>
getOwners()
Returns the owners.
static String
getPrincipalName(String name, String namespace)
Creates principal name with pattern %s:%s.
static Acl.PrincipalType
getPrincipalType(Principal p)
Returns Acl.PrincipalType for given principal
Set<Principal>
getReaders()
Returns the allowed readers.
static Principal
getUserPrincipal(String userId)
Returns an external user principal.
static Principal
getUserPrincipal(String userId, String identitySourceId)
Returns an external user principal under specified identity source ID.
int
String

Inherited Method Summary

Constants

public static final String GOOGLE_ACCOUNT_PREFIX

Configuration value prefix to indicate Google principal

Constant Value: "google:"

public static final String GROUP_NAME_FORMAT

Format to construct external group principal name

Constant Value: "identitysources/%s/groups/%s"

public static final String IDENTITY_RESOURCE_NAME_FORMAT

Format to construct identity source ID

Constant Value: "identitysources/%s"

public static final String IDENTITY_SOURCES_PREFIX

Prefix for identity source ID

Constant Value: "identitysources"

public static final String USER_RESOURCE_NAME_FORMAT

Format to construct external user principal name

Constant Value: "identitysources/%s/users/%s"

Fields

public static final Acl.GroupPrincipalParser GROUP_PARSER

Configuration.Parser to parse string value as external group or Google group principal

public static final Acl.UserPrincipalParser USER_PARSER

Configuration.Parser to parse string value as external user or Google user principal

Public Methods

public static boolean addResourcePrefixGroup (Principal group, String identitySourceId)

Adds resource prefix "identitysources/identitySourceId/groups/" to setGroupResourceName(String). This method assumes that getGroupResourceName() is already encoded for escaping unsupported characters.

Parameters
group principal to add resource prefix for.
identitySourceId identity source ID for external group principal.
Returns
  • true if resource prefix is added to principal, false otherwise.

public static boolean addResourcePrefixUser (Principal user, String identitySourceId)

Adds resource prefix "identitysources/identitySourceId/users/" to setUserResourceName(String).

Parameters
user principal to add resource prefix for.
identitySourceId identity source ID for external user principal.
Returns
  • true if resource prefix is added to principal, false otherwise.

public Item applyTo (Item item)

Applies current ACL information to the passed Item.

Parameters
item original Item to apply ACL information
Returns
  • the Item with the current ACL information applied

public static Acl createAcl (String permittedUsers, String permittedGroups, String deniedUsers, String deniedGroups)

Creates an Acl from comma delimited strings.

Parameters
permittedUsers readers
permittedGroups permitted groups
deniedUsers denied readers
deniedGroups denied groups
Returns
  • fully formed Acl

public Item createFragmentItemOf (String id, String fragment)

Creates an Item from an id and fragment to be used for its ACL.

Parameters
id parent "id"
fragment associated fragment for the parent
Returns
  • an Item to be used as an ACL parent

public boolean equals (Object obj)

Parameters
obj

public static String fragmentId (String id, String fragment)

Creates a fragment id using the pattern %s#%s.

Parameters
id - document id
fragment - fragment name
Returns
  • created name

public static Principal getCustomerPrincipal ()

Returns a customer principal instance.

Returns

public Set<Principal> getDeniedReaders ()

Returns the denied readers.

public static Principal getGoogleGroupPrincipal (String groupId)

Returns a Google group principal.

Parameters
groupId external group ID
Returns

public static Principal getGoogleUserPrincipal (String userId)

Returns a Google user principal.

Parameters
userId Google user ID
Returns

public static Principal getGroupPrincipal (String groupId, String identitySourceId)

Returns an external group principal under specified identity source ID. This method encodes groupId using encodeGroupId(String)

Parameters
groupId external user ID
identitySourceId identity source ID for external group principal
Returns

public static Principal getGroupPrincipal (String groupId)

Returns an external group principal. This method encodes groupId using encodeGroupId(String)

Parameters
groupId external user ID
Returns

public String getInheritFrom ()

Returns the "inherit from" parent name.

public String getInheritFromFragment ()

Returns the "inherit from" fragment.

public Acl.InheritanceType getInheritanceType ()

Returns the Acl.InheritanceType.

public Set<Principal> getOwners ()

Returns the owners.

public static String getPrincipalName (String name, String namespace)

Creates principal name with pattern %s:%s.

Parameters
name - name
namespace - namespace
Returns
  • created name

public static Acl.PrincipalType getPrincipalType (Principal p)

Returns Acl.PrincipalType for given principal

Parameters
p principal to compute Acl.PrincipalType for
Returns

public Set<Principal> getReaders ()

Returns the allowed readers.

public static Principal getUserPrincipal (String userId)

Returns an external user principal.

Parameters
userId external user ID
Returns

public static Principal getUserPrincipal (String userId, String identitySourceId)

Returns an external user principal under specified identity source ID.

Parameters
userId external user ID
identitySourceId identity source ID for external user principal
Returns

public int hashCode ()

public String toString ()