AccessControlUtil (Opencast :: common 8.7 API)

java.lang.Object
- org.opencastproject.security.api.AccessControlUtil

```
public final class AccessControlUtil
extends Object
```
Provides common functions helpful in dealing with AccessControlLists.

Field Summary

Fields
Modifier and Type Field and Description

static Function<String,Option<AclScope>> toAclScope

Fields
Modifier and Type	Field and Description
`static Function<String,Option<AclScope>>`	`toAclScope`

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static AccessControlList`	`acl(Either<AccessControlEntry,List<AccessControlEntry>>... entries)` Constructor function for ACLs.
`static Checksum`	`calculateChecksum(AccessControlList acl)` Calculate an MD5 checksum for an `AccessControlList`.
`static Either<AccessControlEntry,List<AccessControlEntry>>`	`entries(String role, Tuple<String,Boolean>... actions)` Create a list of access control entries for a given role.
`static Either<AccessControlEntry,List<AccessControlEntry>>`	`entry(String role, String action, boolean allow)` Create a single access control entry.
`static boolean`	`equals(AccessControlList a, AccessControlList b)` Define equality on AccessControlLists.
`static AccessControlList`	`extendAcl(AccessControlList acl, String role, String action, boolean allow)` Extends an access control list with an access control entry
`static boolean`	`isAuthorized(AccessControlList acl, User user, Organization org, Object action)` Determines whether the `AccessControlList` permits a user to perform an action.
`static boolean`	`isAuthorizedAll(AccessControlList acl, User user, Organization org, Object... actions)` Returns true only if all actions are authorized.
`static boolean`	`isAuthorizedOne(AccessControlList acl, User user, Organization org, Object... actions)` Returns true if at least one action is authorized.
`static boolean`	`isProhibitedAll(AccessControlList acl, User user, Organization org, Object... actions)` Returns true if all actions are prohibited.
`static boolean`	`isProhibitedOne(AccessControlList acl, User user, Organization org, Object... actions)` Returns true if at least one action is prohibited.
`static AccessControlList`	`reduceAcl(AccessControlList acl, String role, String action)` Reduces an access control list by an access control entry

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

toAclScope

public static final Function<String,Option<AclScope>> toAclScope

Method Detail

isAuthorized
```
public static boolean isAuthorized(AccessControlList acl,
                                   User user,
                                   Organization org,
                                   Object action)
```
Determines whether the AccessControlList permits a user to perform an action. There are three ways a user can be allowed to perform an action:
1. They have the superuser role
2. They have their local organization's admin role
3. They have a role listed in the series ACL, with write permission
Parameters:

acl - the AccessControlList

user - the user

org - the organization

action - The action to perform. action may be an arbitrary object. The authorization check is done on the string representation of the object (#toString()). This allows to group actions as enums and use them without converting them to a string manually. See Permissions.Action.

Returns:

whether this action should be allowed

Throws:

IllegalArgumentException - if any of the arguments are null

isAuthorizedAll

public static boolean isAuthorizedAll(AccessControlList acl,
                                      User user,
                                      Organization org,
                                      Object... actions)

Returns true only if all actions are authorized.

See Also:: isAuthorized(AccessControlList, User, Organization, Object)

isAuthorizedOne

public static boolean isAuthorizedOne(AccessControlList acl,
                                      User user,
                                      Organization org,
                                      Object... actions)

Returns true if at least one action is authorized.

See Also:: isAuthorized(AccessControlList, User, Organization, Object)

isProhibitedAll

public static boolean isProhibitedAll(AccessControlList acl,
                                      User user,
                                      Organization org,
                                      Object... actions)

Returns true if all actions are prohibited.

See Also:: isAuthorized(AccessControlList, User, Organization, Object)

isProhibitedOne

public static boolean isProhibitedOne(AccessControlList acl,
                                      User user,
                                      Organization org,
                                      Object... actions)

Returns true if at least one action is prohibited.

See Also:: isAuthorized(AccessControlList, User, Organization, Object)

extendAcl
```
public static AccessControlList extendAcl(AccessControlList acl,
                                          String role,
                                          String action,
                                          boolean allow)
```
Extends an access control list with an access control entry

Parameters:

acl - the access control list to extend

role - the access control entry role

action - the access control entry action

allow - whether this access control entry role is allowed to take this action

Returns:

the extended access control list or the same if already contained

reduceAcl
```
public static AccessControlList reduceAcl(AccessControlList acl,
                                          String role,
                                          String action)
```
Reduces an access control list by an access control entry

Parameters:

acl - the access control list to reduce

role - the role of the access control entry to remove

action - the action of the access control entry to remove

Returns:

the reduced access control list or the same if already contained

acl
```
public static AccessControlList acl(Either<AccessControlEntry,List<AccessControlEntry>>... entries)
```
Constructor function for ACLs.

See Also:

entry(String, String, boolean), entries(String, org.opencastproject.util.data.Tuple[])

entry

public static Either<AccessControlEntry,List<AccessControlEntry>> entry(String role,
                                                                        String action,
                                                                        boolean allow)

Create a single access control entry.

entries

public static Either<AccessControlEntry,List<AccessControlEntry>> entries(String role,
                                                                          Tuple<String,Boolean>... actions)

Create a list of access control entries for a given role.

equals
```
public static boolean equals(AccessControlList a,
                             AccessControlList b)
```
Define equality on AccessControlLists. Two AccessControlLists are considered equal if they contain the exact same entries no matter in which order.
This has not been implemented in terms of #equals and #hashCode because the list of entries is not immutable and therefore not suitable to be put in a set.

calculateChecksum

public static Checksum calculateChecksum(AccessControlList acl)

Calculate an MD5 checksum for an AccessControlList.

Class AccessControlUtil

Field Summary

Method Summary

Methods inherited from class java.lang.Object