Package hudson.security
Class SidACL
java.lang.Object
hudson.security.ACL
hudson.security.SidACL
- Direct Known Subclasses:
SparseACL
- Author:
- Kohsuke Kawaguchi
-
Field Summary
Fields inherited from class hudson.security.ACL
ANONYMOUS, ANONYMOUS_USERNAME, EVERYONE, SYSTEM, SYSTEM_USERNAME, SYSTEM2
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected Boolean
_hasPermission
(org.springframework.security.core.Authentication a, Permission permission) Implementation that backs uphasPermission2(Authentication, Permission)
.protected abstract Boolean
hasPermission
(Sid p, Permission permission) Checks if the givenSid
has the givenPermission
.boolean
hasPermission2
(org.springframework.security.core.Authentication a, Permission permission) Checks if the given principle has the given permission.final SidACL
newInheritingACL
(SidACL parent) protected String
Methods inherited from class hudson.security.ACL
as, as, as2, checkAnyPermission, checkCreatePermission, checkCreatePermission, checkPermission, hasAnyPermission, hasCreatePermission, hasCreatePermission, hasCreatePermission2, hasCreatePermission2, hasPermission, hasPermission, impersonate, impersonate, impersonate, impersonate2, impersonate2, impersonate2, isAnonymous, isAnonymous2, lambda, lambda2
-
Constructor Details
-
SidACL
public SidACL()
-
-
Method Details
-
hasPermission2
public boolean hasPermission2(@NonNull org.springframework.security.core.Authentication a, Permission permission) Description copied from class:ACL
Checks if the given principle has the given permission.Note that
ACL.SYSTEM2
can be passed in as the authentication parameter, in which case you should probably just assume it has every permission.- Overrides:
hasPermission2
in classACL
-
_hasPermission
protected Boolean _hasPermission(@NonNull org.springframework.security.core.Authentication a, Permission permission) Implementation that backs uphasPermission2(Authentication, Permission)
.- Returns:
- true or false if
hasPermission(Sid, Permission)
returns it. Otherwise null, indicating that this ACL doesn't have any entry for it.
-
hasPermission
Checks if the givenSid
has the givenPermission
.hasPermission2(Authentication, Permission)
is implemented by checking authentication'sGrantedAuthority
by using this method.It is the implementor's responsibility to recognize
Permission.impliedBy
and take that into account.- Returns:
- true if the access should be granted, false if it should be denied. The null value indicates that the ACL does no rule for this Sid/Permission combination. The caller can decide what to do—such as consulting the higher level ACL, or denying the access (if the model is no-access-by-default.)
-
toString
-
newInheritingACL
Creates a newSidACL
that first consults 'this'SidACL
and then delegate to the given parentSidACL
. By doing this at theSidACL
level and not at theACL
level, this allows the child ACLs to have an explicit deny entry. Note that the combined ACL calls hasPermission(Sid,Permission) in the child and parent SidACLs directly, so if these override _hasPermission then this custom behavior will not be applied.
-