Class SidACL

  • Direct Known Subclasses:

    public abstract class SidACL
    extends ACL
    ACL that checks permissions based on GrantedAuthority of the Authentication.
    Kohsuke Kawaguchi
    • Constructor Detail

      • SidACL

        public SidACL()
    • Method Detail

      • hasPermission2

        public boolean hasPermission2​(@NonNull
                                      Permission permission)
        Description copied from class: ACL
        Checks if the given principle has the given permission.

        Note that ACL.SYSTEM2 can be passed in as the authentication parameter, in which case you should probably just assume it has every permission.

        hasPermission2 in class ACL
      • hasPermission

        protected abstract Boolean hasPermission​(Sid p,
                                                 Permission permission)
        Checks if the given Sid has the given Permission.

        hasPermission2(Authentication, Permission) is implemented by checking authentication's GrantedAuthority by using this method.

        It is the implementor's responsibility to recognize Permission.impliedBy and take that into account.

        true if the access should be granted, false if it should be denied. The null value indicates that the ACL does no rule for this Sid/Permission combination. The caller can decide what to do—such as consulting the higher level ACL, or denying the access (if the model is no-access-by-default.)
      • toString

        protected String toString​(Sid p)
      • newInheritingACL

        public final SidACL newInheritingACL​(SidACL parent)
        Creates a new SidACL that first consults 'this' SidACL and then delegate to the given parent SidACL. By doing this at the SidACL level and not at the ACL level, this allows the child ACLs to have an explicit deny entry. Note that the combined ACL calls hasPermission(Sid,Permission) in the child and parent SidACLs directly, so if these override _hasPermission then this custom behavior will not be applied.