org.openafs.jafs
Class ACL.Entry

java.lang.Object
  |
  +--org.openafs.jafs.ACL.Entry

All Implemented Interfaces:

Serializable

Enclosing class:

ACL

public static final class ACL.Entry

extends Object

implements Serializable

AFS ACL Entry Class.

Documentation reference: Managing Access Control Lists

Version:

2.0, 04/18/2001 - Completely revised class for efficiency., 3.0, 05/01/2002 - Converted class to an inner class.

See Also:

Serialized Form

Field Summary

static int	ADMIN ACL Mask administer constant
static int	DELETE ACL Mask delete constant
static int	INSERT ACL Mask insert constant
static int	LOCK ACL Mask lock constant
static int	LOOKUP ACL Mask lookup constant
static int	READ ACL Mask read constant
static int	WRITE ACL Mask write constant

Constructor Summary

ACL.Entry()
Constructs a new ACL entry with all permission bits set to false.

ACL.Entry(int permissionsMask)
Constructs a new ACL entry setting each permission bit to its appropriate value according to the permissionsMask specified.

ACL.Entry(String user)
Constructs a new ACL entry with all permission bits set to false and sets the associated user or group name.

ACL.Entry(String user, int permissionsMask)
Constructs a new ACL entry setting each permission bit to its appropriate value according to the permissionsMask specified and sets the associated user or group name.

Method Summary

boolean	canAdmin() Tests whether the ACL permits administer access.
boolean	canDelete() Tests whether the ACL permits delete access.
boolean	canInsert() Tests whether the ACL permits insert access.
boolean	canLock() Tests whether the ACL permits the lock authority.
boolean	canLookup() Tests whether the ACL permits lookup access.
boolean	canRead() Tests whether the ACL permits read access.
boolean	canWrite() Tests whether the ACL permits write access.
boolean	equals(ACL.Entry entry) Tests whether two ACL.Entry objects are equal, based on associated username and permission bits.
int	getPermissionsMask() Returns this entry's permission mask.
String	getUser() Returns the user or group name associated with this ACL entry.
void	setAdmin(boolean flag) Sets the ACL permission to accomodate administer rights for directories.
void	setDelete(boolean flag) Sets the ACL permission to accomodate delete access for directories.
void	setInsert(boolean flag) Sets the ACL permission to accomodate insert access for directories.
void	setLock(boolean flag) Sets the ACL permission to accomodate lock access for files.
void	setLookup(boolean flag) Sets the ACL permission to accomodate lookup access for directories.
void	setPermissions(int permissionsMask) Set this entry's permission bits according to the value of the permissionsMask specified.
void	setRead(boolean flag) Sets the ACL permission to accomodate read access for files.
void	setUser(String user) Sets the user or group name associated with this ACL entry.
void	setWrite(boolean flag) Sets the ACL permission to accomodate write access for files.
String	toString() Returns a String representation of this ACL.Entry

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

READ

public static final int READ

ACL Mask read constant

See Also:

Constant Field Values

WRITE

public static final int WRITE

ACL Mask write constant

See Also:

Constant Field Values

INSERT

public static final int INSERT

ACL Mask insert constant

See Also:

Constant Field Values

LOOKUP

public static final int LOOKUP

ACL Mask lookup constant

See Also:

Constant Field Values

DELETE

public static final int DELETE

ACL Mask delete constant

See Also:

Constant Field Values

LOCK

public static final int LOCK

ACL Mask lock constant

See Also:

Constant Field Values

ADMIN

public static final int ADMIN

ACL Mask administer constant

See Also:

Constant Field Values

Constructor Detail

ACL.Entry

public ACL.Entry()

Constructs a new ACL entry with all permission bits set to false.

ACL.Entry

public ACL.Entry(String user)

Constructs a new ACL entry with all permission bits set to false and sets the associated user or group name.

Parameters:

user - The user or group name associated with this entry

ACL.Entry

public ACL.Entry(int permissionsMask)

Constructs a new ACL entry setting each permission bit to its appropriate value according to the permissionsMask specified.

Parameters:

permissionsMask - An integer representation of the permissoin rights of this entry

See Also:

canRead(), canWrite(), canInsert(), canLookup(), canDelete(), canLock(), canAdmin()

ACL.Entry

public ACL.Entry(String user,
                 int permissionsMask)

Constructs a new ACL entry setting each permission bit to its appropriate value according to the permissionsMask specified and sets the associated user or group name.

Parameters:

permissionsMask - An integer representation of the permissoin rights of this entry

user - The username or group associated with this entry

See Also:

canRead(), canWrite(), canInsert(), canLookup(), canDelete(), canLock(), canAdmin(), setUser(java.lang.String)

Method Detail

setPermissions

public void setPermissions(int permissionsMask)

Set this entry's permission bits according to the value of the permissionsMask specified.

Parameters:

permissionsMask - An integer representation of the permissoin rights of this entry

See Also:

getPermissionsMask()

getPermissionsMask

public int getPermissionsMask()

Returns this entry's permission mask.

Permission Mask
01 - READ
02 - WRITE
04 - INSERT
08 - LOOKUP
16 - DELETE
32 - LOCK
64 - ADMIN

Any combination of the above mask values would equate to a valid combination of permission settings. For example, if the permission mask was 11, the ACL permissions would be as follows: read (1), write (2), and lookup (8).
[1 + 2 + 8 = 11]

Returns:

An integer representation (mask) of the permissoin rights of this entry

getUser

public String getUser()

Returns the user or group name associated with this ACL entry.

Returns:

String representation of the user or group name associated with this entry.

setUser

public void setUser(String user)

Sets the user or group name associated with this ACL entry.

Parameters:

user - representation of the user or group name associated with this entry.

canRead

public boolean canRead()

Tests whether the ACL permits read access.

This permission enables a user to read the contents of files in the directory and to obtain complete status information for the files (read/retrieve the file attributes).

File Permission
This permission is meaningful with respect to files in a directory, rather than the directory itself or its subdirectories.

Documentation reference: The AFS ACL Permissions

Returns:

true if and only if the ACL permits read access of files; false otherwise

setRead

public void setRead(boolean flag)

Sets the ACL permission to accomodate read access for files.

Parameters:

flag - boolean flag that denotes the permission bit for read access.

See Also:

canRead()

canLookup

public boolean canLookup()

Tests whether the ACL permits lookup access.

This permission functions as something of a gate keeper for access to the directory and its files, because a user must have it in order to exercise any other permissions. In particular, a user must have this permission to access anything in the directory's subdirectories, even if the ACL on a subdirectory grants extensive permissions.

This permission enables a user to list the names of the files and subdirectories in the directory (this does not permit read access to its respective entries), obtain complete status information for the directory element itself, and examine the directory's ACL.

This permission does not enable a user to read the contents of a file in the directory.

Similarly, this permission does not enable a user to lookup the contents of, obtain complete status information for, or examine the ACL of the subdirectory of the directory. Those operations require the lookup permission on the ACL of the subdirectory itself.

Directory Permission
This permission is meaningful with respect to the directory itself. For example, the insert permission (see: canInsert()) does not control addition of data to a file, but rather creation of a new file or subdirectory.

Documentation reference: The AFS ACL Permissions

Returns:

true if and only if the ACL permits lookup access for directories; false otherwise

setLookup

public void setLookup(boolean flag)

Sets the ACL permission to accomodate lookup access for directories.

Parameters:

flag - boolean flag that denotes the permission bit for lookup access.

See Also:

canLookup()

canInsert

public boolean canInsert()

Tests whether the ACL permits insert access.

This permission enables a user to add new files to the directory, either by creating or copying, and to create new subdirectories. It does not extend into any subdirectories, which are protected by their own ACLs.

Directory Permission
This permission is meaningful with respect to the directory itself. For example, the insert permission (see: canInsert()) does not control addition of data to a file, but rather creation of a new file or subdirectory.

Documentation reference: The AFS ACL Permissions

Returns:

true if and only if the ACL permits insert access for directories; false otherwise

setInsert

public void setInsert(boolean flag)

Sets the ACL permission to accomodate insert access for directories.

Parameters:

flag - boolean flag that denotes the permission bit for insert access.

See Also:

canInsert()

canDelete

public boolean canDelete()

Tests whether the ACL permits delete access.

This permission enables a user to remove files and subdirectories from the directory or move them into other directories (assuming that the user has the insert (see: canInsert()) permission on the ACL of the other directories).

Directory Permission
This permission is meaningful with respect to the directory itself. For example, the insert permission (see: canInsert()) does not control addition of data to a file, but rather creation of a new file or subdirectory.

Documentation reference: The AFS ACL Permissions

Returns:

true if and only if the ACL permits delete access for directories; false otherwise

setDelete

public void setDelete(boolean flag)

Sets the ACL permission to accomodate delete access for directories.

Parameters:

flag - boolean flag that denotes the permission bit for delete rights.

See Also:

canDelete()

canWrite

public boolean canWrite()

Tests whether the ACL permits write access.

This permission enables a user to modify the contents of files in the directory and to change their operating system specific mode bits.

File Permission
This permission is meaningful with respect to files in a directory, rather than the directory itself or its subdirectories.

Documentation reference: The AFS ACL Permissions

Returns:

true if and only if the ACL permits write access for files; false otherwise

setWrite

public void setWrite(boolean flag)

Sets the ACL permission to accomodate write access for files.

Parameters:

flag - boolean flag that denotes the permission bit for write access.

See Also:

canWrite()

canLock

public boolean canLock()

Tests whether the ACL permits the lock authority.

This permission enables the user to run programs that issue system calls to lock files in the directory.

File Permission
This permission is meaningful with respect to files in a directory, rather than the directory itself or its subdirectories.

Documentation reference: The AFS ACL Permissions

Returns:

true if and only if the ACL permits lock authority for files; false otherwise

setLock

public void setLock(boolean flag)

Sets the ACL permission to accomodate lock access for files.

Parameters:

flag - boolean flag that denotes the permission bit for lock rights.

See Also:

canLock()

canAdmin

public boolean canAdmin()

Tests whether the ACL permits administer access.

This permission enables a user to change the directory's ACL. Members of the system:administrators group implicitly have this permission on every directory (that is, even if that group does not appear on the ACL). Similarly, the owner of a directory implicitly has this permission on its ACL and those of all directories below it that he or she owns.

Directory Permission
This permission is meaningful with respect to the directory itself. For example, the insert permission (see: canInsert()) does not control addition of data to a file, but rather creation of a new file or subdirectory.

Documentation reference: The AFS ACL Permissions

Returns:

true if and only if the ACL permits administer access for directories; false otherwise

setAdmin

public void setAdmin(boolean flag)

Sets the ACL permission to accomodate administer rights for directories.

Parameters:

flag - boolean flag that denotes the permission bit for administer rights.

See Also:

canAdmin()

equals

public boolean equals(ACL.Entry entry)

Tests whether two ACL.Entry objects are equal, based on associated username and permission bits.

Parameters:

entry - the ACL.Entry to test

Returns:

whether the specifed ACL.Entry is the same as this ACL.Entry

toString

public String toString()

Returns a String representation of this ACL.Entry

Overrides:

toString in class Object

Returns:

a String representation of this ACL.Entry