com.microsoft.tfs.core.clients.security
Class SecurityNamespace

java.lang.Object
  extended by com.microsoft.tfs.core.clients.security.SecurityNamespace
Direct Known Subclasses:
FrameworkSecurityNamespace

public abstract class SecurityNamespace
extends java.lang.Object

Class for managing and enforcing security for a set of AccessControlListDetailss.


Constructor Summary
SecurityNamespace()
           
 
Method Summary
abstract  SecurityNamespaceDescription getDescription()
           
abstract  boolean[] hasPermission(java.lang.String[] tokens, IdentityDescriptor descriptor, int requestedPermissions, boolean alwaysAllowAdministrators)
          Determines whether or not the supplied descriptor has the requested permissions for the given tokens
abstract  boolean[] hasPermission(java.lang.String token, IdentityDescriptor[] descriptors, int requestedPermissions, boolean alwaysAllowAdministrators)
          Determines whether or not the supplied descriptor have the requested permissions for the given token.
abstract  boolean[] hasPermission(java.lang.String token, IdentityDescriptor descriptor, int[] requestedPermissions, boolean alwaysAllowAdministrators)
          Determines whether or not the supplied descriptor has the requested permissions for the given token.
abstract  boolean hasPermission(java.lang.String token, IdentityDescriptor descriptor, int requestedPermissions, boolean alwaysAllowAdministrators)
          Determines whether or not the supplied descriptor has the requested permissions for the given token.
abstract  boolean hasWritePermission(java.lang.String token, int permissionsToChange)
          Determines whether or not the current authorized user has permission to change the permissions in permissionsToChange.
abstract  boolean[] hasWritePermission(java.lang.String token, int[] permissionsToChange)
          Determines whether or not the current authorized user has permission to write the permissions in permissionsToChange.
abstract  AccessControlListDetails queryAccessControlList(java.lang.String token, IdentityDescriptor[] descriptors, boolean includeExtendedInfo)
          In all cases: This method will query the AccessControlListDetails for the token specified.
abstract  AccessControlListDetails[] queryAccessControlLists(java.lang.String token, IdentityDescriptor[] descriptors, boolean includeExtendedInfo, boolean recurse)
          In all cases: This method will query the AccessControlListDetails for the token specified.
abstract  int queryEffectivePermissions(java.lang.String token, IdentityDescriptor descriptor)
          Returns the effective allowed permissions for the given descriptor.
abstract  boolean removeAccessControlEntries(java.lang.String token, IdentityDescriptor[] descriptors)
          Removes all of the AccessControlEntries for the given descriptors that exist on the AccessControlListDetails that is associated with the provided token.
abstract  boolean removeAccessControlEntry(java.lang.String token, IdentityDescriptor descriptor)
          Removes the AccessControlEntryDetails for the given descriptor that exists on the AccessControlListDetails that is associated with the provided token.
abstract  boolean removeAccessControlLists(java.lang.String[] tokens, boolean recurse)
          Removes the AccessControlListDetails for the specified tokens.
abstract  boolean removeAccessControlLists(java.lang.String token, boolean recurse)
          Removes the AccessControlListDetails for the specified token.
abstract  AccessControlEntryDetails removePermissions(java.lang.String token, IdentityDescriptor descriptor, int permissionsToRemove)
          Removes the specified permission bits from the existing allows and denys for this descriptor.
abstract  AccessControlEntryDetails[] setAccessControlEntries(java.lang.String token, AccessControlEntryDetails[] accessControlEntries, boolean merge)
          Sets the provided AccessControlEntries in this SecurityNamespace.
abstract  AccessControlEntryDetails setAccessControlEntry(java.lang.String token, AccessControlEntryDetails AccessControlEntryDetails, boolean merge)
          Sets the provided AccessControlEntryDetails in this SecurityNamespace.
abstract  void setAccessControlList(AccessControlListDetails AccessControlListDetails)
          Sets the AccessControlListDetails specified in the SecurityNamespace.
abstract  void setAccessControlLists(AccessControlListDetails[] AccessControlListDetailss)
          Sets the AccessControlListDetailss specified in the SecurityNamespace.
abstract  void setInheritFlag(java.lang.String token, boolean inherit)
          Sets whether or not an AccessControlListDetails should inherit permissions from its parents.
abstract  AccessControlEntryDetails setPermissions(java.lang.String token, IdentityDescriptor descriptor, int allow, int deny, boolean merge)
          Sets a permission for the descriptor in this SecurityNamespace.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SecurityNamespace

public SecurityNamespace()
Method Detail

getDescription

public abstract SecurityNamespaceDescription getDescription()
Returns:
a copy of the description for this SecurityNamespace.

hasPermission

public abstract boolean hasPermission(java.lang.String token,
                                      IdentityDescriptor descriptor,
                                      int requestedPermissions,
                                      boolean alwaysAllowAdministrators)
Determines whether or not the supplied descriptor has the requested permissions for the given token.

Parameters:
token - The security token to perform the check on
descriptor - The descriptor to perform the security check for
requestedPermissions - The permissions being requested
alwaysAllowAdministrators - True if administrators should always be gratned these permissions
Returns:
True if the supplied descriptor has the requested permissions for the given token. False otherwise

hasPermission

public abstract boolean[] hasPermission(java.lang.String[] tokens,
                                        IdentityDescriptor descriptor,
                                        int requestedPermissions,
                                        boolean alwaysAllowAdministrators)
Determines whether or not the supplied descriptor has the requested permissions for the given tokens

Parameters:
tokens - The security tokens to perform the check on
descriptor - The descriptor to perform the security check for
requestedPermissions - The permissions being requested
alwaysAllowAdministrators - The permissions being requested
Returns:
A collection of booleans where a value of true indicates that the supplied descriptor has permission to the passed in token. Note that the returned collection will be the same size and in the same order as the passed in collection of tokens.

hasPermission

public abstract boolean[] hasPermission(java.lang.String token,
                                        IdentityDescriptor[] descriptors,
                                        int requestedPermissions,
                                        boolean alwaysAllowAdministrators)
Determines whether or not the supplied descriptor have the requested permissions for the given token.

Parameters:
token - The security token to perform the check on
descriptor - The descriptor to perform the security check for
requestedPermissions - The permissions being requested
alwaysAllowAdministrators - The permissions being requested
Returns:
A collection of booleans where a value of true indicates that the supplied descriptors has permission to the passed in token. Note that the returned collection will be the same size and in the same order as the passed in collection of descriptors.

hasPermission

public abstract boolean[] hasPermission(java.lang.String token,
                                        IdentityDescriptor descriptor,
                                        int[] requestedPermissions,
                                        boolean alwaysAllowAdministrators)
Determines whether or not the supplied descriptor has the requested permissions for the given token.

Parameters:
token - The security token to perform the check on.
descriptor - The descriptor to perform the security check for.
requestedPermissions - The permissions being requested.
alwaysAllowAdministrators - True if administrators should always be gratned these permissions.
Returns:
A collection of booleans where a value of true indicates that the supplied descriptors has permission to the passed in token. Note that the returned collection will be the same size and in the same order as the passed in collection of permissions.

hasWritePermission

public abstract boolean hasWritePermission(java.lang.String token,
                                           int permissionsToChange)
Determines whether or not the current authorized user has permission to change the permissions in permissionsToChange.

Parameters:
token - The token to check write permissions on.
permissionsToChange - The permission bits that the authorized user may want to change.
Returns:
True if the currently authorized user has permission to change the permissions in permissionsToChange.

hasWritePermission

public abstract boolean[] hasWritePermission(java.lang.String token,
                                             int[] permissionsToChange)
Determines whether or not the current authorized user has permission to write the permissions in permissionsToChange.

Parameters:
token - The token to check write permissions on.
permissionsToChange - The permission bits that the authorized user may want to change.
Returns:
A collection of booleans indicating whether or not the current authorized user has permission to change the bits passed in. Note that the returned collection will be the same size and in the same order as the passed in collection of permissions.

removeAccessControlLists

public abstract boolean removeAccessControlLists(java.lang.String token,
                                                 boolean recurse)
Removes the AccessControlListDetails for the specified token.

Parameters:
token - The token whose AccessControlListDetails is to be removed from this SecurityNamespace.
recurse - True if all of the children below the provided token should also be removed.
Returns:
True if something was removed. False otherwise.

removeAccessControlLists

public abstract boolean removeAccessControlLists(java.lang.String[] tokens,
                                                 boolean recurse)
Removes the AccessControlListDetails for the specified tokens.

Parameters:
tokens - The tokens whose AccessControlListDetailss are to be removed from this SecurityNamespace.
recurse - True if all of the children below the provided tokens should also be removed.
Returns:
True if something was removed. False otherwise.

removeAccessControlEntries

public abstract boolean removeAccessControlEntries(java.lang.String token,
                                                   IdentityDescriptor[] descriptors)
Removes all of the AccessControlEntries for the given descriptors that exist on the AccessControlListDetails that is associated with the provided token. This function will not throw an exception if either the token or descriptor cannot be found.

Parameters:
token - The token for the AccessControlListDetails on which to remove the AccessControlEntries.
descriptors - Descriptors for the identities that should have their AccessControlEntryDetails removed.
Returns:
True if something was removed.

removeAccessControlEntry

public abstract boolean removeAccessControlEntry(java.lang.String token,
                                                 IdentityDescriptor descriptor)
Removes the AccessControlEntryDetails for the given descriptor that exists on the AccessControlListDetails that is associated with the provided token. This function will not throw an exception if either the token or descriptor cannot be found.

Parameters:
token - The token for the AccessControlListDetails on which to remove the AccessControlEntryDetails.
descriptor - Descriptor for the identity that should have its AccessControlEntryDetails removed.
Returns:
True if something was removed.

removePermissions

public abstract AccessControlEntryDetails removePermissions(java.lang.String token,
                                                            IdentityDescriptor descriptor,
                                                            int permissionsToRemove)
Removes the specified permission bits from the existing allows and denys for this descriptor. If no existing AccessControlEntryDetails is found for this descriptor then nothing is done and an empty AccessControlListDetails is returned. This function will not throw an exception if either the token or descriptor cannot be found.

Parameters:
token - The token for the AccessControlListDetails to remove the permissions from.
descriptor - The descriptor to remove the permissions for.
permissionsToRemove - The permission bits to remove.
Returns:
The updated AccessControlEntryDetails after removing the permissions.

setPermissions

public abstract AccessControlEntryDetails setPermissions(java.lang.String token,
                                                         IdentityDescriptor descriptor,
                                                         int allow,
                                                         int deny,
                                                         boolean merge)
Sets a permission for the descriptor in this SecurityNamespace.

Parameters:
token - The token for the AccessControlListDetails to set the permissions on.
descriptor - The descriptor to set the permissions for.
allow - The allowed permissions to set.
deny - The denied permissions to set.
merge - If merge is true and a preexisting AccessControlEntryDetails for the descriptor is found the two permissions will be merged. When merging permissions, if there is a conflict, the new permissions will take precedence over the old permissions. If merge is false and a preexisting AccessControlEntryDetails for the descriptor is found it will be dropped and the passed in permissions will be the only permissions that remain for this descriptor on this AccessControlListDetails.
Returns:
The new or updated AccessControlEnty that was set in the SecurityNamespace.

setAccessControlEntry

public abstract AccessControlEntryDetails setAccessControlEntry(java.lang.String token,
                                                                AccessControlEntryDetails AccessControlEntryDetails,
                                                                boolean merge)
Sets the provided AccessControlEntryDetails in this SecurityNamespace.

Parameters:
token - The token for the AccessControlListDetails to set the permissions on.
AccessControlEntryDetails - The AccessControlEntryDetails to set in the SecurityNamespace.
merge - If merge is true and a preexisting AccessControlEntryDetails for the descriptor is found the two permissions will be merged. When merging permissions, if there is a conflict, the new permissions will take precedence over the old permissions. If merge is false and a preexisting AccessControlEntryDetails for the descriptor is found it will be dropped and the passed in permissions will be the only permissions that remain for this descriptor on this AccessControlListDetails.
Returns:
The new or updated permission that was set in the SecurityNamespace.

setAccessControlEntries

public abstract AccessControlEntryDetails[] setAccessControlEntries(java.lang.String token,
                                                                    AccessControlEntryDetails[] accessControlEntries,
                                                                    boolean merge)
Sets the provided AccessControlEntries in this SecurityNamespace.

Parameters:
token - The token for the AccessControlListDetails to set the AccessControlEntryDetails on.
accessControlEntries - The AccessControlEntries to set in the SecurityNamespace.
merge - If merge is true and a preexisting AccessControlEntryDetails for the descriptor is found the two AccessControlEntries will be merged. When merging AccessControlEntries, if there is a conflict in permissions, the new permissions will take precedence over the old permissions. If merge is false and a preexisting AccessControlEntryDetails for the descriptor is found it will be dropped and the passed in AccessControlEntryDetails will be the only AccessControlEntryDetails that remain for this descriptor on this AccessControlListDetails.
Returns:
The new or updated AccessControlEntires that were set in the SecurityNamespace.

setAccessControlList

public abstract void setAccessControlList(AccessControlListDetails AccessControlListDetails)
Sets the AccessControlListDetails specified in the SecurityNamespace. Setting an AccessControlListDetails will always overwrite an existing AccessControlListDetails if one exists.

Parameters:
AccessControlListDetails - The AccessControlListDetails to set in the SecurityNamespace.

setAccessControlLists

public abstract void setAccessControlLists(AccessControlListDetails[] AccessControlListDetailss)
Sets the AccessControlListDetailss specified in the SecurityNamespace. Setting an AccessControlListDetails will always overwrite an existing AccessControlListDetails if one exists.

Parameters:
AccessControlListDetailss - The AccessControlListDetailss to set in the SecurityNamespace.

queryAccessControlLists

public abstract AccessControlListDetails[] queryAccessControlLists(java.lang.String token,
                                                                   IdentityDescriptor[] descriptors,
                                                                   boolean includeExtendedInfo,
                                                                   boolean recurse)
In all cases: This method will query the AccessControlListDetails for the token specified. It will return AccessControlEntryDetails information for the descriptors that are supplied or all descriptors if null is supplied for the descriptors parameter.

Parameters:
token - The token for the AccessControlListDetails to query permissions for.
descriptors - The descriptors that are to have permission information retrieved about. If this is left null, all descriptors will be considered.
includeExtendedInfo - If includeExtendedInfo is false: All of the ExtendedInfo properties for the returned AccessControlEntryDetails objects will be null. If includeExtendedInfo is true: All of the ExtendedInfo properties for the returned AccessControlEntryDetails objects will contain references to valid AceExtendedInformation objects. If the descriptors parameter is null, this function will return AccessControlEntries for all descriptors that have explicit or inherited permissions on them.
recurse - If recurse is true and this is a hierarchical namespace: Information about the tokens that exist below the specified token passed in the SecurityNamespace will be returned as well.
Returns:
AccessControlListDetailss for the information passed in.

queryAccessControlList

public abstract AccessControlListDetails queryAccessControlList(java.lang.String token,
                                                                IdentityDescriptor[] descriptors,
                                                                boolean includeExtendedInfo)
In all cases: This method will query the AccessControlListDetails for the token specified. It will return AccessControlEntryDetails information on the descriptors that are supplied or all descriptors if null is supplied for the descriptors parameter.

Parameters:
token - The token for the AccessControlListDetails to query permissions for.
descriptors - The descriptors that are to have permission information retrieved about. If this is left null, all descriptors will be considered.
includeExtendedInfo - If includeExtendedInfo is false: All of the ExtendedInfo properties for the returned AccessControlEntryDetails objects will be null. If includeExtendedInfo is true: All of the ExtendedInfo properties for the returned AccessControlEntryDetails objects will contain references to valid AceExtendedInformation objects. If the descriptors parameter is null, this function will return AccessControlEntries for all descriptors that have explicit or inherited permissions on them.
Returns:
AccessControlListDetailss for the information passed in.

queryEffectivePermissions

public abstract int queryEffectivePermissions(java.lang.String token,
                                              IdentityDescriptor descriptor)
Returns the effective allowed permissions for the given descriptor.

Parameters:
token - The token for the AccessControlListDetails we are querying permissions on.
descriptor - The descriptor to query permissions for.
Returns:
The effective allowed permissions for the descriptor.

setInheritFlag

public abstract void setInheritFlag(java.lang.String token,
                                    boolean inherit)
Sets whether or not an AccessControlListDetails should inherit permissions from its parents.

Parameters:
token - The token for the AccessControlListDetails to set the inherit flag on.
inherit - True if it should inherit permissions.


© 2015 Microsoft. All rights reserved.