com.microsoft.tfs.core.clients.security
Class FrameworkSecurityNamespace

java.lang.Object
  extended by com.microsoft.tfs.core.clients.security.SecurityNamespace
      extended by com.microsoft.tfs.core.clients.security.FrameworkSecurityNamespace

public class FrameworkSecurityNamespace
extends SecurityNamespace

Since:
TEE-SDK-11.0

Constructor Summary
FrameworkSecurityNamespace(TFSConnection connection, SecurityNamespaceDescription description)
           Creates an instance of the SecurityNamespace
 
Method Summary
 SecurityNamespaceDescription getDescription()
          
 boolean[] hasPermission(java.lang.String[] tokens, IdentityDescriptor descriptor, int requestedPermissions, boolean alwaysAllowAdministrators)
          Determines whether or not the supplied descriptor has the requested permissions for the given tokens
 boolean[] hasPermission(java.lang.String token, IdentityDescriptor[] descriptors, int requestedPermissions, boolean alwaysAllowAdministrators)
          Determines whether or not the supplied descriptor have the requested permissions for the given token.
 boolean[] hasPermission(java.lang.String token, IdentityDescriptor descriptor, int[] requestedPermissions, boolean alwaysAllowAdministrators)
          Determines whether or not the supplied descriptor has the requested permissions for the given token.
 boolean hasPermission(java.lang.String token, IdentityDescriptor descriptor, int requestedPermissions, boolean alwaysAllowAdministrators)
          Determines whether or not the supplied descriptor has the requested permissions for the given token.
 boolean hasWritePermission(java.lang.String token, int permissionsToChange)
          Determines whether or not the current authorized user has permission to change the permissions in permissionsToChange.
 boolean[] hasWritePermission(java.lang.String token, int[] permissionsToChange)
          Determines whether or not the current authorized user has permission to write the permissions in permissionsToChange.
 AccessControlListDetails queryAccessControlList(java.lang.String token, IdentityDescriptor[] descriptors, boolean includeExtendedInfo)
          In all cases: This method will query the AccessControlListDetails for the token specified.
 AccessControlListDetails[] queryAccessControlLists(java.lang.String token, IdentityDescriptor[] descriptors, boolean includeExtendedInfo, boolean recurse)
          In all cases: This method will query the AccessControlListDetails for the token specified.
 int queryEffectivePermissions(java.lang.String token, IdentityDescriptor descriptor)
          Returns the effective allowed permissions for the given descriptor.
 boolean removeAccessControlEntries(java.lang.String token, IdentityDescriptor[] descriptors)
          Removes all of the AccessControlEntries for the given descriptors that exist on the AccessControlListDetails that is associated with the provided token.
 boolean removeAccessControlEntry(java.lang.String token, IdentityDescriptor descriptor)
          Removes the AccessControlEntryDetails for the given descriptor that exists on the AccessControlListDetails that is associated with the provided token.
 boolean removeAccessControlLists(java.lang.String[] tokens, boolean recurse)
          Removes the AccessControlListDetails for the specified tokens.
 boolean removeAccessControlLists(java.lang.String token, boolean recurse)
          Removes the AccessControlListDetails for the specified token.
 AccessControlEntryDetails removePermissions(java.lang.String token, IdentityDescriptor descriptor, int permissionsToRemove)
          Removes the specified permission bits from the existing allows and denys for this descriptor.
 AccessControlEntryDetails[] setAccessControlEntries(java.lang.String token, AccessControlEntryDetails[] accessControlEntries, boolean merge)
          Sets the provided AccessControlEntries in this SecurityNamespace.
 AccessControlEntryDetails setAccessControlEntry(java.lang.String token, AccessControlEntryDetails accessControlEntry, boolean merge)
          Sets the provided AccessControlEntryDetails in this SecurityNamespace.
 void setAccessControlList(AccessControlListDetails accessControlList)
          Sets the AccessControlListDetails specified in the SecurityNamespace.
 void setAccessControlLists(AccessControlListDetails[] accessControlLists)
          Sets the AccessControlListDetailss specified in the SecurityNamespace.
 void setInheritFlag(java.lang.String token, boolean inherit)
          Sets whether or not an AccessControlListDetails should inherit permissions from its parents.
 AccessControlEntryDetails setPermissions(java.lang.String token, IdentityDescriptor descriptor, int allow, int deny, boolean merge)
          Sets a permission for the descriptor in this SecurityNamespace.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

FrameworkSecurityNamespace

public FrameworkSecurityNamespace(TFSConnection connection,
                                  SecurityNamespaceDescription description)

Creates an instance of the SecurityNamespace

Parameters:
connection - the TFSConnection to use (must not be null)
description - The description this object should be built from.
Method Detail

getDescription

public SecurityNamespaceDescription getDescription()

Specified by:
getDescription in class SecurityNamespace
Returns:
a copy of the description for this SecurityNamespace.

hasPermission

public boolean hasPermission(java.lang.String token,
                             IdentityDescriptor descriptor,
                             int requestedPermissions,
                             boolean alwaysAllowAdministrators)
Description copied from class: SecurityNamespace
Determines whether or not the supplied descriptor has the requested permissions for the given token.

Specified by:
hasPermission in class SecurityNamespace
Parameters:
token - The security token to perform the check on
descriptor - The descriptor to perform the security check for
requestedPermissions - The permissions being requested
alwaysAllowAdministrators - True if administrators should always be gratned these permissions
Returns:
True if the supplied descriptor has the requested permissions for the given token. False otherwise

hasPermission

public boolean[] hasPermission(java.lang.String[] tokens,
                               IdentityDescriptor descriptor,
                               int requestedPermissions,
                               boolean alwaysAllowAdministrators)
Description copied from class: SecurityNamespace
Determines whether or not the supplied descriptor has the requested permissions for the given tokens

Specified by:
hasPermission in class SecurityNamespace
Parameters:
tokens - The security tokens to perform the check on
descriptor - The descriptor to perform the security check for
requestedPermissions - The permissions being requested
alwaysAllowAdministrators - The permissions being requested
Returns:
A collection of booleans where a value of true indicates that the supplied descriptor has permission to the passed in token. Note that the returned collection will be the same size and in the same order as the passed in collection of tokens.

hasPermission

public boolean[] hasPermission(java.lang.String token,
                               IdentityDescriptor[] descriptors,
                               int requestedPermissions,
                               boolean alwaysAllowAdministrators)
Description copied from class: SecurityNamespace
Determines whether or not the supplied descriptor have the requested permissions for the given token.

Specified by:
hasPermission in class SecurityNamespace
Parameters:
token - The security token to perform the check on
requestedPermissions - The permissions being requested
alwaysAllowAdministrators - The permissions being requested
Returns:
A collection of booleans where a value of true indicates that the supplied descriptors has permission to the passed in token. Note that the returned collection will be the same size and in the same order as the passed in collection of descriptors.

hasPermission

public boolean[] hasPermission(java.lang.String token,
                               IdentityDescriptor descriptor,
                               int[] requestedPermissions,
                               boolean alwaysAllowAdministrators)
Description copied from class: SecurityNamespace
Determines whether or not the supplied descriptor has the requested permissions for the given token.

Specified by:
hasPermission in class SecurityNamespace
Parameters:
token - The security token to perform the check on.
descriptor - The descriptor to perform the security check for.
requestedPermissions - The permissions being requested.
alwaysAllowAdministrators - True if administrators should always be gratned these permissions.
Returns:
A collection of booleans where a value of true indicates that the supplied descriptors has permission to the passed in token. Note that the returned collection will be the same size and in the same order as the passed in collection of permissions.

hasWritePermission

public boolean hasWritePermission(java.lang.String token,
                                  int permissionsToChange)
Description copied from class: SecurityNamespace
Determines whether or not the current authorized user has permission to change the permissions in permissionsToChange.

Specified by:
hasWritePermission in class SecurityNamespace
Parameters:
token - The token to check write permissions on.
permissionsToChange - The permission bits that the authorized user may want to change.
Returns:
True if the currently authorized user has permission to change the permissions in permissionsToChange.

hasWritePermission

public boolean[] hasWritePermission(java.lang.String token,
                                    int[] permissionsToChange)
Description copied from class: SecurityNamespace
Determines whether or not the current authorized user has permission to write the permissions in permissionsToChange.

Specified by:
hasWritePermission in class SecurityNamespace
Parameters:
token - The token to check write permissions on.
permissionsToChange - The permission bits that the authorized user may want to change.
Returns:
A collection of booleans indicating whether or not the current authorized user has permission to change the bits passed in. Note that the returned collection will be the same size and in the same order as the passed in collection of permissions.

removeAccessControlLists

public boolean removeAccessControlLists(java.lang.String token,
                                        boolean recurse)
Description copied from class: SecurityNamespace
Removes the AccessControlListDetails for the specified token.

Specified by:
removeAccessControlLists in class SecurityNamespace
Parameters:
token - The token whose AccessControlListDetails is to be removed from this SecurityNamespace.
recurse - True if all of the children below the provided token should also be removed.
Returns:
True if something was removed. False otherwise.

removeAccessControlLists

public boolean removeAccessControlLists(java.lang.String[] tokens,
                                        boolean recurse)
Description copied from class: SecurityNamespace
Removes the AccessControlListDetails for the specified tokens.

Specified by:
removeAccessControlLists in class SecurityNamespace
Parameters:
tokens - The tokens whose AccessControlListDetailss are to be removed from this SecurityNamespace.
recurse - True if all of the children below the provided tokens should also be removed.
Returns:
True if something was removed. False otherwise.

removeAccessControlEntries

public boolean removeAccessControlEntries(java.lang.String token,
                                          IdentityDescriptor[] descriptors)
Description copied from class: SecurityNamespace
Removes all of the AccessControlEntries for the given descriptors that exist on the AccessControlListDetails that is associated with the provided token. This function will not throw an exception if either the token or descriptor cannot be found.

Specified by:
removeAccessControlEntries in class SecurityNamespace
Parameters:
token - The token for the AccessControlListDetails on which to remove the AccessControlEntries.
descriptors - Descriptors for the identities that should have their AccessControlEntryDetails removed.
Returns:
True if something was removed.

removeAccessControlEntry

public boolean removeAccessControlEntry(java.lang.String token,
                                        IdentityDescriptor descriptor)
Description copied from class: SecurityNamespace
Removes the AccessControlEntryDetails for the given descriptor that exists on the AccessControlListDetails that is associated with the provided token. This function will not throw an exception if either the token or descriptor cannot be found.

Specified by:
removeAccessControlEntry in class SecurityNamespace
Parameters:
token - The token for the AccessControlListDetails on which to remove the AccessControlEntryDetails.
descriptor - Descriptor for the identity that should have its AccessControlEntryDetails removed.
Returns:
True if something was removed.

removePermissions

public AccessControlEntryDetails removePermissions(java.lang.String token,
                                                   IdentityDescriptor descriptor,
                                                   int permissionsToRemove)
Description copied from class: SecurityNamespace
Removes the specified permission bits from the existing allows and denys for this descriptor. If no existing AccessControlEntryDetails is found for this descriptor then nothing is done and an empty AccessControlListDetails is returned. This function will not throw an exception if either the token or descriptor cannot be found.

Specified by:
removePermissions in class SecurityNamespace
Parameters:
token - The token for the AccessControlListDetails to remove the permissions from.
descriptor - The descriptor to remove the permissions for.
permissionsToRemove - The permission bits to remove.
Returns:
The updated AccessControlEntryDetails after removing the permissions.

setPermissions

public AccessControlEntryDetails setPermissions(java.lang.String token,
                                                IdentityDescriptor descriptor,
                                                int allow,
                                                int deny,
                                                boolean merge)
Description copied from class: SecurityNamespace
Sets a permission for the descriptor in this SecurityNamespace.

Specified by:
setPermissions in class SecurityNamespace
Parameters:
token - The token for the AccessControlListDetails to set the permissions on.
descriptor - The descriptor to set the permissions for.
allow - The allowed permissions to set.
deny - The denied permissions to set.
merge - If merge is true and a preexisting AccessControlEntryDetails for the descriptor is found the two permissions will be merged. When merging permissions, if there is a conflict, the new permissions will take precedence over the old permissions. If merge is false and a preexisting AccessControlEntryDetails for the descriptor is found it will be dropped and the passed in permissions will be the only permissions that remain for this descriptor on this AccessControlListDetails.
Returns:
The new or updated AccessControlEnty that was set in the SecurityNamespace.

setAccessControlEntry

public AccessControlEntryDetails setAccessControlEntry(java.lang.String token,
                                                       AccessControlEntryDetails accessControlEntry,
                                                       boolean merge)
Description copied from class: SecurityNamespace
Sets the provided AccessControlEntryDetails in this SecurityNamespace.

Specified by:
setAccessControlEntry in class SecurityNamespace
Parameters:
token - The token for the AccessControlListDetails to set the permissions on.
accessControlEntry - The AccessControlEntryDetails to set in the SecurityNamespace.
merge - If merge is true and a preexisting AccessControlEntryDetails for the descriptor is found the two permissions will be merged. When merging permissions, if there is a conflict, the new permissions will take precedence over the old permissions. If merge is false and a preexisting AccessControlEntryDetails for the descriptor is found it will be dropped and the passed in permissions will be the only permissions that remain for this descriptor on this AccessControlListDetails.
Returns:
The new or updated permission that was set in the SecurityNamespace.

setAccessControlEntries

public AccessControlEntryDetails[] setAccessControlEntries(java.lang.String token,
                                                           AccessControlEntryDetails[] accessControlEntries,
                                                           boolean merge)
Description copied from class: SecurityNamespace
Sets the provided AccessControlEntries in this SecurityNamespace.

Specified by:
setAccessControlEntries in class SecurityNamespace
Parameters:
token - The token for the AccessControlListDetails to set the AccessControlEntryDetails on.
accessControlEntries - The AccessControlEntries to set in the SecurityNamespace.
merge - If merge is true and a preexisting AccessControlEntryDetails for the descriptor is found the two AccessControlEntries will be merged. When merging AccessControlEntries, if there is a conflict in permissions, the new permissions will take precedence over the old permissions. If merge is false and a preexisting AccessControlEntryDetails for the descriptor is found it will be dropped and the passed in AccessControlEntryDetails will be the only AccessControlEntryDetails that remain for this descriptor on this AccessControlListDetails.
Returns:
The new or updated AccessControlEntires that were set in the SecurityNamespace.

setAccessControlLists

public void setAccessControlLists(AccessControlListDetails[] accessControlLists)
Description copied from class: SecurityNamespace
Sets the AccessControlListDetailss specified in the SecurityNamespace. Setting an AccessControlListDetails will always overwrite an existing AccessControlListDetails if one exists.

Specified by:
setAccessControlLists in class SecurityNamespace
Parameters:
accessControlLists - The AccessControlListDetailss to set in the SecurityNamespace.

setAccessControlList

public void setAccessControlList(AccessControlListDetails accessControlList)
Description copied from class: SecurityNamespace
Sets the AccessControlListDetails specified in the SecurityNamespace. Setting an AccessControlListDetails will always overwrite an existing AccessControlListDetails if one exists.

Specified by:
setAccessControlList in class SecurityNamespace
Parameters:
accessControlList - The AccessControlListDetails to set in the SecurityNamespace.

queryAccessControlLists

public AccessControlListDetails[] queryAccessControlLists(java.lang.String token,
                                                          IdentityDescriptor[] descriptors,
                                                          boolean includeExtendedInfo,
                                                          boolean recurse)
Description copied from class: SecurityNamespace
In all cases: This method will query the AccessControlListDetails for the token specified. It will return AccessControlEntryDetails information for the descriptors that are supplied or all descriptors if null is supplied for the descriptors parameter.

Specified by:
queryAccessControlLists in class SecurityNamespace
Parameters:
token - The token for the AccessControlListDetails to query permissions for.
descriptors - The descriptors that are to have permission information retrieved about. If this is left null, all descriptors will be considered.
includeExtendedInfo - If includeExtendedInfo is false: All of the ExtendedInfo properties for the returned AccessControlEntryDetails objects will be null. If includeExtendedInfo is true: All of the ExtendedInfo properties for the returned AccessControlEntryDetails objects will contain references to valid AceExtendedInformation objects. If the descriptors parameter is null, this function will return AccessControlEntries for all descriptors that have explicit or inherited permissions on them.
recurse - If recurse is true and this is a hierarchical namespace: Information about the tokens that exist below the specified token passed in the SecurityNamespace will be returned as well.
Returns:
AccessControlListDetailss for the information passed in.

queryAccessControlList

public AccessControlListDetails queryAccessControlList(java.lang.String token,
                                                       IdentityDescriptor[] descriptors,
                                                       boolean includeExtendedInfo)
Description copied from class: SecurityNamespace
In all cases: This method will query the AccessControlListDetails for the token specified. It will return AccessControlEntryDetails information on the descriptors that are supplied or all descriptors if null is supplied for the descriptors parameter.

Specified by:
queryAccessControlList in class SecurityNamespace
Parameters:
token - The token for the AccessControlListDetails to query permissions for.
descriptors - The descriptors that are to have permission information retrieved about. If this is left null, all descriptors will be considered.
includeExtendedInfo - If includeExtendedInfo is false: All of the ExtendedInfo properties for the returned AccessControlEntryDetails objects will be null. If includeExtendedInfo is true: All of the ExtendedInfo properties for the returned AccessControlEntryDetails objects will contain references to valid AceExtendedInformation objects. If the descriptors parameter is null, this function will return AccessControlEntries for all descriptors that have explicit or inherited permissions on them.
Returns:
AccessControlListDetailss for the information passed in.

queryEffectivePermissions

public int queryEffectivePermissions(java.lang.String token,
                                     IdentityDescriptor descriptor)
Description copied from class: SecurityNamespace
Returns the effective allowed permissions for the given descriptor.

Specified by:
queryEffectivePermissions in class SecurityNamespace
Parameters:
token - The token for the AccessControlListDetails we are querying permissions on.
descriptor - The descriptor to query permissions for.
Returns:
The effective allowed permissions for the descriptor.

setInheritFlag

public void setInheritFlag(java.lang.String token,
                           boolean inherit)
Description copied from class: SecurityNamespace
Sets whether or not an AccessControlListDetails should inherit permissions from its parents.

Specified by:
setInheritFlag in class SecurityNamespace
Parameters:
token - The token for the AccessControlListDetails to set the inherit flag on.
inherit - True if it should inherit permissions.


© 2015 Microsoft. All rights reserved.