Inheritance of Authorization
BackgroundThe system may either specify a node's access control list explicitly or the node may inherint its permission from an ancestor.
To make authorization efficient, each node has a permissions "benefactor" reference, which is a pointer the ancestor node have access control specified. This allows us to avoid "walking" the node hierarchy tree with every authorization check.
Classes/method
AuthorizationManager
- overrideInheritance(id): (1) clone permissions of the current benefactor (via UserGroupDAO); (2) change inheritance reference of 'id' and all of 'id's descendents to be id (via NodeInheritanceManager.setInherits(false, id)).
- restoreInheristance(id): (1) Change benefactor reference of 'id' and all 'id's descendents to be the benefactor reference of 'id's parent (via NodeInheritanceManager.setInherits(true, id)). (2) remove the explicit permissions for 'id'.
NodeManager
- setParent()
NodeInheritanceManager
- parentChanged(id)
- setInherits(boolean b, id)
if b==true: change inheritance reference of 'id' and all of 'id's descendents to be id
if b==false: Change benefactor reference of 'id' and all 'id's descendents to be the benefactor reference of 'id's parent