Skip to end of banner
Go to start of banner

Inheritance of Authorization

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Inheritance of Authorization

BackgroundThe system may either specify a node's access control list explicitly or the node may inherint its permission from an ancestor.

To make authorization efficient, each node has a permissions "benefactor" reference, which is a pointer the ancestor node have access control specified. This allows us to avoid "walking" the node hierarchy tree with every authorization check.

Classes/method

AuthorizationManager

- overrideInheritance(id): (1) clone permissions of the current benefactor (via UserGroupDAO); (2) change inheritance reference of 'id' and all of 'id's descendents to be id (via NodeInheritanceManager.setInherits(false, id)).

- restoreInheristance(id): (1) Change benefactor reference of 'id' and all 'id's descendents to be the benefactor reference of 'id's parent (via NodeInheritanceManager.setInherits(true, id)). (2) remove the explicit permissions for 'id'.

NodeManager

- setParent()

NodeInheritanceManager

- parentChanged(id)

- setInherits(boolean b, id)

if b==true: change inheritance reference of 'id' and all of 'id's descendents to be id

if b==false: Change benefactor reference of 'id' and all 'id's descendents to be the benefactor reference of 'id's parent

  • No labels