Interface SecurityControl.ScriptBuilder

Enclosing interface:
SecurityControl

public static interface SecurityControl.ScriptBuilder
A script builder may be used to create a script of commands to apply to the security store at the server.

Each method call on the builder adds a line to the script and then the script may be built using the script method which produces a String script which may be sent to the server using updateStore.

Such a builder may be created using the scriptBuilder method.

From Diffusion 6.5, script builders are no longer immutable. Each builder operation mutates this script builder and returns it.

  • Method Details

    • setRolesForAnonymousSessions

      SecurityControl.ScriptBuilder setRolesForAnonymousSessions(Set<String> roles)
      Sets the roles to be assigned by default to all anonymous sessions.
      Parameters:
      roles - the roles to be assigned to anonymous sessions. This may be empty which would mean that no roles are to be assigned by default to anonymous sessions.
      Returns:
      this builder, modified to set the roles for anonymous sessions
    • setRolesForNamedSessions

      SecurityControl.ScriptBuilder setRolesForNamedSessions(Set<String> roles)
      Sets the roles to be assigned by default to all named sessions.
      Parameters:
      roles - the roles to be assigned to all named sessions. This may be empty which would mean that no roles are to be assigned by default to named sessions.
      Returns:
      this builder, modified to set the roles for named sessions
    • setGlobalPermissions

      SecurityControl.ScriptBuilder setGlobalPermissions(String role, Set<GlobalPermission> permissions)
      Sets the global permissions to be assigned to a role.
      Parameters:
      role - the role
      permissions - the global permissions to assign to the role. This set may be empty, in which case the role will be assigned no global permissions.
      Returns:
      this builder, modified to set the global permissions for the role
    • setDefaultPathPermissions

      SecurityControl.ScriptBuilder setDefaultPathPermissions(String role, Set<PathPermission> permissions)
      Sets the default path permissions to be assigned to a role.

      The role will have the given permissions for all paths unless specifically overridden by path-scoped assignments.

      Parameters:
      role - the role
      permissions - the default permissions to assigned to the role. This may be empty, in which case the role will be assigned no default path permissions.
      Returns:
      this builder, modified to set the default path permissions for the role
    • setPathPermissions

      SecurityControl.ScriptBuilder setPathPermissions(String role, String path, Set<PathPermission> permissions)
      Sets specific path permissions to be assigned for a role for a path.
      Parameters:
      role - the role
      path - specifies the point in the path hierarchy at which the permissions are to be applied for the role
      permissions - the permissions to assign to the role for the path. This may be empty, in which case the role will have no permissions to the specified path, which is different from not having a permission assignment for the path (see removePathPermissions(String, String)).
      Returns:
      this builder, modified to set the path permissions for the role at the given path in the path hierarchy
    • isolatePath

      Set a path not to inherit path permissions from its parent paths or the default path permissions.

      By default, a path without specific path permission assignments inherits the permission assignments from the first parent path that has them. If neither the path nor any of its parent paths have permission assignments, the default path permissions are used.

      Parameters:
      path - the path
      Returns:
      this builder, modified to isolates the given path in the path hierarchy
      Since:
      6.5
    • deisolatePath

      Re-instate inheritance of path permission assignments from parents of the given path.
      Parameters:
      path - the path
      Returns:
      this builder, modified to re-instates the inheritance of path permission assignments from parents of the given path
      Since:
      6.5
      See Also:
    • removePathPermissions

      SecurityControl.ScriptBuilder removePathPermissions(String role, String path)
      Removes any path permissions previously assigned to a particular path for a given role.

      This is different from setting no path permissions for the path and role. By removing permissions set for a particular branch of the path hierarchy, the permissions become inherited from assignments made against parent paths in the hierarchy or from the default path permissions.

      Parameters:
      role - the role from which to remove path permissions
      path - the path for which permissions are to be removed
      Returns:
      this builder, modified to removes the path permissions for the role at the given point in the path hierarchy
    • setRoleIncludes

      SecurityControl.ScriptBuilder setRoleIncludes(String role, Set<String> includedRoles)
      Sets the roles that are to be included within a specified role.
      Parameters:
      role - the role
      includedRoles - the roles to include. This may be empty, which would mean that the given role should not include any other roles.
      Returns:
      this builder, modified to set the given role relationship
    • setRoleLockedByPrincipal

      SecurityControl.ScriptBuilder setRoleLockedByPrincipal(String role, String lockingPrincipal)
      Restrict a role so it can only be edited by a specific principal.
      Parameters:
      role - the role
      lockingPrincipal - the locking principal
      Returns:
      this builder, modified to locks a role to a single principal that can edit it
    • append

      Append all the operations of other to this ScriptBuilder.
      Returns:
      a combined script builder
      Since:
      6.0
    • script

      String script()
      Create a script.
      Returns:
      the script