001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *  
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *  
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License. 
018 *  
019 */
020package org.apache.directory.api.ldap.aci;
021
022
023import java.util.ArrayList;
024import java.util.Collection;
025import java.util.Collections;
026import java.util.HashSet;
027import java.util.Set;
028
029import org.apache.directory.api.i18n.I18n;
030import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
031
032
033/**
034 * A flatten entity which is converted from an {@link ACIItem}. The tuples are
035 * accepted by ACDF (Access Control Decision Function, 18.8, X.501)
036 * 
037 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
038 */
039public class ACITuple
040{
041    /** The collection of {@link UserClass}es this tuple relates to **/
042    private final Collection<UserClass> userClasses;
043
044    /** The level of authentication required */
045    private final AuthenticationLevel authenticationLevel;
046
047    /** The collection of {@link ProtectedItem}s this tuple relates */
048    private final Collection<ProtectedItem> protectedItems;
049
050    /** The set of {@link MicroOperation}s this tuple relates */
051    private final Set<MicroOperation> microOperations;
052
053    /** Tells if this tuple grant some access */
054    private final boolean grant;
055
056    /** The precedence for this tuple */
057    private final Integer precedence;
058
059
060    /**
061     * Creates a new instance.
062     * 
063     * @param userClasses the collection of {@link UserClass}es this tuple relates to
064     * @param authenticationLevel the level of authentication required
065     * @param protectedItems the collection of {@link ProtectedItem}s this tuple relates
066     * @param microOperations the collection of {@link MicroOperation}s this tuple relates
067     * @param grant <tt>true</tt> if and only if this tuple grants an access
068     * @param precedence the precedence of this tuple (<tt>0</tt>-<tt>255</tt>)
069     */
070    public ACITuple(
071        Collection<UserClass> userClasses,
072        AuthenticationLevel authenticationLevel,
073        Collection<ProtectedItem> protectedItems,
074        Collection<MicroOperation> microOperations,
075        boolean grant,
076        Integer precedence )
077    {
078        if ( authenticationLevel == null )
079        {
080            throw new IllegalArgumentException( I18n.err( I18n.ERR_04003_NULL_AUTHENTICATION_LEVEL ) );
081        }
082
083        if ( precedence < 0 || precedence > 255 )
084        {
085            throw new IllegalArgumentException( I18n.err( I18n.ERR_04002_BAD_PRECENDENCE, precedence ) );
086        }
087
088        this.userClasses = Collections.unmodifiableCollection( new ArrayList<UserClass>( userClasses ) );
089        this.authenticationLevel = authenticationLevel;
090        this.protectedItems = Collections.unmodifiableCollection( new ArrayList<ProtectedItem>( protectedItems ) );
091        this.microOperations = Collections.unmodifiableSet( new HashSet<MicroOperation>( microOperations ) );
092        this.grant = grant;
093        this.precedence = precedence;
094    }
095
096
097    /**
098     * Gets the collection of {@link UserClass}es this tuple relates to.
099     *
100     * @return the collection of {@link UserClass}es
101     */
102    public Collection<UserClass> getUserClasses()
103    {
104        return userClasses;
105    }
106
107
108    /**
109     * Gets the level of authentication required.
110     *
111     * @return the authentication level
112     */
113    public AuthenticationLevel getAuthenticationLevel()
114    {
115        return authenticationLevel;
116    }
117
118
119    /**
120     * Gets the collection of {@link ProtectedItem}s this tuple relates.
121     *
122     * @return the collection of {@link ProtectedItem}s
123     */
124    public Collection<ProtectedItem> getProtectedItems()
125    {
126        return protectedItems;
127    }
128
129
130    /**
131     * Gets the collection of {@link MicroOperation}s this tuple relates.
132     *
133     * @return the collection of {@link MicroOperation}s
134     */
135    public Collection<MicroOperation> getMicroOperations()
136    {
137        return microOperations;
138    }
139
140
141    /**
142     * Gets <tt>true</tt> if and only if this tuple grants an access.
143     *
144     * @return <tt>true</tt> if and only if this tuple grants an access
145     */
146    public boolean isGrant()
147    {
148        return grant;
149    }
150
151
152    /**
153     * Gets the precedence of this tuple (<tt>0</tt>-<tt>255</tt>).
154     *
155     * @return the precedence
156     */
157    public Integer getPrecedence()
158    {
159        return precedence;
160    }
161
162
163    /**
164     * {@inheritDoc}
165     */
166    @Override
167    public String toString()
168    {
169        return "ACITuple: userClasses=" + userClasses + ", " + "authenticationLevel=" + authenticationLevel + ", "
170            + "protectedItems=" + protectedItems + ", " + ( grant ? "grants=" : "denials=" ) + microOperations + ", "
171            + "precedence=" + precedence;
172    }
173}