com.sun.dtv.io
Class FileAccessRights

java.lang.Object
  com.sun.dtv.io.FileAccessRights

public final class FileAccessRights
extends Object

Provides a means to define different group level access rights to a file or directory. A FileAccessRights consists of a pathname and a set of actions valid for that pathname. Pathname is the pathname of the file or directory granted the specified actions.

This package defines classes that extends the behavior of the implementation of the java.io package. By such, the implementation of java.io on a given platform that follows this specification must enforce the access model and rights defined in FileAccessRights.

Pathname

A pathname that ends in "/*" (where "/" is the file separator character, File.separatorChar) indicates a directory and all the files contained in that directory. A pathname that ends with "/-" indicates a directory and (recursively) all files and subdirectories contained in that directory. The special pathname "<<ALL FILES>>" matches all files.

A pathname consisting of a single "*" indicates all the files in the current directory, while a pathname consisting of a single "-" indicates all the files in the current directory and (recursively) all files and subdirectories contained in the current directory. Current directory is following the same definition as "." by the Java.io.File class.

Actions

The actions to be granted are passed to the constructor in a string containing a list of zero or more semicolon-separated set of flags. Three groups are defined and are mapped to the equivalent UNIX file permission groups: user, group and world. However interpretation of these groups are left to the implementation: other platforms like set top boxes may map the groups respectively to application, organization and world.

The action string is described by the following grammar (this definition also gives the canonical representation):

     action   ::= perm_set [';' perm_set [';' perm_set ] ]
     perm_set ::= read write execute
     read     ::= 'r' | '-' | nil
     write    ::= 'w' | '-' | nil
     execute  ::= 'x' | '-' | nil
 

The order of the perm_sets in an action string is respectively user, group and world

The access rights symbols are defined as follows:

r

the read flag. It explicitly allows the given group to read the associated file.

w

the write flag. It explicitly allows the given group to write in associated file.

x

the execute flag. It explicitly allows the given group to execute the associated file.

-

is used to express the no access for a given access right. It is equivalent to nil.

Examples of valid actions

"rwx;rw-;r"

make a file readable for all groups, writable for user and group and executable for user only.

"rw;rw;---"

make a file readable and writable for user and group.

"rw;rw"

is equivalent to the previous definition.

"r;;"

make a file readable by the user and deny any other action by any other groups.

"r"

is equivalent to the previous definition.

";;rx"

is valid and its canonical equivalent representation is "rx;rx;rx" allowing everybody to read and execute that file.

""

make a file unaccessible and useless

Canonical representation and Consistency check

The canonical representation of file access rights is defined to be the minimal string representation:

1. for that access right that follows the grammar defined in the Actions section,
2. which is fully consistent with the intent.

As a consequence and because of the definition given in the Actions section that an action represents the access right given to three groups that are included in each other, any access rights granted to a larger group implies it is also granted to a lower group: user ∈ group ∈ world.

The following table lists different examples and their standardized canonical representation:

Access-Rights	Canonical	Description
"r;w;x"	"rwx;wx;x"	Due to included group inheritance, every smaller group inherits from the rights of the larger group.
";;rx"	"rx;rx;rx"	Access rights for world also apply to lower-ring (smaller) groups.
";r;"	"r;r"	Access rights for group also apply to user. Moreover last semicolon is removed because there are no access rights for world.
";;"	""	Semicolons are removed because there are no access right for any groups.

See Also:

FileProperties

Constructor Summary

FileAccessRights(String path, String actions)
Creates a new FileAccessRights object with the specified actions.

Method Summary

String	getActions() Returns the "canonical string representation" of the actions.
boolean	implies(FileAccessRights other) Checks if this FileAccessRights object "implies" the specified access rights.
String	toString() Returns a string describing the access rights.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

FileAccessRights

public FileAccessRights(String path,
                        String actions)
                 throws NullPointerException

Creates a new FileAccessRights object with the specified actions.

The path and actions follow the definition described in the overview section

Parameters:

path - The pathname of the file/directory.

actions - The action string.

Throws:

NullPointerException - if any of the argument is null

Method Detail

implies

public boolean implies(FileAccessRights other)

Checks if this FileAccessRights object "implies" the specified access rights.

More specifically, this method returns true if:

1. other is an instance of FileAccessRights,
2. other's actions are a proper subset of this object's actions, and
3. other's pathname is implied by this object's pathname. For example, "/tmp/*" implies "/tmp/foo", since "/tmp/*" encompasses the "/tmp" directory and all files in that directory, including the one named "foo".

Parameters:

other - The access rights to check against.

Returns:

true if the specified access rights are implied by this object, false if not.

getActions

public String getActions()

Returns the "canonical string representation" of the actions. That is, this method always returns present actions in the order and format described in the grammar found in the section 'Actions' above. The representation should also be consistent and minimalistic as described in the 'Canonical representation and Consistency check' section above.

Returns:

The canonical string representation of the actions.

toString

public String toString()

Returns a string describing the access rights. The convention is to specify the class name, the path, and the actions (as returned by getActions()) in the following format: '("ClassName" "name" "actions")'.

Overrides:

toString in class Object

Returns:

Information about this FileAccessRights object.