001package org.apache.fulcrum.security.model.dynamic; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022import java.io.Serializable; 023 024import org.apache.fulcrum.security.acl.AccessControlList; 025import org.apache.fulcrum.security.entity.Group; 026import org.apache.fulcrum.security.entity.Permission; 027import org.apache.fulcrum.security.entity.Role; 028import org.apache.fulcrum.security.util.GroupSet; 029import org.apache.fulcrum.security.util.PermissionSet; 030import org.apache.fulcrum.security.util.RoleSet; 031 032/** 033 * This interface describes a control class that makes it easy to find out if a 034 * particular User has a given Permission. It also determines if a User has a a 035 * particular Role. 036 * 037 * @author <a href="mailto:epugh@upstate.com">Eric Pugh</a> 038 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a> 039 * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a> 040 * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a> 041 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> 042 * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a> 043 * @version $Id$ 044 */ 045public interface DynamicAccessControlList extends Serializable, AccessControlList 046{ 047 048 /** 049 * Retrieves a set of Roles an user is assigned in a Group. 050 * 051 * @param group 052 * the Group 053 * @return the set of Roles this user has within the Group. 054 */ 055 RoleSet getRoles(Group group); 056 057 /** 058 * Retrieves all roles for a user 059 * 060 * @return the set of Roles this user has 061 */ 062 RoleSet getRoles(); 063 064 /** 065 * Retrieves a set of Permissions an user is assigned in a Group. 066 * 067 * @param group 068 * the Group 069 * @return the set of Permissions this user has within the Group. 070 */ 071 PermissionSet getPermissions(Group group); 072 073 /** 074 * Retrieves a set of Permissions an user is assigned 075 * 076 * @return the set of Permissions this user has. 077 */ 078 PermissionSet getPermissions(); 079 080 /** 081 * Checks if the user is assigned a specific Role in the Group. 082 * 083 * @param role 084 * the Role 085 * @param group 086 * the Group 087 * @return <code>true</code> if the user is assigned the Role in the Group. 088 */ 089 boolean hasRole(Role role, Group group); 090 091 /** 092 * Checks if the user is assigned a specific Role in any of the given Groups 093 * 094 * @param role 095 * the Role 096 * @param groupset 097 * a Groupset 098 * @return <code>true</code> if the user is assigned the Role in any of the 099 * given Groups. 100 */ 101 boolean hasRole(Role role, GroupSet groupset); 102 103 /** 104 * Checks if the user is assigned a specific Role in the Group. 105 * 106 * @param role 107 * the Role 108 * @param group 109 * the Group 110 * @return <code>true</code> if the user is assigned the Role in the Group. 111 */ 112 boolean hasRole(String role, String group); 113 114 /** 115 * Checks if the user is assigned a specifie Role in any of the given Groups 116 * 117 * @param rolename 118 * the name of the Role 119 * @param groupset 120 * a Groupset 121 * @return <code>true</code> if the user is assigned the Role in any of the 122 * given Groups. 123 */ 124 boolean hasRole(String rolename, GroupSet groupset); 125 126 /** 127 * Checks if the user is assigned a specific Role in the global Group. 128 * 129 * @param role 130 * the Role 131 * @return <code>true</code> if the user is assigned the Role in the global 132 * Group. 133 */ 134 boolean hasRole(Role role); 135 136 /** 137 * Checks if the user is assigned a specific Role. 138 * 139 * @param role 140 * the Role 141 * @return <code>true</code> if the user is assigned the Role. 142 */ 143 boolean hasRole(String role); 144 145 /** 146 * Checks if the user is assigned a specific Permission in the Group. 147 * 148 * @param permission 149 * the Permission 150 * @param group 151 * the Group 152 * @return <code>true</code> if the user is assigned the Permission in the 153 * Group. 154 */ 155 boolean hasPermission(Permission permission, Group group); 156 157 /** 158 * Checks if the user is assigned a specific Permission in any of the given 159 * Groups 160 * 161 * @param permission 162 * the Permission 163 * @param groupset 164 * a Groupset 165 * @return <code>true</code> if the user is assigned the Permission in any 166 * of the given Groups. 167 */ 168 boolean hasPermission(Permission permission, GroupSet groupset); 169 170 /** 171 * Checks if the user is assigned a specific Permission in the Group. 172 * 173 * @param permission 174 * the Permission 175 * @param group 176 * the Group 177 * @return <code>true</code> if the user is assigned the Permission in the 178 * Group. 179 */ 180 boolean hasPermission(String permission, String group); 181 182 /** 183 * Checks if the user is assigned a specific Permission in the Group. 184 * 185 * @param permission 186 * the Permission 187 * @param group 188 * the Group 189 * @return <code>true</code> if the user is assigned the Permission in the 190 * Group. 191 */ 192 boolean hasPermission(String permission, Group group); 193 194 /** 195 * Checks if the user is assigned a specifie Permission in any of the given 196 * Groups 197 * 198 * @param permissionName 199 * the name of the Permission 200 * @param groupset 201 * a Groupset 202 * @return <code>true</code> if the user is assigned the Permission in any 203 * of the given Groups. 204 */ 205 boolean hasPermission(String permissionName, GroupSet groupset); 206 207 /** 208 * Checks if the user is assigned a specific Permission in the global Group. 209 * 210 * @param permission 211 * the Permission 212 * @return <code>true</code> if the user is assigned the Permission in the 213 * global Group. 214 */ 215 boolean hasPermission(Permission permission); 216 217 /** 218 * Checks if the user is assigned a specific Permission in the global Group. 219 * 220 * @param permission 221 * the Permission 222 * @return <code>true</code> if the user is assigned the Permission in the 223 * global Group. 224 */ 225 boolean hasPermission(String permission); 226 227}