001package org.apache.fulcrum.security.model.dynamic; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022import org.apache.fulcrum.security.ModelManager; 023import org.apache.fulcrum.security.entity.Group; 024import org.apache.fulcrum.security.entity.Permission; 025import org.apache.fulcrum.security.entity.Role; 026import org.apache.fulcrum.security.entity.User; 027import org.apache.fulcrum.security.util.DataBackendException; 028import org.apache.fulcrum.security.util.UnknownEntityException; 029 030/** 031 * Describes all the relationships between entities in the "Dynamic" model. 032 * 033 * @author <a href="mailto:epugh@upstate.com">Eric Pugh</a> 034 * @author <a href="mailto:ben@gidley.co.uk">Ben Gidley</a> 035 * @version $Id$ 036 */ 037public interface DynamicModelManager extends ModelManager 038{ 039 /** 040 * Puts a role into a group 041 * 042 * This method is used when adding a role to a group. 043 * 044 * @param group 045 * the group to use 046 * @param role 047 * the role that will join the group 048 * @throws DataBackendException 049 * if there was an error accessing the data backend. 050 * @throws UnknownEntityException 051 * if the group or role is not present. 052 */ 053 void grant(Group group, Role role) throws DataBackendException, UnknownEntityException; 054 055 /** 056 * Remove a role from a group 057 * 058 * This method is used when removeing a role to a group. 059 * 060 * @param group 061 * the group to use 062 * @param role 063 * the role that will join the group 064 * @throws DataBackendException 065 * if there was an error accessing the data backend. 066 * @throws UnknownEntityException 067 * if the group or role is not present. 068 */ 069 void revoke(Group group, Role role) throws DataBackendException, UnknownEntityException; 070 071 /** 072 * Puts a permission in a role 073 * 074 * This method is used when adding a permission to a role 075 * 076 * @param role the Role 077 * @param permission the Permission 078 * 079 * @throws DataBackendException 080 * if there was an error accessing the data backend. 081 * @throws UnknownEntityException 082 * if the account is not present. 083 */ 084 void grant(Role role, Permission permission) throws DataBackendException, UnknownEntityException; 085 086 /** 087 * Removes a permission from a role 088 * 089 * @param role the Role 090 * @param permission the Permission 091 * 092 * @throws DataBackendException 093 * if there was an error accessing the data backend. 094 * @throws UnknownEntityException 095 * if the user or group is not present. 096 */ 097 void revoke(Role role, Permission permission) throws DataBackendException, UnknownEntityException; 098 099 /** 100 * Puts a user in a group. 101 * 102 * This method is used when adding a user to a group 103 * 104 * @param user the User 105 * @param group the Group 106 * 107 * @throws DataBackendException 108 * if there was an error accessing the data backend. 109 * @throws UnknownEntityException 110 * if the account is not present. 111 */ 112 void grant(User user, Group group) throws DataBackendException, UnknownEntityException; 113 114 /** 115 * Removes a user from a group 116 * 117 * @param user the User 118 * @param group the Group 119 * 120 * @throws DataBackendException 121 * if there was an error accessing the data backend. 122 * @throws UnknownEntityException 123 * if the user or group is not present. 124 */ 125 void revoke(User user, Group group) throws DataBackendException, UnknownEntityException; 126 127 /** 128 * Revokes all roles from an User. 129 * 130 * This method is typically used when deleting an account. 131 * 132 * @param user the User 133 * 134 * @throws DataBackendException 135 * if there was an error accessing the data backend. 136 * @throws UnknownEntityException 137 * if the account is not present. 138 */ 139 void revokeAll(User user) throws DataBackendException, UnknownEntityException; 140 141 /** 142 * Revoke from a permission all roles 143 * 144 * This method is typically used when deleting a Permission 145 * 146 * @param permission 147 * the Permission. 148 * @throws DataBackendException 149 * if there was an error accessing the data backend. 150 * @throws UnknownEntityException 151 * if the permission is not present. 152 */ 153 void revokeAll(Permission permission) throws DataBackendException, UnknownEntityException; 154 155 /** 156 * Revokes all permissions from a Role. 157 * 158 * This method is typically used when deleting a Role. 159 * 160 * @param role 161 * the Role 162 * @throws DataBackendException 163 * if there was an error accessing the data backend. 164 * @throws UnknownEntityException 165 * if the Role is not present. 166 */ 167 void revokeAll(Role role) throws DataBackendException, UnknownEntityException; 168 169 /** 170 * Revokes all roles and users from a Group 171 * 172 * This method is typically used when deleting a Group. 173 * 174 * @param group 175 * the Group 176 * @throws DataBackendException 177 * if there was an error accessing the data backend. 178 * @throws UnknownEntityException 179 * if the Group is not present. 180 */ 181 void revokeAll(Group group) throws DataBackendException, UnknownEntityException; 182 183 /** 184 * Allow B to assumes A's roles, groups and permissions 185 * 186 * @param delegator 187 * A 188 * @param delegatee 189 * B 190 * 191 * @throws DataBackendException 192 * if there was an error accessing the data backend. 193 * @throws UnknownEntityException 194 * if the Group is not present. 195 */ 196 void addDelegate(User delegator, User delegatee) throws DataBackendException, UnknownEntityException; 197 198 /** 199 * Stop A having B's roles, groups and permissions 200 * 201 * @param delegator 202 * A 203 * @param delegatee 204 * B 205 * 206 * @throws DataBackendException 207 * if there was an error accessing the data backend. 208 * @throws UnknownEntityException 209 * if the Group is not present. 210 */ 211 void removeDelegate(User delegator, User delegatee) throws DataBackendException, UnknownEntityException; 212}