001package org.apache.fulcrum.security.model.turbine; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022import org.apache.fulcrum.security.ModelManager; 023import org.apache.fulcrum.security.entity.Group; 024import org.apache.fulcrum.security.entity.Permission; 025import org.apache.fulcrum.security.entity.Role; 026import org.apache.fulcrum.security.entity.User; 027import org.apache.fulcrum.security.util.DataBackendException; 028import org.apache.fulcrum.security.util.UnknownEntityException; 029 030/** 031 * Describes all the relationships between entities in the "Turbine" model. 032 * 033 * @author <a href="mailto:epugh@upstate.com">Eric Pugh</a> 034 * @version $Id$ 035 */ 036public interface TurbineModelManager extends ModelManager 037{ 038 039 040 /** 041 * attribute where global group name could be set 042 */ 043 String GLOBAL_GROUP_ATTR_NAME = "globalGroup"; 044 045 /** 046 * The name of the <a href="#global">global group</a>, if no global group name is set in model manager 047 */ 048 public String GLOBAL_GROUP_NAME = "global"; 049 050 /** 051 * may be used in implementations 052 * 053 */ 054 public enum Privilege { 055 GRANT, REVOKE, REPLACE_ROLE; 056 } 057 058 /** 059 * TODO 060 * <li>transactional revoke/grant = replace for global group/role? 061 * <li>may allow user - group assignments without role, i.e. with default role. Requires adding/defining default/zero role for group, you have then to the global role additionally a global group. 062 * This may be relevant, if just only one group is sufficient (or at least one). 063 */ 064 065 /** 066 * Provides a reference to the Group object that represents the <a 067 * href="#global">global group</a>. 068 * 069 * @return A Group object that represents the global group. 070 * @throws DataBackendException generic exception 071 */ 072 Group getGlobalGroup() throws DataBackendException; 073 074 /** 075 * 076 * @return the configured global group name, by default {@link #GLOBAL_GROUP_ATTR_NAME} 077 */ 078 public String getGlobalGroupName(); 079 080 /** 081 * Replaces the assigned old Role to new role in the #global group for User user. 082 * 083 * @param user 084 * the User. 085 * @param oldRole 086 * the old Role 087 * @param newRole 088 * the new Role 089 * @throws DataBackendException generic exception 090 * @throws UnknownEntityException generic exception 091 */ 092 void replace(User user, Role oldRole, Role newRole) throws DataBackendException, UnknownEntityException; 093 094 /** 095 * Puts a permission in a role 096 * 097 * This method is used when adding a permission to a role 098 * 099 * @param role 100 * the Role. 101 * @param permission 102 * the Permission 103 * @throws DataBackendException 104 * if there was an error accessing the data backend. 105 * @throws UnknownEntityException 106 * if the account is not present. 107 */ 108 void grant(Role role, Permission permission) throws DataBackendException, UnknownEntityException; 109 110 /** 111 * Removes a permission from a role 112 * 113 * @param role 114 * the Role. 115 * @param permission 116 * the Permission 117 * @throws DataBackendException 118 * if there was an error accessing the data backend. 119 * @throws UnknownEntityException 120 * if the role or permission is not present. 121 */ 122 void revoke(Role role, Permission permission) throws DataBackendException, UnknownEntityException; 123 124 125 /** 126 * Revokes all roles from an User. 127 * 128 * This method is typically used when deleting an account. 129 * 130 * @param user 131 * the User. 132 * @throws DataBackendException 133 * if there was an error accessing the data backend. 134 * @throws UnknownEntityException 135 * if the account is not present. 136 */ 137 void revokeAll(User user) throws DataBackendException, UnknownEntityException; 138 139 /** 140 * Revokes all permissions from a Role. 141 * 142 * This method is typically used when deleting a Role. 143 * 144 * @param role 145 * the Role 146 * @throws DataBackendException 147 * if there was an error accessing the data backend. 148 * @throws UnknownEntityException 149 * if the Role is not present. 150 */ 151 void revokeAll(Role role) throws DataBackendException, UnknownEntityException; 152 153 /** 154 * Revokes all roles and users from a Group. 155 * 156 * This method is typically used when deleting a Group. 157 * 158 * @param group 159 * the Group 160 * @throws DataBackendException 161 * if there was an error accessing the data backend. 162 * @throws UnknownEntityException 163 * if the Group is not present. 164 */ 165 void revokeAll(Group group) throws DataBackendException, UnknownEntityException; 166 167 /** 168 * Grant an User a Role in a Group. 169 * 170 * @param user 171 * the user. 172 * @param group 173 * the group. 174 * @param role 175 * the role. 176 * @throws DataBackendException 177 * if there was an error accessing the data backend. 178 * @throws UnknownEntityException 179 * if user account, group or role is not present. 180 */ 181 void grant(User user, Group group, Role role) throws DataBackendException, UnknownEntityException; 182 183 /** 184 * Revoke a Role in a Group from an User. 185 * 186 * @param user 187 * the user. 188 * @param group 189 * the group. 190 * @param role 191 * the role. 192 * @throws DataBackendException 193 * if there was an error accessing the data backend. 194 * @throws UnknownEntityException 195 * if user account, group or role is not present. 196 */ 197 void revoke(User user, Group group, Role role) throws DataBackendException, UnknownEntityException; 198 199 /** 200 * Revokes by default all permissions from a Role and if flag is set 201 * all groups and users for this role 202 * 203 * This method is used when deleting a Role. 204 * 205 * @param role 206 * the Role 207 * @param cascadeDelete 208 * if <code>true </code> removes all groups and user for this role. 209 * @throws DataBackendException 210 * if there was an error accessing the data backend. 211 * @throws UnknownEntityException 212 * if the Role is not present. 213 */ 214 void revokeAll( Role role, boolean cascadeDelete ) 215 throws DataBackendException, UnknownEntityException; 216}