1 package org.apache.fulcrum.security.model.turbine;
2
3
4 /*
5 * Licensed to the Apache Software Foundation (ASF) under one
6 * or more contributor license agreements. See the NOTICE file
7 * distributed with this work for additional information
8 * regarding copyright ownership. The ASF licenses this file
9 * to you under the Apache License, Version 2.0 (the
10 * "License"); you may not use this file except in compliance
11 * with the License. You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing,
16 * software distributed under the License is distributed on an
17 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18 * KIND, either express or implied. See the License for the
19 * specific language governing permissions and limitations
20 * under the License.
21 */
22
23
24 import java.io.Serializable;
25
26 import org.apache.fulcrum.security.acl.AccessControlList;
27 import org.apache.fulcrum.security.entity.Group;
28 import org.apache.fulcrum.security.entity.Permission;
29 import org.apache.fulcrum.security.entity.Role;
30 import org.apache.fulcrum.security.util.GroupSet;
31 import org.apache.fulcrum.security.util.PermissionSet;
32 import org.apache.fulcrum.security.util.RoleSet;
33
34 /**
35 * This interface describes a control class that makes it
36 * easy to find out if a particular User has a given Permission.
37 * It also determines if a User has a a particular Role.
38 *
39 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
40 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
41 * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
42 * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
43 * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
44 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
45 * @version $Id: AccessControlList.java 615328 2008-01-25 20:25:05Z tv $
46 */
47 public interface TurbineAccessControlList<T extends TurbineAccessControlList<T>> extends Serializable, AccessControlList
48 {
49 /**
50 * Retrieves a set of Roles an user is assigned in a Group.
51 *
52 * @param group the Group
53 * @return the set of Roles this user has within the Group.
54 */
55 RoleSet getRoles(Group group);
56
57 /**
58 * Retrieves a set of Roles an user is assigned in the global Group.
59 *
60 * @return the set of Roles this user has within the global Group or null.
61 */
62 RoleSet getRoles();
63
64 /**
65 * Retrieves a set of Permissions an user is assigned in a Group.
66 *
67 * @param group the Group
68 * @return the set of Permissions this user has within the Group.
69 */
70 PermissionSet getPermissions(Group group);
71
72 /**
73 * Retrieves a set of Permissions an user is assigned in the global Group.
74 *
75 * @return the set of Permissions this user has within the global Group.
76 */
77 PermissionSet getPermissions();
78
79 /**
80 * Checks if the user is assigned a specific Role in the Group.
81 *
82 * @param role the Role
83 * @param group the Group
84 * @return <code>true</code> if the user is assigned the Role in the Group.
85 */
86 boolean hasRole(Role role, Group group);
87
88 /**
89 * Checks if the user is assigned a specific Role in any of the given
90 * Groups
91 *
92 * @param role the Role
93 * @param groupset a Groupset
94 * @return <code>true</code> if the user is assigned the Role in any of
95 * the given Groups.
96 */
97 boolean hasRole(Role role, GroupSet groupset);
98
99 /**
100 * Checks if the user is assigned a specific Role in the Group.
101 *
102 * @param role the Role
103 * @param group the Group
104 * @return <code>true</code> if the user is assigned the Role in the Group.
105 */
106 boolean hasRole(String role, String group);
107
108 /**
109 * Checks if the user is assigned a specifie Role in any of the given
110 * Groups
111 *
112 * @param rolename the name of the Role
113 * @param groupset a Groupset
114 * @return <code>true</code> if the user is assigned the Role in any of
115 * the given Groups.
116 */
117 boolean hasRole(String rolename, GroupSet groupset);
118
119 /**
120 * Checks if the user is assigned a specific Role in the global Group.
121 *
122 * @param role the Role
123 * @return <code>true</code> if the user is assigned the Role in the global Group.
124 */
125 boolean hasRole(Role role);
126
127 /**
128 * Checks if the user is assigned a specific Role in the global Group.
129 *
130 * @param role the Role
131 * @return <code>true</code> if the user is assigned the Role in the global Group.
132 */
133 boolean hasRole(String role);
134
135 /**
136 * Checks if the user is assigned a specific Permission in the Group.
137 *
138 * @param permission the Permission
139 * @param group the Group
140 * @return <code>true</code> if the user is assigned the Permission in the Group.
141 */
142 boolean hasPermission(Permission permission, Group group);
143
144 /**
145 * Checks if the user is assigned a specific Permission in any of the given
146 * Groups
147 *
148 * @param permission the Permission
149 * @param groupset a Groupset
150 * @return <code>true</code> if the user is assigned the Permission in any
151 * of the given Groups.
152 */
153 boolean hasPermission(Permission permission, GroupSet groupset);
154
155 /**
156 * Checks if the user is assigned a specific Permission in the Group.
157 *
158 * @param permission the Permission
159 * @param group the Group
160 * @return <code>true</code> if the user is assigned the Permission in the Group.
161 */
162 boolean hasPermission(String permission, String group);
163
164 /**
165 * Checks if the user is assigned a specific Permission in the Group.
166 *
167 * @param permission the Permission
168 * @param group the Group
169 * @return <code>true</code> if the user is assigned the Permission in the Group.
170 */
171 boolean hasPermission(String permission, Group group);
172
173 /**
174 * Checks if the user is assigned a specifie Permission in any of the given
175 * Groups
176 *
177 * @param permissionName the name of the Permission
178 * @param groupset a Groupset
179 * @return <code>true</code> if the user is assigned the Permission in any
180 * of the given Groups.
181 */
182 boolean hasPermission(String permissionName, GroupSet groupset);
183
184 /**
185 * Checks if the user is assigned a specific Permission in the global Group.
186 *
187 * @param permission the Permission
188 * @return <code>true</code> if the user is assigned the Permission in the global Group.
189 */
190 boolean hasPermission(Permission permission);
191
192 /**
193 * Checks if the user is assigned a specific Permission in the global Group.
194 *
195 * @param permission the Permission
196 * @return <code>true</code> if the user is assigned the Permission in the global Group.
197 */
198 boolean hasPermission(String permission);
199
200 /**
201 * Returns all groups defined in the system.
202 *
203 * @return An Array of all defined Groups
204 *
205 * This is useful for debugging, when you want to display all roles
206 * and permissions an user is assigned. This method is needed
207 * because you can't call static methods of TurbineSecurity class
208 * from within WebMacro/Velocity template
209 */
210 Group[] getAllGroups();
211
212 /**
213 * Retrieves a set of Groups an user is assigned to.
214 *
215 * @return the set of Groups this user is assigned to.
216 */
217 GroupSet getGroupSet();
218 }