1 package org.apache.fulcrum.security.model.turbine; 2 3 4 /* 5 * Licensed to the Apache Software Foundation (ASF) under one 6 * or more contributor license agreements. See the NOTICE file 7 * distributed with this work for additional information 8 * regarding copyright ownership. The ASF licenses this file 9 * to you under the Apache License, Version 2.0 (the 10 * "License"); you may not use this file except in compliance 11 * with the License. You may obtain a copy of the License at 12 * 13 * http://www.apache.org/licenses/LICENSE-2.0 14 * 15 * Unless required by applicable law or agreed to in writing, 16 * software distributed under the License is distributed on an 17 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 18 * KIND, either express or implied. See the License for the 19 * specific language governing permissions and limitations 20 * under the License. 21 */ 22 23 24 import java.io.Serializable; 25 26 import org.apache.fulcrum.security.acl.AccessControlList; 27 import org.apache.fulcrum.security.entity.Group; 28 import org.apache.fulcrum.security.entity.Permission; 29 import org.apache.fulcrum.security.entity.Role; 30 import org.apache.fulcrum.security.util.GroupSet; 31 import org.apache.fulcrum.security.util.PermissionSet; 32 import org.apache.fulcrum.security.util.RoleSet; 33 34 /** 35 * This interface describes a control class that makes it 36 * easy to find out if a particular User has a given Permission. 37 * It also determines if a User has a a particular Role. 38 * 39 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a> 40 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a> 41 * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a> 42 * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a> 43 * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a> 44 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> 45 * @version $Id: AccessControlList.java 615328 2008-01-25 20:25:05Z tv $ 46 */ 47 public interface TurbineAccessControlList<T extends TurbineAccessControlList<T>> extends Serializable, AccessControlList 48 { 49 /** 50 * Retrieves a set of Roles an user is assigned in a Group. 51 * 52 * @param group the Group 53 * @return the set of Roles this user has within the Group. 54 */ 55 RoleSet getRoles(Group group); 56 57 /** 58 * Retrieves a set of Roles an user is assigned in the global Group. 59 * 60 * @return the set of Roles this user has within the global Group or null. 61 */ 62 RoleSet getRoles(); 63 64 /** 65 * Retrieves a set of Permissions an user is assigned in a Group. 66 * 67 * @param group the Group 68 * @return the set of Permissions this user has within the Group. 69 */ 70 PermissionSet getPermissions(Group group); 71 72 /** 73 * Retrieves a set of Permissions an user is assigned in the global Group. 74 * 75 * @return the set of Permissions this user has within the global Group. 76 */ 77 PermissionSet getPermissions(); 78 79 /** 80 * Checks if the user is assigned a specific Role in the Group. 81 * 82 * @param role the Role 83 * @param group the Group 84 * @return <code>true</code> if the user is assigned the Role in the Group. 85 */ 86 boolean hasRole(Role role, Group group); 87 88 /** 89 * Checks if the user is assigned a specific Role in any of the given 90 * Groups 91 * 92 * @param role the Role 93 * @param groupset a Groupset 94 * @return <code>true</code> if the user is assigned the Role in any of 95 * the given Groups. 96 */ 97 boolean hasRole(Role role, GroupSet groupset); 98 99 /** 100 * Checks if the user is assigned a specific Role in the Group. 101 * 102 * @param role the Role 103 * @param group the Group 104 * @return <code>true</code> if the user is assigned the Role in the Group. 105 */ 106 boolean hasRole(String role, String group); 107 108 /** 109 * Checks if the user is assigned a specifie Role in any of the given 110 * Groups 111 * 112 * @param rolename the name of the Role 113 * @param groupset a Groupset 114 * @return <code>true</code> if the user is assigned the Role in any of 115 * the given Groups. 116 */ 117 boolean hasRole(String rolename, GroupSet groupset); 118 119 /** 120 * Checks if the user is assigned a specific Role in the global Group. 121 * 122 * @param role the Role 123 * @return <code>true</code> if the user is assigned the Role in the global Group. 124 */ 125 boolean hasRole(Role role); 126 127 /** 128 * Checks if the user is assigned a specific Role in the global Group. 129 * 130 * @param role the Role 131 * @return <code>true</code> if the user is assigned the Role in the global Group. 132 */ 133 boolean hasRole(String role); 134 135 /** 136 * Checks if the user is assigned a specific Permission in the Group. 137 * 138 * @param permission the Permission 139 * @param group the Group 140 * @return <code>true</code> if the user is assigned the Permission in the Group. 141 */ 142 boolean hasPermission(Permission permission, Group group); 143 144 /** 145 * Checks if the user is assigned a specific Permission in any of the given 146 * Groups 147 * 148 * @param permission the Permission 149 * @param groupset a Groupset 150 * @return <code>true</code> if the user is assigned the Permission in any 151 * of the given Groups. 152 */ 153 boolean hasPermission(Permission permission, GroupSet groupset); 154 155 /** 156 * Checks if the user is assigned a specific Permission in the Group. 157 * 158 * @param permission the Permission 159 * @param group the Group 160 * @return <code>true</code> if the user is assigned the Permission in the Group. 161 */ 162 boolean hasPermission(String permission, String group); 163 164 /** 165 * Checks if the user is assigned a specific Permission in the Group. 166 * 167 * @param permission the Permission 168 * @param group the Group 169 * @return <code>true</code> if the user is assigned the Permission in the Group. 170 */ 171 boolean hasPermission(String permission, Group group); 172 173 /** 174 * Checks if the user is assigned a specifie Permission in any of the given 175 * Groups 176 * 177 * @param permissionName the name of the Permission 178 * @param groupset a Groupset 179 * @return <code>true</code> if the user is assigned the Permission in any 180 * of the given Groups. 181 */ 182 boolean hasPermission(String permissionName, GroupSet groupset); 183 184 /** 185 * Checks if the user is assigned a specific Permission in the global Group. 186 * 187 * @param permission the Permission 188 * @return <code>true</code> if the user is assigned the Permission in the global Group. 189 */ 190 boolean hasPermission(Permission permission); 191 192 /** 193 * Checks if the user is assigned a specific Permission in the global Group. 194 * 195 * @param permission the Permission 196 * @return <code>true</code> if the user is assigned the Permission in the global Group. 197 */ 198 boolean hasPermission(String permission); 199 200 /** 201 * Returns all groups defined in the system. 202 * 203 * @return An Array of all defined Groups 204 * 205 * This is useful for debugging, when you want to display all roles 206 * and permissions an user is assigned. This method is needed 207 * because you can't call static methods of TurbineSecurity class 208 * from within WebMacro/Velocity template 209 */ 210 Group[] getAllGroups(); 211 212 /** 213 * Retrieves a set of Groups an user is assigned to. 214 * 215 * @return the set of Groups this user is assigned to. 216 */ 217 GroupSet getGroupSet(); 218 }