1 package org.apache.fulcrum.security.model.turbine; 2 3 /* 4 * Licensed to the Apache Software Foundation (ASF) under one 5 * or more contributor license agreements. See the NOTICE file 6 * distributed with this work for additional information 7 * regarding copyright ownership. The ASF licenses this file 8 * to you under the Apache License, Version 2.0 (the 9 * "License"); you may not use this file except in compliance 10 * with the License. You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17 * KIND, either express or implied. See the License for the 18 * specific language governing permissions and limitations 19 * under the License. 20 */ 21 22 import org.apache.fulcrum.security.ModelManager; 23 import org.apache.fulcrum.security.entity.Group; 24 import org.apache.fulcrum.security.entity.Permission; 25 import org.apache.fulcrum.security.entity.Role; 26 import org.apache.fulcrum.security.entity.User; 27 import org.apache.fulcrum.security.util.DataBackendException; 28 import org.apache.fulcrum.security.util.UnknownEntityException; 29 30 /** 31 * Describes all the relationships between entities in the "Turbine" model. 32 * 33 * @author <a href="mailto:epugh@upstate.com">Eric Pugh</a> 34 * @version $Id$ 35 */ 36 public interface TurbineModelManager extends ModelManager 37 { 38 39 40 /** 41 * attribute where global group name could be set 42 */ 43 String GLOBAL_GROUP_ATTR_NAME = "globalGroup"; 44 45 /** 46 * The name of the <a href="#global">global group</a>, if no global group name is set in model manager 47 */ 48 public String GLOBAL_GROUP_NAME = "global"; 49 50 /** 51 * may be used in implementations 52 * 53 */ 54 public enum Privilege { 55 GRANT, REVOKE, REPLACE_ROLE; 56 } 57 58 /** 59 * TODO 60 * <li>transactional revoke/grant = replace for global group/role? 61 * <li>may allow user - group assignments without role, i.e. with default role. Requires adding/defining default/zero role for group, you have then to the global role additionally a global group. 62 * This may be relevant, if just only one group is sufficient (or at least one). 63 */ 64 65 /** 66 * Provides a reference to the Group object that represents the <a 67 * href="#global">global group</a>. 68 * 69 * @return A Group object that represents the global group. 70 * @throws DataBackendException generic exception 71 */ 72 Group getGlobalGroup() throws DataBackendException; 73 74 /** 75 * 76 * @return the configured global group name, by default {@link #GLOBAL_GROUP_ATTR_NAME} 77 */ 78 public String getGlobalGroupName(); 79 80 /** 81 * Replaces the assigned old Role to new role in the #global group for User user. 82 * 83 * @param user 84 * the User. 85 * @param oldRole 86 * the old Role 87 * @param newRole 88 * the new Role 89 * @throws DataBackendException generic exception 90 * @throws UnknownEntityException generic exception 91 */ 92 void replace(User user, Rolef="../../../../../../org/apache/fulcrum/security/entity/Role.html#Role">Role oldRole, Role newRole) throws DataBackendException, UnknownEntityException; 93 94 /** 95 * Puts a permission in a role 96 * 97 * This method is used when adding a permission to a role 98 * 99 * @param role 100 * the Role. 101 * @param permission 102 * the Permission 103 * @throws DataBackendException 104 * if there was an error accessing the data backend. 105 * @throws UnknownEntityException 106 * if the account is not present. 107 */ 108 void grant(Role role, Permission permission) throws DataBackendException, UnknownEntityException; 109 110 /** 111 * Removes a permission from a role 112 * 113 * @param role 114 * the Role. 115 * @param permission 116 * the Permission 117 * @throws DataBackendException 118 * if there was an error accessing the data backend. 119 * @throws UnknownEntityException 120 * if the role or permission is not present. 121 */ 122 void revoke(Role role, Permission permission) throws DataBackendException, UnknownEntityException; 123 124 125 /** 126 * Revokes all roles from an User. 127 * 128 * This method is typically used when deleting an account. 129 * 130 * @param user 131 * the User. 132 * @throws DataBackendException 133 * if there was an error accessing the data backend. 134 * @throws UnknownEntityException 135 * if the account is not present. 136 */ 137 void revokeAll(User user) throws DataBackendException, UnknownEntityException; 138 139 /** 140 * Revokes all permissions from a Role. 141 * 142 * This method is typically used when deleting a Role. 143 * 144 * @param role 145 * the Role 146 * @throws DataBackendException 147 * if there was an error accessing the data backend. 148 * @throws UnknownEntityException 149 * if the Role is not present. 150 */ 151 void revokeAll(Role role) throws DataBackendException, UnknownEntityException; 152 153 /** 154 * Revokes all roles and users from a Group. 155 * 156 * This method is typically used when deleting a Group. 157 * 158 * @param group 159 * the Group 160 * @throws DataBackendException 161 * if there was an error accessing the data backend. 162 * @throws UnknownEntityException 163 * if the Group is not present. 164 */ 165 void revokeAll(Group group) throws DataBackendException, UnknownEntityException; 166 167 /** 168 * Grant an User a Role in a Group. 169 * 170 * @param user 171 * the user. 172 * @param group 173 * the group. 174 * @param role 175 * the role. 176 * @throws DataBackendException 177 * if there was an error accessing the data backend. 178 * @throws UnknownEntityException 179 * if user account, group or role is not present. 180 */ 181 void grant(User user, Group group, Role role) throws DataBackendException, UnknownEntityException; 182 183 /** 184 * Revoke a Role in a Group from an User. 185 * 186 * @param user 187 * the user. 188 * @param group 189 * the group. 190 * @param role 191 * the role. 192 * @throws DataBackendException 193 * if there was an error accessing the data backend. 194 * @throws UnknownEntityException 195 * if user account, group or role is not present. 196 */ 197 void revoke(User user, Group group, Role role) throws DataBackendException, UnknownEntityException; 198 199 /** 200 * Revokes by default all permissions from a Role and if flag is set 201 * all groups and users for this role 202 * 203 * This method is used when deleting a Role. 204 * 205 * @param role 206 * the Role 207 * @param cascadeDelete 208 * if <code>true </code> removes all groups and user for this role. 209 * @throws DataBackendException 210 * if there was an error accessing the data backend. 211 * @throws UnknownEntityException 212 * if the Role is not present. 213 */ 214 void revokeAll( Role role, boolean cascadeDelete ) 215 throws DataBackendException, UnknownEntityException; 216 }