1 package org.apache.turbine.util.security;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import java.io.Serializable;
23
24 import org.apache.turbine.om.security.Group;
25 import org.apache.turbine.om.security.Permission;
26 import org.apache.turbine.om.security.Role;
27
28 /***
29 * This interface describes a control class that makes it
30 * easy to find out if a particular User has a given Permission.
31 * It also determines if a User has a a particular Role.
32 *
33 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
34 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
35 * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
36 * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
37 * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
38 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
39 * @version $Id: AccessControlList.java 534527 2007-05-02 16:10:59Z tv $
40 */
41 public interface AccessControlList
42 extends Serializable
43 {
44 /*** The default Session key for the Access Control List */
45 String SESSION_KEY = "turbine.AccessControlList";
46
47 /***
48 * Retrieves a set of Roles an user is assigned in a Group.
49 *
50 * @param group the Group
51 * @return the set of Roles this user has within the Group.
52 */
53 RoleSet getRoles(Group group);
54
55 /***
56 * Retrieves a set of Roles an user is assigned in the global Group.
57 *
58 * @return the set of Roles this user has within the global Group.
59 */
60 RoleSet getRoles();
61
62 /***
63 * Retrieves a set of Permissions an user is assigned in a Group.
64 *
65 * @param group the Group
66 * @return the set of Permissions this user has within the Group.
67 */
68 PermissionSet getPermissions(Group group);
69
70 /***
71 * Retrieves a set of Permissions an user is assigned in the global Group.
72 *
73 * @return the set of Permissions this user has within the global Group.
74 */
75 PermissionSet getPermissions();
76
77 /***
78 * Checks if the user is assigned a specific Role in the Group.
79 *
80 * @param role the Role
81 * @param group the Group
82 * @return <code>true</code> if the user is assigned the Role in the Group.
83 */
84 boolean hasRole(Role role, Group group);
85
86 /***
87 * Checks if the user is assigned a specific Role in any of the given
88 * Groups
89 *
90 * @param role the Role
91 * @param groupset a Groupset
92 * @return <code>true</code> if the user is assigned the Role in any of
93 * the given Groups.
94 */
95 boolean hasRole(Role role, GroupSet groupset);
96
97 /***
98 * Checks if the user is assigned a specific Role in the Group.
99 *
100 * @param role the Role
101 * @param group the Group
102 * @return <code>true</code> if the user is assigned the Role in the Group.
103 */
104 boolean hasRole(String role, String group);
105
106 /***
107 * Checks if the user is assigned a specifie Role in any of the given
108 * Groups
109 *
110 * @param rolename the name of the Role
111 * @param groupset a Groupset
112 * @return <code>true</code> if the user is assigned the Role in any of
113 * the given Groups.
114 */
115 boolean hasRole(String rolename, GroupSet groupset);
116
117 /***
118 * Checks if the user is assigned a specific Role in the global Group.
119 *
120 * @param role the Role
121 * @return <code>true</code> if the user is assigned the Role in the global Group.
122 */
123 boolean hasRole(Role role);
124
125 /***
126 * Checks if the user is assigned a specific Role in the global Group.
127 *
128 * @param role the Role
129 * @return <code>true</code> if the user is assigned the Role in the global Group.
130 */
131 boolean hasRole(String role);
132
133 /***
134 * Checks if the user is assigned a specific Permission in the Group.
135 *
136 * @param permission the Permission
137 * @param group the Group
138 * @return <code>true</code> if the user is assigned the Permission in the Group.
139 */
140 boolean hasPermission(Permission permission, Group group);
141
142 /***
143 * Checks if the user is assigned a specific Permission in any of the given
144 * Groups
145 *
146 * @param permission the Permission
147 * @param groupset a Groupset
148 * @return <code>true</code> if the user is assigned the Permission in any
149 * of the given Groups.
150 */
151 boolean hasPermission(Permission permission, GroupSet groupset);
152
153 /***
154 * Checks if the user is assigned a specific Permission in the Group.
155 *
156 * @param permission the Permission
157 * @param group the Group
158 * @return <code>true</code> if the user is assigned the Permission in the Group.
159 */
160 boolean hasPermission(String permission, String group);
161
162 /***
163 * Checks if the user is assigned a specific Permission in the Group.
164 *
165 * @param permission the Permission
166 * @param group the Group
167 * @return <code>true</code> if the user is assigned the Permission in the Group.
168 */
169 boolean hasPermission(String permission, Group group);
170
171 /***
172 * Checks if the user is assigned a specifie Permission in any of the given
173 * Groups
174 *
175 * @param permissionName the name of the Permission
176 * @param groupset a Groupset
177 * @return <code>true</code> if the user is assigned the Permission in any
178 * of the given Groups.
179 */
180 boolean hasPermission(String permissionName, GroupSet groupset);
181
182 /***
183 * Checks if the user is assigned a specific Permission in the global Group.
184 *
185 * @param permission the Permission
186 * @return <code>true</code> if the user is assigned the Permission in the global Group.
187 */
188 boolean hasPermission(Permission permission);
189
190 /***
191 * Checks if the user is assigned a specific Permission in the global Group.
192 *
193 * @param permission the Permission
194 * @return <code>true</code> if the user is assigned the Permission in the global Group.
195 */
196 boolean hasPermission(String permission);
197
198 /***
199 * Returns all groups definded in the system.
200 *
201 * @return An Array of all defined Groups
202 *
203 * This is useful for debugging, when you want to display all roles
204 * and permissions an user is assigned. This method is needed
205 * because you can't call static methods of TurbineSecurity class
206 * from within WebMacro/Velocity template
207 */
208 Group[] getAllGroups();
209 }