001: /*
002: * This file is part of PFIXCORE.
003: *
004: * PFIXCORE is free software; you can redistribute it and/or modify
005: * it under the terms of the GNU Lesser General Public License as published by
006: * the Free Software Foundation; either version 2 of the License, or
007: * (at your option) any later version.
008: *
009: * PFIXCORE is distributed in the hope that it will be useful,
010: * but WITHOUT ANY WARRANTY; without even the implied warranty of
011: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
012: * GNU Lesser General Public License for more details.
013: *
014: * You should have received a copy of the GNU Lesser General Public License
015: * along with PFIXCORE; if not, write to the Free Software
016: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
017: */
018:
019: package de.schlund.pfixcore.editor2.core.spring;
020:
021: import java.security.Principal;
022:
023: import de.schlund.pfixcore.editor2.core.dom.Image;
024: import de.schlund.pfixcore.editor2.core.dom.IncludePart;
025: import de.schlund.pfixcore.editor2.core.dom.IncludePartThemeVariant;
026: import de.schlund.pfixcore.editor2.core.dom.Theme;
027: import de.schlund.pfixcore.editor2.core.exception.EditorSecurityException;
028:
029: /**
030: * This service is responsible for handling security issues. It provides methods
031: * to check whether a user is allowed to trigger a certain action.
032: *
033: * @author Sebastian Marsching <sebastian.marsching@1und1.de>
034: */
035: public interface SecurityManagerService {
036: // Login-Handling should be done by another component
037: // boolean checkCredentials(String username, String password);
038: /**
039: * Sets the principal that is identifying the current user. This method is
040: * used to "login" a user or do a "logout" (using <code>null</code> as the
041: * supplied principal.
042: */
043: void setPrincipal(Principal auth);
044:
045: /**
046: * Returns the principal that is identifying the current user.
047: *
048: * @return Principal identifying the user currently logged in or
049: * <code>null</code> if no user is currently logged in.
050: */
051: Principal getPrincipal();
052:
053: /**
054: * Checks whether the user currently logged in is allowed to edit the
055: * specified {@link IncludePartThemeVariant}.
056: *
057: * @param part
058: * The part variant to do the check for
059: * @return <code>true</code> if the user is allowed to edit,
060: * <code>false</code> otherwise
061: */
062: boolean mayEditIncludePartThemeVariant(IncludePartThemeVariant part);
063:
064: /**
065: * Checks whether the user currently logged in is allowed to edit the
066: * specified {@link IncludePartThemeVariant}.
067: *
068: * @param part
069: * The part variant to do the check for
070: * @throws EditorSecurityException
071: * if the current user is not allowed to edit
072: */
073: void checkEditIncludePartThemeVariant(IncludePartThemeVariant part)
074: throws EditorSecurityException;
075:
076: /**
077: * Checks whether the user currently logged in is allowed to create a new
078: * {@link IncludePartThemeVariant} for the specified {@link IncludePart} and
079: * the specified {@link Theme}.
080: *
081: * @param part
082: * The part to do the check for
083: * @param theme
084: * The theme to do the check for
085: * @return <code>true</code> if the user is allowed to create the variant,
086: * <code>false</code> otherwise
087: */
088: boolean mayCreateIncludePartThemeVariant(IncludePart part,
089: Theme theme);
090:
091: /**
092: * Checks whether the user currently logged in is allowed to create a new
093: * {@link IncludePartThemeVariant} for the specified {@link IncludePart} and
094: * the specified {@link Theme}.
095: *
096: * @param part
097: * The part to do the check for
098: * @param theme
099: * The theme to do the check for
100: * @throws EditorSecurityException
101: * if the user is not allowed to create the variant
102: */
103: void checkCreateIncludePartThemeVariant(IncludePart part,
104: Theme theme) throws EditorSecurityException;
105:
106: /**
107: * Checks whether the user currently logged in is allowed to edit the
108: * specified {@link Image}.
109: *
110: * @param image
111: * The image to do the check for
112: * @return <code>true</code> if the user is allowed to edit,
113: * <code>false</code> otherwise
114: */
115: boolean mayEditImage(Image image);
116:
117: /**
118: * Checks whether the user currently logged in is allowed to edit the
119: * specified {@link Image}.
120: *
121: * @param image
122: * The image to do the check for
123: * @throws EditorSecurityException
124: * if the current user is not allowed to edit
125: */
126: void checkEditImage(Image image) throws EditorSecurityException;
127:
128: /**
129: * Checks whether the user currently logged in is allowed to edit dynamic
130: * includes.
131: *
132: * @return <code>true</code> if the user is allowed to edit,
133: * <code>false</code> otherwise.
134: */
135: boolean mayEditDynInclude();
136:
137: /**
138: * Checks whether the user currently logged in is allowed to edit dynamic
139: * includes.
140: *
141: * @throws EditorSecurityException
142: * if the current user is not allowed to edit
143: */
144: void checkEditDynInclude() throws EditorSecurityException;
145:
146: /**
147: * Checks whether the user currently logged in is allowed to perform
148: * administrative tasks.
149: *
150: * @return <code>true</code> if the user is an admin, <code>false</code>
151: * otherwise.
152: */
153: boolean mayAdmin();
154:
155: /**
156: * Checks whether the user currently logged in is allowed to perform
157: * administrative tasks.
158: *
159: * @throws EditorSecurityException
160: * if the current user is no admin
161: */
162: void checkAdmin() throws EditorSecurityException;
163: }
|