001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.acl.basic;
017:
018: import org.acegisecurity.acl.AclEntry;
019:
020: /**
021: * Represents an entry in an access control list.
022: *
023: * @author Ben Alex
024: * @version $Id: BasicAclEntry.java 1784 2007-02-24 21:00:24Z luke_t $
025: */
026: public interface BasicAclEntry extends AclEntry {
027: //~ Methods ========================================================================================================
028:
029: /**
030: * Indicates the domain object instance that is subject of this <code>BasicAclEntry</code>. This
031: * information may be of interest to relying classes (voters and business methods) that wish to know the actual
032: * origination of the ACL entry (so as to distinguish individual ACL entries from others contributed by the
033: * inheritance hierarchy).
034: *
035: * @return the ACL object identity that is subject of this ACL entry (never <code>null</code>)
036: */
037: AclObjectIdentity getAclObjectIdentity();
038:
039: /**
040: * Indicates any ACL parent of the domain object instance. This is used by <code>BasicAclProvider</code> to
041: * walk the inheritance hierarchy. An domain object instance need <b>not</b> have a parent.
042: *
043: * @return the ACL object identity that is the parent of this ACL entry (may be <code>null</code> if no parent
044: * should be consulted)
045: */
046: AclObjectIdentity getAclObjectParentIdentity();
047:
048: /**
049: * Access control lists in this package are based on bit masking. The integer value of the bit mask can be
050: * obtained from this method.
051: *
052: * @return the bit mask applicable to this ACL entry (zero indicates a bit mask where no permissions have been
053: * granted)
054: */
055: int getMask();
056:
057: /**
058: * A domain object instance will usually have multiple <code>BasicAclEntry</code>s. Each separate
059: * <code>BasicAclEntry</code> applies to a particular "recipient". Typical examples of recipients include (but do
060: * not necessarily have to include) usernames, role names, complex granted authorities etc.<P><B>It is
061: * essential that only one <code>BasicAclEntry</code> exists for a given recipient</B>. Otherwise conflicts as to
062: * the mask that should apply to a given recipient will occur.</p>
063: * <P>This method indicates which recipient this <code>BasicAclEntry</code> applies to. The returned
064: * object type will vary depending on the type of recipient. For instance, it might be a <code>String</code>
065: * containing a username, or a <code>GrantedAuthorityImpl</code> containing a complex granted authority that is
066: * being granted the permissions contained in this access control entry. The {@link EffectiveAclsResolver} and
067: * {@link BasicAclProvider#getAcls(Object,org.acegisecurity.Authentication)} can process the different recipient
068: * types and return only those that apply to a specified <code>Authentication</code> object.</p>
069: *
070: * @return the recipient of this access control list entry (never <code>null</code>)
071: */
072: Object getRecipient();
073:
074: /**
075: * Determine if the mask of this entry includes this permission or not
076: *
077: * @param permissionToCheck
078: *
079: * @return if the entry's mask includes this permission
080: */
081: boolean isPermitted(int permissionToCheck);
082:
083: /**
084: * This setter should <B>only</B> be used by DAO implementations.
085: *
086: * @param aclObjectIdentity an object which can be used to uniquely identify the domain object instance subject of
087: * this ACL entry
088: */
089: void setAclObjectIdentity(AclObjectIdentity aclObjectIdentity);
090:
091: /**
092: * This setter should <B>only</B> be used by DAO implementations.
093: *
094: * @param aclObjectParentIdentity an object which represents the parent of the domain object instance subject of
095: * this ACL entry, or <code>null</code> if either the domain object instance has no parent or its parent
096: * should be not used to compute an inheritance hierarchy
097: */
098: void setAclObjectParentIdentity(
099: AclObjectIdentity aclObjectParentIdentity);
100:
101: /**
102: * This setter should <B>only</B> be used by DAO implementations.
103: *
104: * @param mask the integer representing the permissions bit mask
105: */
106: void setMask(int mask);
107:
108: /**
109: * This setter should <B>only</B> be used by DAO implementations.
110: *
111: * @param recipient a representation of the recipient of this ACL entry that makes sense to an
112: * <code>EffectiveAclsResolver</code> implementation
113: */
114: void setRecipient(Object recipient);
115: }
|