001: package org.apache.turbine.util.security;
002:
003: /*
004: * Licensed to the Apache Software Foundation (ASF) under one
005: * or more contributor license agreements. See the NOTICE file
006: * distributed with this work for additional information
007: * regarding copyright ownership. The ASF licenses this file
008: * to you under the Apache License, Version 2.0 (the
009: * "License"); you may not use this file except in compliance
010: * with the License. You may obtain a copy of the License at
011: *
012: * http://www.apache.org/licenses/LICENSE-2.0
013: *
014: * Unless required by applicable law or agreed to in writing,
015: * software distributed under the License is distributed on an
016: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017: * KIND, either express or implied. See the License for the
018: * specific language governing permissions and limitations
019: * under the License.
020: */
021:
022: import java.io.Serializable;
023:
024: import org.apache.turbine.om.security.Group;
025: import org.apache.turbine.om.security.Permission;
026: import org.apache.turbine.om.security.Role;
027:
028: /**
029: * This interface describes a control class that makes it
030: * easy to find out if a particular User has a given Permission.
031: * It also determines if a User has a a particular Role.
032: *
033: * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
034: * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
035: * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
036: * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
037: * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
038: * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
039: * @version $Id: AccessControlList.java 534527 2007-05-02 16:10:59Z tv $
040: */
041: public interface AccessControlList extends Serializable {
042: /** The default Session key for the Access Control List */
043: String SESSION_KEY = "turbine.AccessControlList";
044:
045: /**
046: * Retrieves a set of Roles an user is assigned in a Group.
047: *
048: * @param group the Group
049: * @return the set of Roles this user has within the Group.
050: */
051: RoleSet getRoles(Group group);
052:
053: /**
054: * Retrieves a set of Roles an user is assigned in the global Group.
055: *
056: * @return the set of Roles this user has within the global Group.
057: */
058: RoleSet getRoles();
059:
060: /**
061: * Retrieves a set of Permissions an user is assigned in a Group.
062: *
063: * @param group the Group
064: * @return the set of Permissions this user has within the Group.
065: */
066: PermissionSet getPermissions(Group group);
067:
068: /**
069: * Retrieves a set of Permissions an user is assigned in the global Group.
070: *
071: * @return the set of Permissions this user has within the global Group.
072: */
073: PermissionSet getPermissions();
074:
075: /**
076: * Checks if the user is assigned a specific Role in the Group.
077: *
078: * @param role the Role
079: * @param group the Group
080: * @return <code>true</code> if the user is assigned the Role in the Group.
081: */
082: boolean hasRole(Role role, Group group);
083:
084: /**
085: * Checks if the user is assigned a specific Role in any of the given
086: * Groups
087: *
088: * @param role the Role
089: * @param groupset a Groupset
090: * @return <code>true</code> if the user is assigned the Role in any of
091: * the given Groups.
092: */
093: boolean hasRole(Role role, GroupSet groupset);
094:
095: /**
096: * Checks if the user is assigned a specific Role in the Group.
097: *
098: * @param role the Role
099: * @param group the Group
100: * @return <code>true</code> if the user is assigned the Role in the Group.
101: */
102: boolean hasRole(String role, String group);
103:
104: /**
105: * Checks if the user is assigned a specifie Role in any of the given
106: * Groups
107: *
108: * @param rolename the name of the Role
109: * @param groupset a Groupset
110: * @return <code>true</code> if the user is assigned the Role in any of
111: * the given Groups.
112: */
113: boolean hasRole(String rolename, GroupSet groupset);
114:
115: /**
116: * Checks if the user is assigned a specific Role in the global Group.
117: *
118: * @param role the Role
119: * @return <code>true</code> if the user is assigned the Role in the global Group.
120: */
121: boolean hasRole(Role role);
122:
123: /**
124: * Checks if the user is assigned a specific Role in the global Group.
125: *
126: * @param role the Role
127: * @return <code>true</code> if the user is assigned the Role in the global Group.
128: */
129: boolean hasRole(String role);
130:
131: /**
132: * Checks if the user is assigned a specific Permission in the Group.
133: *
134: * @param permission the Permission
135: * @param group the Group
136: * @return <code>true</code> if the user is assigned the Permission in the Group.
137: */
138: boolean hasPermission(Permission permission, Group group);
139:
140: /**
141: * Checks if the user is assigned a specific Permission in any of the given
142: * Groups
143: *
144: * @param permission the Permission
145: * @param groupset a Groupset
146: * @return <code>true</code> if the user is assigned the Permission in any
147: * of the given Groups.
148: */
149: boolean hasPermission(Permission permission, GroupSet groupset);
150:
151: /**
152: * Checks if the user is assigned a specific Permission in the Group.
153: *
154: * @param permission the Permission
155: * @param group the Group
156: * @return <code>true</code> if the user is assigned the Permission in the Group.
157: */
158: boolean hasPermission(String permission, String group);
159:
160: /**
161: * Checks if the user is assigned a specific Permission in the Group.
162: *
163: * @param permission the Permission
164: * @param group the Group
165: * @return <code>true</code> if the user is assigned the Permission in the Group.
166: */
167: boolean hasPermission(String permission, Group group);
168:
169: /**
170: * Checks if the user is assigned a specifie Permission in any of the given
171: * Groups
172: *
173: * @param permissionName the name of the Permission
174: * @param groupset a Groupset
175: * @return <code>true</code> if the user is assigned the Permission in any
176: * of the given Groups.
177: */
178: boolean hasPermission(String permissionName, GroupSet groupset);
179:
180: /**
181: * Checks if the user is assigned a specific Permission in the global Group.
182: *
183: * @param permission the Permission
184: * @return <code>true</code> if the user is assigned the Permission in the global Group.
185: */
186: boolean hasPermission(Permission permission);
187:
188: /**
189: * Checks if the user is assigned a specific Permission in the global Group.
190: *
191: * @param permission the Permission
192: * @return <code>true</code> if the user is assigned the Permission in the global Group.
193: */
194: boolean hasPermission(String permission);
195:
196: /**
197: * Returns all groups definded in the system.
198: *
199: * @return An Array of all defined Groups
200: *
201: * This is useful for debugging, when you want to display all roles
202: * and permissions an user is assigned. This method is needed
203: * because you can't call static methods of TurbineSecurity class
204: * from within WebMacro/Velocity template
205: */
206: Group[] getAllGroups();
207: }
|