001: /***************************************************************
002: * This file is part of the [fleXive](R) project.
003: *
004: * Copyright (c) 1999-2008
005: * UCS - unique computing solutions gmbh (http://www.ucs.at)
006: * All rights reserved
007: *
008: * The [fleXive](R) project is free software; you can redistribute
009: * it and/or modify it under the terms of the GNU General Public
010: * License as published by the Free Software Foundation;
011: * either version 2 of the License, or (at your option) any
012: * later version.
013: *
014: * The GNU General Public License can be found at
015: * http://www.gnu.org/copyleft/gpl.html.
016: * A copy is found in the textfile GPL.txt and important notices to the
017: * license from the author are found in LICENSE.txt distributed with
018: * these libraries.
019: *
020: * This library is distributed in the hope that it will be useful,
021: * but WITHOUT ANY WARRANTY; without even the implied warranty of
022: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
023: * GNU General Public License for more details.
024: *
025: * For further information about UCS - unique computing solutions gmbh,
026: * please see the company website: http://www.ucs.at
027: *
028: * For further information about [fleXive](R), please see the
029: * project website: http://www.flexive.org
030: *
031: *
032: * This copyright notice MUST APPEAR in all copies of the file!
033: ***************************************************************/package com.flexive.shared.interfaces;
034:
035: import com.flexive.shared.exceptions.FxApplicationException;
036: import com.flexive.shared.security.ACL;
037: import com.flexive.shared.security.ACLAssignment;
038: import com.flexive.shared.value.FxString;
039:
040: import javax.ejb.Remote;
041: import java.util.ArrayList;
042: import java.util.List;
043:
044: /**
045: * ACL engine interface
046: *
047: * @author Gregor Schober (gregor.schober@flexive.com), UCS - unique computing solutions gmbh (http://www.ucs.at)
048: * @author Daniel Lichtenberger (daniel.lichtenberger@flexive.com), UCS - unique computing solutions gmbh (http://www.ucs.at)
049: */
050: @Remote
051: public interface ACLEngine {
052:
053: /**
054: * Creates a new ACL for a specific mandator.
055: * <p/>
056: * The caller needs to be in ACLManagement, and may only create ACLs for the
057: * mandator he belongs to.<br>
058: * GROUP_GLOBAL_SUPERVISOR may create ACLs for all mandators.
059: *
060: * @param name the unique name for the new ACL
061: * @param label display label
062: * @param mandatorId the mandator the ACL belongs to
063: * @param color the color of the acl as 6 digit RGB value, for example FF0000 for pure red
064: * @param description a description for the ACL
065: * @param category the category of the ACL
066: * @return id of the newly created ACL
067: * @throws FxApplicationException creation failed, acl with the given name exists, calling user lacks
068: * permissions, parameter (name,mandator,color,category) was invalid, mandator does not exist
069: */
070: long create(String name, FxString label, long mandatorId,
071: String color, String description, ACL.Category category)
072: throws FxApplicationException;
073:
074: /**
075: * Remove an existing ACL identified by its unique id.
076: * <p/>
077: * A ACL may only be removed if it is not used by any object within the system.
078: * The calling user needs to be in ACLManagement, and may only unassign ACLs belonging
079: * to his mandator.<br>
080: * GROUP_GLOBAL_SUPERVISOR may unassign ACLs of mandators.
081: *
082: * @param aclId the id of the ACL to remove
083: * @throws FxApplicationException when the function failed to unassign the ACL,
084: * when a ACL with the given id does not exist,
085: * when the function failed to unassign the ACL
086: */
087: void remove(long aclId) throws FxApplicationException;
088:
089: /**
090: * Updates a existing ACL.
091: * <p/>
092: * The calling user needs to be in ACLManagement, and may only update ACLs belonging to his
093: * mandator.<br>
094: * GROUP_GLOBAL_SUPERVISOR may update ACLs of all mandators.
095: *
096: * @param aclId The unique id of the acl that should be updated
097: * @param name The new unqiue name of the ACL, or null if the old name should be kept
098: * @param label display label
099: * @param color The new color of the ACL, or null if the old color should be kept
100: * @param description The new description of the ACL, or null if the old description should be kept
101: * @param assignments ACL assignments
102: * @throws FxApplicationException update failed, acl does not exist, user lacks permissions, parameter is
103: * invalid, acl with the given name exists
104: */
105: void update(long aclId, String name, FxString label, String color,
106: String description, List<ACLAssignment> assignments)
107: throws FxApplicationException;
108:
109: /**
110: * Loads a ACL definied by its unique id.
111: * <p/>
112: * The caller may only load ACLs belonging to his mandator, or ACLs that the caller is assigned to.<br>
113: * GROUP_GLOBAL_SUPERVISOR may load all ACLs.
114: *
115: * @param id the unique id of the ACL that should be loaded
116: * @return the ACL
117: * @throws FxApplicationException load failed, acl does no exist, calling user may not access the ACL
118: */
119: ACL load(long id) throws FxApplicationException;
120:
121: /**
122: * Loads a ACL definied by its unique id.
123: * <p/>
124: * If ignoreSecurity is true the following permissison checks are performed:<br>
125: * The caller may only load ACLs belonging to his mandator.<br>
126: * GROUP_GLOBAL_SUPERVISOR may load all ACLs.
127: *
128: * @param id the unique id of the ACL that should be loaded
129: * @param ignoreSecurity security checks are skipped if set to true
130: * @return the ACL
131: * @throws FxApplicationException load failed, acl doesnt exist, calling user may not access the ACL
132: */
133: ACL load(long id, boolean ignoreSecurity)
134: throws FxApplicationException;
135:
136: /**
137: * Defines a ACL assignment between a group and a ACL.
138: *
139: * If all permissions are set to false no assignments is created, and any old assignment is removed.<br>
140: * Any existing assignment between this group and the ACL is overwritten.<br>
141: * The caller must be in ACLManagement and may only assign group and acls belonging zo his mandator.<br>
142: * GROUP_EVERYONE and PRIVATE my be assigned regardless of their mandator.<br>
143: * GLOBAL_SUPERVISOR may assign acls and groups of any mandator.
144: *
145: * @param aclId the acl
146: * @param groupId the group that should be assigned to the acl
147: * @param mayRead the read permission for the group/acl combination
148: * @param mayEdit the edit permission for the group/acl combination
149: * @param mayRelate the relate permission for the group/acl combination
150: * @param mayRemove the unassign permission for the group/acl combination
151: * @param mayExport the export permission for the group/acl combination
152: * @param mayCreate the create permission for the group/acl combination
153: * @throws FxApplicationException when the creation failed, when the calling user lacks the permission to create ACL
154: * assignments,when the group or ACL does not exist
155: */
156: void assign(long aclId, long groupId, boolean mayRead,
157: boolean mayEdit, boolean mayRelate, boolean mayRemove,
158: boolean mayExport, boolean mayCreate)
159: throws FxApplicationException;
160:
161: /**
162: * Defines an ACL assignment between a group and an ACL.
163: * This is a shortcut for <code>assign(long, long, boolean, boolean, boolean, boolean, boolean, boolean)</code>
164: *
165: * @param aclId the acl
166: * @param groupId the group that should be assigned to the acl
167: * @param permissions list of permissions to set (NOT_.. permissions are ignored as default is <code>false</code>)
168: * @throws FxApplicationException when the creation failed, when the calling user lacks the permission to create ACL
169: * assignments,when the group or ACL does not exist
170: * @see #assign(long,long,boolean,boolean,boolean,boolean,boolean,boolean)
171: */
172: void assign(long aclId, long groupId, ACL.Permission... permissions)
173: throws FxApplicationException;
174:
175: /**
176: * Loads all ACL assignments of a group.
177: *
178: * The caller may only load ACLAssingments belonging to a group of his mandator.<br>
179: * GLOBAL_SUPERVISOR may load the ACLAssignments of all groups.
180: *
181: * @param groupId the group to load the ACL assignment for
182: * @return the ACL assignments of the group
183: * @throws FxApplicationException not found, load failed, caller may not access the given group
184: */
185: List<ACLAssignment> loadGroupAssignments(long groupId)
186: throws FxApplicationException;
187:
188: /**
189: * Loads all ACL assignments of a ACL.
190: *
191: * The caller may only load ACLAssingments belonging to a ACL of his mandator.<br>
192: * GLOBAL_SUPERVISOR may load the ACLAssignments of all ACL.
193: *
194: * @param aclId the acl to load the assignment for
195: * @return the ACL assignments of the group
196: * @throws FxApplicationException not found, load failed, no access
197: */
198: List<ACLAssignment> loadAssignments(long aclId)
199: throws FxApplicationException;
200:
201: /**
202: * Removes an ACLAssignment defined by its groupId and aclId.
203: *
204: * Only callers in ACLManagement may unassign ACLAssignments of groups and acl belonging to his mandator.<br>
205: * GROUP_EVERYONE and PRIVATE my be assigned regardless of their mandator.<br>
206: * GLOBAL_SUPERVISOR may unassign every ACLAssignment.
207: * @param aclId a acl id
208: * @param groupId a group id
209: * @throws FxApplicationException when the unassign failed,
210: * when a assignment with the groupId and aclId combination does not exist,
211: * when the calling user lacks the permission to manage ACLs
212: */
213: void unassign(long aclId, long groupId)
214: throws FxApplicationException;
215:
216: /**
217: * Loads all ACL assignments of a group or acl.
218: *
219: * The caller may only load ACL assingments belonging to a group or acl of his mandator.<br>
220: * GLOBAL_SUPERVISOR may load the ACL assignments of all groups.
221: *
222: * @param aclId the acl to load the ACL assigments for, or null
223: * @param groupId the group to load the ACL assignment for, or null
224: * @return the ACL assignments of the group
225: * @throws FxApplicationException when no data was found, if the user may not access the data, or when a
226: * unexpected error occured
227: */
228: List<ACLAssignment> loadAssignments(Long aclId, Long groupId)
229: throws FxApplicationException;
230: }
|