001: /***************************************************************
002: * This file is part of the [fleXive](R) project.
003: *
004: * Copyright (c) 1999-2008
005: * UCS - unique computing solutions gmbh (http://www.ucs.at)
006: * All rights reserved
007: *
008: * The [fleXive](R) project is free software; you can redistribute
009: * it and/or modify it under the terms of the GNU General Public
010: * License as published by the Free Software Foundation;
011: * either version 2 of the License, or (at your option) any
012: * later version.
013: *
014: * The GNU General Public License can be found at
015: * http://www.gnu.org/copyleft/gpl.html.
016: * A copy is found in the textfile GPL.txt and important notices to the
017: * license from the author are found in LICENSE.txt distributed with
018: * these libraries.
019: *
020: * This library is distributed in the hope that it will be useful,
021: * but WITHOUT ANY WARRANTY; without even the implied warranty of
022: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
023: * GNU General Public License for more details.
024: *
025: * For further information about UCS - unique computing solutions gmbh,
026: * please see the company website: http://www.ucs.at
027: *
028: * For further information about [fleXive](R), please see the
029: * project website: http://www.flexive.org
030: *
031: *
032: * This copyright notice MUST APPEAR in all copies of the file!
033: ***************************************************************/package com.flexive.shared.security;
034:
035: import com.flexive.shared.FxLanguage;
036: import com.flexive.shared.content.FxPK;
037:
038: import java.io.Serializable;
039:
040: /**
041: * The UserTicket caches informations about a user.
042: *
043: * @author Gregor Schober (gregor.schober@flexive.com), UCS - unique computing solutions gmbh (http://www.ucs.at)
044: * @version $Rev: 231 $
045: */
046: public interface UserTicket extends Serializable {
047:
048: /**
049: * Getter for the (not unique) user name
050: *
051: * @return the (not unique) user name
052: */
053: String getUserName();
054:
055: /**
056: * Returns true if the ticket is a guest user.
057: *
058: * @return true if the ticket is a guest user
059: */
060: boolean isGuest();
061:
062: /**
063: * Returns the unique login name of the user.
064: *
065: * @return the unique login name of the user.
066: */
067: String getLoginName();
068:
069: /**
070: * Getter for the user id
071: *
072: * @return the user id
073: */
074: long getUserId();
075:
076: /**
077: * Get the primary key for the associated contact data
078: *
079: * @return primary key for the associated contact data
080: */
081: FxPK getContactData();
082:
083: /**
084: * Returns true if more than one session with the tickets user can be logged in at the same time.
085: *
086: * @return true if more than one session with the tickets user can be logged in at the same time.
087: */
088: boolean isMultiLogin();
089:
090: /**
091: * Return true if the user is a global supervisor.
092: *
093: * @return true if the user is a global supervisor
094: */
095: boolean isGlobalSupervisor();
096:
097: /**
098: * Return true if the user is a supervisor within its domain
099: *
100: * @return true if the user is a supervisor within its domain
101: */
102: boolean isMandatorSupervisor();
103:
104: /**
105: * Returns the id of the mandator the user belongs to.
106: *
107: * @return the id of the mandator the user belongs to
108: */
109: long getMandatorId();
110:
111: /**
112: * Returns true if the user is a member of the given group.
113: *
114: * @param group the group to check for
115: * @return true if the user is a member of the given group
116: */
117: boolean isInGroup(long group);
118:
119: /**
120: * Returns true if the user is assigned to the given role.
121: *
122: * @param role the role to check for
123: * @return true if the user is assigned to the given role
124: */
125: boolean isInRole(Role role);
126:
127: /**
128: * Returns true if the user is a member of all the given group.
129: * <p/>
130: * Returns true if the groups parameter is null or empty
131: *
132: * @param groups the groups to check for
133: * @return true if the user is a member of all the given group
134: */
135: boolean isInGroups(int groups[]);
136:
137: /**
138: * Returns all groups the user is in.
139: * <p/>
140: * Every user is at least in the Group EVERYONE
141: *
142: * @return all groups the user is in.
143: */
144: long[] getGroups();
145:
146: /**
147: * Returns true if the user is a member of at least one of the given groups.
148: * <p/>
149: * Returns true if the groups parameter is null or empty
150: *
151: * @param groups the groups to check for
152: * @return true if the user is a member of all the given group
153: */
154: boolean isInAtLeastOneGroup(long[] groups);
155:
156: /**
157: * Returns the application id the ticket belongs to.
158: *
159: * @return the application id the ticket belongs to
160: */
161: String getApplicationId();
162:
163: /**
164: * Returns all ACLAssignments for the user.
165: * <p/>
166: * The user inherits all ACLAssignments from his groups.
167: *
168: * @return all ACLAssignments for the user, may be a empty list but is never null
169: */
170: ACLAssignment[] getACLAssignments();
171:
172: /**
173: * Returns true if the user is assigned to a given ACL.
174: *
175: * @param aclId the acl to check for
176: * @return true if the user is assigned to the ACL, or false.
177: */
178: boolean isAssignedToACL(long aclId);
179:
180: /**
181: * Returns the time that this ticket was created at.
182: *
183: * @return the time that the ticket was created at
184: */
185: long getCreationTime();
186:
187: /**
188: * Returns true if the user may read objects using the given ACL.
189: *
190: * @param aclId the acl
191: * @param ownerId id of the owner
192: * @return true if the user may read objects using the given ACL
193: */
194: boolean mayReadACL(long aclId, long ownerId);
195:
196: /**
197: * Returns true if the user may edit objects using the given ACL.
198: *
199: * @param aclId the acl
200: * @param ownerId id of the owner
201: * @return true if the user may edit objects using the given ACL
202: */
203: boolean mayEditACL(long aclId, long ownerId);
204:
205: /**
206: * Returns true if the user may export objects using the given ACL.
207: *
208: * @param aclId the acl
209: * @param ownerId id of the owner
210: * @return true if the user may export objects using the given ACL
211: */
212: boolean mayExportACL(long aclId, long ownerId);
213:
214: /**
215: * Returns true if the user may relate objects to a object using the given ACL.
216: *
217: * @param aclId the acl
218: * @param ownerId id of the owner
219: * @return true if the user may relate objects using the given ACL
220: */
221: boolean mayRelateACL(long aclId, long ownerId);
222:
223: /**
224: * Returns true if the user may create objects using the given ACL.
225: *
226: * @param aclId the acl
227: * @param ownerId id of the owner
228: * @return true if the user may create objects using the given ACL
229: */
230: boolean mayCreateACL(long aclId, long ownerId);
231:
232: /**
233: * Returns true if the user may edit objects using the given ACL.
234: *
235: * @param aclId the acl
236: * @param ownerId id of the owner
237: * @return true if the user may edit objects using the given ACL
238: */
239: boolean mayDeleteACL(long aclId, long ownerId);
240:
241: /**
242: * Returns all ACLAssignments for the user matching the filter parameters.
243: * <p/>
244: * A ACL may accure multiple times within the result, since the ACLAssignment object contains
245: * the groupId that the ACL is assigned to. The user itself gets the ACLAssignments from the groups he
246: * belongs to.
247: *
248: * @param category all assignments if null, or only those matching the given category
249: * @param ownerId id of the owner
250: * @param perms ACL.PERM
251: * @return all ACLAssignments for the user matching the filter parameters, may be a empty array but is never null
252: */
253: ACLAssignment[] getACLAssignments(ACL.Category category,
254: long ownerId, ACL.Permission... perms);
255:
256: /**
257: * Returns the id of all ACLs for the user matching the filter parameters.
258: * <p/>
259: * The ACL ids are distinct within the result.<br>
260: * The permissions the user gets from all groups he belongs to are taken into account.
261: *
262: * @param ownerId id of the owner
263: * @param category ACL.CATEGORY
264: * @param perms ACL.PERM
265: * @return all ACL ids for the user matching the filter parameters, may be an empty array but is never null
266: */
267: Long[] getACLsId(long ownerId, ACL.Category category,
268: ACL.Permission... perms);
269:
270: /**
271: * Returns the id of all ACLs for the user matching the filter parameters as comma separated list.
272: * <p/>
273: * The ACL ids are distinct within the result.<br>
274: * The permissions the user gets from all groups he belongs to are taken into account.
275: *
276: * @param ownerId id of the owner
277: * @param category all assignments if null, or only those matching the given category
278: * @param perms ACL.PERM
279: * @return all ACL ids for the user matching the filter parameters as comma separated list.
280: */
281: String getACLsCSV(long ownerId, ACL.Category category,
282: ACL.Permission... perms);
283:
284: /**
285: * Returns the id of all ACLs for the user matching the filter parameters.
286: * <p/>
287: * The ACL ids are distinct within the result.<br>
288: * The permissions the user gets from all groups he belongs to are taken into account.
289: *
290: * @param owner id of the owner
291: * @param category ACL.CATEGORY
292: * @param perms ACL.PERM
293: * @return all ACL ids for the user matching the filter parameters, may be an empty array but is never null
294: */
295: ACL[] getACLs(long owner, ACL.Category category,
296: ACL.Permission... perms);
297:
298: /**
299: * Get the default language of this user
300: *
301: * @return default language of this user
302: */
303: FxLanguage getLanguage();
304:
305: /**
306: * Returns true if this is a ticket for the webdav part of the application.
307: *
308: * @return true if this is a ticket for the webdav part of the application.
309: */
310: boolean isWebDav();
311:
312: /**
313: * Clones a ticket with global supervisor permissions.
314: *
315: * @return the cloned ticket with the given session id
316: */
317: UserTicket cloneAsGlobalSupervisor();
318:
319: /**
320: * Get the number of failed login attempts until the user sucessfully logged in
321: *
322: * @return number of failed login attempts until the user sucessfully logged in
323: */
324: public long getFailedLoginAttempts();
325:
326: /**
327: * Get the source used to authenticate the user
328: *
329: * @return source used to authenticate the user
330: */
331: public AuthenticationSource getAuthenticationSource();
332:
333: /**
334: * Override the users language.
335: * Please note that overriding a language will only work for the
336: * current session. To change the language permantently edit the users account data!
337: *
338: * @param language language to override
339: */
340: public void overrideLanguage(FxLanguage language);
341: }
|