001: /*
002: * Copyright 2007 Pentaho Corporation. All rights reserved.
003: * This software was developed by Pentaho Corporation and is provided under the terms
004: * of the Mozilla Public License, Version 1.1, or any later version. You may not use
005: * this file except in compliance with the license. If you need a copy of the license,
006: * please go to http://www.mozilla.org/MPL/MPL-1.1.txt. The Original Code is the Pentaho
007: * BI Platform. The Initial Developer is Pentaho Corporation.
008: *
009: * Software distributed under the Mozilla Public License is distributed on an "AS IS"
010: * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. Please refer to
011: * the license for the specific language governing your rights and limitations.
012: */
013: package com.pentaho.security.acls.voter;
014:
015: import org.acegisecurity.GrantedAuthority;
016: import org.acegisecurity.acl.AclEntry;
017: import org.pentaho.core.session.IPentahoSession;
018:
019: import com.pentaho.security.acls.IAclHolder;
020: import com.pentaho.security.acls.PentahoAclEntry;
021:
022: public interface IAclVoter {
023:
024: /**
025: * Determines whether the user (auth) has the requested authority (mask)
026: * based on the list of effective authorities from the holder.
027: *
028: * @param auth
029: * @param holder
030: * @param mask
031: * @return true if the user has the requested access.
032: */
033: public boolean hasAccess(IPentahoSession session,
034: IAclHolder holder, int mask);
035:
036: /**
037: * Returns an array of the authorities from the IAclHolder that apply to the
038: * provided authentication object.
039: *
040: * @param auth
041: * @param holder
042: * @return The array of authorities from the IAclHolder that apply to the
043: * person in question
044: */
045: public AclEntry[] getEffectiveAcls(IPentahoSession session,
046: IAclHolder holder);
047:
048: /**
049: * Determines whether the user is a super-manager of Pentaho. Uses the
050: * Manager Role.
051: *
052: * @param session
053: * @return <code>true</code> if the user is a super-manager
054: */
055: public boolean isPentahoAdministrator(IPentahoSession session);
056:
057: /**
058: * Gets the role used to determine whether someone is the system-manager.
059: *
060: * @return <code>GrantedAuthority</code> of the role someone must be in to
061: * be the system manager.
062: */
063: public GrantedAuthority getAdminRole();
064:
065: /**
066: * Sets the role used to determine whether someone is the system-manager.
067: *
068: * @param value
069: * The <code>GrantedAuthority</code> which someone must be a
070: * considered a system manager
071: */
072: public void setAdminRole(GrantedAuthority value);
073:
074: /**
075: * Returns true if the user is a member of the specified role
076: *
077: * @param session
078: * @param role
079: * @return <code>true</code> if the user is a member of the specified role
080: */
081: public boolean isGranted(IPentahoSession session,
082: GrantedAuthority role);
083:
084: /**
085: * This returns the effective ACL for the piece of content for the given
086: * user. Ideally, this will look at all the effective ACLs returned for this
087: * user for this piece of content, and return an ACL that encapsulates all
088: * the users' access to that content. The returning PentahoAclEntry will
089: * represent the ACL that the user has to the content.
090: *
091: * This method should NEVER return <code>null</code>. If the user has no
092: * access to the object, it needs to return a PentahoAclEntry with
093: * nothing (mask of 0).
094: *
095: * @param session
096: * @param holder
097: * @return PentahoAclEntry holding the access to the object.
098: */
099: public PentahoAclEntry getEffectiveAcl(IPentahoSession session,
100: IAclHolder holder);
101:
102: }
|