001 package org.apache.turbine.util.security;
002
003
004 /*
005 * Licensed to the Apache Software Foundation (ASF) under one
006 * or more contributor license agreements. See the NOTICE file
007 * distributed with this work for additional information
008 * regarding copyright ownership. The ASF licenses this file
009 * to you under the Apache License, Version 2.0 (the
010 * "License"); you may not use this file except in compliance
011 * with the License. You may obtain a copy of the License at
012 *
013 * http://www.apache.org/licenses/LICENSE-2.0
014 *
015 * Unless required by applicable law or agreed to in writing,
016 * software distributed under the License is distributed on an
017 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
018 * KIND, either express or implied. See the License for the
019 * specific language governing permissions and limitations
020 * under the License.
021 */
022
023
024 import java.io.Serializable;
025
026 import org.apache.turbine.om.security.Group;
027 import org.apache.turbine.om.security.Permission;
028 import org.apache.turbine.om.security.Role;
029
030 /**
031 * This interface describes a control class that makes it
032 * easy to find out if a particular User has a given Permission.
033 * It also determines if a User has a a particular Role.
034 *
035 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
036 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
037 * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
038 * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
039 * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
040 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
041 * @version $Id: AccessControlList.java 615328 2008-01-25 20:25:05Z tv $
042 */
043 public interface AccessControlList
044 extends Serializable
045 {
046 /** The default Session key for the Access Control List */
047 public static final java.lang.String SESSION_KEY = "turbine.AccessControlList";
048
049 /**
050 * Retrieves a set of Roles an user is assigned in a Group.
051 *
052 * @param group the Group
053 * @return the set of Roles this user has within the Group.
054 */
055 RoleSet getRoles(Group group);
056
057 /**
058 * Retrieves a set of Roles an user is assigned in the global Group.
059 *
060 * @return the set of Roles this user has within the global Group.
061 */
062 RoleSet getRoles();
063
064 /**
065 * Retrieves a set of Permissions an user is assigned in a Group.
066 *
067 * @param group the Group
068 * @return the set of Permissions this user has within the Group.
069 */
070 PermissionSet getPermissions(Group group);
071
072 /**
073 * Retrieves a set of Permissions an user is assigned in the global Group.
074 *
075 * @return the set of Permissions this user has within the global Group.
076 */
077 PermissionSet getPermissions();
078
079 /**
080 * Checks if the user is assigned a specific Role in the Group.
081 *
082 * @param role the Role
083 * @param group the Group
084 * @return <code>true</code> if the user is assigned the Role in the Group.
085 */
086 boolean hasRole(Role role, Group group);
087
088 /**
089 * Checks if the user is assigned a specific Role in any of the given
090 * Groups
091 *
092 * @param role the Role
093 * @param groupset a Groupset
094 * @return <code>true</code> if the user is assigned the Role in any of
095 * the given Groups.
096 */
097 boolean hasRole(Role role, GroupSet groupset);
098
099 /**
100 * Checks if the user is assigned a specific Role in the Group.
101 *
102 * @param role the Role
103 * @param group the Group
104 * @return <code>true</code> if the user is assigned the Role in the Group.
105 */
106 boolean hasRole(String role, String group);
107
108 /**
109 * Checks if the user is assigned a specifie Role in any of the given
110 * Groups
111 *
112 * @param rolename the name of the Role
113 * @param groupset a Groupset
114 * @return <code>true</code> if the user is assigned the Role in any of
115 * the given Groups.
116 */
117 boolean hasRole(String rolename, GroupSet groupset);
118
119 /**
120 * Checks if the user is assigned a specific Role in the global Group.
121 *
122 * @param role the Role
123 * @return <code>true</code> if the user is assigned the Role in the global Group.
124 */
125 boolean hasRole(Role role);
126
127 /**
128 * Checks if the user is assigned a specific Role in the global Group.
129 *
130 * @param role the Role
131 * @return <code>true</code> if the user is assigned the Role in the global Group.
132 */
133 boolean hasRole(String role);
134
135 /**
136 * Checks if the user is assigned a specific Permission in the Group.
137 *
138 * @param permission the Permission
139 * @param group the Group
140 * @return <code>true</code> if the user is assigned the Permission in the Group.
141 */
142 boolean hasPermission(Permission permission, Group group);
143
144 /**
145 * Checks if the user is assigned a specific Permission in any of the given
146 * Groups
147 *
148 * @param permission the Permission
149 * @param groupset a Groupset
150 * @return <code>true</code> if the user is assigned the Permission in any
151 * of the given Groups.
152 */
153 boolean hasPermission(Permission permission, GroupSet groupset);
154
155 /**
156 * Checks if the user is assigned a specific Permission in the Group.
157 *
158 * @param permission the Permission
159 * @param group the Group
160 * @return <code>true</code> if the user is assigned the Permission in the Group.
161 */
162 boolean hasPermission(String permission, String group);
163
164 /**
165 * Checks if the user is assigned a specific Permission in the Group.
166 *
167 * @param permission the Permission
168 * @param group the Group
169 * @return <code>true</code> if the user is assigned the Permission in the Group.
170 */
171 boolean hasPermission(String permission, Group group);
172
173 /**
174 * Checks if the user is assigned a specifie Permission in any of the given
175 * Groups
176 *
177 * @param permissionName the name of the Permission
178 * @param groupset a Groupset
179 * @return <code>true</code> if the user is assigned the Permission in any
180 * of the given Groups.
181 */
182 boolean hasPermission(String permissionName, GroupSet groupset);
183
184 /**
185 * Checks if the user is assigned a specific Permission in the global Group.
186 *
187 * @param permission the Permission
188 * @return <code>true</code> if the user is assigned the Permission in the global Group.
189 */
190 boolean hasPermission(Permission permission);
191
192 /**
193 * Checks if the user is assigned a specific Permission in the global Group.
194 *
195 * @param permission the Permission
196 * @return <code>true</code> if the user is assigned the Permission in the global Group.
197 */
198 boolean hasPermission(String permission);
199
200 /**
201 * Returns all groups definded in the system.
202 *
203 * @return An Array of all defined Groups
204 *
205 * This is useful for debugging, when you want to display all roles
206 * and permissions an user is assigned. This method is needed
207 * because you can't call static methods of TurbineSecurity class
208 * from within WebMacro/Velocity template
209 */
210 Group[] getAllGroups();
211 }