001    package org.apache.turbine.util.security;
002    
003    
004    /*
005     * Licensed to the Apache Software Foundation (ASF) under one
006     * or more contributor license agreements.  See the NOTICE file
007     * distributed with this work for additional information
008     * regarding copyright ownership.  The ASF licenses this file
009     * to you under the Apache License, Version 2.0 (the
010     * "License"); you may not use this file except in compliance
011     * with the License.  You may obtain a copy of the License at
012     *
013     *   http://www.apache.org/licenses/LICENSE-2.0
014     *
015     * Unless required by applicable law or agreed to in writing,
016     * software distributed under the License is distributed on an
017     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
018     * KIND, either express or implied.  See the License for the
019     * specific language governing permissions and limitations
020     * under the License.
021     */
022    
023    
024    import java.io.Serializable;
025    
026    import org.apache.turbine.om.security.Group;
027    import org.apache.turbine.om.security.Permission;
028    import org.apache.turbine.om.security.Role;
029    
030    /**
031     * This interface describes a control class that makes it
032     * easy to find out if a particular User has a given Permission.
033     * It also determines if a User has a a particular Role.
034     *
035     * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
036     * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
037     * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
038     * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
039     * @author <a href="mailto:marco@intermeta.de">Marco Kn&uuml;ttel</a>
040     * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
041     * @version $Id: AccessControlList.java 615328 2008-01-25 20:25:05Z tv $
042     */
043    public interface AccessControlList
044            extends Serializable
045    {
046        /** The default Session key for the Access Control List */
047        public static final java.lang.String SESSION_KEY = "turbine.AccessControlList";
048    
049        /**
050         * Retrieves a set of Roles an user is assigned in a Group.
051         *
052         * @param group the Group
053         * @return the set of Roles this user has within the Group.
054         */
055        RoleSet getRoles(Group group);
056    
057        /**
058         * Retrieves a set of Roles an user is assigned in the global Group.
059         *
060         * @return the set of Roles this user has within the global Group.
061         */
062        RoleSet getRoles();
063    
064        /**
065         * Retrieves a set of Permissions an user is assigned in a Group.
066         *
067         * @param group the Group
068         * @return the set of Permissions this user has within the Group.
069         */
070        PermissionSet getPermissions(Group group);
071    
072        /**
073         * Retrieves a set of Permissions an user is assigned in the global Group.
074         *
075         * @return the set of Permissions this user has within the global Group.
076         */
077        PermissionSet getPermissions();
078    
079        /**
080         * Checks if the user is assigned a specific Role in the Group.
081         *
082         * @param role the Role
083         * @param group the Group
084         * @return <code>true</code> if the user is assigned the Role in the Group.
085         */
086        boolean hasRole(Role role, Group group);
087    
088        /**
089         * Checks if the user is assigned a specific Role in any of the given
090         * Groups
091         *
092         * @param role the Role
093         * @param groupset a Groupset
094         * @return <code>true</code> if the user is assigned the Role in any of
095         *         the given Groups.
096         */
097        boolean hasRole(Role role, GroupSet groupset);
098    
099        /**
100         * Checks if the user is assigned a specific Role in the Group.
101         *
102         * @param role the Role
103         * @param group the Group
104         * @return <code>true</code> if the user is assigned the Role in the Group.
105         */
106        boolean hasRole(String role, String group);
107    
108        /**
109         * Checks if the user is assigned a specifie Role in any of the given
110         * Groups
111         *
112         * @param rolename the name of the Role
113         * @param groupset a Groupset
114         * @return <code>true</code> if the user is assigned the Role in any of
115         *         the given Groups.
116         */
117        boolean hasRole(String rolename, GroupSet groupset);
118    
119        /**
120         * Checks if the user is assigned a specific Role in the global Group.
121         *
122         * @param role the Role
123         * @return <code>true</code> if the user is assigned the Role in the global Group.
124         */
125        boolean hasRole(Role role);
126    
127        /**
128         * Checks if the user is assigned a specific Role in the global Group.
129         *
130         * @param role the Role
131         * @return <code>true</code> if the user is assigned the Role in the global Group.
132         */
133        boolean hasRole(String role);
134    
135        /**
136         * Checks if the user is assigned a specific Permission in the Group.
137         *
138         * @param permission the Permission
139         * @param group the Group
140         * @return <code>true</code> if the user is assigned the Permission in the Group.
141         */
142        boolean hasPermission(Permission permission, Group group);
143    
144        /**
145         * Checks if the user is assigned a specific Permission in any of the given
146         * Groups
147         *
148         * @param permission the Permission
149         * @param groupset a Groupset
150         * @return <code>true</code> if the user is assigned the Permission in any
151         *         of the given Groups.
152         */
153        boolean hasPermission(Permission permission, GroupSet groupset);
154    
155        /**
156         * Checks if the user is assigned a specific Permission in the Group.
157         *
158         * @param permission the Permission
159         * @param group the Group
160         * @return <code>true</code> if the user is assigned the Permission in the Group.
161         */
162        boolean hasPermission(String permission, String group);
163    
164        /**
165         * Checks if the user is assigned a specific Permission in the Group.
166         *
167         * @param permission the Permission
168         * @param group the Group
169         * @return <code>true</code> if the user is assigned the Permission in the Group.
170         */
171        boolean hasPermission(String permission, Group group);
172    
173        /**
174         * Checks if the user is assigned a specifie Permission in any of the given
175         * Groups
176         *
177         * @param permissionName the name of the Permission
178         * @param groupset a Groupset
179         * @return <code>true</code> if the user is assigned the Permission in any
180         *         of the given Groups.
181         */
182        boolean hasPermission(String permissionName, GroupSet groupset);
183    
184        /**
185         * Checks if the user is assigned a specific Permission in the global Group.
186         *
187         * @param permission the Permission
188         * @return <code>true</code> if the user is assigned the Permission in the global Group.
189         */
190        boolean hasPermission(Permission permission);
191    
192        /**
193         * Checks if the user is assigned a specific Permission in the global Group.
194         *
195         * @param permission the Permission
196         * @return <code>true</code> if the user is assigned the Permission in the global Group.
197         */
198        boolean hasPermission(String permission);
199    
200        /**
201         * Returns all groups definded in the system.
202         *
203         * @return An Array of all defined Groups
204         *
205         * This is useful for debugging, when you want to display all roles
206         * and permissions an user is assigned. This method is needed
207         * because you can't call static methods of TurbineSecurity class
208         * from within WebMacro/Velocity template
209         */
210        Group[] getAllGroups();
211    }