1/*2 * Copyright 2000-2004 The Apache Software Foundation.3 * 4 * Licensed under the Apache License, Version 2.0 (the "License");5 * you may not use this file except in compliance with the License.6 * You may obtain a copy of the License at7 * 8 * http://www.apache.org/licenses/LICENSE-2.09 * 10 * Unless required by applicable law or agreed to in writing, software11 * distributed under the License is distributed on an "AS IS" BASIS,12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.13 * See the License for the specific language governing permissions and14 * limitations under the License.15 */1617packageorg.apache.jetspeed.om.registry;
1819// Java imports20import java.util.Vector;
2122// Jetspeed imports23import org.apache.jetspeed.om.SecurityReference;
24import org.apache.jetspeed.om.registry.MetaInfo;
2526/***27 * Interface for manipulatin the security entries on the registry entries28 *29 * 30 * @author <a href="mailto:paulsp@apache.org">Paul Spencer</a>31 * @author <a href="mailto:weaver@apache.org">Scott T. Weaver</a>32 * @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a> 33 * @version $Id: SecurityEntry.java,v 1.6 2004/02/23 03:11:39 jford Exp $34 */3536publicinterfaceSecurityEntry {
3738/*** Getter for property accesses.39 * @return Value of property accesses.40 */41public Vector getAccesses();
4243/*** Setter for property accesses.44 * @param accesses New value of property accesses.45 */46publicvoid setAccesses(Vector accesses);
4748/*** Getter for property name.49 * @return Value of property name.50 */51public String getName();
5253/*** Setter for property name.54 * @param name New value of property name.55 */56publicvoid setName(String name);
5758/*** Getter for property description.59 * @return Value of property description.60 */61public String getDescription();
6263/*** Setter for property description.64 * @param description New value of property description.65 */66publicvoid setDescription(String description);
6768/*** Getter for property securityRef.69 * @return Value of property securityRef.70 */71publicSecurityReference getSecurityRef();
7273/*** Setter for property securityRef.74 * @param securityRef New value of property securityRef.75 */76publicvoid setSecurityRef(SecurityReference securityRef);
7778/*** Getter for property title.79 * @return Value of property title.80 */81public String getTitle();
8283/*** Setter for property title.84 * @param title New value of property title.85 */86publicvoid setTitle(String title);
8788/*** Getter for property metaInfo.89 * @return Value of property metaInfo.90 */91publicMetaInfo getMetaInfo();
9293/*** Setter for property metaInfo.94 * @param metaInfo New value of property metaInfo.95 */96publicvoid setMetaInfo(MetaInfo metaInfo);
9798/*** Getter for property hidden.99 * @return Value of property hidden.100 */101publicboolean isHidden();
102103/*** Setter for property hidden.104 * @param hidden New value of property hidden.105 */106publicvoid setHidden(boolean hidden);
107108/*** Getter for property id.109 * @return Value of property id.110 */111publiclong getId();
112113/***114 * Aututhorizes action for a role115 *116 * @param role requesting action117 * @param action being requested118 * @return <CODE>true</CODE> if action is allowed for role119 */120publicboolean allowsRole(String role, String action);
121122/***123 * Authorizes action for a group124 *125 * @param group requesting action126 * @param action being requested127 * @return <CODE>true</CODE> if action is allowed for role128 */129publicboolean allowsGroup(String group, String action);
130131/***132 * Authorizes action for a group role133 *134 * @param group requesting action135 * @param role requesting action 136 * @param action being requested137 * @return <CODE>true</CODE> if action is allowed for role138 */139publicboolean allowsGroupRole(String group, String role, String action);
140141/***142 * Aututhorizes action for a named user143 *144 * @param userName requesting action145 * @param action being requested146 * @return <CODE>true</CODE> if action is allowed for named user147 */148publicboolean allowsUser(String userName, String action);
149150/***151 * Aututhorizes action for a named user152 *153 * @param userName requesting action154 * @param action being requested155 * @param ownerUserName Onwers username 156 * @return <CODE>true</CODE> if action is allowed for named user157 */158boolean allowsUser(String userName, String action, String ownerUserName);
159160/***161 * Grants access for a specific action to a specific role162 * for this SecurityEntry. This grants specific access ignores163 * "*" action, if it exists.164 * @param String action The action we are granting access to.165 * @param String role The role that will receive access to this action.166 * @return boolean Whether or not the access was granted. Basically,167 * a <code>false</code> means that this role already has specific access.168 */169boolean grantRoleAccess(String action, String role);
170171/***172 * Checks whether a role is specifically allowed to access the request action173 * This method ignores the "*" action and is here to play a maintenance role.174 * @param String action name of action to check175 * @param String role name of role to verify access for176 * @return boolean whether or not the <code>role</code> has access177 * to this specific action.178 */179boolean allowsSpecificRole(String action, String role);
180181/***182 * Grants access for a specific action to a specific group183 * for this SecurityEntry. This grants specific access ignores184 * "*" action, if it exists.185 * @param String action The action we are granting access to.186 * @param String group The group that will receive access to this action.187 * @return boolean Whether or not the access was granted. Basically,188 * a <code>false</code> means that this group already has specific access.189 */190boolean grantGroupAccess(String action, String group);
191192/***193 * Checks whether a group is specifically allowed to access the request action194 * This method ignores the "*" action and is here to play a maintenance role.195 * @param String action name of action to check196 * @param String group name of group to verify access for197 * @return boolean whether or not the <code>group</code> has access198 * to this specific action.199 */200boolean allowsSpecificGroup(String action, String group);
201202/***203 * Grants access for a specific action to a specific group role204 * for this SecurityEntry. This grants specific access ignores205 * "*" action, if it exists.206 * @param String action The action we are granting access to.207 * @param String group The group that will receive access to this action.208 * @param String role The role that will receive access to this action. 209 * @return boolean Whether or not the access was granted. Basically,210 * a <code>false</code> means that this group role already has specific access.211 */212boolean grantGroupRoleAccess(String action, String group, String role);
213214/***215 * Checks whether a group role is specifically allowed to access the request action216 * This method ignores the "*" action and is here to play a maintenance role.217 * @param String action name of action to check218 * @param String group name of group to verify access for219 * @param String role name of group to verify access for220 * @return boolean whether or not the <code>group role</code> has access221 * to this specific action.222 */223boolean allowsSpecificGroupRole(String action, String group, String role);
224225/***226 * Returns the SecurityAccess object for the <code>action</code>227 * requested or null if no specific access is defined for this action.228 * The "*" does change this, if an action is not specifically defined229 * in the registry, null is returned230 * @param SecurityEntry entry SecurityEntry to check against231 * @param String action The action we want the access for.232 * @return SecurityAccess that is defined for this action or233 * <code>null</code> if one is not <strong>specifically defined</strong>234 */235SecurityAccess getAccess(String action);
236237/***238 * Checks whether a user is specifically allowed to access the request action239 * This method ignores the "*" action and is here to play a maintenance role.240 * @param String action name of action to check241 * @param String user name of user to verify access for242 * @return boolean whether or not the <code>user</code> has access243 * to this specific action.244 */245boolean allowsSpecificUser(String action, String user);
246247/***248 * Grants access for a specific action to a specific user249 * for this SecurityEntry. This grants specific access ignores250 * "*" action, if it exists.251 * @param String action The action we are granting access to.252 * @param String user The user that will receive access to this action.253 * @return boolean Whether or not the access was granted. Basically,254 * a <code>false</code> means that this role already has specific access.255 */256boolean grantUserAccess(String action, String user);
257258/***259 * Removes a security access for the named action.260 * This does not take into account the "*" action when261 * the "*" is not the named action.262 * @param String access name of access to remove in its entirety263 */264void revokeAccess(String action);
265266/***267 * Removes a user's access to a specific action.268 * @param action Action to remove access from.269 * @param role The role whose access we are revoking.270 * @return boolean Whehter or not the access existed and271 * was removed.272 */273boolean revokeUserAccess(String action, String user);
274275/***276 * Removes a role's access to a specific action.277 * @param action Action to remove access from.278 * @param role The role whose access we are revoking.279 * @return boolean Whehter or not the access existed and280 * was removed.281 */282boolean revokeRoleAccess(String action, String role);
283284/***285 * Removes a group's access to a specific action.286 * @param action Action to remove access from.287 * @param group The group whose access we are revoking.288 * @return boolean Whether or not the access existed and289 * was removed.290 */291boolean revokeGroupAccess(String action, String group);
292293/***294 * Removes a group role's access to a specific action.295 * @param action Action to remove access from.296 * @param group The group whose access we are revoking.297 * @param role The role whose access we are revoking. 298 * @return boolean Whether or not the access existed and299 * was removed.300 */301boolean revokeGroupRoleAccess(String action, String group, String role);
302303 }