| Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||||
| BasicAclEntry |
|
| 1.0;1 |
| 1 | /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited |
|
| 2 | * |
|
| 3 | * Licensed under the Apache License, Version 2.0 (the "License"); |
|
| 4 | * you may not use this file except in compliance with the License. |
|
| 5 | * You may obtain a copy of the License at |
|
| 6 | * |
|
| 7 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
| 8 | * |
|
| 9 | * Unless required by applicable law or agreed to in writing, software |
|
| 10 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
| 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
| 12 | * See the License for the specific language governing permissions and |
|
| 13 | * limitations under the License. |
|
| 14 | */ |
|
| 15 | ||
| 16 | package org.acegisecurity.acl.basic; |
|
| 17 | ||
| 18 | import org.acegisecurity.acl.AclEntry; |
|
| 19 | ||
| 20 | ||
| 21 | /** |
|
| 22 | * Represents an entry in an access control list. |
|
| 23 | * |
|
| 24 | * @author Ben Alex |
|
| 25 | * @version $Id: BasicAclEntry.java 1784 2007-02-24 21:00:24Z luke_t $ |
|
| 26 | */ |
|
| 27 | public interface BasicAclEntry extends AclEntry { |
|
| 28 | //~ Methods ======================================================================================================== |
|
| 29 | ||
| 30 | /** |
|
| 31 | * Indicates the domain object instance that is subject of this <code>BasicAclEntry</code>. This |
|
| 32 | * information may be of interest to relying classes (voters and business methods) that wish to know the actual |
|
| 33 | * origination of the ACL entry (so as to distinguish individual ACL entries from others contributed by the |
|
| 34 | * inheritance hierarchy). |
|
| 35 | * |
|
| 36 | * @return the ACL object identity that is subject of this ACL entry (never <code>null</code>) |
|
| 37 | */ |
|
| 38 | AclObjectIdentity getAclObjectIdentity(); |
|
| 39 | ||
| 40 | /** |
|
| 41 | * Indicates any ACL parent of the domain object instance. This is used by <code>BasicAclProvider</code> to |
|
| 42 | * walk the inheritance hierarchy. An domain object instance need <b>not</b> have a parent. |
|
| 43 | * |
|
| 44 | * @return the ACL object identity that is the parent of this ACL entry (may be <code>null</code> if no parent |
|
| 45 | * should be consulted) |
|
| 46 | */ |
|
| 47 | AclObjectIdentity getAclObjectParentIdentity(); |
|
| 48 | ||
| 49 | /** |
|
| 50 | * Access control lists in this package are based on bit masking. The integer value of the bit mask can be |
|
| 51 | * obtained from this method. |
|
| 52 | * |
|
| 53 | * @return the bit mask applicable to this ACL entry (zero indicates a bit mask where no permissions have been |
|
| 54 | * granted) |
|
| 55 | */ |
|
| 56 | int getMask(); |
|
| 57 | ||
| 58 | /** |
|
| 59 | * A domain object instance will usually have multiple <code>BasicAclEntry</code>s. Each separate |
|
| 60 | * <code>BasicAclEntry</code> applies to a particular "recipient". Typical examples of recipients include (but do |
|
| 61 | * not necessarily have to include) usernames, role names, complex granted authorities etc.<P><B>It is |
|
| 62 | * essential that only one <code>BasicAclEntry</code> exists for a given recipient</B>. Otherwise conflicts as to |
|
| 63 | * the mask that should apply to a given recipient will occur.</p> |
|
| 64 | * <P>This method indicates which recipient this <code>BasicAclEntry</code> applies to. The returned |
|
| 65 | * object type will vary depending on the type of recipient. For instance, it might be a <code>String</code> |
|
| 66 | * containing a username, or a <code>GrantedAuthorityImpl</code> containing a complex granted authority that is |
|
| 67 | * being granted the permissions contained in this access control entry. The {@link EffectiveAclsResolver} and |
|
| 68 | * {@link BasicAclProvider#getAcls(Object,org.acegisecurity.Authentication)} can process the different recipient |
|
| 69 | * types and return only those that apply to a specified <code>Authentication</code> object.</p> |
|
| 70 | * |
|
| 71 | * @return the recipient of this access control list entry (never <code>null</code>) |
|
| 72 | */ |
|
| 73 | Object getRecipient(); |
|
| 74 | ||
| 75 | /** |
|
| 76 | * Determine if the mask of this entry includes this permission or not |
|
| 77 | * |
|
| 78 | * @param permissionToCheck |
|
| 79 | * |
|
| 80 | * @return if the entry's mask includes this permission |
|
| 81 | */ |
|
| 82 | boolean isPermitted(int permissionToCheck); |
|
| 83 | ||
| 84 | /** |
|
| 85 | * This setter should <B>only</B> be used by DAO implementations. |
|
| 86 | * |
|
| 87 | * @param aclObjectIdentity an object which can be used to uniquely identify the domain object instance subject of |
|
| 88 | * this ACL entry |
|
| 89 | */ |
|
| 90 | void setAclObjectIdentity(AclObjectIdentity aclObjectIdentity); |
|
| 91 | ||
| 92 | /** |
|
| 93 | * This setter should <B>only</B> be used by DAO implementations. |
|
| 94 | * |
|
| 95 | * @param aclObjectParentIdentity an object which represents the parent of the domain object instance subject of |
|
| 96 | * this ACL entry, or <code>null</code> if either the domain object instance has no parent or its parent |
|
| 97 | * should be not used to compute an inheritance hierarchy |
|
| 98 | */ |
|
| 99 | void setAclObjectParentIdentity(AclObjectIdentity aclObjectParentIdentity); |
|
| 100 | ||
| 101 | /** |
|
| 102 | * This setter should <B>only</B> be used by DAO implementations. |
|
| 103 | * |
|
| 104 | * @param mask the integer representing the permissions bit mask |
|
| 105 | */ |
|
| 106 | void setMask(int mask); |
|
| 107 | ||
| 108 | /** |
|
| 109 | * This setter should <B>only</B> be used by DAO implementations. |
|
| 110 | * |
|
| 111 | * @param recipient a representation of the recipient of this ACL entry that makes sense to an |
|
| 112 | * <code>EffectiveAclsResolver</code> implementation |
|
| 113 | */ |
|
| 114 | void setRecipient(Object recipient); |
|
| 115 | } |