Coverage Report

Coverage Report - org.acegisecurity.acl.basic.EffectiveAclsResolver

Classes in this File

 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.acegisecurity.acl.basic;
 
 import org.acegisecurity.Authentication;
 
 import org.acegisecurity.acl.AclEntry;
 
 
 /**
  * Determines the ACLs that are effective for a given
  * <code>Authentication</code> object.
  *
  * <P>
  * Implementations will vary depending on their ability to interpret the
  * "recipient" object types contained in {@link BasicAclEntry} instances, and
  * how those recipient object types correspond to
  * <code>Authentication</code>-presented principals and granted authorities.
  * </p>
  *
  * <P>
  * Implementations should not filter the resulting ACL list from lower-order
  * permissions. So if a resulting ACL list grants a "read" permission, an
  * "unlimited" permission and a "zero" permission (due to the effective ACLs
  * for different granted authorities held by the <code>Authentication</code>
  * object), all three permissions would be returned as distinct
  * <code>BasicAclEntry</code> instances. It is the responsibility of the
  * relying classes (voters and business methods) to ignore or handle
  * lower-order permissions in a business logic dependent manner.
  * </p>
  *
  * @author Ben Alex
  * @version $Id: EffectiveAclsResolver.java 1784 2007-02-24 21:00:24Z luke_t $
  */
 public interface EffectiveAclsResolver {
     //~ Methods ========================================================================================================
 
     /**
      * Determines the ACLs that apply to the presented <code>Authentication</code> object.
      *
      * @param allAcls every ACL assigned to a domain object instance
      * @param filteredBy the principal (populated with <code>GrantedAuthority</code>s along with any other members that
      *        relate to role or group membership) that effective ACLs should be returned for
      *
      * @return the ACLs that apply to the presented principal, or <code>null</code> if there are none after filtering
      */
     AclEntry[] resolveEffectiveAcls(AclEntry[] allAcls, Authentication filteredBy);
 }

1		/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.acl.basic;
17
18		import org.acegisecurity.Authentication;
19
20		import org.acegisecurity.acl.AclEntry;
21
22
23		/**
24		* Determines the ACLs that are effective for a given
25		* <code>Authentication</code> object.
26		*
27		* <P>
28		* Implementations will vary depending on their ability to interpret the
29		* "recipient" object types contained in {@link BasicAclEntry} instances, and
30		* how those recipient object types correspond to
31		* <code>Authentication</code>-presented principals and granted authorities.
32		* </p>
33		*
34		* <P>
35		* Implementations should not filter the resulting ACL list from lower-order
36		* permissions. So if a resulting ACL list grants a "read" permission, an
37		* "unlimited" permission and a "zero" permission (due to the effective ACLs
38		* for different granted authorities held by the <code>Authentication</code>
39		* object), all three permissions would be returned as distinct
40		* <code>BasicAclEntry</code> instances. It is the responsibility of the
41		* relying classes (voters and business methods) to ignore or handle
42		* lower-order permissions in a business logic dependent manner.
43		* </p>
44		*
45		* @author Ben Alex
46		* @version $Id: EffectiveAclsResolver.java 1784 2007-02-24 21:00:24Z luke_t $
47		*/
48		public interface EffectiveAclsResolver {
49		//~ Methods ========================================================================================================
50
51		/**
52		* Determines the ACLs that apply to the presented <code>Authentication</code> object.
53		*
54		* @param allAcls every ACL assigned to a domain object instance
55		* @param filteredBy the principal (populated with <code>GrantedAuthority</code>s along with any other members that
56		* relate to role or group membership) that effective ACLs should be returned for
57		*
58		* @return the ACLs that apply to the presented principal, or <code>null</code> if there are none after filtering
59		*/
60		AclEntry[] resolveEffectiveAcls(AclEntry[] allAcls, Authentication filteredBy);
61		}