aclplugininterface.java

OPIAM stands for Open Identity and Access Management. This Suite will provide modules for user & rig

/*
 * OPIAM Suite
 *
 * Distributable under LGPL license.
 * See terms of license at gnu.org.
 */

package opiam.admin.faare.service.services.acl;

import opiam.admin.faare.config.javabeans.JBAcls;
import opiam.admin.faare.exception.ServiceException;
import opiam.admin.faare.persistence.javabeans.JBTop;
import opiam.admin.faare.service.UserContext;


/**
 * The class that performs the check of the permissions with the ACL service
 * must implement this interface.
 *
 */
public interface AclPluginInterface
{
    /**
     * This method is called by the PropertiesManager at the initialization.
     * The ACLs object matches the ACLs defined in the acl_conf.xml file.
     * Throws ConfigurationException (RuintimeException) if error occurs.
     *
     * @param acls  The JBAcls object.
     *
     */
    void initialize(JBAcls acls);

    /**
     * This method is called to verify if the first given object in argument can be
     * modified by the user which the context is given in argument.
     * The given objects are LDAP Directory entries.
     *
     * @param oldentry  The entry before modification.
     * @param newentry  The entry after modification.
     * @param userContext The context of the user.
     *
     * @return True if the modification is allowed, false otherwise.
     *
     * @throws ServiceException  if an error occurs.
     */
    boolean isModificationEnabled(JBTop oldentry, JBTop newentry,
        UserContext userContext) throws ServiceException;

    /**
     * This method is called to verify if the given object in argument can be
     * viewed by the user which the context is given in argument.
     * The given object is an LDAP Directory entry.
     *
     * @param entry  The object to view.
     * @param userContext  Context of the user.
     *
     * @return True if the visualisation is allowed, false otherwise.
     *
     * @throws ServiceException  if an error occurs.
     */
    boolean isVisualisationEnabled(JBTop entry, UserContext userContext)
        throws ServiceException;

    /**
     * This method is called to verify if the given object in argument can be
     * created by the user which the context is given in argument.
     * The given object is an LDAP Directory entry.
     *
     * @param entry        The object to create.
     * @param userContext  Context of the user.
     *
     * @return True if the creation is allowed, false otherwise.
     *
     * @throws ServiceException  if an error occurs.
     */
    boolean isCreationEnabled(JBTop entry, UserContext userContext)
        throws ServiceException;

    /**
     * This method is called to verify if the given object in argument can be
     * deleted by the user which the context is given in argument.
     * The given object is an LDAP Directory entry.
     *
     * @param entry  The object to delete.
     * @param userContext  Context of the user.
     *
     * @return True if the deletion is allowed, false otherwise.
     *
     * @throws ServiceException  if an error occurs.
     */
    boolean isDeletionEnabled(JBTop entry, UserContext userContext)
        throws ServiceException;

}