Source code

001/*
002 *  Copyright 2020 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016package org.ametys.core.right;
017
018import java.util.Map;
019import java.util.Set;
020
021import org.ametys.core.group.GroupIdentity;
022import org.ametys.core.user.UserIdentity;
023import org.ametys.runtime.plugin.component.Prioritizable;
024
025/**
026 * This interface is for read-only profile assignments storage
027 */
028public interface ProfileAssignmentStorage extends Prioritizable
029{
030    /** Minimum priority. */
031    public static final int MIN_PRIORITY = Integer.MAX_VALUE;
032    /** Maximum priority. */
033    public static final int MAX_PRIORITY = 0;
034    
035    /**
036     * Keys for method that can return profiles of anonymous or any connected user 
037     */
038    public enum AnonymousOrAnyConnectedKeys 
039    {
040        /** Allowed profiles for anonymous */
041        ANONYMOUS_ALLOWED,
042        /** Denied profiles for anonymous */
043        ANONYMOUS_DENIED,
044        /** Allowed profiles for any connected users */
045        ANYCONNECTEDUSER_ALLOWED,
046        /** Denied profiles for any connected users */
047        ANYCONNECTEDUSER_DENIED
048    }
049    /**
050     * Keys for method that can return profiles of user or groups 
051     */
052    public enum UserOrGroup 
053    {
054        /** Allowed profiles */
055        ALLOWED,
056        /** Denied profiles */
057        DENIED,
058    }
059    
060    /* -------------- */
061    /* HAS PERMISSION */
062    /* -------------- */
063    
064    /**
065     * Returns some profiles that are matching if anonymous user has the allowed profile for any given root context (or any sub context), given some profiles.<br>Only supported objects are transmitted
066     * @param rootContexts The root contexts to search rights for
067     * @param profileIds The ids of the profiles
068     * @return If the Set is empty, it means anonymous has no matching profile.<br>
069     *         If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for anonymous AND it can contains some other profiles that were not in the given profiles
070     */
071    public Set<String> hasAnonymousAnyAllowedProfile(Set< ? extends Object> rootContexts, Set<String> profileIds);
072    
073    /**
074     * Returns some profiles that are matching if any connected user has the allowed profile for any given root context (or any sub context), given some profiles.<br>Only supported objects are transmitted
075     * @param rootContexts The root contexts to search rights for
076     * @param profileIds The ids of the profiles
077     * @return If the Set is empty, it means the user has no matching profile.<br>
078     *         If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for the user AND it can contains some other profiles that were not in the given profiles
079     */
080    public Set<String> hasAnyConnectedAnyAllowedProfile(Set< ? extends Object> rootContexts, Set<String> profileIds);
081    
082    /**
083     * Returns some profiles that are matching if user has the allowed profile for any given root context (or any sub context), given some profiles.<br>Only supported objects are transmitted
084     * @param rootContexts The root contexts to search rights for
085     * @param user The user to test
086     * @param profileIds The ids of the profiles
087     * @return If the Set is empty, it means any connected user has no matching profile.<br>
088     *         If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for anyconnected user AND it can contains some other profiles that were not in the given profiles
089     */   
090    public Set<String> hasUserAnyAllowedProfile(Set< ? extends Object> rootContexts, UserIdentity user, Set<String> profileIds);
091
092    /**
093     * Returns some profiles that are matching if group has the allowed profile for any given root context (or any sub context), given some profiles.<br>Only supported objects are transmitted
094     * @param rootContexts The root contexts to search rights for
095     * @param groups The groups to test (a single group needs to match)
096     * @param profileIds The ids of the profiles
097     * @return If the Set is empty, it means the group has no matching profile.<br>
098     *         If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for the group AND it can contains some other profiles that were not in the given profiles
099     */
100    public Set<String>  hasGroupAnyAllowedProfile(Set< ? extends Object> rootContexts, Set<GroupIdentity> groups, Set<String> profileIds);
101
102    /* -------------- */
103    /* GET PERMISSION */
104    /* -------------- */
105    
106    /**
107     * Gets the allowed profiles any connected user has on the given object
108     * @param object The object
109     * @return a map containing allowed/denied profiles that anonymous and any connected user has on the given object
110     */
111    public Map<AnonymousOrAnyConnectedKeys, Set<String>> getProfilesForAnonymousAndAnyConnectedUser(Object object);
112    
113    /**
114     * Gets the users that have allowed profiles assigned on the given object
115     * @param object The object to test 
116     * @param user The user to get profiles for. Can be null to get profiles for all users that have rights
117     * @return The map of allowed users with their assigned allowed/denied profiles
118     */
119    public Map<UserIdentity, Map<UserOrGroup, Set<String>>> getProfilesForUsers(Object object, UserIdentity user);
120    
121    /**
122     * Gets the groups that have allowed profiles assigned on the given object
123     * @param object The object to test 
124     * @param groups The group to get profiles for. Can be null to get profiles for all groups that have rights
125     * @return The map of allowed/denied groups with their assigned profiles
126     */
127    public Map<GroupIdentity, Map<UserOrGroup, Set<String>>> getProfilesForGroups(Object object, Set<GroupIdentity> groups);
128    
129    /* ------------------------------ */
130    /* SUPPORT OF OBJECT AND PRIORITY */
131    /* ------------------------------ */
132    
133    /**
134     * Returns true if this profile storage supports the given object, 
135     * i.e. if it is able to retrieve the allowed users/groups on that object
136     * @param object The object to test
137     * @return true if this profile storage supports the given object
138     */
139    public boolean isSupported(Object object);
140    
141    /**
142     * Returns true if this profile storage supports the given object as a root context 
143     * i.e. it can seek any permission under this object
144     * @param rootContext The object to start searching
145     * @return true if this profile storage support this a as root context to search in
146     */
147    public boolean isRootContextSupported(Object rootContext);
148    
149    /* ----------- */
150    /* INHERITANCE */
151    /* ----------- */
152    /**
153     * Returns true if the inheritance of permissions is disallowed on the given object
154     * @param object The object to test
155     * @return true if the inheritance of permissions is disallowed on the given object
156     */
157    public boolean isInheritanceDisallowed(Object object);
158}