Google Git
Sign in
apache / archiva-redback-core / master / . / redback-rbac / redback-rbac-model / src / main / java / org / apache / archiva / redback / rbac / RBACManager.java
blob: 289371b7ded647cba7585dc15d5d96a76de548a4 [file] [log] [blame]
package org.apache.archiva.redback.rbac;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* Manages the roles, permissions and operations of the RBAC system.
*
* @author Jesse McConnell
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
* @author Martin Stockhammer <martin_s@apache.org>
*
*/
public interface RBACManager
{
void addListener( RBACManagerListener listener );
void removeListener( RBACManagerListener listener );
// ------------------------------------------------------------------
// Role Methods
// ------------------------------------------------------------------
/**
* Creates an implementation specific {@link Role}, or return an existing {@link Role}, depending
* on the provided <code>name</code> parameter.
*
* Note: Be sure to use {@link #saveRole(Role)} in order to persist any changes to the Role.
*
* @param name the name.
* @return the new {@link Role} object.
*/
Role createRole( String name );
/**
* Creates a new role with the given id and role name.
* @param id the role identifier, which must be unique
* @param name the role name, which must be unique
* @return the new role instance
*/
Role createRole(String id, String name);
/**
* Tests for the existence of a Role.
*
* @return true if role exists in store.
* @throws RbacManagerException if the access to the backend datastore failed
*/
boolean roleExists( String name )
throws RbacManagerException;
/**
* Returns <code>true</code>, if a role with the given id exists.
* @param id the role id
* @return <code>true</code>, if the role with the given id exists, otherwise <code>false</code>
* @throws RbacManagerException if the access to the backend datastore failed
*/
boolean roleExistsById( String id ) throws RbacManagerException;
/**
* Returns true, if the given role exists.
*
* @param role the role to check
* @return <code>true</code>, if the role exists, otherwise <code>false</code>
* @throws RbacManagerException if the access to the backend datastore failed
*/
boolean roleExists( Role role )
throws RbacManagerException;
/**
* Persists the given role to the backend datastore.
*
* @param role the role to save
* @return the persisted role, if the method was successful
* @throws RbacObjectInvalidException if the given role object was not valid
* @throws RbacManagerException if the access to the backend datastore failed
*/
Role saveRole( Role role )
throws RbacObjectInvalidException, RbacManagerException;
/**
* Persists all of the given roles to the backend datastore.
* Implementations should try to save all role instances and throw exceptions afterwards.
*
* @param roles the list of roles to save
* @throws RbacObjectInvalidException if one of the given role objects was not valid
* @throws RbacManagerException if the access to the backend datastore failed
*/
void saveRoles( Collection<Role> roles )
throws RbacObjectInvalidException, RbacManagerException;
/**
* Returns the role identified by the given name
*
* @param roleName the role name
* @return the role instance, if a role by this name was found
* @throws RbacObjectNotFoundException if not role was found with the given name
* @throws RbacManagerException if the access to the underlying datastore failed
*/
Role getRole( String roleName )
throws RbacObjectNotFoundException, RbacManagerException;
/**
* Returns the role identified by the given ID
* @param id the role id
* @return the role object, if the role with the given id exists
* @throws RbacObjectNotFoundException if no role was found with the given id
* @throws RbacManagerException if the access to the underlying datastore failed
*/
Role getRoleById( String id ) throws RbacObjectNotFoundException, RbacManagerException;
/**
* Returns the role instances for the given role names.
*
* @param roleNames the list of role names.
* @return a map of (name,role) pairs
* @throws RbacObjectNotFoundException if one of the given roles was not found
* @throws RbacManagerException if the access to the backend datastore failed
*/
Map<String, ? extends Role> getRoles( Collection<String> roleNames )
throws RbacObjectNotFoundException, RbacManagerException;
/**
* Adds a child to a role.
*
* @param role the parent role
* @param childRole the child role, that is added to the parent role
* @throws RbacObjectInvalidException if one of the role objects was not valid
* @throws RbacManagerException if the access to the backend datastore failed
*/
void addChildRole( Role role, Role childRole )
throws RbacObjectInvalidException, RbacManagerException;
/**
* Returns all the child roles of a given role as (name, role) pairs.
* @param role the parent role
* @return the list of child roles
* @throws RbacManagerException if the access to the backend datastore failed
*/
Map<String, ? extends Role> getChildRoleNames( Role role )
throws RbacManagerException;
/**
* Returns all the child roles of a given role as (role id, role) pairs.
* @param role the parent role
* @return the map of child roles as (role id, role) pairs
* @throws RbacManagerException if the access to the backend datastore failed
*/
Map<String, ? extends Role> getChildRoleIds( Role role )
throws RbacManagerException;
/**
* Returns all the parent roles of a given role as map of (name, role) elements.
* @param role the role to check for parent roles
* @return the list of parent roles that have <code>role</code> als child
* @throws RbacManagerException if the access to the backend datastore failed
*/
Map<String, ? extends Role> getParentRoleNames( Role role )
throws RbacManagerException;
/**
* Returns all the parent roles of a given role as map of (id, role) elements.
* @param role the role to check for parents roles
* @return a map of (role id, role) pairs that have <code>role</code> as child
* @throws RbacManagerException if the access to the backend datastore failed
*/
Map<String, ? extends Role> getParentRoleIds( Role role )
throws RbacManagerException;
/**
* Returns all roles defined in the datastore.
*
* @return the list of roles defined in the datastore
* @throws RbacManagerException if the access to the backend datastore failed
*/
List<? extends Role> getAllRoles()
throws RbacManagerException;
/**
* Returns all effective roles. Which means a list with the current role and all child roles recursively.
*
* @param role the role to use as starting point
* @return the set of roles that are found as children of the given role
* @throws RbacObjectNotFoundException if the given role was not found
* @throws RbacManagerException if the access to the backend datastore failed
*/
Set<? extends Role> getEffectiveRoles( Role role )
throws RbacObjectNotFoundException, RbacManagerException;
/**
* Removes the given role from the datastore.
*
* @param role the role to remove
* @throws RbacManagerException if the access to the backend datastore failed
* @throws RbacObjectNotFoundException if the given role was not found
* @throws RbacObjectInvalidException if the given role has invalid data
*/
void removeRole( Role role )
throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException;
/**
* Removes the role with the given name from the datastore.
*
* @param roleName the role name
* @throws RbacObjectNotFoundException if the role with the given name was not found
* @throws RbacManagerException if the access to the backend datastore failed
*/
void removeRole( String roleName )
throws RbacObjectNotFoundException, RbacManagerException;
/**
* Removes the role with the given id from the datastore.
*
* @param id the role id
* @throws RbacObjectNotFoundException if no role with the given id was found
* @throws RbacManagerException if the access to the backend datastore failed
*/
void removeRoleById( String id ) throws RbacObjectNotFoundException, RbacManagerException;
// ------------------------------------------------------------------
// Permission Methods
// ------------------------------------------------------------------
/**
* Creates an implementation specific {@link Permission}, or return an existing {@link Permission}, depending
* on the provided <code>name</code> parameter.
*
* Note: Be sure to use {@link #savePermission(Permission)} in order to persist any changes to the Role.
*
* @param name the name.
* @return the new Permission.
* @throws RbacManagerException if the access to the backend datastore failed
*/
Permission createPermission( String name )
throws RbacManagerException;
/**
* Creates an implementation specific {@link Permission} with specified {@link Operation},
* and {@link Resource} identifiers.
*
* Note: Be sure to use {@link #savePermission(Permission)} in order to persist any changes to the Role.
*
* @param name the name.
* @param operationName the {@link Operation#setName(String)} value
* @param resourceIdentifier the {@link Resource#setIdentifier(String)} value
* @return the new Permission.
* @throws RbacManagerException if the access to the backend datastore failed
*/
Permission createPermission( String name, String operationName, String resourceIdentifier )
throws RbacManagerException;
/**
* Tests for the existence of a permission.
*
* @param name the name to test for.
* @return true if permission exists.
*/
boolean permissionExists( String name );
boolean permissionExists( Permission permission );
@SuppressWarnings( "DuplicateThrows" )
Permission savePermission( Permission permission )
throws RbacObjectInvalidException, RbacManagerException;
@SuppressWarnings( "DuplicateThrows" )
Permission getPermission( String permissionName )
throws RbacObjectNotFoundException, RbacManagerException;
List<? extends Permission> getAllPermissions()
throws RbacManagerException;
@SuppressWarnings( "DuplicateThrows" )
void removePermission( Permission permission )
throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException;
@SuppressWarnings( "DuplicateThrows" )
void removePermission( String permissionName )
throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException;
// ------------------------------------------------------------------
// Operation Methods
// ------------------------------------------------------------------
/**
* Creates an implementation specific {@link Operation}, or return an existing {@link Operation}, depending
* on the provided <code>name</code> parameter.
*
* Note: Be sure to use {@link #saveOperation(Operation)} in order to persist any changes to the Role.
*
* @param name the name.
* @return the new Operation.
* @throws RbacManagerException if the access to the backend datastore failed
*/
Operation createOperation( String name )
throws RbacManagerException;
boolean operationExists( String name );
boolean operationExists( Operation operation );
/**
* Save the new or existing operation to the store.
*
* @param operation the operation to save (new or existing)
* @return the Operation that was saved.
* @throws RbacObjectInvalidException if the object is not valid and cannot be saved
* @throws RbacManagerException if the access to the backend datastore failed
*/
Operation saveOperation( Operation operation )
throws RbacObjectInvalidException, RbacManagerException;
@SuppressWarnings( "DuplicateThrows" )
Operation getOperation( String operationName )
throws RbacObjectNotFoundException, RbacManagerException;
List<? extends Operation> getAllOperations()
throws RbacManagerException;
@SuppressWarnings( "DuplicateThrows" )
void removeOperation( Operation operation )
throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException;
@SuppressWarnings( "DuplicateThrows" )
void removeOperation( String operationName )
throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException;
// ------------------------------------------------------------------
// Resource Methods
// ------------------------------------------------------------------
/**
* Creates an implementation specific {@link Resource}, or return an existing {@link Resource}, depending
* on the provided <code>identifier</code> parameter.
*
* Note: Be sure to use {@link #saveResource(Resource)} in order to persist any changes to the Role.
*
* @param identifier the identifier.
* @return the new Resource.
* @throws RbacManagerException if the access to the backend datastore failed
*/
Resource createResource( String identifier )
throws RbacManagerException;
boolean resourceExists( String identifier );
boolean resourceExists( Resource resource );
@SuppressWarnings( "DuplicateThrows" )
Resource saveResource( Resource resource )
throws RbacObjectInvalidException, RbacManagerException;
@SuppressWarnings( "DuplicateThrows" )
Resource getResource( String resourceIdentifier )
throws RbacObjectNotFoundException, RbacManagerException;
List<? extends Resource> getAllResources()
throws RbacManagerException;
@SuppressWarnings( "DuplicateThrows" )
void removeResource( Resource resource )
throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException;
@SuppressWarnings( "DuplicateThrows" )
void removeResource( String resourceIdentifier )
throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException;
// ------------------------------------------------------------------
// UserAssignment Methods
// ------------------------------------------------------------------
/**
* Creates an implementation specific {@link UserAssignment}, or return an existing {@link UserAssignment},
* depending on the provided <code>identifier</code> parameter.
*
* Note: Be sure to use {@link #saveUserAssignment(UserAssignment)} in order to persist any changes to the Role.
*
* @param principal the principal reference to the user.
* @return the new UserAssignment object.
* @throws RbacManagerException if the access to the backend datastore failed
*/
UserAssignment createUserAssignment( String principal )
throws RbacManagerException;
boolean userAssignmentExists( String principal );
boolean userAssignmentExists( UserAssignment assignment );
/**
* Method saveUserAssignment
*
* @param userAssignment the user assignment instance to save
* @throws RbacObjectInvalidException if the instance has invalid data and cannot be saved
* @throws RbacManagerException if the access to the backend datastore failed
*/
UserAssignment saveUserAssignment( UserAssignment userAssignment )
throws RbacObjectInvalidException, RbacManagerException;
@SuppressWarnings( "DuplicateThrows" )
UserAssignment getUserAssignment( String principal )
throws RbacObjectNotFoundException, RbacManagerException;
/**
* Returns all user assignments defined
* @return list of assignments
* @throws RbacManagerException if the access to the backend datastore failed
*/
List<? extends UserAssignment> getAllUserAssignments()
throws RbacManagerException;
/**
* Returns the assignments for the given roles
* @param roleIds collection of role names
* @throws RbacManagerException if the access to the backend datastore failed
*/
List<? extends UserAssignment> getUserAssignmentsForRoles( Collection<String> roleIds )
throws RbacManagerException;
/**
* Method removeAssignment
*
* @param userAssignment the assignment to remove
* @throws RbacObjectNotFoundException if the assignment was not found
* @throws RbacObjectInvalidException if the provided assignment instance has invalid data
* @throws RbacManagerException if the access to the backend datastore failed
*/
void removeUserAssignment( UserAssignment userAssignment )
throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException;
/**
* Method removeAssignment
*
* @param principal the principal for which the assignment should be removed
* @throws RbacObjectNotFoundException if the user with the given principal name was not found
* @throws RbacObjectInvalidException if the principal string was invalid
* @throws RbacManagerException if the access to the backend datastore failed
*/
void removeUserAssignment( String principal )
throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException;
// ------------------------------------------------------------------
// UserAssignment Utility Methods
// ------------------------------------------------------------------
/**
* Returns the active roles for a given principal
*
* NOTE: roles that are returned might have parent roles themselves, if
* you just want all permissions then use {@link #getAssignedPermissions(String principal)}
*
* @param principal the user principal to search for assignments
* @return Collection of {@link Role} objects.
* @throws RbacObjectNotFoundException if the user with the given principal name was not found
* @throws RbacManagerException if the access to the backend datastore failed
*/
Collection<? extends Role> getAssignedRoles( String principal )
throws RbacObjectNotFoundException, RbacManagerException;
/**
* Get the Collection of {@link Role} objects for this UserAssignment.
*
* @param userAssignment the user assignment instance
* @return Collection of {@link Role} objects for the provided UserAssignment.
* @throws RbacObjectNotFoundException if the assignment could not be found
* @throws RbacManagerException if the access to the backend datastore failed
*/
Collection<? extends Role> getAssignedRoles( UserAssignment userAssignment )
throws RbacObjectNotFoundException, RbacManagerException;
/**
* Get a list of all assignable roles that are currently not effectively assigned to the specific user,
* meaning, not a child of any already granted role
*
* @param principal the user principal
* @return the list of roles, that are currently not assigned to the user, or a empty list, if no such role was found.
* @throws RbacManagerException if the access to the backend datastore failed
* @throws RbacObjectNotFoundException if the user with the given principal was not found
*/
Collection<? extends Role> getEffectivelyUnassignedRoles( String principal )
throws RbacManagerException, RbacObjectNotFoundException;
/**
* Get a list of the effectively assigned roles to the specified user, this includes child roles
*
* @param principal the user principal
* @return the list of roles effectively assigned to the given user
* @throws RbacObjectNotFoundException if the user with the given principal was not found
* @throws RbacManagerException if the access to the backend datastore failed
*/
Collection<? extends Role> getEffectivelyAssignedRoles( String principal )
throws RbacObjectNotFoundException, RbacManagerException;
/**
* Get a list of all assignable roles that are currently not assigned to the specific user.
*
* @param principal the user principal name
* @return the list of roles not assigned to the given user
* @throws RbacManagerException if the access to the backend datastore failed
* @throws RbacObjectNotFoundException if the user with the given principal was not found
*/
Collection<? extends Role> getUnassignedRoles( String principal )
throws RbacManagerException, RbacObjectNotFoundException;
/**
* Returns a set of all permissions that are in all active roles for a given
* principal. This includes permissions from all assigned parent roles.
*
* @param principal the user principal name
* @return the list of all permissions assigned to the user
* @throws RbacObjectNotFoundException if the user with the given principal name was not found
* @throws RbacManagerException if the access to the backend datastore failed
*/
Set<? extends Permission> getAssignedPermissions( String principal )
throws RbacObjectNotFoundException, RbacManagerException;
/**
* returns a map of assigned permissions keyed off of operation with a list value of Permissions
*
* @param principal the user principal name
* @return the map of (operation,permission list) pairs
* @throws RbacObjectNotFoundException if the user with the given principal was not found
* @throws RbacManagerException if the access to the backend datastore failed
*/
Map<String, List<? extends Permission>> getAssignedPermissionMap( String principal )
throws RbacObjectNotFoundException, RbacManagerException;
/**
* Returns a list of all assignable roles
*
* @return list of assignable roles
* @throws RbacManagerException if the access to the backend datastore failed
*/
List<? extends Role> getAllAssignableRoles()
throws RbacManagerException;
/**
* Returns the global resource object
*
* @return the global resource object
* @throws RbacManagerException if the access to the backend datastore failed
*/
Resource getGlobalResource()
throws RbacManagerException;
void eraseDatabase();
/**
* consumer of user manager can use it to reload various configuration
* with the configurable implementation is possible to change dynamically the real implementation used.
*
* @since 2.1
*/
void initialize();
/**
* @return true if this implementation is a final one and not a wrapper (configurable, cached)
* @since 2.1
*/
boolean isFinalImplementation();
/**
* @return a key to be able to customize label in UI
* @since 2.1
*/
String getDescriptionKey();
/**
* Is the RBACManager read only? if so then create and modify actions are to be disabled
*
* @return boolean true if user manager is read only
*/
boolean isReadOnly();
}