AuthorizationControl.java example

Explorer
EMF-Store-Extensible-Authorization-master
/*******************************************************************************
 * Copyright (c) 2008-2011 Chair for Applied Software Engineering,
 * Technische Universitaet Muenchen.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 * 
 * Contributors:
 ******************************************************************************/
package org.eclipse.emf.emfstore.server.accesscontrol;

import java.util.Collection;

import org.eclipse.emf.emfstore.server.accesscontrol.PermissionProvider.InternalPermission;
import org.eclipse.emf.emfstore.server.exceptions.AccessControlException;
import org.eclipse.emf.emfstore.server.model.SessionId;
import org.eclipse.emf.emfstore.server.model.accesscontrol.ACOrgUnitId;
import org.eclipse.emf.emfstore.server.model.accesscontrol.ACUser;
import org.eclipse.emf.emfstore.server.model.operation.Operation;

/**
 * Control for the authorization of users.
 * 
 * @author koegel
 * @author boehlke
 */
public interface AuthorizationControl {

	/**
	 * Check if the given session is valid.
	 * 
	 * @param sessionId
	 *            the session id
	 * @throws AccessControlException
	 *             if the session is invalid
	 */
	void checkSession(SessionId sessionId) throws AccessControlException;

	void checkPermission(SessionId sessionId, InternalPermission permission) throws AccessControlException;

	void checkPermissions(SessionId sessionId, Collection<InternalPermission> permissions)
		throws AccessControlException;

	/**
	 * This method looks up the session id on the server and returns the
	 * relating user. Please notice that the returned user also contains roles
	 * which are not contained in the original user. These extra roles come from
	 * the user's groups.
	 * 
	 * @param sessionId
	 *            session id
	 * @return ACUser user with roles from resolved user and it's groups
	 * @throws AccessControlException
	 *             exception
	 */
	ACUser resolveUser(SessionId sessionId) throws AccessControlException;

	/**
	 * This method looks up the orgUnit id the server and returns the relating
	 * user. Please notice that the returned user also contains roles which are
	 * not contained in the original user. These extra roles come from the
	 * user's groups.
	 * 
	 * @param orgUnitId
	 *            OrgUnit id
	 * @return ACUser user with roles from resolved user and it's groups
	 * @throws AccessControlException
	 *             exception
	 */
	ACUser resolveUser(ACOrgUnitId orgUnitId) throws AccessControlException;

	boolean hasPermissions(SessionId sessionId, Collection<InternalPermission> readOperationPermissions)
		throws AccessControlException;

	boolean hasPermissions(SessionId sessionId, Operation<?> operation) throws AccessControlException;

	Collection<InternalPermission> getPermissions(SessionId sessionId, Operation<?> op) throws AccessControlException;

	void checkPermissions(SessionId sessionId, Operation<?> op) throws AccessControlException;
}