PermissionCheckProvider.java

/**
 * Copyright (C) 2014 - present by OpenGamma Inc. and the OpenGamma group of companies
 * 
 * Please see distribution for license.
 */
package com.opengamma.provider.permission;

import java.util.Map;
import java.util.Set;

import com.opengamma.id.ExternalIdBundle;
import com.opengamma.util.PublicSPI;

/**
 * A provider of permission information.
 * <p>
 * This allows a permission check to be performed on an underlying data source.
 * <p>
 * Implementations must be thread-safe.
 */
@PublicSPI
public interface PermissionCheckProvider {

  /**
   * Checks if a given user has the requested permission.
   * <p>
   * The permission specified to this method will typically start with a data source specific prefix.
   * <p>
   * If the user is not authenticated, false will be returned.
   *
   * @param userIdBundle  the external identifier bundle with the user credential, not null
   * @param ipAddress  the IP address of the user, not null
   * @param requestedPermission  the requested permission, not null
   * @return true if permitted, false otherwise
   * @throws RuntimeException if a non permission-checking problem occurs, such as a network error
   */
  boolean isPermitted(ExternalIdBundle userIdBundle, String ipAddress, String requestedPermission);

  /**
   * Checks if a given user has the requested permissions.
   * <p>
   * The permissions specified to this method will typically start with a data source specific prefix.
   * <p>
   * If the user is not authenticated, false will be returned.
   *
   * @param userIdBundle  the external identifier bundle with the user credential, not null
   * @param ipAddress  the IP address of the user, not null
   * @param requestedPermissions  the requested permissions, not null
   * @return the map of permission check result of individual permission request, true if permitted, false otherwise
   * @throws RuntimeException if a non permission-checking problem occurs, such as a network error
   */
  Map<String, Boolean> isPermitted(ExternalIdBundle userIdBundle, String ipAddress, Set<String> requestedPermissions);

  /**
   * Checks if a given user has the requested permissions.
   * <p>
   * This is the underlying operation.
   * All other methods delegate to this one.
   * <p>
   * If the user is not authenticated, an error is returned in the result.
   * See {@link PermissionCheckProviderResult#checkErrors()}.
   * 
   * @param request  the request, not null
   * @return the permission check result, not null
   * @throws RuntimeException if a non permission-checking problem occurs, such as a network error
   */
  PermissionCheckProviderResult isPermitted(PermissionCheckProviderRequest request);

}