Permission.java

/*
 *  eXist Open Source Native XML Database
 *  Copyright (C) 2001-2011 The eXist-db Project
 *  http://exist-db.org
 *  
 *  This program is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public License
 *  as published by the Free Software Foundation; either version 2
 *  of the License, or (at your option) any later version.
 *  
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Lesser General Public License for more details.
 *  
 *  You should have received a copy of the GNU Lesser General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 * 
 *  $Id$
 */
package org.exist.security;

import java.io.IOException;
import org.exist.storage.io.VariableByteInput;
import org.exist.storage.io.VariableByteOutputStream;
import org.exist.util.SyntaxException;


public interface Permission {
	
    public final static int DEFAULT_COLLECTION_PERM = 0777;
    public final static int DEFAULT_RESOURCE_PERM = 0666;
    public final static int DEFAULT_UMASK = 022;
    
    public final static int DEFAULT_SYSTEM_COLLECTION_PERM = 0755;
    public final static int DEFAULT_SYSTSEM_RESOURCE_PERM = 0770;
    
    public final static int DEFAULT_SYSTEM_ETC_COLLECTION_PERM = 0755;
    public final static int DEFAULT_SYSTEM_SECURITY_COLLECTION_PERM = 0770;
    
    public final static int DEFAULT_TEMPORARY_DOCUMENT_PERM = 0771;

    public final static int SET_UID = 04;
    public final static int SET_GID = 02;
    public final static int STICKY = 01;

    public final static int READ = 04;
    public final static int WRITE = 02;
    public final static int EXECUTE = 01;
	
    public final static String USER_STRING = "user";
    public final static String GROUP_STRING = "group";
    public final static String OTHER_STRING = "other";

    public final static String READ_STRING = "read";
    public final static String WRITE_STRING = "write";
    public final static String EXECUTE_STRING = "execute";

    public final static char SETUID_CHAR = 's';
    public final static char SETUID_CHAR_NO_EXEC = 'S';
    public final static char SETGID_CHAR = 's';
    public final static char SETGID_CHAR_NO_EXEC = 'S';
    public final static char STICKY_CHAR = 't';
    public final static char STICKY_CHAR_NO_EXEC = 'T';
    public final static char READ_CHAR = 'r';
    public final static char WRITE_CHAR = 'w';
    public final static char EXECUTE_CHAR = 'x';
    public final static char UNSET_CHAR = '-';

    public final static char ALL_CHAR = 'a';
    public final static char USER_CHAR = 'u';
    public final static char GROUP_CHAR = 'g';
    public final static char OTHER_CHAR = 'o';
    
    public int getGroupMode();

    /**
     * Gets the user who owns this resource
     *
     * @return The owner value
     */
    public Account getOwner();

    /**
     * Gets the group 
     *
     * @return The group value
     */
    public Group getGroup();

    /**
     * Get the mode
     *
     * @return The mode value
     */
    public int getMode();

    /**
     * Get the active mode for others
     *
     * @return The mode value
     */
    public int getOtherMode();

    /**
     * Get the active mode for the owner
     *
     * @return The mode value
     */
    public int getOwnerMode();
    
    /**
     * Set the owner group by group id
     *
     * @param  id  The group id
     */
    public void setGroup(int id) throws PermissionDeniedException;

    /**
     * Set the owner group
     *
     * @param  group  The group value
     */
    public void setGroup(Group group) throws PermissionDeniedException;

    /**
     * Set the owner group
     *
     * @param  name The group's name
     */
    public void setGroup(String name) throws PermissionDeniedException;

    /**
     * Set the owner group
     * 
     * This is used to set the owner group
     * of this permission to the same
     * as the owner group of the <i>other</i>
     * permission.
     * 
     * This is typically used in setGID situations.
     * 
     * @param other Another permissions object
     */
    public void setGroupFrom(Permission other) throws PermissionDeniedException;
    
    /**
     * Sets mode for group
     *
     * @param  perm  The new group mode value
     */
    public void setGroupMode(int perm) throws PermissionDeniedException;

    /**
     * Set the owner passed as account id
     *
     * @param  id  The new owner id
     */
    public void setOwner(int id) throws PermissionDeniedException;

    /**
     * Set the owner passed as User object
     *
     * @param  user  The new owner value
     */
    public void setOwner(Account user) throws PermissionDeniedException;

    /**
     * Set the owner
     *
     * @param  user  The new owner value
     */
    public void setOwner(String user) throws PermissionDeniedException;

    /**
     * Set mode using a string.
     * 
     * The string can either be in one of three formats:
     *  
     * 1) Unix Symbolic format as given to 'chmod' on Unix/Linux
     * 2) eXist Symbolic format as described in @see org.exist.security.AbstractUnixStylePermission#setExistSymbolicMode(java.lang.String)
     * 3) Simple Symbolic format e.g. "rwxr-xr-x"
     * 
     * The eXist symbolic format should be avoided
     * in new applications as it is deprecated
     * 
     * @param  str                  The new mode
     * @exception  SyntaxException  Description of the Exception
     */
    public void setMode(String modeStr) throws SyntaxException, PermissionDeniedException;

    /**
     *  Set mode
     *
     *@param  mode  The new mode value
     */
    public void setMode(int mode) throws PermissionDeniedException;

    /**
     *  Set mode for others
     *
     *@param  perm  The new mode value
     */
    public void setOtherMode(int perm) throws PermissionDeniedException;

    /**
     *  Set mode for the owner
     *
     *@param  other  The new mode value
     */
    public void setOwnerMode(int other) throws PermissionDeniedException;

    public boolean isSetUid();
    public boolean isSetGid();
    public boolean isSticky();

    public void setSetUid(boolean setUid) throws PermissionDeniedException;
    public void setSetGid(boolean setGid) throws PermissionDeniedException;
    public void setSticky(boolean sticky) throws PermissionDeniedException;

    /**
     *  Check  if user has the requested mode for this resource.
     *
     *@param  user  The user
     *@param  mode  The requested mode
     *@return       true if user has the requested mode
     */
    public boolean validate(Subject user, int mode);

    public void write(VariableByteOutputStream ostream) throws IOException;

    public void read(VariableByteInput istream) throws IOException;

    public boolean isCurrentSubjectDBA();

    public boolean isCurrentSubjectOwner();

    public boolean isCurrentSubjectInGroup();

    public boolean isCurrentSubjectInGroup(int groupId);
}