/**
* Copyright (c) 2009 - 2012 Red Hat, Inc.
*
* This software is licensed to you under the GNU General Public License,
* version 2 (GPLv2). There is NO WARRANTY for this software, express or
* implied, including the implied warranties of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
* along with this software; if not, see
* http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
*
* Red Hat trademarks are not licensed under GPLv2. No permission is
* granted to use or replicate Red Hat trademarks that are incorporated
* in this software or its documentation.
*/
package org.candlepin.auth.permissions;
import org.candlepin.auth.Access;
import org.candlepin.auth.SubResource;
import org.candlepin.model.Owner;
import org.hibernate.criterion.Criterion;
/**
*
*/
public interface Permission {
boolean canAccess(Object target, SubResource subResource, Access access);
/**
* Permissions have the ability to add restrictions to a hibernate queries which use
* AbstractHibernateCurator#createSecureCriteria.
*
* This allows us to do things like limit the results from a database query based
* on the principal, while still allowing the database to do the filtering and
* use pagination.
*
* While you can just return null here in many cases, it is often a good idea to
* explicitly include the objects you know you will be accessing with this permission.
* The results of this method are or'd together for all permissions on the principal,
* which could cause something to be hidden from you because another permission
* filtered it out, but you specified nothing.
*
* @param entityClass Type of object being queried.
* @return The modified Criteria query to be run.
*/
Criterion getCriteriaRestrictions(Class entityClass);
/**
* @return an owner if this permission is specific to one, otherwise null
*/
Owner getOwner();
}