SecurityManager.java example

Explorer
org.eclipse.ecr-master
/*
 * Copyright (c) 2006-2011 Nuxeo SA (http://nuxeo.com/) and others.
 *
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *     Nuxeo - initial API and implementation
 *
 * $Id$
 */

package org.eclipse.ecr.core.security;

import org.eclipse.ecr.core.api.security.ACP;
import org.eclipse.ecr.core.api.security.Access;
import org.eclipse.ecr.core.model.Document;
import org.eclipse.ecr.core.model.Session;

/**
 * @author  <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a>
 *
 */
public interface SecurityManager {

    ACP getMergedACP(Document doc) throws SecurityException;

    ACP getACP(Document doc) throws SecurityException;

    void setACP(Document doc, ACP acp, boolean overwrite)
            throws SecurityException;

   /**
    * Checks whether this ACP grant the given permission on the given user.
    * <p>
    * The merged ACP is checked (this means all parents ACP + the local one)
    * but this doesn't check user groups or permission groups.
    * <p>
    * If the ACP is not explicitly denying or granting the permission false is returned
    * (the default behavior is to deny).
    *
    * @param doc the document
    * @param username the user name
    * @param permission the permission to check
    * @return true if granted, false if denied
    */
    boolean checkPermission(Document doc, String username,
            String permission) throws SecurityException;

    /**
     * Checks whether this ACP grant the given permission on the given user, denies it or
     * doesn't specify a rule.
     *
     * @param doc the document
     * @param username the user name
     * @param permission the permission to check
     * @return Access.GRANT if granted, Access.DENY if denied or Access.UNKNOWN if no rule for that permission exists.
     *         Never return null
     */
    Access getAccess(Document doc, String username,
            String permission) throws SecurityException;

    /**
     * Invalidates cache, if there is any.
     * <p>
     * Do nothing if no cache is used.
     *
     * @param session the current session
     */
    void invalidateCache(Session session);

}