SecurityAdvisor.java

/**********************************************************************************
 * $URL: https://source.sakaiproject.org/svn/kernel/trunk/api/src/main/java/org/sakaiproject/authz/api/SecurityAdvisor.java $
 * $Id: SecurityAdvisor.java 105077 2012-02-24 22:54:29Z ottenhoff@longsight.com $
 ***********************************************************************************
 *
 * Copyright (c) 2005, 2006, 2008 Sakai Foundation
 *
 * Licensed under the Educational Community License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *       http://www.opensource.org/licenses/ECL-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 **********************************************************************************/

package org.sakaiproject.authz.api;

/**
 * <p>
 * SecurityAdvisor is a stackable policy process that is given a chance to determine if a security
 * question can be answered,over the logic of the SecurityService component. The advisors at the 
 * top of the stack are consulted first (added last).
 * </p>
 * @see SecurityService#pushAdvisor(SecurityAdvisor)
 * @see SecurityService#popAdvisor(SecurityAdvisor)
 * @see SecurityService#hasAdvisors()
 */
public interface SecurityAdvisor
{
	/**
	 * <p>
	 * SecurityAdvice enumerates different SecurityAdvisor results.
	 * </p>
	 */
	public class SecurityAdvice
	{
		private final String m_id;

		private SecurityAdvice(String id)
		{
			m_id = id;
		}

		public String toString()
		{
			return m_id;
		}

		/** Security result that indicates the end user is allowed the function. */
		public static final SecurityAdvice ALLOWED = new SecurityAdvice("allowed");

		/** Security result that indicates the end user is NOT allowed the function. */
		public static final SecurityAdvice NOT_ALLOWED = new SecurityAdvice("not allowed");

		/** Security result that indicates the SecurityAdvisor cannot answer the question. */
		public static final SecurityAdvice PASS = new SecurityAdvice("pass");
	}

	/**
	 * Can the current session user perform the requested function on the referenced Entity?
	 * 
	 * @param userId
	 *        The user id.
	 * @param function
	 *        The lock id string.
	 * @param reference
	 *        The resource reference string.
	 * @return ALLOWED or NOT_ALLOWED if the advisor can answer that the user can or cannot, or PASS if the advisor cannot answer.
	 */
	SecurityAdvice isAllowed(String userId, String function, String reference);
}