/**
* Licensed to Apereo under one or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information regarding copyright ownership. Apereo
* licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the License at the
* following location:
*
* <p>http://www.apache.org/licenses/LICENSE-2.0
*
* <p>Unless required by applicable law or agreed to in writing, software distributed under the
* License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apereo.portal.security;
import org.apereo.portal.AuthorizationException;
import org.apereo.portal.permission.IPermissionActivity;
import org.apereo.portal.permission.IPermissionOwner;
import org.apereo.portal.permission.target.IPermissionTarget;
/**
* Defines a pluggable strategy for evaluating the permissions associated with a principal.
*
* @see IAuthorizationService
* @see IPermission
*/
public interface IPermissionPolicy {
/**
* Answers if the owner has authorized the principal to perform the activity on the target,
* based on permissions provided by the service. Params <code>service</code>, <code>owner</code>
* and <code>activity</code> must be non-null.
*
* @param service org.apereo.portal.security.IAuthorizationService
* @param principal org.apereo.portal.security.IAuthorizationPrincipal
* @param owner The 'namespace' of the activity
* @param activity The behavior that requires permission
* @param target The object upon which the behavior will be invoked
* @return TRUE if the principal has permission to perform the specified activity on the
* specified target
* @exception AuthorizationException
*/
public boolean doesPrincipalHavePermission(
IAuthorizationService service,
IAuthorizationPrincipal principal,
IPermissionOwner owner,
IPermissionActivity activity,
IPermissionTarget target)
throws AuthorizationException;
}