ResourceAccessManager.java example

Explorer

geoserver-master
- doc
  - en
    - developer
      - source
        programming-guide
        ows-services
        hello
        src
        main
        java
        HelloWorld.java
        web-ui
        ComponentInfo.java
    - user
      - source
        security
        tutorials
        ldap
        acme-ldap
        src
        main
        java
        org
        acme
        Ldap.java
- src

/* (c) 2014 Open Source Geospatial Foundation - all rights reserved
 * (c) 2001 - 2013 OpenPlans
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */
package org.geoserver.security;

import java.util.List;

import javax.annotation.Nullable;

import org.geoserver.catalog.CatalogInfo;
import org.geoserver.catalog.LayerGroupInfo;
import org.geoserver.catalog.LayerInfo;
import org.geoserver.catalog.ResourceInfo;
import org.geoserver.catalog.StyleInfo;
import org.geoserver.catalog.WorkspaceInfo;
import org.opengis.filter.Filter;
import org.springframework.security.core.Authentication;

/**
 * Provides the {@link SecureCatalogImpl} with directives on what the specified user can access.
 * <p>
 * Implementations should extend from {@link AbstractResourceAccessManager}.
 * </p>
 * @author Andrea Aime - GeoSolutions
 */
public interface ResourceAccessManager {

    /**
     * Returns the access limits for the workspace and stores included in it. For specific resource
     * access and published resource access see the other two methods
     * 
     * @param user
     * @param workspace
     * @return The access limits for this workspace, or null if there are no limits
     */
    public WorkspaceAccessLimits getAccessLimits(Authentication user, WorkspaceInfo workspace);

    /**
     * Returns the access limits for the specified layer, or null if there are no limits.
     */
    public DataAccessLimits getAccessLimits(Authentication user, LayerInfo layer);
    
    /**
     * Returns the access limits for the specified layer accessed via the groups listed as containers
     * (will be an empty list for direct access), or null if there are no limits.
     */
    public default DataAccessLimits getAccessLimits(Authentication user, LayerInfo layer, List<LayerGroupInfo> containers) {
    	return getAccessLimits(user, layer);
    }


    /**
     * Returns the access limits for the specified resource, or null if there are no limits.
     */
    public DataAccessLimits getAccessLimits(Authentication user, ResourceInfo resource);

    /**
     * Returns the access limits for the specified style, or null if there are no limits.
     */
    public StyleAccessLimits getAccessLimits(Authentication user, StyleInfo style);

    /**
     * Returns the access limits for the specified layer group, or null if there are no limits.
     */
    public LayerGroupAccessLimits getAccessLimits(Authentication user, LayerGroupInfo layerGroup);

    /**
     * Returns the access limits for the specified layer group accessed via the groups listed as containers
     * (will be an empty list for direct access), or null if there are no limits, or null if there are no limits.
     */
    public default LayerGroupAccessLimits getAccessLimits(Authentication user, LayerGroupInfo layerGroup, List<LayerGroupInfo> containers) {
    	return getAccessLimits(user, layerGroup);
    }

    
    /**
     * Returns a filter selecting only the objects authorized by the manager.  May return 
     * {@code null} in which case the caller is responsible for building a filter based on calls to
     * the manager's other methods.
     * @param user
     * @param clazz
     *
     */
    public @Nullable Filter getSecurityFilter(Authentication user, final Class<? extends CatalogInfo> clazz);

}