PermissionStore.java

package org.picketlink.idm.permission.acl.spi;

import org.picketlink.idm.model.IdentityType;
import org.picketlink.idm.permission.Permission;
import org.picketlink.idm.spi.IdentityContext;

import java.io.Serializable;
import java.util.List;
import java.util.Set;

/**
 * Permission Store interface
 *
 * @author Shane Bryzak
 */
public interface PermissionStore {

    /**
     * Returns a List value containing all permissions for the specified resource.
     *
     * @param resource
     * @return
     */
    List<Permission> listPermissions(IdentityContext context, Object resource);

    /**
     * <p>Returns a list of all {@link org.picketlink.idm.permission.Permission} for the given {@link org.picketlink.idm.model.IdentityType}.</p>
     *
     * @param identityType
     * @return
     */
    List<Permission> listPermissions(IdentityContext context, IdentityType identityType);

    /**
     * Returns a List value containing all permissions for the specified resource, having the specified operation
     *
     * @param resource
     * @param permission
     * @return
     */
    List<Permission> listPermissions(IdentityContext context, Object resource, String operation);

    /**
     * Returns a List value containing all permissions for all of the specified resource,
     * having the specified operation
     *
     * @param resources
     * @param operation
     * @return
     */
    List<Permission> listPermissions(IdentityContext context, Set<Object> resources, String operation);

    /**
     * Returns a List containing all the permissions for a resource that has not yet been loaded,
     * using the specified resource class and resource identifier value.
     *
     * @param resourceClass
     * @param identifier
     * @return
     */
    List<Permission> listPermissions(IdentityContext context, Class<?> resourceClass, Serializable identifier);

    /**
     * Returns a List containing all the permissions for a resource that has not yet been loaded,
     * using the specified resource class and resource identifier value, with the specified operation.
     *
     * @param resourceClass
     * @param identifier
     * @return
     */
    List<Permission> listPermissions(IdentityContext context, Class<?> resourceClass, Serializable identifier, String operation);

    /**
     * Grants the specified permission
     *
     * @param permission
     * @return
     */
    boolean grantPermission(IdentityContext context, IdentityType assignee, Object resource, String operation);

    /**
     * Revokes the specified permission
     *
     * @param permission
     * @return
     */
    boolean revokePermission(IdentityContext context, IdentityType assignee, Object resource, String operation);

    /**
     * Revokes all permissions for the specified resource
     *
     * @param resource
     */
    void revokeAllPermissions(IdentityContext context, Object resource);
}