/*
* RHQ Management Platform
* Copyright (C) 2005-2010 Red Hat, Inc.
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
package org.rhq.coregui.client.gwt;
import java.util.Collection;
import java.util.Set;
import com.google.gwt.user.client.rpc.RemoteService;
import org.rhq.core.domain.authz.Permission;
/**
* @author Greg Hinkle
*/
public interface AuthorizationGWTService extends RemoteService {
/**
* Gets the set of permissions that the current user explicitly possesses for the specified {@link org.rhq.core.domain.resource.Resource}.
*
* @param resourceId the id of some Resource to check permissions against
*
* @return the set of permissions that the current user possesses for the specified {@link org.rhq.core.domain.resource.Resource} - never null
*/
Set<Permission> getExplicitResourcePermissions(int resourceId) throws RuntimeException;
/**
* Gets the set of permissions that the current user implicitly possesses for the specified {@link org.rhq.core.domain.resource.Resource}.
*
* @param resourceId the id of some Resource to check permissions against
*
* @return the set of permissions that the current user implicitly possesses for the specified {@link org.rhq.core.domain.resource.Resource} - never null
*/
Set<Permission> getImplicitResourcePermissions(int resourceId) throws RuntimeException;
/**
* Gets the set of permissions that the current user explicitly possesses for the specified {@link org.rhq.core.domain.resource.group.Group}.
*
* @param groupId the id of some Group to check permissions against
*
* @return the set of permissions that the current user explicitly possesses for the specified {@link org.rhq.core.domain.resource.group.Group} - never null
*/
Set<Permission> getExplicitGroupPermissions(int groupId) throws RuntimeException;
/**
* Gets the set of permissions that the current user implicitly possesses for the specified {@link org.rhq.core.domain.resource.group.Group}.
*
* @param groupId the id of some Group to check permissions against
*
* @return the set of permissions that the current user implicitly possesses for the specified {@link org.rhq.core.domain.resource.group.Group}
*/
Set<Permission> getImplicitGroupPermissions(int groupId) throws RuntimeException;
/**
* Gets the set of global permissions that the current user explicitly possesses.
*
* @return the set of global permissions that the current user possesses - never null
*/
Set<Permission> getExplicitGlobalPermissions() throws RuntimeException;
/**
* Returns true if the current user possesses either: 1) the specified resource permission for *all* of the
* specified resources, or 2) the global MANAGE_INVENTORY permission which, by definition, gives full access to the
* inventory (all resources and all groups) NOTE: The size of the collection must be less than or equal to 1000 (due
* to an Oracle limitation).
*
* @param permission a resource permission (i.e. permission.getTarget() == Permission.Target.RESOURCE)
* @param resourceIds the ids of some Resources to check permissions against (size of collection must be <= 1000)
*
* @return true if the current user possesses the specified resource permission for the specified resource
*/
boolean hasResourcePermission(Permission permission, Collection<Integer> resourceIds) throws RuntimeException;
/**
* Gets the set of permissions that the current user explicitly possesses for the specified {@link org.rhq.core.domain.bundle.Bundle}.
*
* @param bundleId the id of some Bundle to check permissions against
*
* @return the set of permissions that the current user possesses for the specified {@link org.rhq.core.domain.bundle.Bundle} - never null
*/
Set<Permission> getBundlePermissions(int bundleId) throws RuntimeException;
/**
* Gets the set of permissions that the current user explicitly possesses for the specified {@link org.rhq.core.domain.bundle.BundleGroup}.
*
* @param bundleGroupId the id of some BundleGroup to check permissions against
*
* @return the set of permissions that the current user possesses for the specified {@link org.rhq.core.domain.bundle.BundleGroup} - never null
*/
Set<Permission> getBundleGroupPermissions(int bundleGroupId) throws RuntimeException;
/**
* Returns true if the current user possesses either: 1) the specified bundle permission for *all* of the
* specified bundles, or 2) is a system superuser which, by definition, gives full access to all bundles
* NOTE: The size of the collection must be less than or equal to 1000 (due to an Oracle limitation).
*
* @param subject the current subject or caller
* @param permission a resource permission (i.e. permission.getTarget() == Permission.Target.RESOURCE)
* @param bundleIds the ids of some Bundles to check permissions against (size of collection must be <= 1000)
*
* @return true if the current user possesses the specified resource permission for the specified resource
*/
boolean hasBundlePermission(Permission permission, Collection<Integer> bundleIds);
}