com.anaptecs.jeaf.services.usermanagement.AuthorizationService Maven / Gradle / Ivy
/*
* anaptecs GmbH, Ricarda-Huch-Str. 71, 72760 Reutlingen, Germany
*
* Copyright 2004 - 2019. All rights reserved.
*/
package com.anaptecs.jeaf.services.usermanagement;
import java.util.List;
import com.anaptecs.jeaf.core.api.Service;
import com.anaptecs.jeaf.core.api.ServiceObjectID;
/**
* Service offers methods to check if the current user has a required authorization. The service supports a role based
* security concept as well as object passed permissions. In order to manage the roles and object permissions of users
* and organizational units the AuthorizationAdminService has to be used.
*
* If JEAF Security is enabled for a service, a special service invocation listener will call this service to ensure
* that the user has the required authorization (based on a roles and authorization types per method.). If a service
* implementation wants to use object permissions these have to be checked programmatically. The combination of role
* based and object based permissions is possible.
*
* @author JEAF Generator
* @version JEAF Release 1.4.x
*/
public interface AuthorizationService extends Service {
/**
* Method checks whether the current user has the authorization of the passed type.
*
*
* @param pAuthorizationType
* @return {@link Boolean} Method returns true if the authorization check was successful and false in all other cases.
*
*/
boolean hasAuthorization( AuthorizationType pAuthorizationType );
/**
* Method checks whether the current user has the permission to access the service object with the passed id with the
* passed access mode.
*
*
* @param pServiceObjectID ID of the service object for which the permission should be checked. The parameter must not
* be null.
*
* @param pAccessMode Access mode describes the way the current user wants to access the service object with the
* passed id. The parameter must not be null.
*
* @return {@link Boolean} Method returns true if the current user has permission to access the service object with
* the passed ID in the passed access mode and false in all other cases.
*
*/
boolean hasAuthorization( ServiceObjectID pServiceObjectID, ObjectAccessMode pAccessMode );
/**
* Method checks whether the current user has the permission to execute a use case of the passed type.
*
*
* @param pUseCase Representation of the use case for which the authorization should be checked. The parameter must
* not be null.
*
* @return {@link Boolean} Method returns true if the current user has permission to execute the use case of the
* passed type and false in all other cases.
*
*/
boolean hasAuthorization( UseCaseDefinition pUseCase );
/**
* Method checks whether the current user has right now the authorization that is described by the passed
* authorization type. This method enforces that the user has the required authorization. If the check is negative an
* exception due to insufficient privileges will be thrown.
*
*
* @param pAuthorizationType Authorization type for which the check will be performed. The parameter must not be null.
*
*/
void enforceAuthorization( AuthorizationType pAuthorizationType );
/**
* Method checks whether the current user has right now the authorization for the service object with the passed ID
* and the passed access mode. This method enforces that the user has the required authorization. If the check is
* negative an exception due to insufficient privileges will be thrown.
*
*
* @param pServiceObjectID ID of the service object for which the permission should be checked. The parameter must not
* be null.
*
* @param pAccessMode Access mode describes the way the current user wants to access the service object with the
* passed id. The parameter must not be null.
*
*/
void enforceAuthorization( ServiceObjectID pServiceObjectID, ObjectAccessMode pAccessMode );
/**
* Method returns the access privilege for the object with the passed id for the current user.
*
*
* @param pServiceObjectID ID of the object for which the access privileges of the current user should be returned.
* The parameter must not be null.
*
* @return {@link ObjectAccessPrivilege} Access privileges of the current user for the object with the passed id. If
* no access privileges are defined for the object with the passed id the method returns null. This means that the
* users privileges for the object are undefined.
*
*/
ObjectAccessPrivilege getObjectAccessPrivilege( ServiceObjectID pServiceObjectID );
/**
* Method returns the access privileges for the objects with the passed ids for the current user.
*
*
* @param pServiceObjectIDs List with the ids of all service objects for which the access privileges of the current
* user should be returned. The parameter must not be null.
*
* @return {@link ObjectAccessPrivilege} List with the access privileges of the current user for all objects with the
* passed ids. The returned list has the same order as the list with service object ids. Beware that the returned list
* may contain null values as for some objects the access privileges may not be defined.
*
*/
ObjectAccessPrivilege getObjectAccessPriviliges( ServiceObjectID pServiceObjectIDs );
/**
* Method returns all use cases definitions for which the current user is currently authorized.
*
*
* @return {@link UseCaseDefinition} List with all use cases for which the current user is currently authorized. The
* method never returns null.
*
*/
List getAllAuthorizedUseCases( );
}