• Home
• org.apache.jackrabbit
• oak-core
• 1.5.16
• source code
• AggregatedPermissionProvider.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider Maven / Gradle / Ivy

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.jackrabbit.oak.spi.security.authorization.permission;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;

import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;

/**
 * Extension of the {@link PermissionProvider} interface that allows it to be
 * used in combination with other provider implementations.
 */
public interface AggregatedPermissionProvider extends PermissionProvider {

    /**
     * Allows to determined the set or subset of privileges evaluated by the
     * implementing permission provider for the specified tree or at the repository
     * level in case the specified {@code tree} is {@code null}.
     *
     * If the given {@code privilegeBits} is {@code null} an implementation returns
     * the complete set that is covered by the provider; otherwise the supported
     * subset of the specified {@code privilegeBits} is returned.
     *
     * Returning {@link PrivilegeBits#EMPTY} indicates that this implementation
     * is not in charge of evaluating the specified privileges and thus will
     * be ignored while computing the composite result of
     * {@link PermissionProvider#getPrivileges(org.apache.jackrabbit.oak.api.Tree)}
     * or {@link PermissionProvider#hasPrivileges(org.apache.jackrabbit.oak.api.Tree, String...)}.
     *
     * @param tree The tree for which the privileges will be evaluated or {@code null}
     * for repository level privileges.
     * @param privilegeBits The privilege(s) to be tested or {@code null}
     * @return The set of privileges or the subset of the given {@code privilegeBits}
     * that are supported and evaluated by the implementation at the given {@code tree}
     * represented as {@code PrivilegeBits}.
     */
    @Nonnull
    PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits);

    /**
     * Allows to determined the set or subset of permissions evaluated by the
     * implementing permission provider for the specified item (identified by
     * {@code tree} and optionally {@code property}) or at the repository level
     * in case the specified {@code tree} is {@code null}.
     *
     * Returning {@link Permissions#NO_PERMISSION} indicates that this implementation
     * is not in charge of evaluating the specified permissions for the
     * specified item and thus will be ignored while computing the composite
     * result of {@link PermissionProvider#isGranted(Tree, PropertyState, long)}.
     *
     * @param tree The tree for which the permissions will be evaluated or {@code null}
     * for repository level privileges.
     * @param property The target property or {@code null}.
     * @param permissions The permisisons to be tested
     * @return The subset of the given {@code permissions} that are supported and
     * evaluated by the implementation for the given item.
     */
    long supportedPermissions(@Nullable Tree tree, @Nullable PropertyState property, long permissions);

    /**
     * Allows to determined the set or subset of permissions evaluated by the
     * implementing permission provider for the specified location.
     *
     * Returning {@link Permissions#NO_PERMISSION} indicates that this implementation
     * is not in charge of evaluating the specified permissions for the
     * specified location and thus will be ignored while computing the composite
     * result of {@link PermissionProvider#isGranted(String, String)} and
     * {@link AggregatedPermissionProvider#isGranted(TreeLocation, long)}.
     *
     * @param location The tree location for which the permissions will be evaluated.
     * @param permissions The permisisons to be tested
     * @return The subset of the given {@code permissions} that are supported and
     * evaluated by the implementation for the given location.
     */
    long supportedPermissions(@Nonnull TreeLocation location, long permissions);

    /**
     * Allows to determined the set or subset of permissions evaluated by the
     * implementing permission provider for the specified tree permission (plus
     * optionally {@code property}).
     *
     * Returning {@link Permissions#NO_PERMISSION} indicates that this implementation
     * is not in charge of evaluating the specified permissions for the
     * specified tree permission and thus will be ignored while computing the composite
     * result of {@link TreePermission#isGranted(long, PropertyState)} and {@link TreePermission#isGranted(long)}.
     *
     * @param treePermission The target tree permission.
     * @param property The target property or {@code null}.
     * @param permissions The permisisons to be tested
     * @return The subset of the given {@code permissions} that are supported and
     * evaluated by the implementation for the given tree permissions.
     */
    long supportedPermissions(@Nonnull TreePermission treePermission, @Nullable PropertyState property, long permissions);

    /**
     * Test if the specified permissions are granted for the set of {@code Principal}s
     * associated with this provider instance for the item identified by the
     * given {@code location} and optionally property. This method will only return {@code true}
     * if all permissions are granted.
     *
     * @param location The {@code TreeLocation} to test the permissions for.
     * @param permissions The permissions to be tested.
     * @return {@code true} if the specified permissions are granted for the existing
     * or non-existing item identified by the given location.
     */
    boolean isGranted(@Nonnull TreeLocation location, long permissions);

    /**
     * Return the {@code TreePermission} for the set of {@code Principal}s associated
     * with this provider at the specified {@code tree} with the given {@code type}.
     *
     * @param tree The tree for which the {@code TreePermission} object should be built.
     * @param type The type of this tree.
     * @param parentPermission The {@code TreePermission} object that has been
     * obtained before for the parent tree.
     * @return The {@code TreePermission} object for the specified {@code tree}.
     */
    @Nonnull
    TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreeType type, @Nonnull TreePermission parentPermission);

}