Class | Line # | Actions | |||||
---|---|---|---|---|---|---|---|
AuthorizationManager | 42 | 0 | - | 0 | 0 |
1 | /* | |
2 | * See the NOTICE file distributed with this work for additional | |
3 | * information regarding copyright ownership. | |
4 | * | |
5 | * This is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU Lesser General Public License as | |
7 | * published by the Free Software Foundation; either version 2.1 of | |
8 | * the License, or (at your option) any later version. | |
9 | * | |
10 | * This software is distributed in the hope that it will be useful, | |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
13 | * Lesser General Public License for more details. | |
14 | * | |
15 | * You should have received a copy of the GNU Lesser General Public | |
16 | * License along with this software; if not, write to the Free | |
17 | * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA | |
18 | * 02110-1301 USA, or see the FSF site: http://www.fsf.org. | |
19 | */ | |
20 | package org.xwiki.security.authorization; | |
21 | ||
22 | import org.xwiki.component.annotation.Role; | |
23 | import org.xwiki.model.reference.DocumentReference; | |
24 | import org.xwiki.model.reference.EntityReference; | |
25 | ||
26 | /** | |
27 | * This API is for checking the access rights of any users on any XWiki entities. It replaces | |
28 | * {@code com.xpn.xwiki.user.api.XWikiRightService} and provides better extensibility and improved performance while | |
29 | * being almost fully compatible with the existing implementation. | |
30 | * See {@code org.xwiki.security.authorization.internal.XWikiCachingRightService} for a bridge to this new authorization | |
31 | * manager for legacy code. | |
32 | * | |
33 | * The AuthorisationManager does not provide any help for authentication. Authentication should be provided by | |
34 | * another components, yet to be written. | |
35 | * Neither this authorization manager has any real use of the context (except for some still to be refactored | |
36 | * stuffs, like the read-only mode of XWiki), see ContextualAuthorizationManager for this purpose. | |
37 | * | |
38 | * @version $Id: a7e8e226bce1f91e39fde7883ee43c6db5a7902d $ | |
39 | * @since 4.0M2 | |
40 | */ | |
41 | @Role | |
42 | public interface AuthorizationManager | |
43 | { | |
44 | /** | |
45 | * The Superadmin username. | |
46 | */ | |
47 | String SUPERADMIN_USER = "superadmin"; | |
48 | ||
49 | /** | |
50 | * Check if the user identified by {@code userReference} has the access identified by {@code right} on the | |
51 | * entity identified by {@code entityReference}. Note that some rights may be checked higher in hierarchy of the | |
52 | * provided entity if such right is not enabled at lowest hierarchy level provided. | |
53 | * This function should be used at security checkpoint. | |
54 | * | |
55 | * @param right the right needed for execution of the action | |
56 | * @param userReference the user to check the right for | |
57 | * @param entityReference the entity on which to check the right | |
58 | * @throws AccessDeniedException if the action should be denied, which may also happen when an error occurs | |
59 | */ | |
60 | void checkAccess(Right right, DocumentReference userReference, EntityReference entityReference) | |
61 | throws AccessDeniedException; | |
62 | ||
63 | /** | |
64 | * Verifies if the user identified by {@code userReference} has the access identified by {@code right} on the | |
65 | * entity identified by {@code entityReference}. Note that some rights may be checked higher in hierarchy of the | |
66 | * provided entity if such right is not enabled at lowest hierarchy level provided. | |
67 | * This function should be used for interface matters, use {@link #checkAccess} at security checkpoints. | |
68 | * | |
69 | * @param right the right to check . | |
70 | * @param userReference the user to check the right for | |
71 | * @param entityReference the entity on which to check the right | |
72 | * @return {@code true} if the user has the specified right on the entity, {@code false} otherwise | |
73 | */ | |
74 | boolean hasAccess(Right right, DocumentReference userReference, EntityReference entityReference); | |
75 | ||
76 | /** | |
77 | * Register a new custom {@link Right}. | |
78 | * | |
79 | * @param rightDescription the full description of the new {@link Right} | |
80 | * @return the created {@link Right} | |
81 | * @throws UnableToRegisterRightException if an error prevent creation of the new right. Registering exactly | |
82 | * the same right does not cause an exception and return the existing right. | |
83 | */ | |
84 | Right register(RightDescription rightDescription) throws UnableToRegisterRightException; | |
85 | } |