Class | Line # | Actions | |||||
---|---|---|---|---|---|---|---|
ContextualAuthorizationManager | 36 | 0 | - | 0 | 0 |
1 | /* | |
2 | * See the NOTICE file distributed with this work for additional | |
3 | * information regarding copyright ownership. | |
4 | * | |
5 | * This is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU Lesser General Public License as | |
7 | * published by the Free Software Foundation; either version 2.1 of | |
8 | * the License, or (at your option) any later version. | |
9 | * | |
10 | * This software is distributed in the hope that it will be useful, | |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
13 | * Lesser General Public License for more details. | |
14 | * | |
15 | * You should have received a copy of the GNU Lesser General Public | |
16 | * License along with this software; if not, write to the Free | |
17 | * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA | |
18 | * 02110-1301 USA, or see the FSF site: http://www.fsf.org. | |
19 | */ | |
20 | package org.xwiki.security.authorization; | |
21 | ||
22 | import org.xwiki.component.annotation.Role; | |
23 | import org.xwiki.model.reference.EntityReference; | |
24 | ||
25 | /** | |
26 | * This API is for checking the access rights of current user in the current context. It replaces | |
27 | * {@code com.xpn.xwiki.user.api.XWikiRightService}. | |
28 | * | |
29 | * The ContextualAuthorizationManager does not provide any help for authentication. Authentication should have been | |
30 | * ensured previously if needed. | |
31 | * | |
32 | * @version $Id: d5d1dc21a308f224b8c8ed57735b22a82210a465 $ | |
33 | * @since 6.1RC1 | |
34 | */ | |
35 | @Role | |
36 | public interface ContextualAuthorizationManager | |
37 | { | |
38 | /** | |
39 | * Check if access identified by {@code right} on the current entity is allowed in the current context. | |
40 | * The context includes information like the authenticated user, the current macro being executed, the rendering | |
41 | * context restriction, the dropping of rights by macro, etc... | |
42 | * This function should be used at security checkpoint. | |
43 | * | |
44 | * @param right the right needed for execution of the action | |
45 | * @throws AccessDeniedException if the action should be denied, which may also happen when an error occurs | |
46 | */ | |
47 | void checkAccess(Right right) throws AccessDeniedException; | |
48 | ||
49 | /** | |
50 | * Verifies if access identified by {@code right} on the current entity would be allowed in the current context. | |
51 | * The context includes information like the authenticated user, the current macro being executed, the rendering | |
52 | * context restriction, the dropping of rights by macro, etc... | |
53 | * This function should be used for interface matters, use {@link #checkAccess} at security checkpoints. | |
54 | * | |
55 | * @param right the right to check . | |
56 | * @return {@code true} if the user has the specified right on the entity, {@code false} otherwise | |
57 | */ | |
58 | boolean hasAccess(Right right); | |
59 | ||
60 | /** | |
61 | * Check if access identified by {@code right} on the given entity is allowed in the current context. | |
62 | * The context includes information like the authenticated user, the current macro being executed, the rendering | |
63 | * context restriction, the dropping of rights by macro, etc... | |
64 | * This function should be used at security checkpoint. | |
65 | * | |
66 | * @param right the right needed for execution of the action | |
67 | * @param entityReference the entity on which to check the right | |
68 | * @throws AccessDeniedException if the action should be denied, which may also happen when an error occurs | |
69 | */ | |
70 | void checkAccess(Right right, EntityReference entityReference) throws AccessDeniedException; | |
71 | ||
72 | /** | |
73 | * Verifies if access identified by {@code right} on the given entity would be allowed in the current context. | |
74 | * The context includes information like the authenticated user, the current macro being executed, the rendering | |
75 | * context restriction, the dropping of rights by macro, etc... | |
76 | * This function should be used for interface matters, use {@link #checkAccess} at security checkpoints. | |
77 | * | |
78 | * @param right the right to check . | |
79 | * @param entityReference the entity on which to check the right | |
80 | * @return {@code true} if the user has the specified right on the entity, {@code false} otherwise | |
81 | */ | |
82 | boolean hasAccess(Right right, EntityReference entityReference); | |
83 | } |