Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.janux.bus.security
Interface PermissionsCapable

All Known Subinterfaces:
Account, Role
public interface PermissionsCapable

This interface defines classes that may have permissions granted to them; as of this writing, it is intended to be a super interface for the Account and Role interfaces, both of which may be assigned Permissions directly.

Since:
0.1
Author:
Philippe Paravicini

Method Summary
 void denyPermissions(PermissionContext permissionContext, long permissionsValue)
          Explicitly denies a set of Permissions within a PermissionContext; this method should be used only to deny permissions that are inherited from Roles associated to this PermissionsCapable entity; this method is not meant to be used as the opposite action to method grantPermissions(PermissionContext, long), although it could be abused that way,
 Map<String,PermissionContext> getPermissionContexts()
          Returns a map of all the PermissionContexts in which this PermissionsCapable Entity has been granted a Permission, whether directly or via a Sub-Role; the map is keyed by the PermissionContext's Name
 String[] getPermissions(String permissionContext)
          Given a PermissionContext, this method returns the permissions, represented as Strings, that this PermissionsCapable Entity has in that permission context, or an empty array if the PermissionsCapable Entity has no permissions in that PermissionContext
 long getPermissionsValue(String permissionContext)
          In the case of an implementation that uses bitmasks to store permissions, and given a PermissionContext, this method returns the permissions that this PermissionsCapable Entity has in that permission context, represented as a long value
 void grantPermissions(PermissionContext permissionContext, long permissionsValue)
          In the case of an implementation that uses bitmasks to store permissions, and given a permission context and a long value representing multiple permissions available in that context, this method grants the permissions indicated to this PermissionsCapable Entity.
 boolean hasPermissions(String permissionContext, long permissionsValue)
          In the case of an implementation that uses bitmasks to store permissions, and given a permission context and a long value representing multiple permissions available in that context, this method returns true if this role has all the permissions indicated
 boolean hasPermissions(String permissionContext, String permissionName)
          Given a permission context, and the names of a permission available in that context, this method returns true if this role has the permission named
 boolean hasPermissions(String permissionContext, String[] permissionNames)
          Given a permission context, and the names of permissions available in that context, this method returns true if this role has all the permissions named
 

Method Detail

getPermissionContexts

Map<String,PermissionContext> getPermissionContexts()
Returns a map of all the PermissionContexts in which this PermissionsCapable Entity has been granted a Permission, whether directly or via a Sub-Role; the map is keyed by the PermissionContext's Name

getPermissions

String[] getPermissions(String permissionContext)
Given a PermissionContext, this method returns the permissions, represented as Strings, that this PermissionsCapable Entity has in that permission context, or an empty array if the PermissionsCapable Entity has no permissions in that PermissionContext

hasPermissions

boolean hasPermissions(String permissionContext,
                       String[] permissionNames)
Given a permission context, and the names of permissions available in that context, this method returns true if this role has all the permissions named

hasPermissions

boolean hasPermissions(String permissionContext,
                       String permissionName)
Given a permission context, and the names of a permission available in that context, this method returns true if this role has the permission named

getPermissionsValue

long getPermissionsValue(String permissionContext)
In the case of an implementation that uses bitmasks to store permissions, and given a PermissionContext, this method returns the permissions that this PermissionsCapable Entity has in that permission context, represented as a long value

hasPermissions

boolean hasPermissions(String permissionContext,
                       long permissionsValue)
In the case of an implementation that uses bitmasks to store permissions, and given a permission context and a long value representing multiple permissions available in that context, this method returns true if this role has all the permissions indicated

grantPermissions

void grantPermissions(PermissionContext permissionContext,
                      long permissionsValue)
In the case of an implementation that uses bitmasks to store permissions, and given a permission context and a long value representing multiple permissions available in that context, this method grants the permissions indicated to this PermissionsCapable Entity.

The permissions granted by this method are added to any permissions that this entity may inherit from its Roles. If you would like to remove all Permissions granted directly to this entity within a Permission Context, set the bitmask to 0.

Note that setting the Permissions bitmask to 0 will not work to revoke permissions that this entity may have inherited from its Roles; in such case you should call denyPermissions to explicitly deny the permissions in question. This will create an 'isDeny' bitmask that will block inherited permissions.

Parameters:
permissionContext - a valid PermissionContext
permissionsValue - a long value representing permissions that are to be granted to this PermissionsCapable Entity; the permissions must be available in the named PermissionContext
See Also:
denyPermissions(org.janux.bus.security.PermissionContext, long)

denyPermissions

void denyPermissions(PermissionContext permissionContext,
                     long permissionsValue)
Explicitly denies a set of Permissions within a PermissionContext; this method should be used only to deny permissions that are inherited from Roles associated to this PermissionsCapable entity; this method is not meant to be used as the opposite action to method grantPermissions(PermissionContext, long), although it could be abused that way,

For example, assuming a Role 'PRODUCT ADMIN' that has the Permissions READ, UPDATE, CREATE, DISABLE, PURGE in the PRODUCT Permission Context (plus possibly other Permissions in other Permission Contexts), it may desireable to create a 'PRODUCT MANAGER' Role that has 'PRODUCT ADMIN' as its sub-role, but denies the Permissions to CREATE and PURGE.

On the other hand, assume that we only have the 'PRODUCT ADMIN' Role and that we want to revoke its 'PURGE' Permission, in the Permission Context 'PRODUCT'. We could call denyPermissions to do so, but this will create an 'isDeny' bitmask in addition to the existing 'allow' bitmask one through which the 'PURGE' Permission was originally granted. Instead, it would be simpler to call grantPermissions(PermissionContext,long) again with the proper 'allow' bitmask that no longer enables the 'PURGE' permission.

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2005-2013 Janux. All Rights Reserved.