Andrew Hind 703aeeaeb9 Fix for ALF-200: Deprecated methods should have reference to alternative methods
- removed PermissoinService methods deprecated since 2.2/3.0

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@19907 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2010-04-19 19:46:23 +00:00

362 lines
12 KiB
Java

/*
* Copyright (C) 2005-2010 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.service.cmr.security;
import java.util.Map;
import java.util.Set;
import org.alfresco.service.Auditable;
import org.alfresco.service.PublicService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.namespace.QName;
/**
* The public API for a permission service The implementation may be changed in the application configuration
*
* @author Andy Hind
*/
@PublicService
public interface PermissionService
{
/**
* Prefixes used for authorities of type role. This is intended for external roles, e.g. those set by ACEGI
* implementations It is only used for admin at the moment - which is done outside the usual permission assignments
* at the moment. It could be a dynamic authority.
*/
public static final String ROLE_PREFIX = "ROLE_";
/**
* Prefix used for authorities of type group.
*/
public static final String GROUP_PREFIX = "GROUP_";
/**
* The group that contains everyone except guest.
*/
public static final String ALL_AUTHORITIES = "GROUP_EVERYONE";
/**
* The dynamic authority used for ownership
*/
public static final String OWNER_AUTHORITY = "ROLE_OWNER";
/**
* The authority that all owners of WCM stores have.
*/
public static final String WCM_STORE_OWNER_AUTHORITY = "ROLE_WCM_STORE_OWNER";
/**
* The dynamic authority used for the ownership of locks.
*/
public static final String LOCK_OWNER_AUTHORITY = "ROLE_LOCK_OWNER";
/**
* The admin authority - currently a role.
*/
public static final String ADMINISTRATOR_AUTHORITY = "ROLE_ADMINISTRATOR";
/**
* The guest authority
*/
public static final String GUEST_AUTHORITY = "ROLE_GUEST";
/**
* The permission for all - not defined in the model. Repsected in the code.
*/
public static final String ALL_PERMISSIONS = "All";
// Constants for permissions/permission groups defined in the standard permission model.
public static final String FULL_CONTROL = "FullControl";
public static final String READ = "Read";
public static final String WRITE = "Write";
public static final String DELETE = "Delete";
public static final String ADD_CHILDREN = "AddChildren";
public static final String READ_PROPERTIES = "ReadProperties";
public static final String READ_CHILDREN = "ReadChildren";
public static final String WRITE_PROPERTIES = "WriteProperties";
public static final String DELETE_NODE = "DeleteNode";
public static final String DELETE_CHILDREN = "DeleteChildren";
public static final String CREATE_CHILDREN = "CreateChildren";
public static final String LINK_CHILDREN = "LinkChildren";
public static final String DELETE_ASSOCIATIONS = "DeleteAssociations";
public static final String READ_ASSOCIATIONS = "ReadAssociations";
public static final String CREATE_ASSOCIATIONS = "CreateAssociations";
public static final String READ_PERMISSIONS = "ReadPermissions";
public static final String CHANGE_PERMISSIONS = "ChangePermissions";
public static final String EXECUTE = "Execute";
public static final String READ_CONTENT = "ReadContent";
public static final String WRITE_CONTENT = "WriteContent";
public static final String EXECUTE_CONTENT = "ExecuteContent";
public static final String TAKE_OWNERSHIP = "TakeOwnership";
public static final String SET_OWNER = "SetOwner";
public static final String COORDINATOR = "Coordinator";
public static final String CONTRIBUTOR = "Contributor";
public static final String EDITOR = "Editor";
public static final String CONSUMER = "Consumer";
public static final String LOCK = "Lock";
public static final String UNLOCK = "Unlock";
public static final String CHECK_OUT = "CheckOut";
public static final String CHECK_IN = "CheckIn";
public static final String CANCEL_CHECK_OUT = "CancelCheckOut";
public static final String ASPECTS = "Aspects";
public static final String PROPERTIES = "Properties";
public static final String WCM_CONTENT_MANAGER = "ContentManager";
public static final String WCM_CONTENT_PUBLISHER = "ContentPublisher";
public static final String WCM_CONTENT_CONTRIBUTOR = "ContentContributor";
public static final String WCM_CONTENT_REVIEWER = "ContentReviewer";
public static final String FLATTEN = "Flatten";
/**
* Get the Owner Authority
*
* @return the owner authority
*/
@Auditable
public String getOwnerAuthority();
/**
* Get the All Authorities
*
* @return the All authorities
*/
@Auditable
public String getAllAuthorities();
/**
* Get the All Permission
*
* @return the All permission
*/
@Auditable
public String getAllPermission();
/**
* Get all the AccessPermissions that are granted/denied to the current authentication for the given node
*
* @param nodeRef -
* the reference to the node
* @return the set of allowed permissions
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" })
public Set<AccessPermission> getPermissions(NodeRef nodeRef);
/**
* Get all the AccessPermissions that are set for anyone for the given node
*
* @param nodeRef -
* the reference to the node
* @return the set of allowed permissions
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" })
public Set<AccessPermission> getAllSetPermissions(NodeRef nodeRef);
/**
* Get the permissions that can be set for a given node
*
* @param nodeRef
* @return
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" })
public Set<String> getSettablePermissions(NodeRef nodeRef);
/**
* Get the permissions that can be set for a given type
*
* @param type
* @return - set of permissions
*/
@Auditable(parameters = { "type" })
public Set<String> getSettablePermissions(QName type);
/**
* Check that the given authentication has a particular permission for the given node. (The default behaviour is to
* inherit permissions)
*
* @param nodeRef
* @param permission
* @return - access status
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "permission" })
public AccessStatus hasPermission(NodeRef nodeRef, String permission);
/**
* Check if a permission is allowed on an acl.
* @param aclID
* @param context
* @param permission
* @return the access status
*/
@Auditable(parameters = { "aclID", "context", "permission" })
public AccessStatus hasPermission(Long aclID, PermissionContext context, String permission);
/**
* Delete all the permission assigned to the node
*
* @param nodeRef
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" })
public void deletePermissions(NodeRef nodeRef);
/**
* Delete all permission for the given authority.
*
* @param nodeRef
* @param authority
* (if null then this will match all authorities)
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "authority" })
public void clearPermission(NodeRef nodeRef, String authority);
/**
* Find and delete a access control entry by node, authentication and permission. It is possible to delete
* <ol>
* <li> a specific permission;
* <li> all permissions for an authority (if the permission is null);
* <li> entries for all authorities that have a specific permission (if the authority is null); and
* <li> all permissions set for the node (if both the permission and authority are null).
* </ol>
*
* @param nodeRef
* the node that the entry applies to
* @param authority
* the authority recipient (if null then this will match all authorities)
* @param permission
* the entry permission (if null then this will match all permissions)
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "authority", "permission" })
public void deletePermission(NodeRef nodeRef, String authority, String permission);
/**
* Set a specific permission on a node.
*
* @param nodeRef
* @param authority
* @param permission
* @param allow
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "authority", "permission", "allow" })
public void setPermission(NodeRef nodeRef, String authority, String permission, boolean allow);
/**
* Set the global inheritance behaviour for permissions on a node.
*
* @param nodeRef
* @param inheritParentPermissions
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "inheritParentPermissions" })
public void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions);
/**
* Return the global inheritance behaviour for permissions on a node.
*
* @param nodeRef
* @return inheritParentPermissions
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" })
public boolean getInheritParentPermissions(NodeRef nodeRef);
/**
* Add a permission mask to a store
*
* @param storeRef
* @param authority
* @param permission
* @param allow
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = { "storeRef", "authority", "permission", "allow" })
public void setPermission(StoreRef storeRef, String authority, String permission, boolean allow);
/**
* Remove part of a permission mask on a store
* @param storeRef
* @param authority
* @param permission
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = { "storeRef", "authority", "permission" })
public void deletePermission(StoreRef storeRef, String authority, String permission);
/**
* Clear all permission masks for an authority on a store
*
* @param storeRef
* @param authority
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = { "storeRef", "authority" })
public void clearPermission(StoreRef storeRef, String authority);
/**
* Remove all permission mask on a store
*
* @param storeRef
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = { "storeRef" })
public void deletePermissions(StoreRef storeRef);
/**
* Get all the AccessPermissions that are set for anyone for the given node
*
* @param storeRef -
* the reference to the store
* @return the set of allowed permissions
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = { "storeRef" })
public Set<AccessPermission> getAllSetPermissions(StoreRef storeRef);
}