Source code

001/*
002 * This library is part of OpenCms -
003 * the Open Source Content Management System
004 *
005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com)
006 *
007 * This library is free software; you can redistribute it and/or
008 * modify it under the terms of the GNU Lesser General Public
009 * License as published by the Free Software Foundation; either
010 * version 2.1 of the License, or (at your option) any later version.
011 *
012 * This library is distributed in the hope that it will be useful,
013 * but WITHOUT ANY WARRANTY; without even the implied warranty of
014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015 * Lesser General Public License for more details.
016 *
017 * For further information about Alkacon Software GmbH & Co. KG, please see the
018 * company website: http://www.alkacon.com
019 *
020 * For further information about OpenCms, please see the
021 * project website: http://www.opencms.org
022 *
023 * You should have received a copy of the GNU Lesser General Public
024 * License along with this library; if not, write to the Free Software
025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
026 */
027
028package org.opencms.security;
029
030import org.opencms.configuration.CmsSystemConfiguration;
031import org.opencms.db.CmsDbContext;
032import org.opencms.db.CmsDriverManager;
033import org.opencms.file.CmsResource;
034import org.opencms.file.CmsResourceFilter;
035import org.opencms.main.CmsException;
036import org.opencms.util.A_CmsModeIntEnumeration;
037
038/**
039 * Permission handler interface.<p>
040 *
041 * @since 7.0.2
042 *
043 * @see org.opencms.db.CmsSecurityManager#hasPermissions(org.opencms.file.CmsRequestContext, CmsResource, CmsPermissionSet, boolean, CmsResourceFilter)
044 */
045public interface I_CmsPermissionHandler {
046
047    /**
048     *  Enumeration class for the results of {@link I_CmsPermissionHandler#hasPermissions(CmsDbContext, CmsResource, CmsPermissionSet, boolean, CmsResourceFilter)}.<p>
049     */
050    public static final class CmsPermissionCheckResult extends A_CmsModeIntEnumeration {
051
052        /** Indicates allowed permissions. */
053        protected static final CmsPermissionCheckResult ALLOWED = new CmsPermissionCheckResult(1);
054
055        /** Indicates denied permissions. */
056        protected static final CmsPermissionCheckResult DENIED = new CmsPermissionCheckResult(2);
057
058        /** Indicates a resource was filtered during permission check. */
059        protected static final CmsPermissionCheckResult FILTERED = new CmsPermissionCheckResult(3);
060
061        /** Indicates a resource was not locked for a write / control operation. */
062        protected static final CmsPermissionCheckResult NOTLOCKED = new CmsPermissionCheckResult(4);
063
064        /** Version id required for safe serialization. */
065        private static final long serialVersionUID = 2398277834335860916L;
066
067        /**
068         * Private constructor.<p>
069         *
070         * @param mode the copy mode integer representation
071         */
072        private CmsPermissionCheckResult(int mode) {
073
074            super(mode);
075        }
076
077        /**
078         * Checks if this permission is allowed or not.<p>
079         *
080         * @return <code>true</code> if allowed
081         */
082        public boolean isAllowed() {
083
084            return (this == ALLOWED);
085        }
086    }
087
088    /** Indicates allowed permissions. */
089    CmsPermissionCheckResult PERM_ALLOWED = CmsPermissionCheckResult.ALLOWED;
090    /** Indicates denied permissions. */
091    CmsPermissionCheckResult PERM_DENIED = CmsPermissionCheckResult.DENIED;
092    /** Indicates a resource was filtered during permission check. */
093    CmsPermissionCheckResult PERM_FILTERED = CmsPermissionCheckResult.FILTERED;
094    /** Indicates a resource was not locked for a write / control operation. */
095    CmsPermissionCheckResult PERM_NOTLOCKED = CmsPermissionCheckResult.NOTLOCKED;
096
097    /**
098     * Performs a non-blocking permission check on a resource.<p>
099     *
100     * This test will not throw an exception in case the required permissions are not
101     * available for the requested operation. Instead, it will return one of the
102     * following values:<ul>
103     * <li><code>{@link #PERM_ALLOWED}</code></li>
104     * <li><code>{@link #PERM_FILTERED}</code></li>
105     * <li><code>{@link #PERM_DENIED}</code></li></ul><p>
106     *
107     * Despite of the fact that the results of this method are cached, this method should
108     * be as fast as possible since it is called really often.<p>
109     *
110     * @param dbc the current database context
111     * @param resource the resource on which permissions are required
112     * @param requiredPermissions the set of permissions required for the operation
113     * @param checkLock if true, a lock for the current user is required for
114     *      all write operations, if false it's ok to write as long as the resource
115     *      is not locked by another user
116     * @param filter the resource filter to use
117     *
118     * @return <code>{@link #PERM_ALLOWED}</code> if the user has sufficient permissions on the resource
119     *      for the requested operation
120     *
121     * @throws CmsException in case of i/o errors (NOT because of insufficient permissions)
122     */
123    CmsPermissionCheckResult hasPermissions(
124        CmsDbContext dbc,
125        CmsResource resource,
126        CmsPermissionSet requiredPermissions,
127        boolean checkLock,
128        CmsResourceFilter filter) throws CmsException;
129
130    /**
131     * Initializes internal variables needed to work.<p>
132     *
133     * @param driverManager the driver manager
134     * @param systemConfiguration the system configuration instance
135     */
136    void init(CmsDriverManager driverManager, CmsSystemConfiguration systemConfiguration);
137}