Package org.wso2.carbon.user.api

Interface AuthorizationManager

  • public interface AuthorizationManager

    • Method Detail

      • isUserAuthorized

        boolean isUserAuthorized​(String userName,
                         String resourceId,
                         String action)
                  throws UserStoreException
        Checks for user authorization. Users do not have permissions in future. Only roles can have permissions
        Parameters:
        userName - The user name
        resourceId - Resource Id String
        action - The action user is trying to perform
        Returns:
        Returns true when user is authorized to perform the action on the resource and false otherwise.
        Throws:
        UserStoreException

      • isRoleAuthorized

        boolean isRoleAuthorized​(String roleName,
                         String resourceId,
                         String action)
                  throws UserStoreException
        Checks for role authorization.
        Parameters:
        roleName - The role name
        resourceId - Resource Id String
        action - The action the role is trying to perform
        Returns:
        Returns true when the role is authorized to perform the action on the resource and false otherwise
        Throws:
        UserStoreException

      • getExplicitlyAllowedUsersForResource

        String[] getExplicitlyAllowedUsersForResource​(String resourceId,
                                              String action)
                                       throws UserStoreException
        Deprecated.
        Retrieves a list of users allowed to perform the given action on the resource
        Parameters:
        resourceId - Resource Id String
        action - The action that is allowed to perform
        Returns:
        Returns a list of users allowed to perform the given action on the resource
        Throws:
        UserStoreException

      • getAllowedRolesForResource

        String[] getAllowedRolesForResource​(String resourceId,
                                    String action)
                             throws UserStoreException
        Retrieves a list of roles allowed to perform the given action on the resource
        Parameters:
        resourceId - Resource Id String
        action - The action that is allowed to perform
        Returns:
        Returns a list of roles allowed to perform the given action on the resource
        Throws:
        UserStoreException

      • getDeniedRolesForResource

        String[] getDeniedRolesForResource​(String resourceId,
                                   String action)
                            throws UserStoreException
        Retrieves a list of roles that are not allowed to perform the given action on the resource
        Parameters:
        resourceId - Resource Id String
        action - The action that is allowed to perform
        Returns:
        Returns a list of roles allowed to perform the given action on the resource
        Throws:
        UserStoreException

      • getExplicitlyDeniedUsersForResource

        String[] getExplicitlyDeniedUsersForResource​(String resourceId,
                                             String action)
                                      throws UserStoreException
        Deprecated.
        Retrieves a list of users explicitly denied access to a resource. Users do not have permissions in future. Only roles can have permissions
        Parameters:
        resourceId - Resource Id String
        action - The action that is disallowed to perform
        Returns:
        Throws:
        UserStoreException

      • authorizeUser

        void authorizeUser​(String userName,
                   String resourceId,
                   String action)
            throws UserStoreException
        Deprecated.
        Grants authorizations to a user to perform an action on a resource. Users do not have permissions in future. Only roles can have permissions
        Parameters:
        userName - The user name
        resourceId - Resource identification string
        action - The action granted to the user
        Throws:
        UserStoreException

      • authorizeRole

        void authorizeRole​(String roleName,
                   String resourceId,
                   String action)
            throws UserStoreException
        Grants authorizes to a role to perform an action on a resource.
        Parameters:
        roleName - The role name
        resourceId - Resource identification string
        action - The action granted to the role
        Throws:
        UserStoreException

      • denyUser

        void denyUser​(String userName,
              String resourceId,
              String action)
       throws UserStoreException
        Deprecated.
        Deny authorizations to a user to perform an action on a resource. Users do not have permissions in future. Only roles can have permissions
        Parameters:
        userName - The user name
        resourceId - Resource identification string
        action - The action granted to the user
        Throws:
        UserStoreException

      • denyRole

        void denyRole​(String roleName,
              String resourceId,
              String action)
       throws UserStoreException
        Deny authorizations to a role to perform an action on a resource.
        Parameters:
        roleName - The role name
        resourceId - Resource identification string
        action - The action granted to the role
        Throws:
        UserStoreException

      • clearUserAuthorization

        void clearUserAuthorization​(String userName,
                            String resourceId,
                            String action)
                     throws UserStoreException
        Deprecated.
        Deletes an already granted authorization of a user. Users do not have permissions in future. Only roles can have permissions
        Parameters:
        userName - The user name
        resourceId - Resource identification string
        action - The action granted
        Throws:
        UserStoreException

      • clearUserAuthorization

        void clearUserAuthorization​(String userName)
                     throws UserStoreException
        Deprecated.
        Users do not have permissions in future. Only roles can have permissions
        Parameters:
        userName - The user name
        Throws:
        UserStoreException

      • clearRoleAuthorization

        void clearRoleAuthorization​(String roleName,
                            String resourceId,
                            String action)
                     throws UserStoreException
        Deletes an already granted authorization of a role.
        Parameters:
        roleName - The role name
        resourceId - Resource identification string
        action - The action granted
        Throws:
        UserStoreException

      • clearRoleActionOnAllResources

        void clearRoleActionOnAllResources​(String roleName,
                                   String action)
                            throws UserStoreException
        Deletes the role's right to perform the action on all resources.
        Parameters:
        roleName - The role name
        action - The action granted
        Throws:
        UserStoreException

      • clearResourceAuthorizations

        void clearResourceAuthorizations​(String resourceId)
                          throws UserStoreException
        Deletes all granted authorization on a resource.
        Parameters:
        resourceId - Resource identification string
        Throws:
        UserStoreException

      • getTenantId

        int getTenantId()
         throws UserStoreException
        This will get the tenant id associated with the user authorization manager
        Returns:
        the tenant id of the authorization manager
        Throws:
        UserStoreException - if the operation failed

      • resetPermissionOnUpdateRole

        void resetPermissionOnUpdateRole​(String roleName,
                                 String newRoleName)
                          throws UserStoreException
        This will reset the permission of the renamed role
        Parameters:
        roleName - The role name
        newRoleName - The new role name
        Throws:
        UserStoreException

      • refreshAllowedRolesForResource

        void refreshAllowedRolesForResource​(String resourceId)
                             throws UserStoreException
        This method used to refresh the existing resource permissions which cached in the memory
        Parameters:
        resourceId - resource id path
        Throws:
        UserStoreException - if something went wrong