com.flexive.shared.interfaces
Interface ACLEngine

All Known Subinterfaces:
ACLEngineLocal

public interface ACLEngine

ACL engine interface

Author:
Gregor Schober (gregor.schober@flexive.com), UCS - unique computing solutions gmbh (http://www.ucs.at), Daniel Lichtenberger (daniel.lichtenberger@flexive.com), UCS - unique computing solutions gmbh (http://www.ucs.at)

Method Summary
 void assign(long aclId, long groupId, ACLPermission... permissions)
          Defines an ACL assignment between a group and an ACL.
 void assign(long aclId, long groupId, boolean mayRead, boolean mayEdit, boolean mayRelate, boolean mayRemove, boolean mayExport, boolean mayCreate)
          Defines an ACL assignment between a group and an ACL.
 long create(java.lang.String name, FxString label, long mandatorId, java.lang.String color, java.lang.String description, ACLCategory category)
          Creates a new ACL for a specific mandator.
 ACL load(long id)
          Loads an ACL definied by its unique id.
 ACL load(long id, boolean ignoreSecurity)
          Loads an ACL definied by its unique id.
 java.util.List<ACLAssignment> loadAssignments(long aclId)
          Loads all ACL assignments of a ACL.
 java.util.List<ACLAssignment> loadAssignments(java.lang.Long aclId, java.lang.Long groupId)
          Loads all ACL assignments of a group or acl.
 java.util.List<ACLAssignment> loadGroupAssignments(long groupId)
          Loads all ACL assignments of a group.
 void remove(long aclId)
          Remove an existing ACL identified by its unique id.
 void unassign(long aclId, long groupId)
          Removes an ACL assignment defined by its groupId and aclId.
 void update(long aclId, java.lang.String name, FxString label, java.lang.String color, java.lang.String description, java.util.List<ACLAssignment> assignments)
          Updates an existing ACL.
 

Method Detail

create

long create(java.lang.String name,
            FxString label,
            long mandatorId,
            java.lang.String color,
            java.lang.String description,
            ACLCategory category)
            throws FxApplicationException
Creates a new ACL for a specific mandator.

The caller needs to be in ACLManagement, and may only create ACLs for the mandator he belongs to.
GROUP_GLOBAL_SUPERVISOR may create ACLs for all mandators.

Parameters:
name - the unique name for the new ACL
label - display label
mandatorId - the mandator the ACL belongs to
color - the color of the acl as 6 digit RGB value, for example FF0000 for pure red
description - a description for the ACL
category - the category of the ACL
Returns:
id of the newly created ACL
Throws:
FxApplicationException - creation failed, acl with the given name exists, calling user lacks permissions, parameter (name,mandator,color,category) was invalid, mandator does not exist

remove

void remove(long aclId)
            throws FxApplicationException
Remove an existing ACL identified by its unique id.

A ACL may only be removed if it is not used by any object within the system. The calling user needs to be in ACLManagement, and may only unassign ACLs belonging to his mandator.
GROUP_GLOBAL_SUPERVISOR may unassign ACLs of mandators.

Parameters:
aclId - the id of the ACL to remove
Throws:
FxApplicationException - when the function failed to unassign the ACL, when a ACL with the given id does not exist, when the function failed to unassign the ACL

update

void update(long aclId,
            java.lang.String name,
            FxString label,
            java.lang.String color,
            java.lang.String description,
            java.util.List<ACLAssignment> assignments)
            throws FxApplicationException
Updates an existing ACL.

The calling user needs to be in ACLManagement, and may only update ACLs belonging to his mandator.
GROUP_GLOBAL_SUPERVISOR may update ACLs of all mandators.

Parameters:
aclId - The unique id of the acl that should be updated
name - The new unqiue name of the ACL, or null if the old name should be kept
label - display label
color - The new color of the ACL, or null if the old color should be kept
description - The new description of the ACL, or null if the old description should be kept
assignments - ACL assignments
Throws:
FxApplicationException - update failed, acl does not exist, user lacks permissions, parameter is invalid, acl with the given name exists

load

ACL load(long id)
         throws FxApplicationException
Loads an ACL definied by its unique id.

The caller may only load ACLs belonging to his mandator, or ACLs that the caller is assigned to.
GROUP_GLOBAL_SUPERVISOR may load all ACLs.

Parameters:
id - the unique id of the ACL that should be loaded
Returns:
the ACL
Throws:
FxApplicationException - load failed, acl does no exist, calling user may not access the ACL

load

ACL load(long id,
         boolean ignoreSecurity)
         throws FxApplicationException
Loads an ACL definied by its unique id.

If ignoreSecurity is true the following permissison checks are performed:
The caller may only load ACLs belonging to his mandator.
GROUP_GLOBAL_SUPERVISOR may load all ACLs.

Parameters:
id - the unique id of the ACL that should be loaded
ignoreSecurity - security checks are skipped if set to true
Returns:
the ACL
Throws:
FxApplicationException - load failed, acl doesnt exist, calling user may not access the ACL

assign

void assign(long aclId,
            long groupId,
            boolean mayRead,
            boolean mayEdit,
            boolean mayRelate,
            boolean mayRemove,
            boolean mayExport,
            boolean mayCreate)
            throws FxApplicationException
Defines an ACL assignment between a group and an ACL. If all permissions are set to false, no assignment is created and any old assignment is removed.
If an assignment between the specified group and the specified ACL already exists, its permissions are overwritten.
The caller must be in role ACLManagement and may only assign groups and ACLs belonging to his mandator.
GROUP_EVERYONE and PRIVATE may be assigned regardless of their mandator.
GLOBAL_SUPERVISOR may assign acls and groups of any mandator.

Parameters:
aclId - the acl
groupId - the group that should be assigned to the acl
mayRead - the read permission for the group/acl combination
mayEdit - the edit permission for the group/acl combination
mayRelate - the relate permission for the group/acl combination
mayRemove - the unassign permission for the group/acl combination
mayExport - the export permission for the group/acl combination
mayCreate - the create permission for the group/acl combination
Throws:
FxApplicationException - when the creation failed, when the calling user lacks the permission to create ACL assignments,when the group or ACL does not exist

assign

void assign(long aclId,
            long groupId,
            ACLPermission... permissions)
            throws FxApplicationException
Defines an ACL assignment between a group and an ACL. This is a shortcut for assign(long, long, boolean, boolean, boolean, boolean, boolean, boolean)

Parameters:
aclId - the acl
groupId - the group that should be assigned to the acl
permissions - list of permissions to set (NOT_.. permissions are ignored as default is false)
Throws:
FxApplicationException - when the creation failed, when the calling user lacks the permission to create ACL assignments,when the group or ACL does not exist
See Also:
assign(long,long,boolean,boolean,boolean,boolean,boolean,boolean)

loadGroupAssignments

java.util.List<ACLAssignment> loadGroupAssignments(long groupId)
                                                   throws FxApplicationException
Loads all ACL assignments of a group. The caller may only load ACLAssingments belonging to a group of his mandator.
GLOBAL_SUPERVISOR may load the ACLAssignments of all groups.

Parameters:
groupId - the group to load the ACL assignment for
Returns:
the ACL assignments of the group
Throws:
FxApplicationException - not found, load failed, caller may not access the given group

loadAssignments

java.util.List<ACLAssignment> loadAssignments(long aclId)
                                              throws FxApplicationException
Loads all ACL assignments of a ACL. The caller may only load ACLAssingments belonging to a ACL of his mandator.
GLOBAL_SUPERVISOR may load the ACLAssignments of all ACL.

Parameters:
aclId - the acl to load the assignment for
Returns:
the ACL assignments of the group
Throws:
FxApplicationException - not found, load failed, no access

unassign

void unassign(long aclId,
              long groupId)
              throws FxApplicationException
Removes an ACL assignment defined by its groupId and aclId. Only callers in ACLManagement may unassign ACLAssignments of groups and acl belonging to his mandator.
GROUP_EVERYONE and PRIVATE my be assigned regardless of their mandator.
GLOBAL_SUPERVISOR may unassign every ACLAssignment.

Parameters:
aclId - a acl id
groupId - a group id
Throws:
FxApplicationException - when the unassign failed, when a assignment with the groupId and aclId combination does not exist, when the calling user lacks the permission to manage ACLs

loadAssignments

java.util.List<ACLAssignment> loadAssignments(java.lang.Long aclId,
                                              java.lang.Long groupId)
                                              throws FxApplicationException
Loads all ACL assignments of a group or acl. The caller may only load ACL assingments belonging to a group or acl of his mandator.
GLOBAL_SUPERVISOR may load the ACL assignments of all groups.

Parameters:
aclId - the acl to load the ACL assigments for, or null
groupId - the group to load the ACL assignment for, or null
Returns:
the ACL assignments of the group
Throws:
FxApplicationException - when no data was found, if the user may not access the data, or when a unexpected error occured