001/* 002 * This library is part of OpenCms - 003 * the Open Source Content Management System 004 * 005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com) 006 * 007 * This library is free software; you can redistribute it and/or 008 * modify it under the terms of the GNU Lesser General Public 009 * License as published by the Free Software Foundation; either 010 * version 2.1 of the License, or (at your option) any later version. 011 * 012 * This library is distributed in the hope that it will be useful, 013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 015 * Lesser General Public License for more details. 016 * 017 * For further information about Alkacon Software GmbH & Co. KG, please see the 018 * company website: http://www.alkacon.com 019 * 020 * For further information about OpenCms, please see the 021 * project website: http://www.opencms.org 022 * 023 * You should have received a copy of the GNU Lesser General Public 024 * License along with this library; if not, write to the Free Software 025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 026 */ 027 028package org.opencms.security; 029 030import org.opencms.configuration.CmsSystemConfiguration; 031import org.opencms.db.CmsDbContext; 032import org.opencms.db.CmsDriverManager; 033import org.opencms.file.CmsResource; 034import org.opencms.file.CmsResourceFilter; 035import org.opencms.main.CmsException; 036import org.opencms.util.A_CmsModeIntEnumeration; 037 038/** 039 * Permission handler interface.<p> 040 * 041 * @since 7.0.2 042 * 043 * @see org.opencms.db.CmsSecurityManager#hasPermissions(org.opencms.file.CmsRequestContext, CmsResource, CmsPermissionSet, boolean, CmsResourceFilter) 044 */ 045public interface I_CmsPermissionHandler { 046 047 /** 048 * Enumeration class for the results of {@link I_CmsPermissionHandler#hasPermissions(CmsDbContext, CmsResource, CmsPermissionSet, LockCheck, CmsResourceFilter)}.<p> 049 */ 050 public static final class CmsPermissionCheckResult extends A_CmsModeIntEnumeration { 051 052 /** Indicates allowed permissions. */ 053 protected static final CmsPermissionCheckResult ALLOWED = new CmsPermissionCheckResult(1); 054 055 /** Indicates denied permissions. */ 056 protected static final CmsPermissionCheckResult DENIED = new CmsPermissionCheckResult(2); 057 058 /** Indicates a resource was filtered during permission check. */ 059 protected static final CmsPermissionCheckResult FILTERED = new CmsPermissionCheckResult(3); 060 061 /** Indicates a resource was not locked for a write / control operation. */ 062 protected static final CmsPermissionCheckResult NOTLOCKED = new CmsPermissionCheckResult(4); 063 064 /** Version id required for safe serialization. */ 065 private static final long serialVersionUID = 2398277834335860916L; 066 067 /** 068 * Private constructor.<p> 069 * 070 * @param mode the copy mode integer representation 071 */ 072 private CmsPermissionCheckResult(int mode) { 073 074 super(mode); 075 } 076 077 /** 078 * Checks if this permission is allowed or not.<p> 079 * 080 * @return <code>true</code> if allowed 081 */ 082 public boolean isAllowed() { 083 084 return (this == ALLOWED); 085 } 086 } 087 088 /** 089 * Enum for the lock check mode. 090 */ 091 public enum LockCheck { 092 093 /** Don't check locks. */ 094 no("N"), 095 096 /** Check for shallow or normal lock. */ 097 shallowOnly("S"), 098 099 /** Check for normal (non-shallow) lock. */ 100 yes("Y"); 101 102 /** The code for this enum value. */ 103 private String m_code; 104 105 /** 106 * Creates a new instance. 107 * 108 * @param code the code for the enum value 109 */ 110 private LockCheck(String code) { 111 112 m_code = code; 113 } 114 115 /** 116 * Gets the code for the enum value.<p> 117 * 118 * The code is a short string identifying the enum value for use in cache keys. 119 * 120 * @return the code 121 */ 122 public String getCode() { 123 124 return m_code; 125 } 126 } 127 128 /** Indicates allowed permissions. */ 129 CmsPermissionCheckResult PERM_ALLOWED = CmsPermissionCheckResult.ALLOWED; 130 /** Indicates denied permissions. */ 131 CmsPermissionCheckResult PERM_DENIED = CmsPermissionCheckResult.DENIED; 132 /** Indicates a resource was filtered during permission check. */ 133 CmsPermissionCheckResult PERM_FILTERED = CmsPermissionCheckResult.FILTERED; 134 /** Indicates a resource was not locked for a write / control operation. */ 135 CmsPermissionCheckResult PERM_NOTLOCKED = CmsPermissionCheckResult.NOTLOCKED; 136 137 /** 138 * Performs a non-blocking permission check on a resource.<p> 139 * 140 * This test will not throw an exception in case the required permissions are not 141 * available for the requested operation. Instead, it will return one of the 142 * following values:<ul> 143 * <li><code>{@link #PERM_ALLOWED}</code></li> 144 * <li><code>{@link #PERM_FILTERED}</code></li> 145 * <li><code>{@link #PERM_DENIED}</code></li></ul><p> 146 * 147 * Despite of the fact that the results of this method are cached, this method should 148 * be as fast as possible since it is called really often.<p> 149 * 150 * @param dbc the current database context 151 * @param resource the resource on which permissions are required 152 * @param requiredPermissions the set of permissions required for the operation 153 * @param checkLock the type of lock check to perform for write operations 154 * @param filter the resource filter to use 155 * 156 * @return <code>{@link #PERM_ALLOWED}</code> if the user has sufficient permissions on the resource 157 * for the requested operation 158 * 159 * @throws CmsException in case of i/o errors (NOT because of insufficient permissions) 160 */ 161 CmsPermissionCheckResult hasPermissions( 162 CmsDbContext dbc, 163 CmsResource resource, 164 CmsPermissionSet requiredPermissions, 165 LockCheck checkLock, 166 CmsResourceFilter filter) 167 throws CmsException; 168 169 /** 170 * Initializes internal variables needed to work.<p> 171 * 172 * @param driverManager the driver manager 173 * @param systemConfiguration the system configuration instance 174 */ 175 void init(CmsDriverManager driverManager, CmsSystemConfiguration systemConfiguration); 176}