001    /* 
002        Licensed to the Apache Software Foundation (ASF) under one
003        or more contributor license agreements.  See the NOTICE file
004        distributed with this work for additional information
005        regarding copyright ownership.  The ASF licenses this file
006        to you under the Apache License, Version 2.0 (the
007        "License"); you may not use this file except in compliance
008        with the License.  You may obtain a copy of the License at
009    
010           http://www.apache.org/licenses/LICENSE-2.0
011    
012        Unless required by applicable law or agreed to in writing,
013        software distributed under the License is distributed on an
014        "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015        KIND, either express or implied.  See the License for the
016        specific language governing permissions and limitations
017        under the License.  
018     */
019    package org.apache.wiki.auth.acl;
020    
021    import java.security.Permission;
022    import java.security.Principal;
023    import java.util.Enumeration;
024    
025    /**
026     * <p>
027     * Defines an access control list (ACL) for wiki pages. An Access Control List
028     * is a data structure used to guard access to resources. An ACL can be thought
029     * of as a data structure with multiple ACL entries. Each ACL entry, of
030     * interface type AclEntry, contains a set of positive permissions associated
031     * with a particular principal. (A principal represents an entity such as an
032     * individual user or a group). The ACL Entries in each ACL observe the
033     * following rules:
034     * </p>
035     * <ul>
036     * <li>Each principal can have at most one ACL entry; that is, multiple ACL
037     * entries are not allowed for any principal. Each entry specifies the set of
038     * permissions that are to be granted</li>
039     * <li>If there is no entry for a particular principal, then the principal is
040     * considered to have a null (empty) permission set</li>
041     * </ul>
042     * <p>
043     * This interface is a highly stripped-down derivation of the
044     * java.security.acl.Acl interface. In particular, the notion of an Acl "owner"
045     * has been eliminated, since JWPWiki pages do not have owners. An additional
046     * simplification compared to the standard Java package is that negative
047     * permissions have been eliminated. Instead, JSPWiki assumes a "default-deny"
048     * security stance: principals are granted no permissions by default, and
049     * posesses only those that have been explicitly granted to them. And finally,
050     * the getPermissions() and checkPermission() methods have been eliminated due
051     * to the complexities associated with resolving Role principal membership.
052     * </p>
053     * @since 2.3
054     */
055    public interface Acl
056    {
057        /**
058         * Adds an ACL entry to this ACL. An entry associates a principal (e.g., an
059         * individual or a group) with a set of permissions. Each principal can have
060         * at most one positive ACL entry, specifying permissions to be granted to
061         * the principal. If there is already an ACL entry already in the ACL, false
062         * is returned.
063         * @param entry - the ACL entry to be added to this ACL
064         * @return true on success, false if an entry of the same type (positive or
065         *         negative) for the same principal is already present in this ACL
066         */
067        boolean addEntry( AclEntry entry );
068    
069        /**
070         * Returns an enumeration of the entries in this ACL. Each element in the
071         * enumeration is of type AclEntry.
072         * @return an enumeration of the entries in this ACL.
073         */
074        Enumeration< AclEntry > entries();
075    
076        /**
077         * Returns <code>true</code>, if this Acl is empty.
078         * @return the result
079         * @since 2.4.68
080         */
081        boolean isEmpty();
082    
083        /**
084         * Returns all Principal objects assigned a given Permission in the access
085         * control list. The Princiapls returned are those that have been granted
086         * either the supplied permission, or a permission implied by the supplied
087         * permission. Principals are not "expanded" if they are a role or group.
088         * @param permission the permission to search for
089         * @return an array of Principals posessing the permission
090         */
091        Principal[] findPrincipals( Permission permission );
092    
093        /**
094         * Returns an AclEntry for a supplied Principal, or <code>null</code> if
095         * the Principal does not have a matching AclEntry.
096         * @param principal the principal to search for
097         * @return the AclEntry associated with the principal, or <code>null</code>
098         */
099        AclEntry getEntry( Principal principal );
100    
101        /**
102         * Removes an ACL entry from this ACL.
103         * @param entry the ACL entry to be removed from this ACL
104         * @return true on success, false if the entry is not part of this ACL
105         */
106        boolean removeEntry( AclEntry entry );
107    
108        /**
109         * Returns a string representation of the contents of this Acl.
110         * @return the string representation
111         */
112        String toString();
113    
114    }