001/* 
002    Licensed to the Apache Software Foundation (ASF) under one
003    or more contributor license agreements.  See the NOTICE file
004    distributed with this work for additional information
005    regarding copyright ownership.  The ASF licenses this file
006    to you under the Apache License, Version 2.0 (the
007    "License"); you may not use this file except in compliance
008    with the License.  You may obtain a copy of the License at
009
010       http://www.apache.org/licenses/LICENSE-2.0
011
012    Unless required by applicable law or agreed to in writing,
013    software distributed under the License is distributed on an
014    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015    KIND, either express or implied.  See the License for the
016    specific language governing permissions and limitations
017    under the License.  
018 */
019package org.apache.wiki.api.core;
020
021import java.security.Permission;
022import java.security.Principal;
023import java.util.Enumeration;
024
025
026/**
027 * <p>
028 * Defines an access control list (ACL) for wiki pages. An Access Control List is a data structure used to guard access to resources.
029 * An ACL can be thought of as a data structure with multiple ACL entries. Each ACL entry, of interface type AclEntry, contains a set
030 * of positive permissions associated with a particular principal. (A principal represents an entity such as an individual user or a 
031 * group). The ACL Entries in each ACL observe the following rules:
032 * </p>
033 * <ul>
034 * <li>Each principal can have at most one ACL entry; that is, multiple ACL entries are not allowed for any principal. Each entry
035 * specifies the set of permissions that are to be granted</li>
036 * <li>If there is no entry for a particular principal, then the principal is considered to have a null (empty) permission set</li>
037 * </ul>
038 * <p>
039 * This interface is a highly stripped-down derivation of the java.security.acl.Acl interface. In particular, the notion of an Acl "owner"
040 * has been eliminated, since JSPWiki pages do not have owners. An additional simplification compared to the standard Java package is that
041 * negative permissions have been eliminated. Instead, JSPWiki assumes a "default-deny" security stance: principals are granted no 
042 * permissions by default, and possesses only those that have been explicitly granted to them. And finally, the getPermissions() and
043 * checkPermission() methods have been eliminated due to the complexities associated with resolving Role principal membership.
044 * </p>
045 * @since 2.3
046 */
047public interface Acl {
048
049    /**
050     * Adds an ACL entry to this ACL. An entry associates a principal (e.g., an individual or a group) with a set of permissions.
051     * Each principal can have at most one positive ACL entry, specifying permissions to be granted to the principal. If there is
052     * already an ACL entry already in the ACL, false is returned.
053     *
054     * @param entry - the ACL entry to be added to this ACL
055     * @return true on success, false if an entry of the same type (positive or negative) for the same principal is already present
056     *         in this ACL
057     */
058    boolean addEntry( AclEntry entry );
059
060    /**
061     * Returns an enumeration of the entries in this ACL. Each element in the enumeration is of type AclEntry.
062     *
063     * @return an enumeration of the entries in this ACL.
064     */
065    Enumeration< AclEntry > aclEntries();
066
067    /**
068     * Returns <code>true</code>, if this Acl is empty.
069     *
070     * @return the result
071     * @since 2.4.68
072     */
073    boolean isEmpty();
074
075    /**
076     * Returns all Principal objects assigned a given Permission in the access control list. The Principals returned are those that
077     * have been granted either the supplied permission, or a permission implied by the supplied permission. Principals are not
078     * "expanded" if they are a role or group.
079     *
080     * @param permission the permission to search for
081     * @return an array of Principals possessing the permission
082     */
083    Principal[] findPrincipals( Permission permission );
084
085    /**
086     * Returns an AclEntry for a supplied Principal, or <code>null</code> if the Principal does not have a matching AclEntry.
087     *
088     * @param principal the principal to search for
089     * @return the AclEntry associated with the principal, or <code>null</code>
090     */
091    AclEntry getAclEntry( Principal principal );
092
093    /**
094     * Removes an ACL entry from this ACL.
095     *
096     * @param entry the ACL entry to be removed from this ACL
097     * @return true on success, false if the entry is not part of this ACL
098     */
099    boolean removeEntry( AclEntry entry );
100
101}