Source code

001/**
002 * Copyright 2005-2016 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.krad.bo;
017
018import java.util.Map;
019
020/**
021 * Invoked to authorize actions requested on data objects (such as edit or view)
022 *
023 * @author Kuali Rice Team (rice.collab@kuali.org)
024 */
025public interface DataObjectAuthorizer {
026
027    /**
028     * Determines whether the user identified by the given principal ID has the given permission in the context
029     * of the data object
030     *
031     * @param dataObject
032     * @param namespaceCode
033     * @param permissionName
034     * @param principalId
035     * @return boolean true if the user is authorized, false if not
036     */
037    public boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName, String principalId);
038
039    /**
040     * Determines whether the user identified by the given principal ID has been granted a permission of the given
041     * template in the context of the data object
042     *
043     * @param dataObject
044     * @param namespaceCode
045     * @param permissionTemplateName
046     * @param principalId
047     * @return boolean true if the user is authorized, false if not
048     */
049    public boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
050            String principalId);
051
052    /**
053     * Determines whether the user identified by the given principal ID has the given permission in the context
054     * of the data object, the additional permission details and role qualifiers are used for the check
055     *
056     * @param dataObject
057     * @param namespaceCode
058     * @param permissionName
059     * @param principalId
060     * @param additionalPermissionDetails
061     * @param additionalRoleQualifiers
062     * @return boolean true if the user is authorized, false if not
063     */
064    public boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName, String principalId,
065            Map<String, String> additionalPermissionDetails, Map<String, String> additionalRoleQualifiers);
066
067    /**
068     * Determines whether the user identified by the given principal ID has been granted a permission of the given
069     * template in the context of the data object, the additional permission details and role qualifiers are used for
070     * the check
071     *
072     * @param dataObject
073     * @param namespaceCode
074     * @param permissionTemplateName
075     * @param principalId
076     * @param additionalPermissionDetails
077     * @param additionalRoleQualifiers
078     * @return boolean true if the user is authorized, false if not
079     */
080    public boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
081            String principalId, Map<String, String> additionalPermissionDetails,
082            Map<String, String> additionalRoleQualifiers);
083
084}