View Javadoc
1   /**
2    * This file Copyright (c) 2003-2018 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.cms.security;
35  
36  import info.magnolia.cms.security.auth.ACL;
37  
38  import java.util.Collection;
39  import java.util.Map;
40  
41  /**
42   * Manages groups, groups are identified by name and can be organized in folders. The name is globally unique regardless
43   * of their organisation in folders.
44   *
45   * @see Group
46   */
47  public interface GroupManager {
48  
49      /**
50       * Creates a new group in the root folder.
51       *
52       * @throws IllegalArgumentException if the name is not valid or if a group with this name already exists
53       * @throws UnsupportedOperationException if the implementation does not support writing
54       */
55      Group createGroup(String name) throws UnsupportedOperationException, AccessDeniedException;
56  
57      /**
58       * Get a group by name.
59       *
60       * @throws UnsupportedOperationException if the implementation does not support writing
61       */
62      Group getGroup(String name) throws UnsupportedOperationException, AccessDeniedException;
63  
64      /**
65       * Get all groups defined in the system.
66       */
67      Collection<Group> getAllGroups() throws UnsupportedOperationException;
68  
69      /**
70       * Returns all super-groups of the given group, i.e. both directly assigned and transitively assigned super-groups.
71       *
72       * @see #getAllSuperGroups(String)
73       *
74       * @deprecated since 5.5, use {@link #getAllSuperGroups(String)} instead.
75       */
76      @Deprecated
77      Collection<String> getAllGroups(String groupName) throws UnsupportedOperationException;
78  
79      /**
80       * Returns all super-groups of the given group, i.e. both directly assigned and transitively assigned super-groups.
81       * <p>Given the following groups:</p>
82       * <pre>
83       * /
84       * ├── people
85       * │   └──employees ("employees" is directly assigned to the "people" super-group)
86       * │      └──developers ("developers" is directly assigned to the "employees" super-group; and is thus transitively assigned to the "people" super-group)
87       *
88       * #getAllSuperGroups("people")  = []
89       * #getAllSuperGroups("employees")  = ["people"]
90       * #getAllSuperGroups("developers")  = ["employees","people"]
91       * </pre>
92       */
93      Collection<String> getAllSuperGroups(final String groupName) throws UnsupportedOperationException;
94  
95      /**
96       * Returns all sub-groups of the given group.
97       * <p>Given the following groups:</p>
98       * <pre>
99       * /
100      * ├── people
101      * │   └──employees ("employees" is directly assigned to the "people" super-group)
102      * │      └──developers ("developers" is directly assigned to the "employees" super-group; and is thus transitively assigned to the "people" super-group)
103      *
104      * #getAllSubGroups("people")  = ["employees","developers"]
105      * #getAllSubGroups("employees")  = ["developers"]
106      * #getAllSubGroups("developers")  = []
107      * </pre>
108      */
109     Collection<String> getAllSubGroups(final String groupName) throws UnsupportedOperationException;
110 
111     Map<String, ACL> getACLs(String group);
112 
113     /**
114      * Grants a role to a group.
115      *
116      * @return Group object with the role already granted.
117      */
118     Groupf="../../../../info/magnolia/cms/security/Group.html#Group">Group addRole(Group group, String roleName) throws AccessDeniedException;
119 
120     /**
121      * Adds a group to a group.
122      *
123      * @return group object with the group already assigned.
124      */
125     Group="../../../../info/magnolia/cms/security/Group.html#Group">Group addGroup(Group group, String groupName) throws AccessDeniedException;
126 
127     /**
128      * Returns sub-groups directly assigned to the given group.
129      *
130      * @see #getDirectSubGroups(String)
131      *
132      * @deprecated since 5.5, use {@link #getDirectSubGroups(String)} instead.
133      */
134     @Deprecated
135     Collection<String> getGroupsWithGroup(String groupName);
136 
137     /**
138      * Returns sub-groups directly assigned to the given group.
139      * <p>Given the following groups:</p>
140      * <pre>
141      * /
142      * ├── people
143      * │   └──employees ("employees" is directly assigned to the "people" super-group)
144      * │      └──developers ("developers" is directly assigned to the "employees" super-group; and is thus transitively assigned to the "people" super-group)
145      *
146      * #getDirectSubGroups("people")  = ["employees"]
147      * #getDirectSubGroups("employees")  = ["developers"]
148      * #getDirectSubGroups("developers")  = []
149      * </pre>
150      */
151     Collection<String> getDirectSubGroups(String groupName);
152 
153     /**
154      * Returns direct super-groups of the given group.
155      * <p>Given the following groups:</p>
156      * <pre>
157      * /
158      * ├── people
159      * │   └──employees ("employees" is directly assigned to the "people" super-group)
160      * │      └──developers ("developers" is directly assigned to the "employees" super-group; and is thus transitively assigned to the "people" super-group)
161      *
162      * #getDirectSuperGroups("people")  = []
163      * #getDirectSuperGroups("employees")  = ["people"]
164      * #getDirectSuperGroups("developers")  = ["employees"]
165      * </pre>
166      */
167     Collection<String> getDirectSuperGroups(String groupName);
168 
169     /**
170      * Returns all groups having assigned the provided role.
171      */
172     Collection<String> getGroupsWithRole(String roleName);
173 
174     /**
175      * Removes group from a group.
176      *
177      * @return group object with the group assignment removed.
178      */
179     Group./../../../info/magnolia/cms/security/Group.html#Group">Group removeGroup(Group group, String groupName) throws AccessDeniedException;
180 
181     /**
182      * Removes role from a group.
183      *
184      * @return group object without removed role.
185      */
186     Group../../../../info/magnolia/cms/security/Group.html#Group">Group removeRole(Group group, String roleName) throws AccessDeniedException;
187 }