3 * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
5 * This program and the accompanying materials are made available under the
6 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
7 * and is available at http://www.eclipse.org/legal/epl-v10.html
10 package org.opendaylight.controller.sal.authorization;
12 import java.util.List;
15 import org.opendaylight.controller.sal.utils.Status;
18 * Interface for applications which maintain an authorization
19 * database for their resources. Respective application web bundle
20 * and User Manager make use of this interface to retrieve
21 * authorization information at user or and role level.
24 public interface IResourceAuthorization {
27 * Create a Role name for the application
29 * @param role the role name
30 * @param userLevel the user level in the application context
31 * @return the status of the request
33 public Status createRole(String role, AppRoleLevel userLevel);
38 * @param role the role name
39 * @return the status of the request
41 public Status removeRole(String role);
44 * Return the list of roles configured for the application
46 * @return the list of roles
48 public List<String> getRoles();
51 * Returns the application role level for the specified role. If the role is
52 * not known to this application NOUSER will be returned as specified in
53 * {@link AppRoleLevel}
56 * the role name to query
57 * @return the application level of the given role in the application
58 * context as specified by {@link AppRoleLevel}. If the role is not
59 * part of this application's roles, NOUSER is returned.
61 public AppRoleLevel getApplicationRoleLevel(String roleName);
64 * Returns whether the specified role is part of this application's roles
66 * @param roleName the role name to test
67 * @return true if the role belongs to this application, false otherwise
69 public boolean isApplicationRole(String roleName);
72 * Create a resource group for application.
74 * NOTE: Resource addition is "best effort", if an object is not of correct type,
78 * the name for the resource group
80 * the list of resources for the group
81 * @return the status of the request
83 public Status createResourceGroup(String groupName, List<Object> resources);
86 * Removes a resource group
88 * @param groupName the name of the group
89 * @return the status of the request
91 public Status removeResourceGroup(String groupName);
94 * Returns the list of resource groups configured for the application
96 * @return the list of resource group names
98 public List<String> getResourceGroups();
101 * Assign a resource group to a role
103 * @param groupName the name of the resource group
104 * @param privilege the access privilege role will have on the resource group
105 * @param role the role name
106 * @return the status of the request
109 public Status assignResourceGroupToRole(String groupName,
110 Privilege privilege, String role);
113 * Assign a resource group to a role. The access privilege on the resources
114 * is inferred by the AppRoleLevel associated to role.
116 * @param groupName the name of the resource group
117 * @param role the role name
118 * @return the status of the request
120 public Status assignResourceGroupToRole(String groupName, String role);
123 * Unassign the passed resource group from the specified role
125 * @param groupName the name of the resource group
126 * @param role the role name
127 * @return the status of the request
129 public Status unassignResourceGroupFromRole(String groupName, String role);
132 * Returns the list of resource groups the given Role is authorized to use
133 * The returning object expresses the resource group name and the access
134 * its privilege for the given user role
136 * @param role the role name
137 * @return list of resources
139 public List<ResourceGroup> getAuthorizedGroups(String role);
142 * Returns the list of resources contained in the given resource group
144 * @param groupName the resource group name
147 public List<Object> getResources(String groupName);
150 * Returns the list of authorized resources for the given role
151 * For each resource only the highest privilege occurrence is returned
152 * @param role the role name
153 * @return the list of Resource
155 public List<Resource> getAuthorizedResources(String role);
161 * Returns the controller user role level the passed user name is associated with
163 * @param userName the user name
164 * @return the user role level as specified in {@link UserLevel}
166 public UserLevel getUserLevel(String userName);
169 * Returns the application context user role level the passed user name is associated with
171 * @param userName the user name
172 * @return the user role level as specified in {@link AppRoleLevel}
174 public AppRoleLevel getUserApplicationLevel(String userName);
177 * Returns the list of resources (resource + privilege) associated
178 * with the passed user name for this application context
179 * For each resource only the highest privilege occurrence is returned
181 * @param userName the user name
182 * @return the list of resources associated with this user name in this application context
184 public Set<Resource> getAllResourcesforUser(String userName);
187 * Returns the highest privilege that the user has on the specified
188 * resource in this application context
190 * @param userName the user name
191 * @param resource the given resource
192 * @return the privilege the user has on the passed resource
194 public Privilege getResourcePrivilege(String userName, Object resource);
197 * Add a resource to a group
202 * the resource object
203 * @return the status of the request
205 public Status addResourceToGroup(String groupName, Object resource);
208 * Remove a resource from a group
213 * the resource object
214 * @return the status of the request
216 public Status removeResourceFromGroup(String groupName, Object resource);
219 * Return whether the specified user has access to this application. In
220 * other words if the user is associated any roles belonging to this
225 * @return true if the user has access to this application's resources,
228 boolean isApplicationUser(String userName);