3 * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
5 * This program and the accompanying materials are made available under the
6 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
7 * and is available at http://www.eclipse.org/legal/epl-v10.html
10 package org.opendaylight.controller.sal.authorization;
12 import java.util.List;
15 import org.opendaylight.controller.sal.utils.Status;
18 * Interface for applications which maintain an authorization
19 * database for their resources. Respective application web bundle
20 * and User Manager make use of this interface to retrieve
21 * authorization information at user or and role level.
23 public interface IResourceAuthorization {
26 * Create a Role name for the application
28 * @param role the role name
29 * @param userLevel the user level in the application context
30 * @return the status of the request
32 public Status createRole(String role, AppRoleLevel userLevel);
37 * @param role the role name
38 * @return the status of the request
40 public Status removeRole(String role);
43 * Return the list of roles configured for the application
45 * @return the list of roles
47 public List<String> getRoles();
50 * Returns the application role level for the specified role
51 * If the role is not known to this application <code>NOUSER<code>
52 * will be returned as specified in {@link AppRoleLevel}
54 * @param roleName the role name to query
55 * @return the application level of the given role in the application context as specified by {@link AppRoleLevel}
56 * if the role is not part of this application's roles, <code>NOUSER<code> is returned
58 public AppRoleLevel getApplicationRoleLevel(String roleName);
61 * Returns whether the specified role is part of this application's roles
63 * @param roleName the role name to test
64 * @return true if the role belongs to this application, false otherwise
66 public boolean isApplicationRole(String roleName);
69 * Create a resource group for application
71 * @param groupName the name for the resource group
72 * @param resources the list of resources for the group
73 * @return the status of the request
75 public Status createResourceGroup(String groupName, List<Object> resources);
78 * Removes a resource group
80 * @param groupName the name of the group
81 * @return the status of the request
83 public Status removeResourceGroup(String groupName);
86 * Returns the list of resource groups configured for the application
88 * @return the list of resource group names
90 public List<String> getResourceGroups();
93 * Assign a resource group to a role
95 * @param groupName the name of the resource group
96 * @param privilege the access privilege role will have on the resource group
97 * @param role the role name
98 * @return the status of the request
101 public Status assignResourceGroupToRole(String groupName,
102 Privilege privilege, String role);
105 * Assign a resource group to a role. The access privilege on the resources
106 * is inferred by the AppRoleLevel associated to role.
108 * @param groupName the name of the resource group
109 * @param role the role name
110 * @return the status of the request
112 public Status assignResourceGroupToRole(String groupName, String role);
115 * Unassign the passed resource group from the specified role
119 * @return the status of the request
121 public Status unassignResourceGroupFromRole(String group, String role);
124 * Returns the list of resource groups the given Role is authorized to use
125 * The returning object expresses the resource group name and the access
126 * its privilege for the given user role
129 * @return list of resources
131 public List<ResourceGroup> getAuthorizedGroups(String role);
134 * Returns the list of resources contained in the given resource group
136 * @param groupName the resource group name
139 public List<Object> getResources(String groupName);
142 * Returns the list of authorized resources for the given role
143 * For each resource only the highest privilege occurrence is returned
145 * @return the list of Resource
147 public List<Resource> getAuthorizedResources(String role);
153 * Returns the controller user role level the passed user name is associated with
155 * @param userName the user name
156 * @return the user role level as specified in {@link UserLevel}
158 public UserLevel getUserLevel(String userName);
161 * Returns the application context user role level the passed user name is associated with
163 * @param userName the user name
164 * @return the user role level as specified in {@link AppRoleLevel}
166 public AppRoleLevel getUserApplicationLevel(String userName);
169 * Returns the list of resources (resource + privilege) associated
170 * with the passed user name for this application context
171 * For each resource only the highest privilege occurrence is returned
173 * @param userName the user name
174 * @return the list of resources associated with this user name in this application context
176 public Set<Resource> getAllResourcesforUser(String userName);
179 * Returns the highest privilege that the user has on the specified
180 * resource in this application context
184 * @return the privilege the user has on the passed resource
186 public Privilege getResourcePrivilege(String userName, Object resource);