X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=blobdiff_plain;f=opendaylight%2Fsal%2Fapi%2Fsrc%2Fmain%2Fjava%2Forg%2Fopendaylight%2Fcontroller%2Fsal%2Fauthorization%2FIResourceAuthorization.java;h=b7b36fae375aa5dc96444dd1cf7f8a41b878514c;hb=18fa9cb41678400d1decd007a66fc1f7be894f66;hp=8f6cfa42512642ba6e1115332c68898bb35ece75;hpb=e2f7aaa41e482815ca1d4495eb85c8653cd903ab;p=controller.git diff --git a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java index 8f6cfa4251..b7b36fae37 100644 --- a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java +++ b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java @@ -25,20 +25,20 @@ public interface IResourceAuthorization { /** * Create a Role name for the application * - * @param role the role name - * @param userLevel the user level in the application context - * @return the status of the request - */ + * @param role the role name + * @param userLevel the user level in the application context + * @return the status of the request + */ public Status createRole(String role, AppRoleLevel userLevel); /** * Remove a Role - * + * * @param role the role name * @return the status of the request */ public Status removeRole(String role); - + /** * Return the list of roles configured for the application * @@ -47,13 +47,15 @@ public interface IResourceAuthorization { public List getRoles(); /** - * Returns the application role level for the specified role - * If the role is not known to this application NOUSER - * will be returned as specified in {@link AppRoleLevel} + * Returns the application role level for the specified role. If the role is + * not known to this application NOUSER will be returned as specified in + * {@link AppRoleLevel} * - * @param roleName the role name to query - * @return the application level of the given role in the application context as specified by {@link AppRoleLevel} - * if the role is not part of this application's roles, NOUSER is returned + * @param roleName + * the role name to query + * @return the application level of the given role in the application + * context as specified by {@link AppRoleLevel}. If the role is not + * part of this application's roles, NOUSER is returned. */ public AppRoleLevel getApplicationRoleLevel(String roleName); @@ -61,15 +63,20 @@ public interface IResourceAuthorization { * Returns whether the specified role is part of this application's roles * * @param roleName the role name to test - * @return true if the role belongs to this application, false otherwise + * @return true if the role belongs to this application, false otherwise */ public boolean isApplicationRole(String roleName); /** - * Create a resource group for application + * Create a resource group for application. * - * @param groupName the name for the resource group - * @param resources the list of resources for the group + * NOTE: Resource addition is "best effort", if an object is not of correct type, + * it is discarded. + * + * @param groupName + * the name for the resource group + * @param resources + * the list of resources for the group * @return the status of the request */ public Status createResourceGroup(String groupName, List resources); @@ -110,22 +117,22 @@ public interface IResourceAuthorization { * @return the status of the request */ public Status assignResourceGroupToRole(String groupName, String role); - + /** * Unassign the passed resource group from the specified role - * - * @param group - * @param role + * + * @param groupName the name of the resource group + * @param role the role name * @return the status of the request */ - public Status unassignResourceGroupFromRole(String group, String role); - + public Status unassignResourceGroupFromRole(String groupName, String role); + /** * Returns the list of resource groups the given Role is authorized to use * The returning object expresses the resource group name and the access * its privilege for the given user role * - * @param role + * @param role the role name * @return list of resources */ public List getAuthorizedGroups(String role); @@ -141,7 +148,7 @@ public interface IResourceAuthorization { /** * Returns the list of authorized resources for the given role * For each resource only the highest privilege occurrence is returned - * @param role + * @param role the role name * @return the list of Resource */ public List getAuthorizedResources(String role); @@ -179,10 +186,43 @@ public interface IResourceAuthorization { * Returns the highest privilege that the user has on the specified * resource in this application context * - * @param userName - * @param resource + * @param userName the user name + * @param resource the given resource * @return the privilege the user has on the passed resource */ public Privilege getResourcePrivilege(String userName, Object resource); + /** + * Add a resource to a group + * + * @param groupName + * the resource group + * @param resource + * the resource object + * @return the status of the request + */ + public Status addResourceToGroup(String groupName, Object resource); + + /** + * Remove a resource from a group + * + * @param groupName + * the resource group + * @param resource + * the resource object + * @return the status of the request + */ + public Status removeResourceFromGroup(String groupName, Object resource); + + /** + * Return whether the specified user has access to this application. In + * other words if the user is associated any roles belonging to this + * application. + * + * @param userName + * the user name + * @return true if the user has access to this application's resources, + * false otherwise + */ + boolean isApplicationUser(String userName); }