X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=blobdiff_plain;f=opendaylight%2Fsal%2Fapi%2Fsrc%2Fmain%2Fjava%2Forg%2Fopendaylight%2Fcontroller%2Fsal%2Fauthorization%2FIResourceAuthorization.java;h=b7b36fae375aa5dc96444dd1cf7f8a41b878514c;hb=c46e223995956f1f759c551163c212947c1e2fb7;hp=453976bf680d1ee3af50fa7719aececff1cedc74;hpb=ff1b4a79cca00743a00c3b0b1100bd0ab2b2fb31;p=controller.git

diff --git a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java
index 453976bf68..b7b36fae37 100644
--- a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java
+++ b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java
@@ -27,8 +27,8 @@ public interface IResourceAuthorization {
      *
      * @param role  the role name
      * @param userLevel the user level in the application context
-         * @return the status of the request
-         */
+     * @return the status of the request
+     */
     public Status createRole(String role, AppRoleLevel userLevel);
 
     /**
@@ -47,13 +47,15 @@ public interface IResourceAuthorization {
     public List<String> getRoles();
 
     /**
-     * Returns the application role level for the specified role
-     * If the role is not known to this application <code>NOUSER<code>
-     * will be returned as specified in {@link AppRoleLevel}
+     * Returns the application role level for the specified role. If the role is
+     * not known to this application NOUSER will be returned as specified in
+     * {@link AppRoleLevel}
      *
-     * @param roleName the role name to query
-     * @return the application level of the given role in the application context as specified by {@link AppRoleLevel}
-     *                  if the role is not part of this application's roles, <code>NOUSER<code> is returned
+     * @param roleName
+     *            the role name to query
+     * @return the application level of the given role in the application
+     *         context as specified by {@link AppRoleLevel}. If the role is not
+     *         part of this application's roles, NOUSER is returned.
      */
     public AppRoleLevel getApplicationRoleLevel(String roleName);
 
@@ -66,10 +68,15 @@ public interface IResourceAuthorization {
     public boolean isApplicationRole(String roleName);
 
     /**
-     * Create a resource group for application
+     * Create a resource group for application.
      *
-     * @param groupName the name for the resource group
-     * @param resources the list of resources for the group
+     * NOTE: Resource addition is "best effort", if an object is not of correct type,
+     * it is discarded.
+     *
+     * @param groupName
+     *            the name for the resource group
+     * @param resources
+     *            the list of resources for the group
      * @return the status of the request
      */
     public Status createResourceGroup(String groupName, List<Object> resources);
@@ -114,18 +121,18 @@ public interface IResourceAuthorization {
     /**
      * Unassign the passed resource group from the specified role
      *
-     * @param group
-     * @param role
+     * @param groupName the name of the resource group
+     * @param role the role name
      * @return the status of the request
      */
-    public Status unassignResourceGroupFromRole(String group, String role);
+    public Status unassignResourceGroupFromRole(String groupName, String role);
 
     /**
      * Returns the list of resource groups the given Role is authorized to use
      * The returning object expresses the resource group name and the access
      * its privilege for the given user role
      *
-     * @param role
+     * @param role  the role name
      * @return list of resources
      */
     public List<ResourceGroup> getAuthorizedGroups(String role);
@@ -141,7 +148,7 @@ public interface IResourceAuthorization {
     /**
      * Returns the list of authorized resources for the given role
      * For each resource only the highest privilege occurrence is returned
-     * @param role
+     * @param role  the role name
      * @return the list of Resource
      */
     public List<Resource> getAuthorizedResources(String role);
@@ -179,10 +186,43 @@ public interface IResourceAuthorization {
      * Returns the highest privilege that the user has on the specified
      * resource in this application context
      *
-     * @param userName
-     * @param resource
+     * @param userName the user name
+     * @param resource the given resource
      * @return the privilege the user has on the passed resource
      */
     public Privilege getResourcePrivilege(String userName, Object resource);
 
+    /**
+     * Add a resource to a group
+     *
+     * @param groupName
+     *            the resource group
+     * @param resource
+     *            the resource object
+     * @return the status of the request
+     */
+    public Status addResourceToGroup(String groupName, Object resource);
+
+    /**
+     * Remove a resource from a group
+     *
+     * @param groupName
+     *            the resource group
+     * @param resource
+     *            the resource object
+     * @return the status of the request
+     */
+    public Status removeResourceFromGroup(String groupName, Object resource);
+
+    /**
+     * Return whether the specified user has access to this application. In
+     * other words if the user is associated any roles belonging to this
+     * application.
+     *
+     * @param userName
+     *            the user name
+     * @return true if the user has access to this application's resources,
+     *         false otherwise
+     */
+    boolean isApplicationUser(String userName);
 }