3 * Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
5 * This program and the accompanying materials are made available under the
6 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
7 * and is available at http://www.eclipse.org/legal/epl-v10.html
10 package org.opendaylight.controller.sal.authorization;
12 import java.util.List;
15 import org.opendaylight.controller.sal.utils.Status;
18 * Interface for applications which maintain an authorization
19 * database for their resources. Respective application web bundle
20 * and User Manager make use of this interface to retrieve
21 * authorization information at user or and role level.
23 public interface IResourceAuthorization {
26 * Create a Role name for the application
28 * @param role the role name
29 * @param userLevel the user level in the application context
30 * @return the status of the request
32 public Status createRole(String role, AppRoleLevel userLevel);
37 * @param role the role name
38 * @return the status of the request
40 public Status removeRole(String role);
43 * Return the list of roles configured for the application
45 * @return the list of roles
47 public List<String> getRoles();
50 * Returns the application role level for the specified role. If the role is
51 * not known to this application NOUSER will be returned as specified in
52 * {@link AppRoleLevel}
55 * the role name to query
56 * @return the application level of the given role in the application
57 * context as specified by {@link AppRoleLevel}. If the role is not
58 * part of this application's roles, NOUSER is returned.
60 public AppRoleLevel getApplicationRoleLevel(String roleName);
63 * Returns whether the specified role is part of this application's roles
65 * @param roleName the role name to test
66 * @return true if the role belongs to this application, false otherwise
68 public boolean isApplicationRole(String roleName);
71 * Create a resource group for application
73 * @param groupName the name for the resource group
74 * @param resources the list of resources for the group
75 * @return the status of the request
77 public Status createResourceGroup(String groupName, List<Object> resources);
80 * Removes a resource group
82 * @param groupName the name of the group
83 * @return the status of the request
85 public Status removeResourceGroup(String groupName);
88 * Returns the list of resource groups configured for the application
90 * @return the list of resource group names
92 public List<String> getResourceGroups();
95 * Assign a resource group to a role
97 * @param groupName the name of the resource group
98 * @param privilege the access privilege role will have on the resource group
99 * @param role the role name
100 * @return the status of the request
103 public Status assignResourceGroupToRole(String groupName,
104 Privilege privilege, String role);
107 * Assign a resource group to a role. The access privilege on the resources
108 * is inferred by the AppRoleLevel associated to role.
110 * @param groupName the name of the resource group
111 * @param role the role name
112 * @return the status of the request
114 public Status assignResourceGroupToRole(String groupName, String role);
117 * Unassign the passed resource group from the specified role
119 * @param groupName the name of the resource group
120 * @param role the role name
121 * @return the status of the request
123 public Status unassignResourceGroupFromRole(String groupName, String role);
126 * Returns the list of resource groups the given Role is authorized to use
127 * The returning object expresses the resource group name and the access
128 * its privilege for the given user role
130 * @param role the role name
131 * @return list of resources
133 public List<ResourceGroup> getAuthorizedGroups(String role);
136 * Returns the list of resources contained in the given resource group
138 * @param groupName the resource group name
141 public List<Object> getResources(String groupName);
144 * Returns the list of authorized resources for the given role
145 * For each resource only the highest privilege occurrence is returned
146 * @param role the role name
147 * @return the list of Resource
149 public List<Resource> getAuthorizedResources(String role);
155 * Returns the controller user role level the passed user name is associated with
157 * @param userName the user name
158 * @return the user role level as specified in {@link UserLevel}
160 public UserLevel getUserLevel(String userName);
163 * Returns the application context user role level the passed user name is associated with
165 * @param userName the user name
166 * @return the user role level as specified in {@link AppRoleLevel}
168 public AppRoleLevel getUserApplicationLevel(String userName);
171 * Returns the list of resources (resource + privilege) associated
172 * with the passed user name for this application context
173 * For each resource only the highest privilege occurrence is returned
175 * @param userName the user name
176 * @return the list of resources associated with this user name in this application context
178 public Set<Resource> getAllResourcesforUser(String userName);
181 * Returns the highest privilege that the user has on the specified
182 * resource in this application context
184 * @param userName the user name
185 * @param resource the given resource
186 * @return the privilege the user has on the passed resource
188 public Privilege getResourcePrivilege(String userName, Object resource);