*
* @param role the role name
* @param userLevel the user level in the application context
- * @return the status of the request
- */
+ * @return the status of the request
+ */
public Status createRole(String role, AppRoleLevel userLevel);
/**
public List<String> getRoles();
/**
- * Returns the application role level for the specified role
- * If the role is not known to this application <code>NOUSER<code>
- * will be returned as specified in {@link AppRoleLevel}
+ * Returns the application role level for the specified role. If the role is
+ * not known to this application NOUSER will be returned as specified in
+ * {@link AppRoleLevel}
*
- * @param roleName the role name to query
- * @return the application level of the given role in the application context as specified by {@link AppRoleLevel}
- * if the role is not part of this application's roles, <code>NOUSER<code> is returned
+ * @param roleName
+ * the role name to query
+ * @return the application level of the given role in the application
+ * context as specified by {@link AppRoleLevel}. If the role is not
+ * part of this application's roles, NOUSER is returned.
*/
public AppRoleLevel getApplicationRoleLevel(String roleName);
public boolean isApplicationRole(String roleName);
/**
- * Create a resource group for application
+ * Create a resource group for application.
*
- * @param groupName the name for the resource group
- * @param resources the list of resources for the group
+ * NOTE: Resource addition is "best effort", if an object is not of correct type,
+ * it is discarded.
+ *
+ * @param groupName
+ * the name for the resource group
+ * @param resources
+ * the list of resources for the group
* @return the status of the request
*/
public Status createResourceGroup(String groupName, List<Object> resources);
/**
* Unassign the passed resource group from the specified role
*
- * @param group
- * @param role
+ * @param groupName the name of the resource group
+ * @param role the role name
* @return the status of the request
*/
- public Status unassignResourceGroupFromRole(String group, String role);
+ public Status unassignResourceGroupFromRole(String groupName, String role);
/**
* Returns the list of resource groups the given Role is authorized to use
* The returning object expresses the resource group name and the access
* its privilege for the given user role
*
- * @param role
+ * @param role the role name
* @return list of resources
*/
public List<ResourceGroup> getAuthorizedGroups(String role);
/**
* Returns the list of authorized resources for the given role
* For each resource only the highest privilege occurrence is returned
- * @param role
+ * @param role the role name
* @return the list of Resource
*/
public List<Resource> getAuthorizedResources(String role);
* Returns the highest privilege that the user has on the specified
* resource in this application context
*
- * @param userName
- * @param resource
+ * @param userName the user name
+ * @param resource the given resource
* @return the privilege the user has on the passed resource
*/
public Privilege getResourcePrivilege(String userName, Object resource);
+ /**
+ * Add a resource to a group
+ *
+ * @param groupName
+ * the resource group
+ * @param resource
+ * the resource object
+ * @return the status of the request
+ */
+ public Status addResourceToGroup(String groupName, Object resource);
+
+ /**
+ * Remove a resource from a group
+ *
+ * @param groupName
+ * the resource group
+ * @param resource
+ * the resource object
+ * @return the status of the request
+ */
+ public Status removeResourceFromGroup(String groupName, Object resource);
+
+ /**
+ * Return whether the specified user has access to this application. In
+ * other words if the user is associated any roles belonging to this
+ * application.
+ *
+ * @param userName
+ * the user name
+ * @return true if the user has access to this application's resources,
+ * false otherwise
+ */
+ boolean isApplicationUser(String userName);
}