001    /**
002     * Copyright 2005-2013 The Kuali Foundation
003     *
004     * Licensed under the Educational Community License, Version 2.0 (the "License");
005     * you may not use this file except in compliance with the License.
006     * You may obtain a copy of the License at
007     *
008     * http://www.opensource.org/licenses/ecl2.php
009     *
010     * Unless required by applicable law or agreed to in writing, software
011     * distributed under the License is distributed on an "AS IS" BASIS,
012     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013     * See the License for the specific language governing permissions and
014     * limitations under the License.
015     */
016    package org.kuali.rice.krad.bo;
017    
018    import java.util.Map;
019    
020    /**
021     * Invoked to authorize actions requested on data objects (such as edit or view)
022     *
023     * @author Kuali Rice Team (rice.collab@kuali.org)
024     */
025    public interface DataObjectAuthorizer {
026    
027        /**
028         * Determines whether the user identified by the given principal ID has the given permission in the context
029         * of the data object
030         *
031         * @param dataObject
032         * @param namespaceCode
033         * @param permissionName
034         * @param principalId
035         * @return boolean true if the user is authorized, false if not
036         */
037        public boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName, String principalId);
038    
039        /**
040         * Determines whether the user identified by the given principal ID has been granted a permission of the given
041         * template in the context of the data object
042         *
043         * @param dataObject
044         * @param namespaceCode
045         * @param permissionTemplateName
046         * @param principalId
047         * @return boolean true if the user is authorized, false if not
048         */
049        public boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
050                String principalId);
051    
052        /**
053         * Determines whether the user identified by the given principal ID has the given permission in the context
054         * of the data object, the additional permission details and role qualifiers are used for the check
055         *
056         * @param dataObject
057         * @param namespaceCode
058         * @param permissionName
059         * @param principalId
060         * @param additionalPermissionDetails
061         * @param additionalRoleQualifiers
062         * @return boolean true if the user is authorized, false if not
063         */
064        public boolean isAuthorized(Object dataObject, String namespaceCode, String permissionName, String principalId,
065                Map<String, String> additionalPermissionDetails, Map<String, String> additionalRoleQualifiers);
066    
067        /**
068         * Determines whether the user identified by the given principal ID has been granted a permission of the given
069         * template in the context of the data object, the additional permission details and role qualifiers are used for
070         * the check
071         *
072         * @param dataObject
073         * @param namespaceCode
074         * @param permissionTemplateName
075         * @param principalId
076         * @param additionalPermissionDetails
077         * @param additionalRoleQualifiers
078         * @return boolean true if the user is authorized, false if not
079         */
080        public boolean isAuthorizedByTemplate(Object dataObject, String namespaceCode, String permissionTemplateName,
081                String principalId, Map<String, String> additionalPermissionDetails,
082                Map<String, String> additionalRoleQualifiers);
083    
084    }