001/*
002 * (C) Copyright 2006-2011 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Nuxeo - initial API and implementation
018 *
019 * $Id$
020 */
021
022package org.nuxeo.ecm.core.api.security;
023
024import java.io.Serializable;
025import java.util.List;
026
027/**
028 * An ACL (Access Control List) is a list of ACEs (Access Control Entry).
029 * <p>
030 * An ACP may contain several ACL identified by a name. This is to let external modules add security rules. There are 2
031 * default ACLs:
032 * <ul>
033 * <li>the <code>local</code> ACL - this is the default type of ACL that may be defined by an user locally to a document
034 * (using a security UI). <br>
035 * This is the only ACL an user can change
036 * <li>the <code>inherited</code> - this is a special ACL generated by merging all document parents ACL. This ACL is
037 * read only (cannot be modified locally on the document since it is inherited.
038 * </ul>
039 * ACLs that are used by external modules cannot be modified by the user through the security UI. These ACLs should be
040 * modified only programmatically by the tool that added them.
041 *
042 * @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a>
043 */
044public interface ACL extends List<ACE>, Serializable, Cloneable {
045
046    String LOCAL_ACL = "local";
047
048    String INHERITED_ACL = "inherited";
049
050    /**
051     * Gets the ACL name.
052     *
053     * @return the ACL name
054     */
055    String getName();
056
057    /**
058     * Returns the ACEs defined by this list as an array.
059     */
060    ACE[] getACEs();
061
062    /**
063     * Sets the ACEs defined by this ACL.
064     *
065     * @param aces the ACE array
066     */
067    void setACEs(ACE[] aces);
068
069    /**
070     * Block the inheritance.
071     *
072     * @param username the user blocking the inheritance
073     * @return true if the ACL was changed.
074     * @since 7.4
075     */
076    boolean blockInheritance(String username);
077
078    /**
079     * Unblock the inheritance.
080     *
081     * @return true if the ACL was changed.
082     * @since 7.4
083     */
084    boolean unblockInheritance();
085
086    /**
087     * Add an ACE.
088     *
089     * @return true if the ACL was changed.
090     * @since 7.4
091     */
092    boolean add(ACE ace);
093
094    /**
095     * Replace the {@code oldACE} with {@code newACE}, only if the {@code oldACE} exists.
096     * <p>
097     * The {@code newACE} keeps the same index as {@code oldACE}.
098     *
099     * @return true if the ACL was changed.
100     * @since 7.4
101     */
102    boolean replace(ACE oldACE, ACE newACE);
103
104    /**
105     * Remove all ACEs for {@code username}.
106     *
107     * @return true if the ACL was changed.
108     * @since 7.4
109     */
110    boolean removeByUsername(String username);
111
112    /**
113     * Returns a recursive copy of the ACL sharing no mutable substructure with the original.
114     *
115     * @return a copy
116     */
117    Object clone();
118
119}