001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements. See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership. The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied. See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 *
019 */
020 package org.apache.directory.server.core.authz.support;
021
022
023 import java.util.Collection;
024
025 import javax.naming.NamingException;
026
027 import org.apache.directory.server.core.interceptor.context.OperationContext;
028 import org.apache.directory.shared.ldap.aci.ACITuple;
029 import org.apache.directory.shared.ldap.aci.MicroOperation;
030 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
031 import org.apache.directory.shared.ldap.entry.ServerEntry;
032 import org.apache.directory.shared.ldap.entry.Value;
033 import org.apache.directory.shared.ldap.name.DN;
034 import org.apache.directory.shared.ldap.schema.SchemaManager;
035
036
037 /**
038 * An interface that filters the specified collection of tuples using the
039 * specified extra information.
040 *
041 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
042 * @version $Rev: 927146 $, $Date: 2010-03-24 20:39:54 +0200 (Wed, 24 Mar 2010) $
043 *
044 */
045 public interface ACITupleFilter
046 {
047 /**
048 * Returns the collection of the filtered tuples using the specified
049 * extra information.
050 *
051 * @param tuples the collection of tuples to filter
052 * @param scope the scope of the operation to be performed
053 * @param proxy the proxy interceptor for this filter to access the DIT
054 * @param userGroupNames the collection of group ({@link DN})s which the current user belongs to
055 * @param userName the {@link DN} of the current user
056 * @param userEntry the {@link ServerEntry} of the current user entry in the DIT
057 * @param authenticationLevel the level of authentication of the current user
058 * @param entryName the {@link DN} of the entry the current user accesses
059 * @param attrId the attribute ID the current user accesses
060 * @param attrValue the value of the attribute the current user accesses
061 * @param entry the {@link ServerEntry} of the entry the current user accesses
062 * @param microOperations the set of {@link MicroOperation}s the current user will perform
063 * @param entryView in case of a Modify operation, view of the entry being modified as if the modification permitted and completed
064 * @return the collection of filtered tuples
065 * @throws NamingException if failed to filter the specific tuples
066 */
067 Collection<ACITuple> filter(
068 SchemaManager schemaManager,
069 Collection<ACITuple> tuples,
070 OperationScope scope,
071 OperationContext opContext,
072 Collection<DN> userGroupNames,
073 DN userName,
074 ServerEntry userEntry,
075 AuthenticationLevel authenticationLevel,
076 DN entryName,
077 String attrId,
078 Value<?> attrValue,
079 ServerEntry entry,
080 Collection<MicroOperation> microOperations,
081 ServerEntry entryView )
082 throws Exception;
083 }