|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface Role
Roles are hierarchical constructs that aggregate Permissions and other Roles and make it possible to compose a base set of Permissions in the following manner:
In other words, individual permissions can be aggregated into Roles focused on a single set of operations, as is the case of the ROLE_PRODUCT_MANAGER above. These focused Roles can in turn be composed into higher-level Roles which are closer to the Role of a Business Actor, as is the case for the ROLE_STORE_MANAGER above. Or, Roles and individual Permissions can be composed as is the case of the ROLE_SUPERVISOR.
When a Role is changed, all Roles that aggregate that Role will also change. So in the example above, if the 'Product Delete' permission is removed from the ROLE_PRODUCT_MANAGER, the permission will also be removed from the ROLE_STORE_MANAGER and ROLE_SUPERVISOR.
A Role may aggregate many sub-Roles and the same Role may be a direct sub-Role of various super Roles. This is necessary to provide utmost flexibility, and safeguards should be taken in the implementation to prevent looping condition that may result if a Role appears at multiple places in a given Role hierarchy.
Individual permissions are assigned to a Role via a map that is keyed by a PermissionContext
and which value is a long integer representing a bitmask of the permissions assigned.
The value of the map is then a value resulting from adding the values of the individual permissions; so in the case above, if the values 1,2,4,8 represent, respectively CREATE/READ/UPDATE/DELETE permissions, a Role with a value of 15 = 1+2+4+8 would have the ability to create, read, update and delete Products.
A Role could be queried for its Permissions via the syntax: >
role.hasPermissions('PRODUCT', 1) // READ perm in example above or role.hasPermissions('PRODUCT', 6) // READ/UPDATE perms in example above or role.hasPermissions('PRODUCT', 'READ') // accessing perm via String name unique in PermissionContext context
Method Summary | |
---|---|
String |
getDescription()
Human readable description of this Role |
String |
getName()
a unique short-hand name for this role |
List<Role> |
getRoles()
the sub-roles that this Role aggregates |
Integer |
getSortOrder()
default order in which this Role should be displayed in the context of a Role display |
boolean |
isEnabled()
whether or not this Role is useable in the system |
void |
setDescription(String description)
|
void |
setEnabled(boolean enabled)
|
void |
setName(String name)
|
void |
setRoles(List<Role> roles)
|
void |
setSortOrder(Integer sortOrder)
|
Methods inherited from interface org.janux.bus.security.PermissionsCapable |
---|
denyPermissions, getPermissionContexts, getPermissions, getPermissionsValue, grantPermissions, hasPermissions, hasPermissions, hasPermissions |
Method Detail |
---|
String getName()
void setName(String name)
String getDescription()
void setDescription(String description)
List<Role> getRoles()
void setRoles(List<Role> roles)
Integer getSortOrder()
getSortOrder
in interface Sorteable
void setSortOrder(Integer sortOrder)
setSortOrder
in interface Sorteable
boolean isEnabled()
void setEnabled(boolean enabled)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |