001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 package org.apache.directory.server.core.authz.support; 021 022 023 import java.util.Collection; 024 025 import javax.naming.NamingException; 026 027 import org.apache.directory.server.core.interceptor.context.OperationContext; 028 import org.apache.directory.shared.ldap.aci.ACITuple; 029 import org.apache.directory.shared.ldap.aci.MicroOperation; 030 import org.apache.directory.shared.ldap.constants.AuthenticationLevel; 031 import org.apache.directory.shared.ldap.entry.ServerEntry; 032 import org.apache.directory.shared.ldap.entry.Value; 033 import org.apache.directory.shared.ldap.name.DN; 034 import org.apache.directory.shared.ldap.schema.SchemaManager; 035 036 037 /** 038 * An interface that filters the specified collection of tuples using the 039 * specified extra information. 040 * 041 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 042 * @version $Rev: 927146 $, $Date: 2010-03-24 19:39:54 +0100 (Wed, 24 Mar 2010) $ 043 * 044 */ 045 public interface ACITupleFilter 046 { 047 /** 048 * Returns the collection of the filtered tuples using the specified 049 * extra information. 050 * 051 * @param tuples the collection of tuples to filter 052 * @param scope the scope of the operation to be performed 053 * @param proxy the proxy interceptor for this filter to access the DIT 054 * @param userGroupNames the collection of group ({@link DN})s which the current user belongs to 055 * @param userName the {@link DN} of the current user 056 * @param userEntry the {@link ServerEntry} of the current user entry in the DIT 057 * @param authenticationLevel the level of authentication of the current user 058 * @param entryName the {@link DN} of the entry the current user accesses 059 * @param attrId the attribute ID the current user accesses 060 * @param attrValue the value of the attribute the current user accesses 061 * @param entry the {@link ServerEntry} of the entry the current user accesses 062 * @param microOperations the set of {@link MicroOperation}s the current user will perform 063 * @param entryView in case of a Modify operation, view of the entry being modified as if the modification permitted and completed 064 * @return the collection of filtered tuples 065 * @throws NamingException if failed to filter the specific tuples 066 */ 067 Collection<ACITuple> filter( 068 SchemaManager schemaManager, 069 Collection<ACITuple> tuples, 070 OperationScope scope, 071 OperationContext opContext, 072 Collection<DN> userGroupNames, 073 DN userName, 074 ServerEntry userEntry, 075 AuthenticationLevel authenticationLevel, 076 DN entryName, 077 String attrId, 078 Value<?> attrValue, 079 ServerEntry entry, 080 Collection<MicroOperation> microOperations, 081 ServerEntry entryView ) 082 throws Exception; 083 }