Package org.qubership.atp.auth.springbootstarter.security.permissions

Interface PolicyEnforcement

public interface PolicyEnforcement
Check access entry point.

  • Method Summary

    Modifier and Type
    Method
    Description
    default boolean
    checkAccess(String projectId, String action)
    This method is used if params are of String class instead of UUID and Action classes.
    default boolean
    checkAccess(String entityName, String projectId, String action)
    Performs evaluation of authorization policies using given entity name, current project and operation for currently authenticated user.
    boolean
    checkAccess(String entityName, Set<UUID> projectIdSet, String action)
    Performs evaluation of authorization policies using given entity name, set of projects and operation for currently authenticated user.
    boolean
    checkAccess(String entityName, Set<UUID> projectIdSet, Operation action)
    Performs evaluation of authorization policies using given entity name, set of projects and operation for currently authenticated user.
    default boolean
    checkAccess(String entityName, UUID projectId, String action)
    Performs evaluation of authorization policies using given entity name, current project and operation for currently authenticated user.
    default boolean
    checkAccess(String entityName, UUID projectId, Set<UUID> objectIds, String operation)
    Performs evaluation of authorization policies using given current project, set of objectIds and operation for currently authenticated user.
    boolean
    checkAccess(String entityName, UUID projectId, Set<UUID> objectIds, Operation operation)
    Performs evaluation of authorization policies using given current project, set of objectIds and operation for currently authenticated user.
    default boolean
    checkAccess(String entityName, UUID projectId, UUID objectId, String operation)
    Performs evaluation of authorization policies using given current project, objectId and operation for currently authenticated user.
    boolean
    checkAccess(String entityName, UUID projectId, UUID objectId, Operation operation)
    Performs evaluation of authorization policies using given current project, objectId and operation for currently authenticated user.
    boolean
    checkAccess(String entityName, UUID projectId, Operation action)
    Performs evaluation of authorization policies using given current project, entity name and operation for currently authenticated user.
    boolean
    checkAccess(Set<UUID> projectIdSet, String action)
    Performs evaluation of authorization policies using given set of projects and operation for currently authenticated user, execute checkAccess (UUID projectId, String action) for each project in the set.
    default boolean
    checkAccess(UUID projectId, String action)
    This method is used if params are of UUID and String classes instead of Action class.
    boolean
    checkAccess(UUID projectId, Operation action)
    Performs evaluation of authorization policies using given current project and operation for currently authenticated user.
    default boolean
    checkExternalAccess(String projectId, String action)
    Check external access permissions.
    boolean
    checkExternalAccess(String entityName, UUID projectId, Operation action)
    Performs evaluation of authorization policies using given current project, set of objectIds and operation for currently authenticated user.
    boolean
    checkPoliciesForOperation(String entityName, Project project, Operation operation)
    Check permissions to perform the operation against the entityName under the project.
    boolean
    checkPoliciesForOperation(Project project, Operation operation)
    Check policy for project.
    default Project
    getProjectEntityWithGroup(UUID projectId, List<UUID> leads, List<UUID> qaTaEngineers, List<UUID> devOpsEngineers, List<UUID> atpRunners, List<UUID> atpSupports, Permissions permissions)
    Create project entity with users fields.
    boolean
    isAdmin()
    Performs evaluation of authorization policies using user role.
    boolean
    isAuthenticated()
    Performs evaluation of authorization policies.
    boolean
    isExternal()
    Check if it's external access.
    boolean
    isSupport()
    Performs evaluation of authorization policies using user role.

  • Method Details

    • checkAccess

      default boolean checkAccess(String projectId, String action)
      This method is used if params are of String class instead of UUID and Action classes.
      Parameters:
      projectId - Project id
      action - Operation name (e.g. CREATE, READ, ...)
      Returns:
      permission (true - allowed, false - forbidden).

    • checkAccess

      default boolean checkAccess(UUID projectId, String action)
      This method is used if params are of UUID and String classes instead of Action class.
      Parameters:
      projectId - Project id
      action - Operation name (e.g. CREATE, READ, ...)
      Returns:
      permission (true - allowed, false - forbidden).

    • checkAccess

      boolean checkAccess(Set<UUID> projectIdSet, String action)
      Performs evaluation of authorization policies using given set of projects and operation for currently authenticated user, execute checkAccess (UUID projectId, String action) for each project in the set. If for at least one project checkAccess(UUID projectId, String action) return false, then the method will also return false.
      Parameters:
      projectIdSet - Set of Project ids
      action - Operation name (e.g. CREATE, READ, ...)
      Returns:
      permission (true - allowed, false - forbidden).

    • checkAccess

      boolean checkAccess(UUID projectId, Operation action)
      Performs evaluation of authorization policies using given current project and operation for currently authenticated user.
      Parameters:
      projectId - Project id
      action - Operation (e.g. CREATE, READ, ...)
      Returns:
      permission (true - allowed, false - forbidden).

    • checkAccess

      boolean checkAccess(String entityName, UUID projectId, Operation action)
      Performs evaluation of authorization policies using given current project, entity name and operation for currently authenticated user. This method is used if params are of UUID class and String class instead of Action class.
      Parameters:
      entityName - Name of entity class
      projectId - Project id
      action - Operation (e.g. CREATE, READ, ...)
      Returns:
      permission (true - allowed, false - forbidden).

    • checkAccess

      boolean checkAccess(String entityName, Set<UUID> projectIdSet, Operation action)
      Performs evaluation of authorization policies using given entity name, set of projects and operation for currently authenticated user.
      Parameters:
      entityName - Name of entity class
      projectIdSet - Set of Project ids
      action - Operation (e.g. CREATE, READ, ...)
      Returns:
      permission (true - allowed, false - forbidden).

    • checkAccess

      boolean checkAccess(String entityName, Set<UUID> projectIdSet, String action)
      Performs evaluation of authorization policies using given entity name, set of projects and operation for currently authenticated user.
      Parameters:
      entityName - Name of entity class
      projectIdSet - Set of Project ids
      action - Operation name (e.g. CREATE, READ, ...)
      Returns:
      permission (true - allowed, false - forbidden).

    • checkAccess

      default boolean checkAccess(String entityName, UUID projectId, String action)
      Performs evaluation of authorization policies using given entity name, current project and operation for currently authenticated user.
      Parameters:
      entityName - Name of entity class
      projectId - Project id
      action - Operation name (e.g. CREATE, READ, ...)
      Returns:
      permission (true - allowed, false - forbidden).

    • checkAccess

      default boolean checkAccess(String entityName, String projectId, String action)
      Performs evaluation of authorization policies using given entity name, current project and operation for currently authenticated user.
      Parameters:
      entityName - Name of entity class
      projectId - Project id
      action - Operation name (e.g. CREATE, READ, ...)
      Returns:
      permission (true - allowed, false - forbidden).

    • checkAccess

      boolean checkAccess(String entityName, UUID projectId, UUID objectId, Operation operation)
      Performs evaluation of authorization policies using given current project, objectId and operation for currently authenticated user.
      Parameters:
      entityName - Name of entity class
      projectId - Project id
      objectId - Object id
      operation - Operation (e.g. CREATE, READ, ...)
      Returns:
      permission (true - allowed, false - forbidden).

    • checkAccess

      default boolean checkAccess(String entityName, UUID projectId, UUID objectId, String operation)
      Performs evaluation of authorization policies using given current project, objectId and operation for currently authenticated user.
      Parameters:
      entityName - Name of entity class
      projectId - Project id
      objectId - Object id
      operation - Operation name (e.g. CREATE, READ, ...)
      Returns:
      permission (true - allowed, false - forbidden).

    • checkAccess

      boolean checkAccess(String entityName, UUID projectId, Set<UUID> objectIds, Operation operation)
      Performs evaluation of authorization policies using given current project, set of objectIds and operation for currently authenticated user.
      Parameters:
      entityName - Name of entity class
      projectId - Project id
      objectIds - Set of Object ids
      operation - Operation (e.g. CREATE, READ, ...)
      Returns:
      permission (true - allowed, false - forbidden).

    • checkAccess

      default boolean checkAccess(String entityName, UUID projectId, Set<UUID> objectIds, String operation)
      Performs evaluation of authorization policies using given current project, set of objectIds and operation for currently authenticated user.
      Parameters:
      entityName - Name of entity class
      projectId - Project id
      objectIds - Set of Object ids
      operation - Operation name (e.g. CREATE, READ, ...)
      Returns:
      permission (true - allowed, false - forbidden).

    • checkExternalAccess

      boolean checkExternalAccess(String entityName, UUID projectId, Operation action)
      Performs evaluation of authorization policies using given current project, set of objectIds and operation for currently authenticated user.
      Parameters:
      entityName - Name of entity class
      projectId - Project id
      action - Operation (e.g. CREATE, READ, ...)
      Returns:
      permission (true - allowed, false - forbidden).

    • checkExternalAccess

      default boolean checkExternalAccess(String projectId, String action)
      Check external access permissions.
      Parameters:
      projectId - Project id
      action - Operation name (e.g. CREATE, READ, ...)
      Returns:
      permission (true - allowed, false - forbidden).

    • isAdmin

      boolean isAdmin()
      Performs evaluation of authorization policies using user role.
      Returns:
      true if the user has admin rights, otherwise false.

    • isExternal

      boolean isExternal()
      Check if it's external access.
      Returns:
      true/false.

    • isSupport

      boolean isSupport()
      Performs evaluation of authorization policies using user role.
      Returns:
      true if the user has support rights, otherwise false.

    • isAuthenticated

      boolean isAuthenticated()
      Performs evaluation of authorization policies.
      Returns:
      true if the user is authenticated, otherwise false.

    • getProjectEntityWithGroup

      default Project getProjectEntityWithGroup(UUID projectId, List<UUID> leads, List<UUID> qaTaEngineers, List<UUID> devOpsEngineers, List<UUID> atpRunners, List<UUID> atpSupports, Permissions permissions)
      Create project entity with users fields.
      Parameters:
      projectId - Project id
      leads - list of leads IDs
      qaTaEngineers - list of QA/TA engineers IDs
      devOpsEngineers - list of devops engineers IDs
      atpRunners - list of atp runners IDs
      atpSupports - list of atp supports IDs
      permissions - Permissions object
      Returns:
      Project object.

    • checkPoliciesForOperation

      boolean checkPoliciesForOperation(Project project, Operation operation)
      Check policy for project.
      Parameters:
      project - Project object
      operation - Operation (e.g. CREATE, READ, ...)
      Returns:
      result of checking policy

    • checkPoliciesForOperation

      boolean checkPoliciesForOperation(String entityName, Project project, Operation operation)
      Check permissions to perform the operation against the entityName under the project.
      Parameters:
      entityName - Name of entity class
      project - Project object
      operation - Operation (e.g. CREATE, READ, ...)
      Returns:
      permission (true - allowed, false - forbidden).