001 /*
002 // $Id: //open/mondrian-release/3.0/src/main/mondrian/olap/Role.java#2 $
003 // This software is subject to the terms of the Common Public License
004 // Agreement, available at the following URL:
005 // http://www.opensource.org/licenses/cpl.html.
006 // Copyright (C) 2002-2002 Kana Software, Inc.
007 // Copyright (C) 2002-2007 Julian Hyde and others
008 // All Rights Reserved.
009 // You must accept the terms of that agreement to use this software.
010 //
011 // jhyde, Oct 5, 2002
012 */
013
014 package mondrian.olap;
015
016 /**
017 * A <code>Role</code> is a collection of access rights to cubes, permissions,
018 * and so forth.
019 *
020 * <p>At present, the only way to create a role is programmatically. You then
021 * add appropriate permissions, and associate the role with a connection.
022 * Queries executed for the duration of the connection will b.
023 *
024 * <p>Mondrian does not have any notion of a 'user'. It is the client
025 * application's responsibility to create a role appropriate for the user who
026 * is establishing the connection.
027 *
028 * @author jhyde
029 * @since Oct 5, 2002
030 * @version $Id: //open/mondrian-release/3.0/src/main/mondrian/olap/Role.java#2 $
031 */
032 public interface Role {
033
034 /**
035 * Returns the access this role has to a given schema.
036 *
037 * @pre schema != null
038 * @post return == Access.ALL || return == Access.NONE || return == Access.ALL_DIMENSIONS
039 */
040 Access getAccess(Schema schema);
041
042 /**
043 * Returns the access this role has to a given cube.
044 *
045 * @pre cube != null
046 * @post return == Access.ALL || return == Access.NONE
047 */
048 Access getAccess(Cube cube);
049
050 /**
051 * Represents the access that a role has to a particular hierarchy.
052 */
053 public interface HierarchyAccess {
054 /**
055 * Returns the access the current role has to a given member.
056 *
057 * <p>Visibility is:<ul>
058 * <li>{@link Access#NONE} if member is not visible,
059 * <li>{@link Access#ALL} if member and all children are visible,
060 * <li>{@link Access#CUSTOM} if some of the children are not visible.
061 * </ul></p>
062 *
063 * <p>For these purposes, children which are below the bottom level are
064 * regarded as visible.</p>
065 *
066 * @param member Member
067 * @return current role's access to member
068 */
069 Access getAccess(Member member);
070
071 /**
072 * Returns the depth of the highest level to which the current Role has
073 * access. The 'all' level, if present, has a depth of zero.
074 *
075 * @return depth of the highest accessible level
076 */
077 int getTopLevelDepth();
078
079 /**
080 * Returns the depth of the lowest level to which the current Role has
081 * access. The 'all' level, if present, has a depth of zero.
082 *
083 * @return depth of the lowest accessible level
084 */
085 int getBottomLevelDepth();
086
087 /**
088 * Returns the policy by which cell values are calculated if not all
089 * of a member's children are visible.
090 *
091 * @return rollup policy
092 */
093 RollupPolicy getRollupPolicy();
094
095 /**
096 * Returns <code>true</code> if at least one of the descendants of the
097 * given Member is inaccessible to this Role.
098 *
099 * <p>Descendants which are inaccessible because they are below the
100 * bottom level are ignored.
101 *
102 * @param member Member
103 * @return whether a descendant is inaccessible
104 */
105 boolean hasInaccessibleDescendants(Member member);
106 }
107
108 /**
109 * Returns the access this role has to a given dimension.
110 *
111 * @pre dimension != null
112 * @post Access.instance().isValid(return)
113 */
114 Access getAccess(Dimension dimension);
115
116 /**
117 * Returns the access this role has to a given hierarchy.
118 *
119 * @pre hierarchy != null
120 * @post return == Access.NONE || return == Access.ALL || return == Access.CUSTOM
121 */
122 Access getAccess(Hierarchy hierarchy);
123
124 /**
125 * Returns the details of this hierarchy's access, or null if the hierarchy
126 * has not been given explicit access.
127 *
128 * @pre hierarchy != null
129 */
130 HierarchyAccess getAccessDetails(Hierarchy hierarchy);
131
132 /**
133 * Returns the access this role has to a given level.
134 *
135 * @pre level != null
136 * @post Access.instance().isValid(return)
137 */
138 Access getAccess(Level level);
139
140 /**
141 * Returns the access this role has to a given member.
142 *
143 * @pre member != null
144 * @pre isMutable()
145 * @post return == Access.NONE || return == Access.ALL || return == Access.CUSTOM
146 */
147 Access getAccess(Member member);
148
149 /**
150 * Returns the access this role has to a given named set.
151 *
152 * @pre set != null
153 * @pre isMutable()
154 * @post return == Access.NONE || return == Access.ALL
155 */
156 Access getAccess(NamedSet set);
157
158 /**
159 * Returns whether this role is allowed to see a given element.
160 * @pre olapElement != null
161 */
162 boolean canAccess(OlapElement olapElement);
163
164 /**
165 * Enumeration of the policies by which a cell is calculated if children
166 * of a member are not accessible.
167 */
168 enum RollupPolicy {
169 /**
170 * The value of the cell is null if any of the children are
171 * inaccessible.
172 */
173 HIDDEN,
174
175 /**
176 * The value of the cell is obtained by rolling up the values of
177 * accessible children.
178 */
179 PARTIAL,
180
181 /**
182 * The value of the cell is obtained by rolling up the values of all
183 * children.
184 */
185 FULL,
186
187 }
188 }
189
190 // End Role.java