This repository was archived by the owner on May 29, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 51
Expand file tree
/
Copy pathPFACL.h
More file actions
198 lines (158 loc) · 6.49 KB
/
PFACL.h
File metadata and controls
198 lines (158 loc) · 6.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
// PFACL.h
// Copyright 2011 Parse, Inc. All rights reserved.
#import <Foundation/Foundation.h>
@class PFUser;
@class PFRole;
/*!
A PFACL is used to control which users can access or modify a particular
object. Each PFObject can have its own PFACL. You can grant
read and write permissions separately to specific users, to groups of users
that belong to roles, or you can grant permissions to "the public" so that,
for example, any user could read a particular object but only a particular
set of users could write to that object.
*/
@interface PFACL : NSObject <NSCopying>
/** @name Creating an ACL */
/*!
Creates an ACL with no permissions granted.
*/
+ (PFACL *)ACL;
/*!
Creates an ACL where only the provided user has access.
*/
+ (PFACL *)ACLWithUser:(PFUser *)user;
/** @name Controlling Public Access */
/*!
Set whether the public is allowed to read this object.
*/
- (void)setPublicReadAccess:(BOOL)allowed;
/*!
Gets whether the public is allowed to read this object.
*/
- (BOOL)getPublicReadAccess;
/*!
Set whether the public is allowed to write this object.
*/
- (void)setPublicWriteAccess:(BOOL)allowed;
/*!
Gets whether the public is allowed to write this object.
*/
- (BOOL)getPublicWriteAccess;
/** @name Controlling Access Per-User */
/*!
Set whether the given user id is allowed to read this object.
*/
- (void)setReadAccess:(BOOL)allowed forUserId:(NSString *)userId;
/*!
Gets whether the given user id is *explicitly* allowed to read this object.
Even if this returns NO, the user may still be able to access it if getPublicReadAccess returns YES
or if the user belongs to a role that has access.
*/
- (BOOL)getReadAccessForUserId:(NSString *)userId;
/*!
Set whether the given user id is allowed to write this object.
*/
- (void)setWriteAccess:(BOOL)allowed forUserId:(NSString *)userId;
/*!
Gets whether the given user id is *explicitly* allowed to write this object.
Even if this returns NO, the user may still be able to write it if getPublicWriteAccess returns YES
or if the user belongs to a role that has access.
*/
- (BOOL)getWriteAccessForUserId:(NSString *)userId;
/*!
Set whether the given user is allowed to read this object.
*/
- (void)setReadAccess:(BOOL)allowed forUser:(PFUser *)user;
/*!
Gets whether the given user is *explicitly* allowed to read this object.
Even if this returns NO, the user may still be able to access it if getPublicReadAccess returns YES
or if the user belongs to a role that has access.
*/
- (BOOL)getReadAccessForUser:(PFUser *)user;
/*!
Set whether the given user is allowed to write this object.
*/
- (void)setWriteAccess:(BOOL)allowed forUser:(PFUser *)user;
/*!
Gets whether the given user is *explicitly* allowed to write this object.
Even if this returns NO, the user may still be able to write it if getPublicWriteAccess returns YES
or if the user belongs to a role that has access.
*/
- (BOOL)getWriteAccessForUser:(PFUser *)user;
/** @name Controlling Access Per-Role */
/*!
Get whether users belonging to the role with the given name are allowed
to read this object. Even if this returns false, the role may still
be able to read it if a parent role has read access.
@param name The name of the role.
@return YES if the role has read access. NO otherwise.
*/
- (BOOL)getReadAccessForRoleWithName:(NSString *)name;
/*!
Set whether users belonging to the role with the given name are allowed
to read this object.
@param name The name of the role.
@param allowed Whether the given role can read this object.
*/
- (void)setReadAccess:(BOOL)allowed forRoleWithName:(NSString *)name;
/*!
Get whether users belonging to the role with the given name are allowed
to write this object. Even if this returns false, the role may still
be able to write it if a parent role has write access.
@param name The name of the role.
@return YES if the role has read access. NO otherwise.
*/
- (BOOL)getWriteAccessForRoleWithName:(NSString *)name;
/*!
Set whether users belonging to the role with the given name are allowed
to write this object.
@param name The name of the role.
@param allowed Whether the given role can write this object.
*/
- (void)setWriteAccess:(BOOL)allowed forRoleWithName:(NSString *)name;
/*!
Get whether users belonging to the given role are allowed to read this
object. Even if this returns NO, the role may still be able to
read it if a parent role has read access. The role must already be saved on
the server and its data must have been fetched in order to use this method.
@param role The name of the role.
@return YES if the role has read access. NO otherwise.
*/
- (BOOL)getReadAccessForRole:(PFRole *)role;
/*!
Set whether users belonging to the given role are allowed to read this
object. The role must already be saved on the server and its data must have
been fetched in order to use this method.
@param role The role to assign access.
@param allowed Whether the given role can read this object.
*/
- (void)setReadAccess:(BOOL)allowed forRole:(PFRole *)role;
/*!
Get whether users belonging to the given role are allowed to write this
object. Even if this returns NO, the role may still be able to
write it if a parent role has write access. The role must already be saved on
the server and its data must have been fetched in order to use this method.
@param role The name of the role.
@return YES if the role has write access. NO otherwise.
*/
- (BOOL)getWriteAccessForRole:(PFRole *)role;
/*!
Set whether users belonging to the given role are allowed to write this
object. The role must already be saved on the server and its data must have
been fetched in order to use this method.
@param role The role to assign access.
@param allowed Whether the given role can write this object.
*/
- (void)setWriteAccess:(BOOL)allowed forRole:(PFRole *)role;
/** @name Setting Access Defaults */
/*!
Sets a default ACL that will be applied to all PFObjects when they are created.
@param acl The ACL to use as a template for all PFObjects created after setDefaultACL has been called.
This value will be copied and used as a template for the creation of new ACLs, so changes to the
instance after setDefaultACL has been called will not be reflected in new PFObjects.
@param currentUserAccess If true, the PFACL that is applied to newly-created PFObjects will
provide read and write access to the currentUser at the time of creation. If false,
the provided ACL will be used without modification. If acl is nil, this value is ignored.
*/
+ (void)setDefaultACL:(PFACL *)acl withAccessForCurrentUser:(BOOL)currentUserAccess;
@end