/*
    * (C) Copyright 1989-2011 Trend Micro, Inc.
    * All Rights Reserved.
    *
    * This program is an unpublished copyrighted work which is proprietary
    * to Trend Micro, Inc. and contains confidential information that is not
    * to be reproduced or disclosed to any other person or entity without
    * prior written consent from Trend Micro, Inc. in each and every instance.
    *
   * WARNING:  Unauthorized reproduction of this program as well as
   * unauthorized preparation of derivative works based upon the
   * program or distribution of copies by sale, rental, lease or
   * lending are violations of federal copyright laws and state trade
   * secret laws, punishable by civil and criminal penalties.
   */
  
  package com.trendmicro.grid.acl.l0;
  
  /**
   * Enumerates all known role names.
   *
   * @author Juergen_Kellerer, 2011-04-14
   * @version 1.0
   */
  public class KnownRoles {
  	/**
  	 * Controls the general access to any details (= all data types containing metadata)
  	 */
  	public static final String ROLE_ACCESS_DETAILS = "access.details";
  
  	/**
  	 * Controls the general access to the protected services (aka. "/internal/")
  	 */
  	public static final String ROLE_ACCESS_PROTECTED_SERVICES = "access.protected.services";
  
  	/**
  	 * Controls whether, hash based queries can be executed.
  	 */
  	public static final String ROLE_RUN_HASH_QUERIES = "run.hash.queries";
  
  	/**
  	 * Controls whether tag matching queries can be executed.
  	 * <br/>
  	 * <b>Notes:</b><ul>
  	 * <li>Methods that match tags by hashes like
  	 * {@link FileService#isFilesTaggedWithAll(BatchCollection, String[]) isFilesTaggedWithAll(..)} do not fall under this role as the
  	 * primary query key is hash not tag in such queries.</li>
  	 * <li>Methods that require this role are in general more expensive to execute than hash based methods.
  	 * This expensiveness originates in the higher cardinality of tag matching indexes.</li>
  	 * </ul>
  	 */
  	public static final String ROLE_RUN_TAG_MATCHING_QUERIES = "run.tag.matching.queries";
  
  	/**
  	 * Controls whether file packages can be queried.
  	 */
  	public static final String ROLE_RUN_PACKAGE_QUERIES = "run.package.queries";
  
  	/**
  	 * Controls whether categorization queries can be executed.
  	 */
  	public static final String ROLE_RUN_CATEGORIZATION_QUERIES = "run.categorization.queries";
  
  	/**
  	 * Controls whether complex queries can be executed.
  	 * <p/>
  	 * Any query that allows retrieving relationships or does not fall under one of the other categories is considered a complex query.
  	 * From a performance standpoint, complex queries are typically less expensive than tag matching queries except if the
  	 * relationships are huge and require fetching many pages.
  	 */
  	public static final String ROLE_RUN_COMPLEX_QUERIES = "run.complex.queries";
  
  	/**
  	 * Controls whether a previously processed file can be downloaded.
  	 */
  	public static final String ROLE_ACCESS_BINARY_CONTENT = "access.binary.content";
  
  	/**
  	 * Controls whether a file can be sent (created) for processing.
  	 */
  	public static final String ROLE_CREATE_BINARY_CONTENT = "create.binary.content";
  
  	/**
  	 * Controls whether new or existing content can be processed or reprocessed.
  	 *
  	 * Note: Users that were granted this role but not "create.binary.content" can trigger reprocessing on previously
  	 * stored content but cannot add new content.
  	 */
  	public static final String ROLE_PROCESS_CONTENT = "process.content";
  
  	/**
  	 * Controls whether management tasks like clearing caches can be executed.
  	 *
  	 * @since 1.2.2
  	 */
  	public static final String ROLE_MANAGE = "manage";
  
  	/**
  	 * Controls whether the user audit log can be accessed.
 	 *
 	 * @since 1.3
 	 */
 	public static final String ROLE_ACCESS_AUDIT_LOG = "access.audit.log";
 
 	private KnownRoles() {
 	}
 }