@@ -208,10 +208,10 @@ default List<RoleDetail> getRoles() throws ExecutionException {
208208 }
209209
210210 /**
211- * Retrieves a list of {@link RoleDetail }s for the given user.
211+ * Retrieves a list of {@link UserRoleDetail }s for the given user.
212212 *
213213 * @param username the username
214- * @return a list of {@link RoleDetail }s for the given user
214+ * @return a list of {@link UserRoleDetail }s for the given user
215215 * @throws ExecutionException if the operation fails
216216 */
217217 default List <UserRoleDetail > getRolesForUser (String username ) throws ExecutionException {
@@ -223,7 +223,7 @@ default List<UserRoleDetail> getRolesForUser(String username) throws ExecutionEx
223223 *
224224 * @param username the username
225225 * @param roleName the role name
226- * @param withAdminOption if true, the user can grant the role to other users
226+ * @param withAdminOption if true, the user can grant the role to other users or roles
227227 * @throws IllegalArgumentException if the user does not exist or the role does not exist
228228 * @throws ExecutionException if the operation fails
229229 */
@@ -269,11 +269,13 @@ default List<UserRole> getUsersForRole(String roleName) throws ExecutionExceptio
269269 }
270270
271271 /**
272- * Grants a role to another role.
272+ * Grants a member role to a role. Users or roles that have the role will inherit all privileges
273+ * from the member role.
273274 *
274275 * @param roleName the role name
275- * @param memberRoleName the member role name
276- * @param withAdminOption if true, the member role can grant the role to other roles
276+ * @param memberRoleName the member role name to be granted to the role
277+ * @param withAdminOption if true, users or roles that have the role can grant the member role to
278+ * other users or roles
277279 * @throws IllegalArgumentException if the role does not exist or the member role does not exist
278280 * @throws ExecutionException if the operation fails
279281 */
@@ -401,7 +403,7 @@ interface User {
401403 boolean isSuperuser ();
402404 }
403405
404- /** Represents a role */
406+ /** Represents a role. */
405407 interface Role {
406408 String getName ();
407409 }
@@ -413,11 +415,19 @@ interface RoleDetail {
413415 List <RoleHierarchy > getRoleHierarchies ();
414416 }
415417
418+ /**
419+ * Represents a role detail for a specific user, including whether the user has admin option for
420+ * this role.
421+ */
416422 interface UserRoleDetail extends RoleDetail {
423+ /**
424+ * Returns whether the user has admin option for this role. This is distinct from the admin
425+ * option in role hierarchies, which applies to role-to-role grants.
426+ */
417427 boolean hasAdminOptionOnUser ();
418428 }
419429
420- /** Represents a user-role assignment */
430+ /** Represents a user-role assignment. */
421431 interface UserRole {
422432 String getUsername ();
423433
@@ -426,12 +436,15 @@ interface UserRole {
426436 boolean hasAdminOption ();
427437 }
428438
429- /** Represents a role hierarchy (role-to-role assignment) */
439+ /** Represents a role hierarchy (role-to-role assignment). */
430440 interface RoleHierarchy {
441+ /** Returns the role name. */
431442 String getRoleName ();
432443
444+ /** Returns the member role name granted to the role. */
433445 String getMemberRoleName ();
434446
447+ /** Returns whether admin option is granted for this hierarchy. */
435448 boolean hasAdminOption ();
436449 }
437450
0 commit comments