001 package de.deepamehta.plugins.accesscontrol.service; 002 003 import de.deepamehta.plugins.accesscontrol.model.AccessControlList; 004 import de.deepamehta.plugins.accesscontrol.model.Permissions; 005 import de.deepamehta.core.Association; 006 import de.deepamehta.core.DeepaMehtaObject; 007 import de.deepamehta.core.Topic; 008 import de.deepamehta.core.service.PluginService; 009 010 import java.util.Collection; 011 012 013 014 public interface AccessControlService extends PluginService { 015 016 017 018 // === Session === 019 020 /** 021 * Checks weather the credentials in the authorization string match an existing User Account, 022 * and if so, creates an HTTP session. ### FIXDOC 023 * 024 * @param authHeader the authorization string containing the credentials. ### FIXDOC 025 * Formatted like a "Authorization" HTTP header value. That is, "Basic " appended by the 026 * Base64 encoded form of "{username}:{password}". 027 * 028 * @return ### FIXDOC: The username of the matched User Account (a Topic of type "Username" / 029 * <code>dm4.accesscontrol.username</code>), or <code>null</code> if there is no matching User Account. 030 */ 031 void login(); 032 033 /** 034 * Logs the user out. That is invalidating the session associated with the JSESSION ID cookie. 035 * 036 * For a "non-private" DM installation the response is 204 No Content. 037 * For a "private" DM installation the response is 401 Authorization Required. In this case the webclient is 038 * supposed to shutdown the DM GUI then. The webclient of a "private" DM installation must only be visible/usable 039 * when logged in. 040 */ 041 void logout(); 042 043 044 045 // === User === 046 047 /** 048 * Returns the username of the logged in user. 049 * 050 * @return The username, or <code>null</code> if no user is logged in. 051 */ 052 String getUsername(); 053 054 /** 055 * Returns the "Username" topic for the specified username. 056 * 057 * @return The "Username" topic (type <code>dm4.accesscontrol.username</code>), 058 * or <code>null</code> if no such username exists. 059 */ 060 Topic getUsername(String username); 061 062 063 064 // === Permissions === 065 066 Permissions getTopicPermissions(long topicId); 067 068 Permissions getAssociationPermissions(long assocId); 069 070 071 072 // === Creator === 073 074 /** 075 * Returns the creator of a topic or an association. 076 * 077 * @return The username of the creator, or <code>null</code> if no creator is set. 078 */ 079 String getCreator(DeepaMehtaObject object); 080 081 /** 082 * Sets the creator of a topic or an association. 083 */ 084 void setCreator(DeepaMehtaObject object, String username); 085 086 087 088 // === Owner === 089 090 /** 091 * Returns the owner of a topic or an association. 092 * 093 * @return The username of the owner, or <code>null</code> if no owner is set. 094 */ 095 String getOwner(DeepaMehtaObject object); 096 097 /** 098 * Sets the owner of a topic or an association. 099 */ 100 void setOwner(DeepaMehtaObject object, String username); 101 102 103 104 // === Access Control List === 105 106 /** 107 * Returns the Access Control List of a topic or an association. 108 * 109 * @return The Access Control List. If no one was set an empty Access Control List is returned. 110 */ 111 AccessControlList getACL(DeepaMehtaObject object); 112 113 /** 114 * Sets the Access Control List for a topic or an association. 115 */ 116 void setACL(DeepaMehtaObject object, AccessControlList acl); 117 118 119 120 // === Workspaces === 121 122 void joinWorkspace(String username, long workspaceId); 123 void joinWorkspace(Topic username, long workspaceId); 124 125 126 127 // === Retrieval === 128 129 Collection<Topic> getTopicsByCreator(String username); 130 131 Collection<Topic> getTopicsByOwner(String username); 132 133 Collection<Association> getAssociationsByCreator(String username); 134 135 Collection<Association> getAssociationsByOwner(String username); 136 }