001 package de.deepamehta.plugins.accesscontrol.service;
002
003 import de.deepamehta.plugins.accesscontrol.model.AccessControlList;
004 import de.deepamehta.plugins.accesscontrol.model.Permissions;
005 import de.deepamehta.core.Association;
006 import de.deepamehta.core.DeepaMehtaObject;
007 import de.deepamehta.core.Topic;
008 import de.deepamehta.core.service.PluginService;
009
010 import java.util.Collection;
011
012
013
014 public interface AccessControlService extends PluginService {
015
016
017
018 // === Session ===
019
020 /**
021 * Checks weather the credentials in the authorization string match an existing User Account,
022 * and if so, creates an HTTP session. ### FIXDOC
023 *
024 * @param authHeader the authorization string containing the credentials. ### FIXDOC
025 * Formatted like a "Authorization" HTTP header value. That is, "Basic " appended by the
026 * Base64 encoded form of "{username}:{password}".
027 *
028 * @return ### FIXDOC: The username of the matched User Account (a Topic of type "Username" /
029 * <code>dm4.accesscontrol.username</code>), or <code>null</code> if there is no matching User Account.
030 */
031 void login();
032
033 /**
034 * Logs the user out. That is invalidating the session associated with the JSESSION ID cookie.
035 *
036 * For a "non-private" DM installation the response is 204 No Content.
037 * For a "private" DM installation the response is 401 Authorization Required. In this case the webclient is
038 * supposed to shutdown the DM GUI then. The webclient of a "private" DM installation must only be visible/usable
039 * when logged in.
040 */
041 void logout();
042
043
044
045 // === User ===
046
047 /**
048 * Returns the username of the logged in user.
049 *
050 * @return The username, or <code>null</code> if no user is logged in.
051 */
052 String getUsername();
053
054 /**
055 * Returns the "Username" topic for the specified username.
056 *
057 * @return The "Username" topic (type <code>dm4.accesscontrol.username</code>),
058 * or <code>null</code> if no such username exists.
059 */
060 Topic getUsername(String username);
061
062
063
064 // === Permissions ===
065
066 Permissions getTopicPermissions(long topicId);
067
068 Permissions getAssociationPermissions(long assocId);
069
070
071
072 // === Creator ===
073
074 /**
075 * Returns the creator of a topic or an association.
076 *
077 * @return The username of the creator, or <code>null</code> if no creator is set.
078 */
079 String getCreator(DeepaMehtaObject object);
080
081 /**
082 * Sets the creator of a topic or an association.
083 */
084 void setCreator(DeepaMehtaObject object, String username);
085
086
087
088 // === Owner ===
089
090 /**
091 * Returns the owner of a topic or an association.
092 *
093 * @return The username of the owner, or <code>null</code> if no owner is set.
094 */
095 String getOwner(DeepaMehtaObject object);
096
097 /**
098 * Sets the owner of a topic or an association.
099 */
100 void setOwner(DeepaMehtaObject object, String username);
101
102
103
104 // === Access Control List ===
105
106 /**
107 * Returns the Access Control List of a topic or an association.
108 *
109 * @return The Access Control List. If no one was set an empty Access Control List is returned.
110 */
111 AccessControlList getACL(DeepaMehtaObject object);
112
113 /**
114 * Sets the Access Control List for a topic or an association.
115 */
116 void setACL(DeepaMehtaObject object, AccessControlList acl);
117
118
119
120 // === Workspaces ===
121
122 void joinWorkspace(String username, long workspaceId);
123 void joinWorkspace(Topic username, long workspaceId);
124
125
126
127 // === Retrieval ===
128
129 Collection<Topic> getTopicsByCreator(String username);
130
131 Collection<Topic> getTopicsByOwner(String username);
132
133 Collection<Association> getAssociationsByCreator(String username);
134
135 Collection<Association> getAssociationsByOwner(String username);
136 }