001 package de.deepamehta.plugins.accesscontrol.service; 002 003 import de.deepamehta.core.Association; 004 import de.deepamehta.core.Topic; 005 import de.deepamehta.core.service.PluginService; 006 import de.deepamehta.core.service.accesscontrol.Credentials; 007 import de.deepamehta.core.service.accesscontrol.Permissions; 008 import de.deepamehta.core.service.accesscontrol.SharingMode; 009 010 import java.util.Collection; 011 012 013 014 public interface AccessControlService extends PluginService { 015 016 // ------------------------------------------------------------------------------------------------------- Constants 017 018 // Admin user account 019 static final String ADMIN_USERNAME = "admin"; 020 static final String ADMIN_DEFAULT_PASSWORD = ""; 021 022 // System workspace 023 static final String SYSTEM_WORKSPACE_NAME = "System"; 024 static final String SYSTEM_WORKSPACE_URI = "dm4.workspaces.system"; 025 static final SharingMode SYSTEM_WORKSPACE_SHARING_MODE = SharingMode.PUBLIC; 026 027 // Private workspaces 028 static final String DEFAULT_PRIVATE_WORKSPACE_NAME = "Private Workspace"; 029 030 // -------------------------------------------------------------------------------------------------- Public Methods 031 032 033 034 // === User Session === 035 036 /** 037 * Checks weather the credentials in the authorization string match an existing User Account, 038 * and if so, creates an HTTP session. ### FIXDOC 039 * 040 * @param authHeader the authorization string containing the credentials. ### FIXDOC 041 * Formatted like a "Authorization" HTTP header value. That is, "Basic " appended by the 042 * Base64 encoded form of "{username}:{password}". 043 * 044 * @return ### FIXDOC: The username of the matched User Account (a Topic of type "Username" / 045 * <code>dm4.accesscontrol.username</code>), or <code>null</code> if there is no matching User Account. 046 */ 047 void login(); 048 049 /** 050 * Logs the user out. That is invalidating the session associated with the JSESSION ID cookie. 051 * 052 * For a "non-private" DM installation the response is 204 No Content. 053 * For a "private" DM installation the response is 401 Authorization Required. In this case the webclient is 054 * supposed to shutdown the DM GUI then. The webclient of a "private" DM installation must only be visible/usable 055 * when logged in. 056 */ 057 void logout(); 058 059 // --- 060 061 /** 062 * Returns the username of the logged in user. 063 * 064 * @return The username, or <code>null</code> if no user is logged in. 065 */ 066 String getUsername(); 067 068 069 070 // === User Accounts === 071 072 /** 073 * @return The "Username" topic of the created user account. 074 */ 075 Topic createUserAccount(Credentials cred); 076 077 /** 078 * Returns the private workspace of the logged in user. 079 * If no user is logged in an exception is thrown. 080 * <p> 081 * Note: a user can have more than one private workspace. The workspace returned 082 * by this method is the one that holds the user's password topic. 083 */ 084 Topic getPrivateWorkspace(); 085 086 /** 087 * Returns the "Username" topic for the specified username. 088 * 089 * @return The "Username" topic (type <code>dm4.accesscontrol.username</code>), 090 * or <code>null</code> if no such username exists. 091 */ 092 Topic getUsernameTopic(String username); 093 094 095 096 // === Workspaces / Memberships === 097 098 /** 099 * Returns the owner of a workspace. 100 * 101 * @return The username of the owner, or <code>null</code> if no owner is set. 102 * ### TODO: should throw an exception instead of returning null 103 */ 104 String getWorkspaceOwner(long workspaceId); 105 106 /** 107 * Sets the owner of a workspace. 108 * ### TODO: should take an ID instead a topic. 109 * ### Core service must be extended with a property setter. 110 */ 111 void setWorkspaceOwner(Topic workspace, String username); 112 113 // --- 114 115 void createMembership(String username, long workspaceId); 116 117 /** 118 * Checks if a user is a member of the given workspace. 119 * 120 * @param username the user. 121 * If <code>null</code> is passed, <code>false</code> is returned. 122 * If an unknown username is passed an exception is thrown. 123 * @param workspaceId the workspace. 124 * 125 * @return <code>true</code> if the user is a member, <code>false</code> otherwise. 126 */ 127 boolean isMember(String username, long workspaceId); 128 129 130 131 // === Permissions === 132 133 /** 134 * @return A Permissions object with one entry: <code>dm4.accesscontrol.operation.write</code>. 135 */ 136 Permissions getTopicPermissions(long topicId); 137 138 /** 139 * @return A Permissions object with one entry: <code>dm4.accesscontrol.operation.write</code>. 140 */ 141 Permissions getAssociationPermissions(long assocId); 142 143 144 145 // === Object Info === 146 147 /** 148 * Returns the creator of a topic or an association. 149 * 150 * @return The username of the creator, or <code>null</code> if no creator is set. 151 */ 152 String getCreator(long objectId); 153 154 /** 155 * Returns the modifier of a topic or an association. 156 * 157 * @return The username of the modifier, or <code>null</code> if no modifier is set. 158 */ 159 String getModifier(long objectId); 160 161 162 163 // === Retrieval === 164 165 Collection<Topic> getTopicsByCreator(String username); 166 167 Collection<Topic> getTopicsByOwner(String username); 168 169 Collection<Association> getAssociationsByCreator(String username); 170 171 Collection<Association> getAssociationsByOwner(String username); 172 }