Source code

001package de.deepamehta.core.service.accesscontrol;
002
003import de.deepamehta.core.DeepaMehtaObject;
004import de.deepamehta.core.RelatedTopic;
005import de.deepamehta.core.Topic;
006
007import javax.servlet.http.HttpServletRequest;
008import javax.servlet.http.HttpSession;
009
010import java.util.concurrent.Callable;
011
012
013
014public interface AccessControl {
015
016    /**
017     * Checks if the given credentials are valid.
018     *
019     * @return  the corresponding Username topic if the credentials are valid, or <code>null</code> otherwise.
020     */
021    Topic checkCredentials(Credentials cred);
022
023    /**
024     * Checks if a user is permitted to perform an operation on an object (topic or association).
025     *
026     * @param   username    the logged in user, or <code>null</code> if no user is logged in.
027     * @param   objectId    a topic ID, or an association ID.
028     *
029     * @return  <code>true</code> if permission is granted, <code>false</code> otherwise.
030     */
031    boolean hasPermission(String username, Operation operation, long objectId);
032
033
034
035    // === Workspaces / Memberships ===
036
037    /**
038     * Returns a workspace by URI.
039     *
040     * @return  The workspace (a topic of type "Workspace").
041     *
042     * @throws  RuntimeException    If no workspace exists for the given URI.
043     */
044    Topic getWorkspace(String uri);
045
046    // ---
047
048    /**
049     * Returns the ID of the "DeepaMehta" workspace.
050     */
051    long getDeepaMehtaWorkspaceId();
052
053    /**
054     * Returns the ID of the "System" workspace.
055     */
056    long getSystemWorkspaceId();
057
058    // ---
059
060    /**
061     * Checks if a user is a member of a given workspace.
062     *
063     * @param   username    the logged in user, or <code>null</code> if no user is logged in.
064     */
065    boolean isMember(String username, long workspaceId);
066
067    /**
068     * Performs the initial workspace assignment for an object.
069     * <p>
070     * Use this method only for objects which have no workspace assignment already, that is e.g. objects
071     * created in a migration or objects created while workspace assignment is deliberately suppressed.
072     */
073    void assignToWorkspace(DeepaMehtaObject object, long workspaceId);
074
075    // ---
076
077    /**
078     * Runs a code block while suppressing the standard workspace assignment for all topics/associations
079     * created within that code block.
080     */
081    <V> V runWithoutWorkspaceAssignment(Callable<V> callable) throws Exception;
082
083    /**
084     * Returns true if standard workspace assignment is currently suppressed for the current thread.
085     */
086    boolean workspaceAssignmentIsSuppressed();
087
088
089
090    // === User Accounts ===
091
092    /**
093     * Returns the Username topic that corresponds to a username.
094     *
095     * @return  the Username topic, or <code>null</code> if no such Username topic exists.
096     */
097    Topic getUsernameTopic(String username);
098
099    /**
100     * Convenience method that returns the Username topic that corresponds to a request.
101     * Basically it calls <code>getUsernameTopic(getUsername(request))</code>.
102     *
103     * @return  the Username topic, or <code>null</code> if no user is associated with the request.
104     */
105    Topic getUsernameTopic(HttpServletRequest request);
106
107    /**
108     * Returns the username that is associated with a request.
109     *
110     * @return  the username, or <code>null</code> if no user is associated with the request.
111     */
112    String getUsername(HttpServletRequest request);
113
114    String username(HttpSession session);
115
116    // ---
117
118    /**
119     * Returns the private workspace of the given user.
120     * <p>
121     * Note: a user can have more than one private workspace. The workspace returned
122     * by this method is the one that holds the user's password topic.
123     * <p>
124     * This is a privileged method, it bypasses the access control system.
125     */
126    Topic getPrivateWorkspace(String username);
127
128
129
130    // === Config Service ===
131
132    /**
133     * Returns the configuration topic of the given type for the given topic.
134     * <p>
135     * This is a privileged method, it bypasses the access control system.
136     *
137     * @throws  RuntimeException    if no such configuration topic exists.
138     */
139    RelatedTopic getConfigTopic(String configTypeUri, long topicId);
140
141
142
143    // === Email Addresses ===
144
145    /**
146     * Returns true if an "Email Address" (dm4.contacts.email_address) topic with the given value exists,
147     * false otherwise.
148     * <p>
149     * This is a privileged method, it bypasses the access control system.
150     */
151    boolean emailAddressExists(String emailAddress);
152}