001 package de.deepamehta.plugins.accesscontrol.service;
002
003 import de.deepamehta.core.Association;
004 import de.deepamehta.core.Topic;
005 import de.deepamehta.core.service.PluginService;
006 import de.deepamehta.core.service.accesscontrol.Credentials;
007 import de.deepamehta.core.service.accesscontrol.Permissions;
008 import de.deepamehta.core.service.accesscontrol.SharingMode;
009
010 import java.util.Collection;
011
012
013
014 public interface AccessControlService extends PluginService {
015
016 // ------------------------------------------------------------------------------------------------------- Constants
017
018 // Admin user account
019 static final String ADMIN_USERNAME = "admin";
020 static final String ADMIN_DEFAULT_PASSWORD = "";
021
022 // System workspace
023 static final String SYSTEM_WORKSPACE_NAME = "System";
024 static final String SYSTEM_WORKSPACE_URI = "dm4.workspaces.system";
025 static final SharingMode SYSTEM_WORKSPACE_SHARING_MODE = SharingMode.PUBLIC;
026
027 // Private workspaces
028 static final String DEFAULT_PRIVATE_WORKSPACE_NAME = "Private Workspace";
029
030 // -------------------------------------------------------------------------------------------------- Public Methods
031
032
033
034 // === User Session ===
035
036 /**
037 * Checks weather the credentials in the authorization string match an existing User Account,
038 * and if so, creates an HTTP session. ### FIXDOC
039 *
040 * @param authHeader the authorization string containing the credentials. ### FIXDOC
041 * Formatted like a "Authorization" HTTP header value. That is, "Basic " appended by the
042 * Base64 encoded form of "{username}:{password}".
043 *
044 * @return ### FIXDOC: The username of the matched User Account (a Topic of type "Username" /
045 * <code>dm4.accesscontrol.username</code>), or <code>null</code> if there is no matching User Account.
046 */
047 void login();
048
049 /**
050 * Logs the user out. That is invalidating the session associated with the JSESSION ID cookie.
051 *
052 * For a "non-private" DM installation the response is 204 No Content.
053 * For a "private" DM installation the response is 401 Authorization Required. In this case the webclient is
054 * supposed to shutdown the DM GUI then. The webclient of a "private" DM installation must only be visible/usable
055 * when logged in.
056 */
057 void logout();
058
059 // ---
060
061 /**
062 * Returns the username of the logged in user.
063 *
064 * @return The username, or <code>null</code> if no user is logged in.
065 */
066 String getUsername();
067
068
069
070 // === User Accounts ===
071
072 /**
073 * @return The "Username" topic of the created user account.
074 */
075 Topic createUserAccount(Credentials cred);
076
077 /**
078 * Returns the private workspace of the logged in user.
079 * If no user is logged in an exception is thrown.
080 * <p>
081 * Note: a user can have more than one private workspace. The workspace returned
082 * by this method is the one that holds the user's password topic.
083 */
084 Topic getPrivateWorkspace();
085
086 /**
087 * Returns the "Username" topic for the specified username.
088 *
089 * @return The "Username" topic (type <code>dm4.accesscontrol.username</code>),
090 * or <code>null</code> if no such username exists.
091 */
092 Topic getUsernameTopic(String username);
093
094
095
096 // === Workspaces / Memberships ===
097
098 /**
099 * Returns the owner of a workspace.
100 *
101 * @return The username of the owner, or <code>null</code> if no owner is set.
102 * ### TODO: should throw an exception instead of returning null
103 */
104 String getWorkspaceOwner(long workspaceId);
105
106 /**
107 * Sets the owner of a workspace.
108 * ### TODO: should take an ID instead a topic.
109 * ### Core service must be extended with a property setter.
110 */
111 void setWorkspaceOwner(Topic workspace, String username);
112
113 // ---
114
115 void createMembership(String username, long workspaceId);
116
117 /**
118 * Checks if a user is a member of the given workspace.
119 *
120 * @param username the user.
121 * If <code>null</code> is passed, <code>false</code> is returned.
122 * If an unknown username is passed an exception is thrown.
123 * @param workspaceId the workspace.
124 *
125 * @return <code>true</code> if the user is a member, <code>false</code> otherwise.
126 */
127 boolean isMember(String username, long workspaceId);
128
129
130
131 // === Permissions ===
132
133 /**
134 * @return A Permissions object with one entry: <code>dm4.accesscontrol.operation.write</code>.
135 */
136 Permissions getTopicPermissions(long topicId);
137
138 /**
139 * @return A Permissions object with one entry: <code>dm4.accesscontrol.operation.write</code>.
140 */
141 Permissions getAssociationPermissions(long assocId);
142
143
144
145 // === Object Info ===
146
147 /**
148 * Returns the creator of a topic or an association.
149 *
150 * @return The username of the creator, or <code>null</code> if no creator is set.
151 */
152 String getCreator(long objectId);
153
154 /**
155 * Returns the modifier of a topic or an association.
156 *
157 * @return The username of the modifier, or <code>null</code> if no modifier is set.
158 */
159 String getModifier(long objectId);
160
161
162
163 // === Retrieval ===
164
165 Collection<Topic> getTopicsByCreator(String username);
166
167 Collection<Topic> getTopicsByOwner(String username);
168
169 Collection<Association> getAssociationsByCreator(String username);
170
171 Collection<Association> getAssociationsByOwner(String username);
172 }