001package de.deepamehta.core.service.accesscontrol; 002 003import de.deepamehta.core.DeepaMehtaObject; 004import de.deepamehta.core.RelatedTopic; 005import de.deepamehta.core.Topic; 006 007import javax.servlet.http.HttpServletRequest; 008import javax.servlet.http.HttpSession; 009 010import java.util.concurrent.Callable; 011 012 013 014public interface AccessControl { 015 016 /** 017 * Checks if the given credentials are valid. 018 * 019 * @return the corresponding Username topic if the credentials are valid, or <code>null</code> otherwise. 020 */ 021 Topic checkCredentials(Credentials cred); 022 023 /** 024 * Checks if a user is permitted to perform an operation on an object (topic or association). 025 * 026 * @param username the logged in user, or <code>null</code> if no user is logged in. 027 * @param objectId a topic ID, or an association ID. 028 * 029 * @return <code>true</code> if permission is granted, <code>false</code> otherwise. 030 */ 031 boolean hasPermission(String username, Operation operation, long objectId); 032 033 034 035 // === Workspaces / Memberships === 036 037 /** 038 * Returns a workspace by URI. 039 * 040 * @return The workspace (a topic of type "Workspace"). 041 * 042 * @throws RuntimeException If no workspace exists for the given URI. 043 */ 044 Topic getWorkspace(String uri); 045 046 // --- 047 048 /** 049 * Returns the ID of the "DeepaMehta" workspace. 050 */ 051 long getDeepaMehtaWorkspaceId(); 052 053 /** 054 * Returns the ID of the "System" workspace. 055 */ 056 long getSystemWorkspaceId(); 057 058 // --- 059 060 /** 061 * Checks if a user is a member of a given workspace. 062 * 063 * @param username the logged in user, or <code>null</code> if no user is logged in. 064 */ 065 boolean isMember(String username, long workspaceId); 066 067 /** 068 * Performs the initial workspace assignment for an object. 069 * <p> 070 * Use this method only for objects which have no workspace assignment already, that is e.g. objects 071 * created in a migration or objects created while workspace assignment is deliberately suppressed. 072 */ 073 void assignToWorkspace(DeepaMehtaObject object, long workspaceId); 074 075 // --- 076 077 /** 078 * Runs a code block while suppressing the standard workspace assignment for all topics/associations 079 * created within that code block. 080 */ 081 <V> V runWithoutWorkspaceAssignment(Callable<V> callable) throws Exception; 082 083 /** 084 * Returns true if standard workspace assignment is currently suppressed for the current thread. 085 */ 086 boolean workspaceAssignmentIsSuppressed(); 087 088 089 090 // === User Accounts === 091 092 /** 093 * Returns the Username topic that corresponds to a username. 094 * 095 * @return the Username topic, or <code>null</code> if no such Username topic exists. 096 */ 097 Topic getUsernameTopic(String username); 098 099 /** 100 * Convenience method that returns the Username topic that corresponds to a request. 101 * Basically it calls <code>getUsernameTopic(getUsername(request))</code>. 102 * 103 * @return the Username topic, or <code>null</code> if no user is associated with the request. 104 */ 105 Topic getUsernameTopic(HttpServletRequest request); 106 107 /** 108 * Returns the username that is associated with a request. 109 * 110 * @return the username, or <code>null</code> if no user is associated with the request. 111 */ 112 String getUsername(HttpServletRequest request); 113 114 String username(HttpSession session); 115 116 // --- 117 118 /** 119 * Returns the private workspace of the given user. 120 * <p> 121 * Note: a user can have more than one private workspace. The workspace returned 122 * by this method is the one that holds the user's password topic. 123 * <p> 124 * This is a privileged method, it bypasses the access control system. 125 */ 126 Topic getPrivateWorkspace(String username); 127 128 129 130 // === Config Service === 131 132 /** 133 * Returns the configuration topic of the given type for the given topic. 134 * <p> 135 * This is a privileged method, it bypasses the access control system. 136 * 137 * @throws RuntimeException if no such configuration topic exists. 138 */ 139 RelatedTopic getConfigTopic(String configTypeUri, long topicId); 140 141 142 143 // === Email Addresses === 144 145 /** 146 * Returns true if an "Email Address" (dm4.contacts.email_address) topic with the given value exists, 147 * false otherwise. 148 * <p> 149 * This is a privileged method, it bypasses the access control system. 150 */ 151 boolean emailAddressExists(String emailAddress); 152}