001package de.deepamehta.plugins.accesscontrol; 002 003import de.deepamehta.core.Association; 004import de.deepamehta.core.Topic; 005import de.deepamehta.core.service.accesscontrol.Credentials; 006import de.deepamehta.core.service.accesscontrol.Permissions; 007import de.deepamehta.core.service.accesscontrol.SharingMode; 008 009import java.util.Collection; 010 011 012 013public interface AccessControlService { 014 015 // ------------------------------------------------------------------------------------------------------- Constants 016 017 // Admin user account 018 static final String ADMIN_USERNAME = "admin"; 019 static final String ADMIN_DEFAULT_PASSWORD = ""; 020 021 // System workspace 022 static final String SYSTEM_WORKSPACE_NAME = "System"; 023 static final String SYSTEM_WORKSPACE_URI = "dm4.workspaces.system"; 024 static final SharingMode SYSTEM_WORKSPACE_SHARING_MODE = SharingMode.PUBLIC; 025 026 // Private workspaces 027 static final String DEFAULT_PRIVATE_WORKSPACE_NAME = "Private Workspace"; 028 029 // -------------------------------------------------------------------------------------------------- Public Methods 030 031 032 033 // === User Session === 034 035 /** 036 * Checks weather the credentials in the authorization string match an existing User Account, 037 * and if so, creates an HTTP session. ### FIXDOC 038 * 039 * @param authHeader the authorization string containing the credentials. ### FIXDOC 040 * Formatted like a "Authorization" HTTP header value. That is, "Basic " appended by the 041 * Base64 encoded form of "{username}:{password}". 042 * 043 * @return ### FIXDOC: The username of the matched User Account (a Topic of type "Username" / 044 * <code>dm4.accesscontrol.username</code>), or <code>null</code> if there is no matching User Account. 045 */ 046 void login(); 047 048 /** 049 * Logs the user out. That is invalidating the session associated with the JSESSION ID cookie. 050 * 051 * For a "non-private" DM installation the response is 204 No Content. 052 * For a "private" DM installation the response is 401 Authorization Required. In this case the webclient is 053 * supposed to shutdown the DM GUI then. The webclient of a "private" DM installation must only be visible/usable 054 * when logged in. 055 */ 056 void logout(); 057 058 // --- 059 060 /** 061 * Returns the username of the logged in user. 062 * 063 * @return The username, or <code>null</code> if no user is logged in. 064 */ 065 String getUsername(); 066 067 068 069 // === User Accounts === 070 071 /** 072 * @return The "Username" topic of the created user account. 073 */ 074 Topic createUserAccount(Credentials cred); 075 076 /** 077 * Returns the private workspace of the logged in user. 078 * If no user is logged in an exception is thrown. 079 * <p> 080 * Note: a user can have more than one private workspace. The workspace returned 081 * by this method is the one that holds the user's password topic. 082 */ 083 Topic getPrivateWorkspace(); 084 085 /** 086 * Returns the "Username" topic for the specified username. 087 * 088 * @return The "Username" topic (type <code>dm4.accesscontrol.username</code>), 089 * or <code>null</code> if no such username exists. 090 */ 091 Topic getUsernameTopic(String username); 092 093 094 095 // === Workspaces / Memberships === 096 097 /** 098 * Returns the owner of a workspace. 099 * 100 * @return The username of the owner, or <code>null</code> if no owner is set. 101 * ### TODO: should throw an exception instead of returning null 102 */ 103 String getWorkspaceOwner(long workspaceId); 104 105 /** 106 * Sets the owner of a workspace. 107 * ### TODO: should take an ID instead a topic. 108 * ### Core service must be extended with a property setter. 109 */ 110 void setWorkspaceOwner(Topic workspace, String username); 111 112 // --- 113 114 void createMembership(String username, long workspaceId); 115 116 /** 117 * Checks if a user is a member of the given workspace. 118 * 119 * @param username the user. 120 * If <code>null</code> is passed, <code>false</code> is returned. 121 * If an unknown username is passed an exception is thrown. 122 * @param workspaceId the workspace. 123 * 124 * @return <code>true</code> if the user is a member, <code>false</code> otherwise. 125 */ 126 boolean isMember(String username, long workspaceId); 127 128 129 130 // === Permissions === 131 132 /** 133 * @return A Permissions object with one entry: <code>dm4.accesscontrol.operation.write</code>. 134 */ 135 Permissions getTopicPermissions(long topicId); 136 137 /** 138 * @return A Permissions object with one entry: <code>dm4.accesscontrol.operation.write</code>. 139 */ 140 Permissions getAssociationPermissions(long assocId); 141 142 143 144 // === Object Info === 145 146 /** 147 * Returns the creator of a topic or an association. 148 * 149 * @return The username of the creator, or <code>null</code> if no creator is set. 150 */ 151 String getCreator(long objectId); 152 153 /** 154 * Returns the modifier of a topic or an association. 155 * 156 * @return The username of the modifier, or <code>null</code> if no modifier is set. 157 */ 158 String getModifier(long objectId); 159 160 161 162 // === Retrieval === 163 164 Collection<Topic> getTopicsByCreator(String username); 165 166 Collection<Topic> getTopicsByOwner(String username); 167 168 Collection<Association> getAssociationsByCreator(String username); 169 170 Collection<Association> getAssociationsByOwner(String username); 171}