class AccessControlImpl extends Object implements AccessControl
Modifier and Type | Field and Description |
---|---|
private static String |
ADMINISTRATION_WORKSPACE_URI |
private static String |
ASSOC_TYPE_CONFIGURATION |
private static String |
DEEPAMEHTA_WORKSPACE_URI |
private Logger |
logger |
private ModelFactory |
mf |
private PersistenceLayer |
pl |
private static String |
PROP_CREATOR |
private static String |
PROP_OWNER |
private static String |
PROP_WORKSPACE_ID |
private static String |
ROLE_TYPE_CONFIGURABLE |
private static String |
ROLE_TYPE_DEFAULT |
private ThreadLocal<Integer> |
suppressionLevel |
private static String |
SYSTEM_WORKSPACE_URI |
private long |
systemWorkspaceId |
private static String |
TYPE_EMAIL_ADDRESS |
private static String |
TYPE_MEMBERSHIP |
private static String |
TYPE_USERNAME |
Constructor and Description |
---|
AccessControlImpl(PersistenceLayer pl) |
Modifier and Type | Method and Description |
---|---|
private TopicModel |
_getPasswordTopic(TopicModel userAccount)
Prerequisite: userAccount is not
null . |
private TopicModel |
_getUserAccount(TopicModel usernameTopic)
Prerequisite: usernameTopic is not
null . |
private TopicModel |
_getUsernameTopic(String username) |
private TopicModel |
_getUsernameTopicOrThrow(String username) |
private boolean |
_hasPermission(String username,
Operation operation,
long workspaceId) |
void |
assignToWorkspace(DeepaMehtaObject object,
long workspaceId)
Performs the initial workspace assignment for an object.
|
Topic |
checkCredentials(Credentials cred)
Checks if the given credentials are valid.
|
private void |
checkWorkspaceId(long workspaceId) |
boolean |
emailAddressExists(String emailAddress)
Returns true if an "Email Address" (dm4.contacts.email_address) topic with the given value exists,
false otherwise.
|
private TopicModel |
fetchTopic(String key,
Object value)
Fetches a topic by key/value via direct storage access.
|
long |
getAdministrationWorkspaceId()
Returns the ID of the "Administration" workspace.
|
long |
getAssignedWorkspaceId(long objectId)
Returns the ID of the workspace a topic or association is assigned to.
|
RelatedTopic |
getConfigTopic(String configTypeUri,
long topicId)
Returns the configuration topic of the given type for the given topic.
|
String |
getCreator(long objectId)
Returns the creator of a topic or an association.
|
long |
getDeepaMehtaWorkspaceId()
Returns the ID of the "DeepaMehta" workspace.
|
private String |
getOwner(long workspaceId) |
private TopicModel |
getPasswordTopic(TopicModel usernameTopic)
Prerequisite: usernameTopic is not
null . |
Topic |
getPrivateWorkspace(String username)
Returns the private workspace of the given user.
|
private SharingMode |
getSharingMode(long workspaceId) |
long |
getSystemWorkspaceId()
Returns the ID of the "System" workspace.
|
private String |
getTypeUri(long objectId) |
String |
getUsername(javax.servlet.http.HttpServletRequest request)
Returns the username that is associated with a request.
|
Topic |
getUsernameTopic(javax.servlet.http.HttpServletRequest request)
Convenience method that returns the Username topic that corresponds to a request.
|
Topic |
getUsernameTopic(String username)
Returns the Username topic that corresponds to a username.
|
Topic |
getWorkspace(String uri)
Returns a workspace by URI.
|
boolean |
hasPermission(String username,
Operation operation,
long objectId)
Checks if a user is permitted to perform an operation on an object (topic or association).
|
private boolean |
hasReadPermission(String username,
long workspaceId) |
private boolean |
hasWritePermission(String username,
long workspaceId) |
private Topic |
instantiate(TopicModel model)
Instantiates a topic without performing permission check.
|
private boolean |
isCreator(String username,
long objectId) |
boolean |
isMember(String username,
long workspaceId)
Checks if a user is a member of a given workspace.
|
private boolean |
isOwner(String username,
long workspaceId)
Checks if a user is the owner of a workspace.
|
private boolean |
isTopicmapPrivate(long topicmapId) |
boolean |
isWorkspaceAssignment(Association assoc)
Checks if an association represents a workspace assignment.
|
private boolean |
matches(TopicModel usernameTopic,
String password)
Prerequisite: usernameTopic is not
null . |
private boolean |
permissionIfNoWorkspaceIsAssigned(Operation operation,
long objectId,
String typeUri) |
private List<TopicModelImpl> |
queryTopics(String key,
Object value)
Queries topics by key/value via direct storage access.
|
<V> V |
runWithoutWorkspaceAssignment(Callable<V> callable)
Runs a code block while suppressing the standard workspace assignment for all topics/associations
created within that code block.
|
private String |
userInfo(String username) |
String |
username(javax.servlet.http.HttpSession session) |
boolean |
workspaceAssignmentIsSuppressed()
Returns true if standard workspace assignment is currently suppressed for the current thread.
|
private static final String TYPE_MEMBERSHIP
private static final String TYPE_USERNAME
private static final String TYPE_EMAIL_ADDRESS
private static final String ASSOC_TYPE_CONFIGURATION
private static final String ROLE_TYPE_CONFIGURABLE
private static final String ROLE_TYPE_DEFAULT
private static final String PROP_CREATOR
private static final String PROP_OWNER
private static final String PROP_WORKSPACE_ID
private static final String DEEPAMEHTA_WORKSPACE_URI
private static final String ADMINISTRATION_WORKSPACE_URI
private static final String SYSTEM_WORKSPACE_URI
private long systemWorkspaceId
private ThreadLocal<Integer> suppressionLevel
private PersistenceLayer pl
private ModelFactory mf
AccessControlImpl(PersistenceLayer pl)
public Topic checkCredentials(Credentials cred)
AccessControl
checkCredentials
in interface AccessControl
null
otherwise.public boolean hasPermission(String username, Operation operation, long objectId)
AccessControl
hasPermission
in interface AccessControl
username
- the logged in user, or null
if no user is logged in.objectId
- a topic ID, or an association ID.true
if permission is granted, false
otherwise.public String getCreator(long objectId)
AccessControl
getCreator
in interface AccessControl
null
if no creator is set.public Topic getWorkspace(String uri)
AccessControl
getWorkspace
in interface AccessControl
public long getDeepaMehtaWorkspaceId()
AccessControl
getDeepaMehtaWorkspaceId
in interface AccessControl
public long getAdministrationWorkspaceId()
AccessControl
getAdministrationWorkspaceId
in interface AccessControl
public long getSystemWorkspaceId()
AccessControl
getSystemWorkspaceId
in interface AccessControl
public long getAssignedWorkspaceId(long objectId)
AccessControl
getAssignedWorkspaceId
in interface AccessControl
objectId
- a topic ID, or an association ID-1
if no workspace is assigned.public void assignToWorkspace(DeepaMehtaObject object, long workspaceId)
AccessControl
Use this method only for objects which have no workspace assignment already, that is e.g. objects created in a migration or objects created while workspace assignment is deliberately suppressed.
assignToWorkspace
in interface AccessControl
public boolean isWorkspaceAssignment(Association assoc)
AccessControl
isWorkspaceAssignment
in interface AccessControl
public <V> V runWithoutWorkspaceAssignment(Callable<V> callable) throws Exception
AccessControl
runWithoutWorkspaceAssignment
in interface AccessControl
Exception
public boolean workspaceAssignmentIsSuppressed()
AccessControl
workspaceAssignmentIsSuppressed
in interface AccessControl
public Topic getUsernameTopic(String username)
AccessControl
getUsernameTopic
in interface AccessControl
null
if no such Username topic exists.public Topic getUsernameTopic(javax.servlet.http.HttpServletRequest request)
AccessControl
getUsernameTopic(getUsername(request))
.getUsernameTopic
in interface AccessControl
null
if no user is associated with the request.public String getUsername(javax.servlet.http.HttpServletRequest request)
AccessControl
getUsername
in interface AccessControl
null
if no user is associated with the request.public String username(javax.servlet.http.HttpSession session)
username
in interface AccessControl
public Topic getPrivateWorkspace(String username)
AccessControl
Note: a user can have more than one private workspace. The workspace returned by this method is the one that holds the user's password topic.
This is a privileged method, it bypasses the access control system.
getPrivateWorkspace
in interface AccessControl
public boolean isMember(String username, long workspaceId)
AccessControl
isMember
in interface AccessControl
username
- the logged in user, or null
if no user is logged in.public RelatedTopic getConfigTopic(String configTypeUri, long topicId)
AccessControl
This is a privileged method, it bypasses the access control system.
getConfigTopic
in interface AccessControl
public boolean emailAddressExists(String emailAddress)
AccessControl
This is a privileged method, it bypasses the access control system.
emailAddressExists
in interface AccessControl
private boolean matches(TopicModel usernameTopic, String password)
null
.password
- The encoded password.private TopicModel getPasswordTopic(TopicModel usernameTopic)
null
.private TopicModel _getUserAccount(TopicModel usernameTopic)
null
.private TopicModel _getPasswordTopic(TopicModel userAccount)
null
.private boolean permissionIfNoWorkspaceIsAssigned(Operation operation, long objectId, String typeUri)
private boolean _hasPermission(String username, Operation operation, long workspaceId)
private boolean hasReadPermission(String username, long workspaceId)
username
- the logged in user, or null
if no user is logged in.workspaceId
- the ID of the workspace that is relevant for the permission check. Is never -1.private boolean hasWritePermission(String username, long workspaceId)
username
- the logged in user, or null
if no user is logged in.workspaceId
- the ID of the workspace that is relevant for the permission check. Is never -1.private boolean isOwner(String username, long workspaceId)
username
- the logged in user, or null
if no user is logged in.true
if the user is the owner, false
otherwise.private SharingMode getSharingMode(long workspaceId)
private void checkWorkspaceId(long workspaceId)
private boolean isTopicmapPrivate(long topicmapId)
private String getTypeUri(long objectId)
private TopicModel _getUsernameTopic(String username)
private TopicModel _getUsernameTopicOrThrow(String username)
private TopicModel fetchTopic(String key, Object value)
IMPORTANT: only applicable to values indexed with dm4.core.key
.
null
if no such topic exists.private List<TopicModelImpl> queryTopics(String key, Object value)
IMPORTANT: only applicable to values indexed with dm4.core.fulltext
or
dm4.core.fulltext_key
.
private Topic instantiate(TopicModel model)
Copyright © 2016. All Rights Reserved.