de.deepamehta.core.impl

Class AccessControlImpl

Show UML class diagram

java.lang.Object

de.deepamehta.core.impl.AccessControlImpl

All Implemented Interfaces:

AccessControl

 class AccessControlImpl
extends Object
implements AccessControl

Field Summary

Fields

Modifier and Type	Field and Description
private static String	ADMINISTRATION_WORKSPACE_URI
private static String	ASSOC_TYPE_CONFIGURATION
private static String	DEEPAMEHTA_WORKSPACE_URI
private Logger	logger
private ModelFactory	mf
private PersistenceLayer	pl
private static String	PROP_CREATOR
private static String	PROP_OWNER
private static String	PROP_WORKSPACE_ID
private static String	ROLE_TYPE_CONFIGURABLE
private static String	ROLE_TYPE_DEFAULT
private ThreadLocal<Integer>	suppressionLevel
private static String	SYSTEM_WORKSPACE_URI
private long	systemWorkspaceId
private static String	TYPE_EMAIL_ADDRESS
private static String	TYPE_MEMBERSHIP
private static String	TYPE_USERNAME

Constructor Summary

Constructors

Constructor and Description
AccessControlImpl(PersistenceLayer pl)

Method Summary

Methods

Modifier and Type	Method and Description
private TopicModel	_getPasswordTopic(TopicModel userAccount) Prerequisite: userAccount is not null.
private TopicModel	_getUserAccount(TopicModel usernameTopic) Prerequisite: usernameTopic is not null.
private TopicModel	_getUsernameTopic(String username)
private TopicModel	_getUsernameTopicOrThrow(String username)
private boolean	_hasPermission(String username, Operation operation, long workspaceId)
void	assignToWorkspace(DeepaMehtaObject object, long workspaceId) Performs the initial workspace assignment for an object.
Topic	checkCredentials(Credentials cred) Checks if the given credentials are valid.
private void	checkWorkspaceId(long workspaceId)
boolean	emailAddressExists(String emailAddress) Returns true if an "Email Address" (dm4.contacts.email_address) topic with the given value exists, false otherwise.
private TopicModel	fetchTopic(String key, Object value) Fetches a topic by key/value via direct storage access.
long	getAdministrationWorkspaceId() Returns the ID of the "Administration" workspace.
long	getAssignedWorkspaceId(long objectId) Returns the ID of the workspace a topic or association is assigned to.
RelatedTopic	getConfigTopic(String configTypeUri, long topicId) Returns the configuration topic of the given type for the given topic.
String	getCreator(long objectId) Returns the creator of a topic or an association.
long	getDeepaMehtaWorkspaceId() Returns the ID of the "DeepaMehta" workspace.
private String	getOwner(long workspaceId)
private TopicModel	getPasswordTopic(TopicModel usernameTopic) Prerequisite: usernameTopic is not null.
Topic	getPrivateWorkspace(String username) Returns the private workspace of the given user.
private SharingMode	getSharingMode(long workspaceId)
long	getSystemWorkspaceId() Returns the ID of the "System" workspace.
private String	getTypeUri(long objectId)
String	getUsername(javax.servlet.http.HttpServletRequest request) Returns the username that is associated with a request.
Topic	getUsernameTopic(javax.servlet.http.HttpServletRequest request) Convenience method that returns the Username topic that corresponds to a request.
Topic	getUsernameTopic(String username) Returns the Username topic that corresponds to a username.
Topic	getWorkspace(String uri) Returns a workspace by URI.
boolean	hasPermission(String username, Operation operation, long objectId) Checks if a user is permitted to perform an operation on an object (topic or association).
private boolean	hasReadPermission(String username, long workspaceId)
private boolean	hasWritePermission(String username, long workspaceId)
private Topic	instantiate(TopicModel model) Instantiates a topic without performing permission check.
private boolean	isCreator(String username, long objectId)
boolean	isMember(String username, long workspaceId) Checks if a user is a member of a given workspace.
private boolean	isOwner(String username, long workspaceId) Checks if a user is the owner of a workspace.
private boolean	isTopicmapPrivate(long topicmapId)
boolean	isWorkspaceAssignment(Association assoc) Checks if an association represents a workspace assignment.
private boolean	matches(TopicModel usernameTopic, String password) Prerequisite: usernameTopic is not null.
private boolean	permissionIfNoWorkspaceIsAssigned(Operation operation, long objectId, String typeUri)
private List<TopicModelImpl>	queryTopics(String key, Object value) Queries topics by key/value via direct storage access.
<V> V	runWithoutWorkspaceAssignment(Callable<V> callable) Runs a code block while suppressing the standard workspace assignment for all topics/associations created within that code block.
private String	userInfo(String username)
String	username(javax.servlet.http.HttpSession session)
boolean	workspaceAssignmentIsSuppressed() Returns true if standard workspace assignment is currently suppressed for the current thread.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TYPE_MEMBERSHIP

private static final String TYPE_MEMBERSHIP

See Also:

Constant Field Values

TYPE_USERNAME

private static final String TYPE_USERNAME

See Also:

Constant Field Values

TYPE_EMAIL_ADDRESS

private static final String TYPE_EMAIL_ADDRESS

See Also:

Constant Field Values

ASSOC_TYPE_CONFIGURATION

private static final String ASSOC_TYPE_CONFIGURATION

See Also:

Constant Field Values

ROLE_TYPE_CONFIGURABLE

private static final String ROLE_TYPE_CONFIGURABLE

See Also:

Constant Field Values

ROLE_TYPE_DEFAULT

private static final String ROLE_TYPE_DEFAULT

See Also:

Constant Field Values

PROP_CREATOR

private static final String PROP_CREATOR

See Also:

Constant Field Values

PROP_OWNER

private static final String PROP_OWNER

See Also:

Constant Field Values

PROP_WORKSPACE_ID

private static final String PROP_WORKSPACE_ID

See Also:

Constant Field Values

DEEPAMEHTA_WORKSPACE_URI

private static final String DEEPAMEHTA_WORKSPACE_URI

See Also:

Constant Field Values

ADMINISTRATION_WORKSPACE_URI

private static final String ADMINISTRATION_WORKSPACE_URI

See Also:

Constant Field Values

SYSTEM_WORKSPACE_URI

private static final String SYSTEM_WORKSPACE_URI

See Also:

Constant Field Values

systemWorkspaceId

private long systemWorkspaceId

suppressionLevel

private ThreadLocal<Integer> suppressionLevel

pl

private PersistenceLayer pl

mf

private ModelFactory mf

logger

private Logger logger

Constructor Detail

AccessControlImpl

AccessControlImpl(PersistenceLayer pl)

Method Detail

checkCredentials

public Topic checkCredentials(Credentials cred)

Description copied from interface: AccessControl

Checks if the given credentials are valid.

Specified by:

checkCredentials in interface AccessControl

Returns:

the corresponding Username topic if the credentials are valid, or null otherwise.

hasPermission

public boolean hasPermission(String username,
                    Operation operation,
                    long objectId)

Description copied from interface: AccessControl

Checks if a user is permitted to perform an operation on an object (topic or association).

Specified by:

hasPermission in interface AccessControl

Parameters:

username - the logged in user, or null if no user is logged in.

objectId - a topic ID, or an association ID.

Returns:

true if permission is granted, false otherwise.

getCreator

public String getCreator(long objectId)

Description copied from interface: AccessControl

Returns the creator of a topic or an association.

Specified by:

getCreator in interface AccessControl

Returns:

The username of the creator, or null if no creator is set.

getWorkspace

public Topic getWorkspace(String uri)

Description copied from interface: AccessControl

Returns a workspace by URI.

Specified by:

getWorkspace in interface AccessControl

Returns:

The workspace (a topic of type "Workspace").

getDeepaMehtaWorkspaceId

public long getDeepaMehtaWorkspaceId()

Description copied from interface: AccessControl

Returns the ID of the "DeepaMehta" workspace.

Specified by:

getDeepaMehtaWorkspaceId in interface AccessControl

getAdministrationWorkspaceId

public long getAdministrationWorkspaceId()

Description copied from interface: AccessControl

Returns the ID of the "Administration" workspace.

Specified by:

getAdministrationWorkspaceId in interface AccessControl

getSystemWorkspaceId

public long getSystemWorkspaceId()

Description copied from interface: AccessControl

Returns the ID of the "System" workspace.

Specified by:

getSystemWorkspaceId in interface AccessControl

getAssignedWorkspaceId

public long getAssignedWorkspaceId(long objectId)

Description copied from interface: AccessControl

Returns the ID of the workspace a topic or association is assigned to.

Specified by:

getAssignedWorkspaceId in interface AccessControl

Parameters:

objectId - a topic ID, or an association ID

Returns:

The workspace ID, or -1 if no workspace is assigned.

assignToWorkspace

public void assignToWorkspace(DeepaMehtaObject object,
                     long workspaceId)

Description copied from interface: AccessControl

Performs the initial workspace assignment for an object.

Use this method only for objects which have no workspace assignment already, that is e.g. objects created in a migration or objects created while workspace assignment is deliberately suppressed.

Specified by:

assignToWorkspace in interface AccessControl

isWorkspaceAssignment

public boolean isWorkspaceAssignment(Association assoc)

Description copied from interface: AccessControl

Checks if an association represents a workspace assignment. This is a privileged method: it works also if the current user has no READ permission for the potential workspace.

Specified by:

isWorkspaceAssignment in interface AccessControl

runWithoutWorkspaceAssignment

public <V> V runWithoutWorkspaceAssignment(Callable<V> callable)
                                throws Exception

Description copied from interface: AccessControl

Runs a code block while suppressing the standard workspace assignment for all topics/associations created within that code block.

Specified by:

runWithoutWorkspaceAssignment in interface AccessControl

Throws:

Exception

workspaceAssignmentIsSuppressed

public boolean workspaceAssignmentIsSuppressed()

Description copied from interface: AccessControl

Returns true if standard workspace assignment is currently suppressed for the current thread.

Specified by:

workspaceAssignmentIsSuppressed in interface AccessControl

getUsernameTopic

public Topic getUsernameTopic(String username)

Description copied from interface: AccessControl

Returns the Username topic that corresponds to a username.

Specified by:

getUsernameTopic in interface AccessControl

Returns:

the Username topic, or null if no such Username topic exists.

getUsernameTopic

public Topic getUsernameTopic(javax.servlet.http.HttpServletRequest request)

Description copied from interface: AccessControl

Convenience method that returns the Username topic that corresponds to a request. Basically it calls getUsernameTopic(getUsername(request)).

Specified by:

getUsernameTopic in interface AccessControl

Returns:

the Username topic, or null if no user is associated with the request.

getUsername

public String getUsername(javax.servlet.http.HttpServletRequest request)

Description copied from interface: AccessControl

Returns the username that is associated with a request.

Specified by:

getUsername in interface AccessControl

Returns:

the username, or null if no user is associated with the request.

username

public String username(javax.servlet.http.HttpSession session)

Specified by:

username in interface AccessControl

getPrivateWorkspace

public Topic getPrivateWorkspace(String username)

Description copied from interface: AccessControl

Returns the private workspace of the given user.

Note: a user can have more than one private workspace. The workspace returned by this method is the one that holds the user's password topic.

This is a privileged method, it bypasses the access control system.

Specified by:

getPrivateWorkspace in interface AccessControl

isMember

public boolean isMember(String username,
               long workspaceId)

Description copied from interface: AccessControl

Checks if a user is a member of a given workspace.

Specified by:

isMember in interface AccessControl

Parameters:

username - the logged in user, or null if no user is logged in.

getConfigTopic

public RelatedTopic getConfigTopic(String configTypeUri,
                          long topicId)

Description copied from interface: AccessControl

Returns the configuration topic of the given type for the given topic.

This is a privileged method, it bypasses the access control system.

Specified by:

getConfigTopic in interface AccessControl

emailAddressExists

public boolean emailAddressExists(String emailAddress)

Description copied from interface: AccessControl

Returns true if an "Email Address" (dm4.contacts.email_address) topic with the given value exists, false otherwise.

This is a privileged method, it bypasses the access control system.

Specified by:

emailAddressExists in interface AccessControl

matches

private boolean matches(TopicModel usernameTopic,
              String password)

Prerequisite: usernameTopic is not null.

Parameters:

password - The encoded password.

getPasswordTopic

private TopicModel getPasswordTopic(TopicModel usernameTopic)

Prerequisite: usernameTopic is not null.

_getUserAccount

private TopicModel _getUserAccount(TopicModel usernameTopic)

Prerequisite: usernameTopic is not null.

_getPasswordTopic

private TopicModel _getPasswordTopic(TopicModel userAccount)

Prerequisite: userAccount is not null.

permissionIfNoWorkspaceIsAssigned

private boolean permissionIfNoWorkspaceIsAssigned(Operation operation,
                                        long objectId,
                                        String typeUri)

_hasPermission

private boolean _hasPermission(String username,
                     Operation operation,
                     long workspaceId)

hasReadPermission

private boolean hasReadPermission(String username,
                        long workspaceId)

Parameters:

username - the logged in user, or null if no user is logged in.

workspaceId - the ID of the workspace that is relevant for the permission check. Is never -1.

hasWritePermission

private boolean hasWritePermission(String username,
                         long workspaceId)

Parameters:

username - the logged in user, or null if no user is logged in.

workspaceId - the ID of the workspace that is relevant for the permission check. Is never -1.

isOwner

private boolean isOwner(String username,
              long workspaceId)

Checks if a user is the owner of a workspace.

Parameters:

username - the logged in user, or null if no user is logged in.

Returns:

true if the user is the owner, false otherwise.

getSharingMode

private SharingMode getSharingMode(long workspaceId)

checkWorkspaceId

private void checkWorkspaceId(long workspaceId)

isTopicmapPrivate

private boolean isTopicmapPrivate(long topicmapId)

isCreator

private boolean isCreator(String username,
                long objectId)

getOwner

private String getOwner(long workspaceId)

getTypeUri

private String getTypeUri(long objectId)

_getUsernameTopic

private TopicModel _getUsernameTopic(String username)

_getUsernameTopicOrThrow

private TopicModel _getUsernameTopicOrThrow(String username)

fetchTopic

private TopicModel fetchTopic(String key,
                    Object value)

Fetches a topic by key/value via direct storage access.

IMPORTANT: only applicable to values indexed with dm4.core.key.

Returns:

the topic, or null if no such topic exists.

queryTopics

private List<TopicModelImpl> queryTopics(String key,
                               Object value)

Queries topics by key/value via direct storage access.

IMPORTANT: only applicable to values indexed with dm4.core.fulltext or dm4.core.fulltext_key.

Returns:

a list, possibly empty.

instantiate

private Topic instantiate(TopicModel model)

Instantiates a topic without performing permission check.

userInfo

private String userInfo(String username)