001package de.deepamehta.core.service.accesscontrol; 002 003import de.deepamehta.core.Association; 004import de.deepamehta.core.DeepaMehtaObject; 005import de.deepamehta.core.RelatedTopic; 006import de.deepamehta.core.Topic; 007 008import javax.servlet.http.HttpServletRequest; 009import javax.servlet.http.HttpSession; 010 011import java.util.concurrent.Callable; 012 013 014 015public interface AccessControl { 016 017 /** 018 * Checks if the given credentials are valid. 019 * 020 * @return the corresponding Username topic if the credentials are valid, or <code>null</code> otherwise. 021 */ 022 Topic checkCredentials(Credentials cred); 023 024 /** 025 * Checks if a user is permitted to perform an operation on an object (topic or association). 026 * 027 * @param username the logged in user, or <code>null</code> if no user is logged in. 028 * @param objectId a topic ID, or an association ID. 029 * 030 * @return <code>true</code> if permission is granted, <code>false</code> otherwise. 031 */ 032 boolean hasPermission(String username, Operation operation, long objectId); 033 034 /** 035 * Returns the creator of a topic or an association. 036 * 037 * @return The username of the creator, or <code>null</code> if no creator is set. 038 */ 039 String getCreator(long objectId); 040 041 042 043 // === Workspaces / Memberships === 044 045 /** 046 * Returns a workspace by URI. 047 * 048 * @return The workspace (a topic of type "Workspace"). 049 * 050 * @throws RuntimeException If no workspace exists for the given URI. 051 */ 052 Topic getWorkspace(String uri); 053 054 // --- 055 056 /** 057 * Returns the ID of the "DeepaMehta" workspace. 058 */ 059 long getDeepaMehtaWorkspaceId(); 060 061 /** 062 * Returns the ID of the "Administration" workspace. 063 */ 064 long getAdministrationWorkspaceId(); 065 066 /** 067 * Returns the ID of the "System" workspace. 068 */ 069 long getSystemWorkspaceId(); 070 071 // --- 072 073 /** 074 * Returns the ID of the workspace a topic or association is assigned to. 075 * 076 * @param objectId a topic ID, or an association ID 077 * 078 * @return The workspace ID, or <code>-1</code> if no workspace is assigned. 079 */ 080 long getAssignedWorkspaceId(long objectId); 081 082 /** 083 * Performs the initial workspace assignment for an object. 084 * <p> 085 * Use this method only for objects which have no workspace assignment already, that is e.g. objects 086 * created in a migration or objects created while workspace assignment is deliberately suppressed. 087 */ 088 void assignToWorkspace(DeepaMehtaObject object, long workspaceId); 089 090 /** 091 * Checks if an association represents a workspace assignment. 092 * This is a privileged method: it works also if the current user has no READ permission for the potential 093 * workspace. 094 */ 095 boolean isWorkspaceAssignment(Association assoc); 096 097 // --- 098 099 /** 100 * Runs a code block while suppressing the standard workspace assignment for all topics/associations 101 * created within that code block. 102 */ 103 <V> V runWithoutWorkspaceAssignment(Callable<V> callable) throws Exception; 104 105 /** 106 * Returns true if standard workspace assignment is currently suppressed for the current thread. 107 */ 108 boolean workspaceAssignmentIsSuppressed(); 109 110 111 112 // === User Accounts === 113 114 /** 115 * Returns the Username topic that corresponds to a username. 116 * 117 * @return the Username topic, or <code>null</code> if no such Username topic exists. 118 */ 119 Topic getUsernameTopic(String username); 120 121 /** 122 * Convenience method that returns the Username topic that corresponds to a request. 123 * Basically it calls <code>getUsernameTopic(getUsername(request))</code>. 124 * 125 * @return the Username topic, or <code>null</code> if no user is associated with the request. 126 */ 127 Topic getUsernameTopic(HttpServletRequest request); 128 129 /** 130 * Returns the username that is associated with a request. 131 * 132 * @return the username, or <code>null</code> if no user is associated with the request. 133 */ 134 String getUsername(HttpServletRequest request); 135 136 String username(HttpSession session); 137 138 // --- 139 140 /** 141 * Returns the private workspace of the given user. 142 * <p> 143 * Note: a user can have more than one private workspace. The workspace returned 144 * by this method is the one that holds the user's password topic. 145 * <p> 146 * This is a privileged method, it bypasses the access control system. 147 */ 148 Topic getPrivateWorkspace(String username); 149 150 /** 151 * Checks if a user is a member of a given workspace. 152 * 153 * @param username the logged in user, or <code>null</code> if no user is logged in. 154 */ 155 boolean isMember(String username, long workspaceId); 156 157 158 159 // === Config Service === 160 161 /** 162 * Returns the configuration topic of the given type for the given topic. 163 * <p> 164 * This is a privileged method, it bypasses the access control system. 165 * 166 * @throws RuntimeException if no such configuration topic exists. 167 */ 168 RelatedTopic getConfigTopic(String configTypeUri, long topicId); 169 170 171 172 // === Email Addresses === 173 174 /** 175 * Returns true if an "Email Address" (dm4.contacts.email_address) topic with the given value exists, 176 * false otherwise. 177 * <p> 178 * This is a privileged method, it bypasses the access control system. 179 */ 180 boolean emailAddressExists(String emailAddress); 181}