systems.dmx.core.impl

Class AccessControlImpl

Show UML class diagram

java.lang.Object

systems.dmx.core.impl.AccessControlImpl

All Implemented Interfaces:

AccessControl

class AccessControlImpl
extends Object
implements AccessControl

Field Summary

Fields

Modifier and Type	Field and Description
private static String	ADMINISTRATION_WORKSPACE_URI
private static String	ASSOC_TYPE_CONFIGURATION
private static String	ASSOC_TYPE_USER_MAILBOX
private static String	ASSOCIATION_MAPCONTEXT
private ContextTracker	contextTracker
private static String	DMX_WORKSPACE_URI
private Logger	logger
private ModelFactoryImpl	mf
private PersistenceLayer	pl
private static String	PROP_CREATOR
private static String	PROP_OWNER
private static String	PROP_WORKSPACE_ID
private static String	ROLE_TYPE_CONFIGURABLE
private static String	ROLE_TYPE_DEFAULT
private static String	SYSTEM_WORKSPACE_URI
private long	systemWorkspaceId
private static String	TYPE_EMAIL_ADDRESS
private static String	TYPE_MEMBERSHIP
private static String	TYPE_USERNAME

Constructor Summary

Constructors

Constructor and Description
AccessControlImpl(PersistenceLayer pl)

Method Summary

Modifier and Type	Method and Description
private String	_getEmailAddress(String username)
private TopicModel	_getPasswordTopic(TopicModel userAccount) Prerequisite: userAccount is not null.
private TopicModelImpl	_getUserAccount(TopicModel usernameTopic) Prerequisite: usernameTopic is not null.
private String	_getUsername(String emailAddress)
private TopicModelImpl	_getUsernameTopic(String username)
private TopicModelImpl	_getUsernameTopicOrThrow(String username)
private boolean	_hasPermission(String username, Operation operation, long workspaceId)
void	assignToWorkspace(DMXObject object, long workspaceId) Performs the initial workspace assignment for an object.
void	changePassword(Credentials cred) Changes the password of an existing user account.
Topic	checkCredentials(Credentials cred) Checks if the given credentials are valid.
private void	checkWorkspaceId(long workspaceId)
void	deleteAssociationMapcontext(Association assoc)
boolean	emailAddressExists(String emailAddress) Returns true if an "Email Address" (dmx.contacts.email_address) topic with the given value exists, false otherwise.
private TopicModelImpl	fetchTopic(String key, Object value) Fetches a topic by key/value.
private List<TopicModelImpl>	fetchTopicsByOwner(String username, String typeUri) Fetches topics by owner, and filter by type.
long	getAdministrationWorkspaceId() Returns the ID of the "Administration" workspace.
long	getAssignedWorkspaceId(long objectId) Returns the ID of the workspace a topic or association is assigned to.
RelatedTopic	getConfigTopic(String configTypeUri, long topicId) Returns the configuration topic of the given type for the given topic.
String	getCreator(long objectId) Returns the creator of a topic or an association.
long	getDMXWorkspaceId() Returns the ID of the "DMX" workspace.
String	getEmailAddress(String username) Returns the email address for the given username.
private String	getOwner(long workspaceId)
private TopicModel	getPasswordTopic(TopicModel usernameTopic) Prerequisite: usernameTopic is not null.
Topic	getPrivateWorkspace(String username) Returns the private workspace of the given user.
private SharingMode	getSharingMode(long workspaceId)
long	getSystemWorkspaceId() Returns the ID of the "System" workspace.
private String	getTypeUri(long objectId)
String	getUsername(javax.servlet.http.HttpServletRequest request) Returns the username that is associated with a request.
String	getUsername(String emailAddress) Returns the username for the given email address.
Topic	getUsernameTopic(javax.servlet.http.HttpServletRequest request) Convenience method that returns the Username topic that corresponds to a request.
Topic	getUsernameTopic(String username) Returns the Username topic that corresponds to a username.
Topic	getWorkspace(String uri) Returns a workspace by URI.
boolean	hasPermission(String username, Operation operation, long objectId) Checks if a user is permitted to perform an operation on an object (topic or association).
boolean	hasReadPermission(String username, long workspaceId)
boolean	hasWritePermission(String username, long workspaceId)
private boolean	isCreator(String username, long objectId)
boolean	isMember(String username, long workspaceId) Checks if a user is a member of a given workspace.
private boolean	isOwner(String username, long workspaceId) Checks if a user is the owner of a workspace.
private boolean	isTopicmapPrivate(long topicmapId)
boolean	isWorkspaceAssignment(Association assoc) Checks if an association represents a workspace assignment.
private boolean	matches(TopicModel usernameTopic, String password) Prerequisite: usernameTopic is not null.
private boolean	permissionIfNoWorkspaceIsAssigned(Operation operation, long objectId, String typeUri)
private List<TopicModelImpl>	queryTopics(String key, Object value) Queries topics by key/value.
<V> V	runWithoutWorkspaceAssignment(Callable<V> callable) Runs a code block while suppressing the standard workspace assignment for all topics/associations created within that code block.
private String	userInfo(String username)
String	username(javax.servlet.http.HttpSession session) Returns the username that is associated with a session.
boolean	workspaceAssignmentIsSuppressed() Returns true if standard workspace assignment is currently suppressed for the current thread.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TYPE_MEMBERSHIP

private static final String TYPE_MEMBERSHIP

See Also:

Constant Field Values

TYPE_USERNAME

private static final String TYPE_USERNAME

See Also:

Constant Field Values

ASSOCIATION_MAPCONTEXT

private static final String ASSOCIATION_MAPCONTEXT

See Also:

Constant Field Values

TYPE_EMAIL_ADDRESS

private static final String TYPE_EMAIL_ADDRESS

See Also:

Constant Field Values

ASSOC_TYPE_USER_MAILBOX

private static final String ASSOC_TYPE_USER_MAILBOX

See Also:

Constant Field Values

ASSOC_TYPE_CONFIGURATION

private static final String ASSOC_TYPE_CONFIGURATION

See Also:

Constant Field Values

ROLE_TYPE_CONFIGURABLE

private static final String ROLE_TYPE_CONFIGURABLE

See Also:

Constant Field Values

ROLE_TYPE_DEFAULT

private static final String ROLE_TYPE_DEFAULT

See Also:

Constant Field Values

PROP_CREATOR

private static final String PROP_CREATOR

See Also:

Constant Field Values

PROP_OWNER

private static final String PROP_OWNER

See Also:

Constant Field Values

PROP_WORKSPACE_ID

private static final String PROP_WORKSPACE_ID

See Also:

Constant Field Values

DMX_WORKSPACE_URI

private static final String DMX_WORKSPACE_URI

See Also:

Constant Field Values

ADMINISTRATION_WORKSPACE_URI

private static final String ADMINISTRATION_WORKSPACE_URI

See Also:

Constant Field Values

SYSTEM_WORKSPACE_URI

private static final String SYSTEM_WORKSPACE_URI

See Also:

Constant Field Values

systemWorkspaceId

private long systemWorkspaceId

contextTracker

private ContextTracker contextTracker

pl

private PersistenceLayer pl

mf

private ModelFactoryImpl mf

logger

private Logger logger

Constructor Detail

AccessControlImpl

AccessControlImpl(PersistenceLayer pl)

Method Detail

hasPermission

public boolean hasPermission(String username,
                             Operation operation,
                             long objectId)

Description copied from interface: AccessControl

Checks if a user is permitted to perform an operation on an object (topic or association).

Specified by:

hasPermission in interface AccessControl

Parameters:

username - the logged in user, or null if no user is logged in.

objectId - a topic ID, or an association ID.

Returns:

true if permission is granted, false otherwise.

hasReadPermission

public boolean hasReadPermission(String username,
                                 long workspaceId)

Specified by:

hasReadPermission in interface AccessControl

Parameters:

username - the logged in user, or null if no user is logged in.

workspaceId - the ID of the workspace that is relevant for the permission check. Is never -1.

hasWritePermission

public boolean hasWritePermission(String username,
                                  long workspaceId)

Specified by:

hasWritePermission in interface AccessControl

Parameters:

username - the logged in user, or null if no user is logged in.

workspaceId - the ID of the workspace that is relevant for the permission check. Is never -1.

checkCredentials

public Topic checkCredentials(Credentials cred)

Description copied from interface: AccessControl

Checks if the given credentials are valid.

Specified by:

checkCredentials in interface AccessControl

Returns:

the corresponding Username topic if the credentials are valid, or null otherwise.

changePassword

public void changePassword(Credentials cred)

Description copied from interface: AccessControl

Changes the password of an existing user account.

This is a privileged method: it works also if the respective user is not logged in.

Specified by:

changePassword in interface AccessControl

Parameters:

cred - the username and new password. An user account with the given username must exist. (The username can't be changed.)

getUsernameTopic

public Topic getUsernameTopic(String username)

Description copied from interface: AccessControl

Returns the Username topic that corresponds to a username.

Specified by:

getUsernameTopic in interface AccessControl

Returns:

the Username topic, or null if no such Username topic exists.

getPrivateWorkspace

public Topic getPrivateWorkspace(String username)

Description copied from interface: AccessControl

Returns the private workspace of the given user.

Note: a user can have more than one private workspace. This method returns only the first one.

This is a privileged method, it bypasses the access control system.

Specified by:

getPrivateWorkspace in interface AccessControl

Returns:

The user's private workspace (a topic of type "Workspace").

isMember

public boolean isMember(String username,
                        long workspaceId)

Description copied from interface: AccessControl

Checks if a user is a member of a given workspace.

Specified by:

isMember in interface AccessControl

Parameters:

username - the logged in user, or null if no user is logged in.

getCreator

public String getCreator(long objectId)

Description copied from interface: AccessControl

Returns the creator of a topic or an association.

Specified by:

getCreator in interface AccessControl

Returns:

The username of the creator, or null if no creator is set.

getUsername

public String getUsername(javax.servlet.http.HttpServletRequest request)

Description copied from interface: AccessControl

Returns the username that is associated with a request.

Specified by:

getUsername in interface AccessControl

Returns:

the username, or null if no user is associated with the request.

getUsernameTopic

public Topic getUsernameTopic(javax.servlet.http.HttpServletRequest request)

Description copied from interface: AccessControl

Convenience method that returns the Username topic that corresponds to a request. Basically it calls getUsernameTopic(getUsername(request)).

Specified by:

getUsernameTopic in interface AccessControl

Returns:

the Username topic, or null if no user is associated with the request.

username

public String username(javax.servlet.http.HttpSession session)

Description copied from interface: AccessControl

Returns the username that is associated with a session.

Specified by:

username in interface AccessControl

Returns:

the username, or null if no user is associated with the session.

getWorkspace

public Topic getWorkspace(String uri)

Description copied from interface: AccessControl

Returns a workspace by URI.

This is a privileged method: it works also if the current user has no READ permission for the workspace.

Specified by:

getWorkspace in interface AccessControl

Returns:

The workspace (a topic of type "Workspace").

getDMXWorkspaceId

public long getDMXWorkspaceId()

Description copied from interface: AccessControl

Returns the ID of the "DMX" workspace.

Specified by:

getDMXWorkspaceId in interface AccessControl

getAdministrationWorkspaceId

public long getAdministrationWorkspaceId()

Description copied from interface: AccessControl

Returns the ID of the "Administration" workspace.

Specified by:

getAdministrationWorkspaceId in interface AccessControl

getSystemWorkspaceId

public long getSystemWorkspaceId()

Description copied from interface: AccessControl

Returns the ID of the "System" workspace.

Specified by:

getSystemWorkspaceId in interface AccessControl

getAssignedWorkspaceId

public long getAssignedWorkspaceId(long objectId)

Description copied from interface: AccessControl

Returns the ID of the workspace a topic or association is assigned to.

Specified by:

getAssignedWorkspaceId in interface AccessControl

Parameters:

objectId - a topic ID, or an association ID

Returns:

The workspace ID, or -1 if no workspace is assigned.

assignToWorkspace

public void assignToWorkspace(DMXObject object,
                              long workspaceId)

Description copied from interface: AccessControl

Performs the initial workspace assignment for an object.

Use this method only for objects which have no workspace assignment already, that is e.g. objects created in a migration or objects created while workspace assignment is deliberately suppressed.

Specified by:

assignToWorkspace in interface AccessControl

isWorkspaceAssignment

public boolean isWorkspaceAssignment(Association assoc)

Description copied from interface: AccessControl

Checks if an association represents a workspace assignment.

This is a privileged method: it works also if the current user has no READ permission for the potential workspace.

Specified by:

isWorkspaceAssignment in interface AccessControl

runWithoutWorkspaceAssignment

public <V> V runWithoutWorkspaceAssignment(Callable<V> callable)
                                    throws Exception

Description copied from interface: AccessControl

Runs a code block while suppressing the standard workspace assignment for all topics/associations created within that code block.

Specified by:

runWithoutWorkspaceAssignment in interface AccessControl

Throws:

Exception

workspaceAssignmentIsSuppressed

public boolean workspaceAssignmentIsSuppressed()

Description copied from interface: AccessControl

Returns true if standard workspace assignment is currently suppressed for the current thread.

Specified by:

workspaceAssignmentIsSuppressed in interface AccessControl

deleteAssociationMapcontext

public void deleteAssociationMapcontext(Association assoc)

Specified by:

deleteAssociationMapcontext in interface AccessControl

getConfigTopic

public RelatedTopic getConfigTopic(String configTypeUri,
                                   long topicId)

Description copied from interface: AccessControl

Returns the configuration topic of the given type for the given topic.

This is a privileged method, it bypasses the access control system.

Specified by:

getConfigTopic in interface AccessControl

getUsername

public String getUsername(String emailAddress)

Description copied from interface: AccessControl

Returns the username for the given email address.

The username is determined by traversing from the Email Address topic along a org.deepamehta.signup.user_mailbox association.

This is a privileged method, it bypasses the access control system.

Specified by:

getUsername in interface AccessControl

getEmailAddress

public String getEmailAddress(String username)

Description copied from interface: AccessControl

Returns the email address for the given username.

The email address is determined by traversing from the Username topic along a org.deepamehta.signup.user_mailbox association.

This is a privileged method, it bypasses the access control system.

Specified by:

getEmailAddress in interface AccessControl

emailAddressExists

public boolean emailAddressExists(String emailAddress)

Description copied from interface: AccessControl

Returns true if an "Email Address" (dmx.contacts.email_address) topic with the given value exists, false otherwise.

This is a privileged method, it bypasses the access control system.

Specified by:

emailAddressExists in interface AccessControl

matches

private boolean matches(TopicModel usernameTopic,
                        String password)

Prerequisite: usernameTopic is not null.

Parameters:

password - The encoded password.

getPasswordTopic

private TopicModel getPasswordTopic(TopicModel usernameTopic)

Prerequisite: usernameTopic is not null.

_getUserAccount

private TopicModelImpl _getUserAccount(TopicModel usernameTopic)

Prerequisite: usernameTopic is not null.

_getPasswordTopic

private TopicModel _getPasswordTopic(TopicModel userAccount)

Prerequisite: userAccount is not null.

permissionIfNoWorkspaceIsAssigned

private boolean permissionIfNoWorkspaceIsAssigned(Operation operation,
                                                  long objectId,
                                                  String typeUri)

_hasPermission

private boolean _hasPermission(String username,
                               Operation operation,
                               long workspaceId)

isOwner

private boolean isOwner(String username,
                        long workspaceId)

Checks if a user is the owner of a workspace.

Parameters:

username - the logged in user, or null if no user is logged in.

Returns:

true if the user is the owner, false otherwise.

getSharingMode

private SharingMode getSharingMode(long workspaceId)

checkWorkspaceId

private void checkWorkspaceId(long workspaceId)

isTopicmapPrivate

private boolean isTopicmapPrivate(long topicmapId)

isCreator

private boolean isCreator(String username,
                          long objectId)

getOwner

private String getOwner(long workspaceId)

getTypeUri

private String getTypeUri(long objectId)

_getUsernameTopic

private TopicModelImpl _getUsernameTopic(String username)

_getUsernameTopicOrThrow

private TopicModelImpl _getUsernameTopicOrThrow(String username)

_getUsername

private String _getUsername(String emailAddress)

_getEmailAddress

private String _getEmailAddress(String username)

fetchTopic

private TopicModelImpl fetchTopic(String key,
                                  Object value)

Fetches a topic by key/value.

IMPORTANT: only applicable to values indexed with dmx.core.key.

Returns:

the topic, or null if no such topic exists.

queryTopics

private List<TopicModelImpl> queryTopics(String key,
                                         Object value)

Queries topics by key/value.

IMPORTANT: only applicable to values indexed with dmx.core.fulltext or dmx.core.fulltext_key.

Returns:

a list, possibly empty.

fetchTopicsByOwner

private List<TopicModelImpl> fetchTopicsByOwner(String username,
                                                String typeUri)

Fetches topics by owner, and filter by type.

userInfo

private String userInfo(String username)