systems.dmx.core.service.accesscontrol

Interface AccessControl

Show UML class diagram

All Known Implementing Classes:

AccessControlImpl

public interface AccessControl

Method Summary

Modifier and Type	Method and Description
void	assignToWorkspace(DMXObject object, long workspaceId) Performs the initial workspace assignment for an object.
void	changePassword(Credentials cred) Changes the password of an existing user account.
Topic	checkCredentials(Credentials cred) Checks if the given credentials are valid.
void	deleteAssociationMapcontext(Association assoc)
boolean	emailAddressExists(String emailAddress) Returns true if an "Email Address" (dmx.contacts.email_address) topic with the given value exists, false otherwise.
long	getAdministrationWorkspaceId() Returns the ID of the "Administration" workspace.
long	getAssignedWorkspaceId(long objectId) Returns the ID of the workspace a topic or association is assigned to.
RelatedTopic	getConfigTopic(String configTypeUri, long topicId) Returns the configuration topic of the given type for the given topic.
String	getCreator(long objectId) Returns the creator of a topic or an association.
long	getDMXWorkspaceId() Returns the ID of the "DMX" workspace.
String	getEmailAddress(String username) Returns the email address for the given username.
Topic	getPrivateWorkspace(String username) Returns the private workspace of the given user.
long	getSystemWorkspaceId() Returns the ID of the "System" workspace.
String	getUsername(javax.servlet.http.HttpServletRequest request) Returns the username that is associated with a request.
String	getUsername(String emailAddress) Returns the username for the given email address.
Topic	getUsernameTopic(javax.servlet.http.HttpServletRequest request) Convenience method that returns the Username topic that corresponds to a request.
Topic	getUsernameTopic(String username) Returns the Username topic that corresponds to a username.
Topic	getWorkspace(String uri) Returns a workspace by URI.
boolean	hasPermission(String username, Operation operation, long objectId) Checks if a user is permitted to perform an operation on an object (topic or association).
boolean	hasReadPermission(String username, long workspaceId)
boolean	hasWritePermission(String username, long workspaceId)
boolean	isMember(String username, long workspaceId) Checks if a user is a member of a given workspace.
boolean	isWorkspaceAssignment(Association assoc) Checks if an association represents a workspace assignment.
<V> V	runWithoutWorkspaceAssignment(Callable<V> callable) Runs a code block while suppressing the standard workspace assignment for all topics/associations created within that code block.
String	username(javax.servlet.http.HttpSession session) Returns the username that is associated with a session.
boolean	workspaceAssignmentIsSuppressed() Returns true if standard workspace assignment is currently suppressed for the current thread.

Method Detail

hasPermission

boolean hasPermission(String username,
                      Operation operation,
                      long objectId)

Checks if a user is permitted to perform an operation on an object (topic or association).

Parameters:

username - the logged in user, or null if no user is logged in.

objectId - a topic ID, or an association ID.

Returns:

true if permission is granted, false otherwise.

hasReadPermission

boolean hasReadPermission(String username,
                          long workspaceId)

hasWritePermission

boolean hasWritePermission(String username,
                           long workspaceId)

checkCredentials

Topic checkCredentials(Credentials cred)

Checks if the given credentials are valid.

Returns:

the corresponding Username topic if the credentials are valid, or null otherwise.

changePassword

void changePassword(Credentials cred)

Changes the password of an existing user account.

This is a privileged method: it works also if the respective user is not logged in.

Parameters:

cred - the username and new password. An user account with the given username must exist. (The username can't be changed.)

getUsernameTopic

Topic getUsernameTopic(String username)

Returns the Username topic that corresponds to a username.

Returns:

the Username topic, or null if no such Username topic exists.

getPrivateWorkspace

Topic getPrivateWorkspace(String username)

Returns the private workspace of the given user.

Note: a user can have more than one private workspace. This method returns only the first one.

This is a privileged method, it bypasses the access control system.

Returns:

The user's private workspace (a topic of type "Workspace").

Throws:

RuntimeException - if the user has no private workspace.

isMember

boolean isMember(String username,
                 long workspaceId)

Checks if a user is a member of a given workspace.

Parameters:

username - the logged in user, or null if no user is logged in.

getCreator

String getCreator(long objectId)

Returns the creator of a topic or an association.

Returns:

The username of the creator, or null if no creator is set.

getUsername

String getUsername(javax.servlet.http.HttpServletRequest request)

Returns the username that is associated with a request.

Returns:

the username, or null if no user is associated with the request.

getUsernameTopic

Topic getUsernameTopic(javax.servlet.http.HttpServletRequest request)

Convenience method that returns the Username topic that corresponds to a request. Basically it calls getUsernameTopic(getUsername(request)).

Returns:

the Username topic, or null if no user is associated with the request.

username

String username(javax.servlet.http.HttpSession session)

Returns the username that is associated with a session.

Returns:

the username, or null if no user is associated with the session.

getWorkspace

Topic getWorkspace(String uri)

Returns a workspace by URI.

This is a privileged method: it works also if the current user has no READ permission for the workspace.

Returns:

The workspace (a topic of type "Workspace").

Throws:

RuntimeException - If no workspace exists for the given URI.

getDMXWorkspaceId

long getDMXWorkspaceId()

Returns the ID of the "DMX" workspace.

getAdministrationWorkspaceId

long getAdministrationWorkspaceId()

Returns the ID of the "Administration" workspace.

getSystemWorkspaceId

long getSystemWorkspaceId()

Returns the ID of the "System" workspace.

getAssignedWorkspaceId

long getAssignedWorkspaceId(long objectId)

Returns the ID of the workspace a topic or association is assigned to.

Parameters:

objectId - a topic ID, or an association ID

Returns:

The workspace ID, or -1 if no workspace is assigned.

assignToWorkspace

void assignToWorkspace(DMXObject object,
                       long workspaceId)

Performs the initial workspace assignment for an object.

Use this method only for objects which have no workspace assignment already, that is e.g. objects created in a migration or objects created while workspace assignment is deliberately suppressed.

isWorkspaceAssignment

boolean isWorkspaceAssignment(Association assoc)

Checks if an association represents a workspace assignment.

This is a privileged method: it works also if the current user has no READ permission for the potential workspace.

runWithoutWorkspaceAssignment

<V> V runWithoutWorkspaceAssignment(Callable<V> callable)
                             throws Exception

Runs a code block while suppressing the standard workspace assignment for all topics/associations created within that code block.

Throws:

Exception

workspaceAssignmentIsSuppressed

boolean workspaceAssignmentIsSuppressed()

Returns true if standard workspace assignment is currently suppressed for the current thread.

deleteAssociationMapcontext

void deleteAssociationMapcontext(Association assoc)

getConfigTopic

RelatedTopic getConfigTopic(String configTypeUri,
                            long topicId)

Returns the configuration topic of the given type for the given topic.

This is a privileged method, it bypasses the access control system.

Throws:

RuntimeException - if no such configuration topic exists.

getUsername

String getUsername(String emailAddress)

Returns the username for the given email address.

The username is determined by traversing from the Email Address topic along a org.deepamehta.signup.user_mailbox association.

This is a privileged method, it bypasses the access control system.

Throws:

RuntimeException - if no such Email Address topic exists in the DB, or if more than one such Email Address topics exist in the DB, or if the Email Address topic is not associated to a Username topic.

getEmailAddress

String getEmailAddress(String username)

Returns the email address for the given username.

The email address is determined by traversing from the Username topic along a org.deepamehta.signup.user_mailbox association.

This is a privileged method, it bypasses the access control system.

Throws:

RuntimeException - if no such Username topic exists in the DB, or if the Username topic is not associated to an Email Address topic.

emailAddressExists

boolean emailAddressExists(String emailAddress)

Returns true if an "Email Address" (dmx.contacts.email_address) topic with the given value exists, false otherwise.

This is a privileged method, it bypasses the access control system.