All Downloads are FREE. Search and download functionalities are using the official Maven repository.

de.deepamehta.accesscontrol.AccessControlService Maven / Gradle / Ivy

package de.deepamehta.accesscontrol;

import de.deepamehta.core.Association;
import de.deepamehta.core.Topic;
import de.deepamehta.core.service.accesscontrol.Credentials;
import de.deepamehta.core.service.accesscontrol.Permissions;
import de.deepamehta.core.service.accesscontrol.SharingMode;

import java.util.Collection;



public interface AccessControlService {

    // ------------------------------------------------------------------------------------------------------- Constants

    // Admin user account
    static final String ADMIN_USERNAME = "admin";
    static final String ADMIN_INITIAL_PASSWORD = System.getProperty("dm4.security.initial_admin_password", "");

    // Administration workspace
    static final String ADMINISTRATION_WORKSPACE_NAME = "Administration";
    static final String ADMINISTRATION_WORKSPACE_URI = "dm4.workspaces.administration";
    static final SharingMode ADMINISTRATION_WORKSPACE_SHARING_MODE = SharingMode.COLLABORATIVE;

    // System workspace
    static final String SYSTEM_WORKSPACE_NAME = "System";
    static final String SYSTEM_WORKSPACE_URI = "dm4.workspaces.system";
    static final SharingMode SYSTEM_WORKSPACE_SHARING_MODE = SharingMode.PUBLIC;

    // Private workspaces
    static final String DEFAULT_PRIVATE_WORKSPACE_NAME = "Private Workspace";

    // -------------------------------------------------------------------------------------------------- Public Methods



    // === User Session ===

    /**
     * Checks weather the credentials in the authorization string match an existing User Account,
     * and if so, creates an HTTP session. ### FIXDOC
     *
     * @param   authHeader  the authorization string containing the credentials. ### FIXDOC
     *                      Formatted like a "Authorization" HTTP header value. That is, "Basic " appended by the
     *                      Base64 encoded form of "{username}:{password}".
     *
     * @return  ### FIXDOC: The username of the matched User Account (a Topic of type "Username" /
     *          dm4.accesscontrol.username), or null if there is no matching User Account.
     */
    void login();

    /**
     * Logs the user out. That is invalidating the session associated with the JSESSION ID cookie.
     *
     * For a "non-private" DM installation the response is 204 No Content.
     * For a "private" DM installation the response is 401 Authorization Required. In this case the webclient is
     * supposed to shutdown the DM GUI then. The webclient of a "private" DM installation must only be visible/usable
     * when logged in.
     */
    void logout();

    // ---

    /**
     * Returns the username of the logged in user.
     *
     * @return  The username, or null if no user is logged in.
     */
    String getUsername();

    /**
     * Returns the "Username" topic of the logged in user.
     *
     * @return  The "Username" topic (type dm4.accesscontrol.username),
     *          or null if no user is logged in.
     */
    Topic getUsernameTopic();

    // ---

    /**
     * Returns the private workspace of the logged in user.
     * If no user is logged in an exception is thrown.
     * 

* Note: a user can have more than one private workspace. The workspace returned * by this method is the one that holds the user's password topic. */ Topic getPrivateWorkspace(); // === User Accounts === /** * @return The "Username" topic of the created user account. */ Topic createUserAccount(Credentials cred); /** * Returns the "Username" topic for the specified username. * * @param username a username. Must not be null. * * @return The "Username" topic (type dm4.accesscontrol.username), * or null if no such username exists. */ Topic getUsernameTopic(String username); // === Workspaces / Memberships === /** * Returns the owner of a workspace. * * @return The username of the owner, or null if no owner is set. * ### TODO: should throw an exception instead of returning null */ String getWorkspaceOwner(long workspaceId); /** * Sets the owner of a workspace. * ### TODO: should take an ID instead a topic. * ### Core service must be extended with a property setter. */ void setWorkspaceOwner(Topic workspace, String username); // --- void createMembership(String username, long workspaceId); /** * Checks if a user is a member of the given workspace. * * @param username the user. * If null is passed, false is returned. * If an unknown username is passed an exception is thrown. * @param workspaceId the workspace. * * @return true if the user is a member, false otherwise. */ boolean isMember(String username, long workspaceId); // === Permissions === /** * @return A Permissions object with one entry: dm4.accesscontrol.operation.write. */ Permissions getTopicPermissions(long topicId); /** * @return A Permissions object with one entry: dm4.accesscontrol.operation.write. */ Permissions getAssociationPermissions(long assocId); // === Object Info === /** * Returns the creator of a topic or an association. * * @return The username of the creator, or null if no creator is set. */ String getCreator(long objectId); /** * Returns the modifier of a topic or an association. * * @return The username of the modifier, or null if no modifier is set. */ String getModifier(long objectId); // === Retrieval === Collection getTopicsByCreator(String username); Collection getTopicsByOwner(String username); Collection getAssociationsByCreator(String username); Collection getAssociationsByOwner(String username); }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy