Package systems.dmx.accesscontrol

Interface AccessControlService

    • Method Detail

      • login

        void login()
        Checks whether the credentials in the authorization string match an existing User Account, and if so, creates an HTTP session. ### FIXDOC
        Parameters:
        authHeader - the authorization string containing the credentials. ### FIXDOC Formatted like a "Authorization" HTTP header value. That is, "Basic " appended by the Base64 encoded form of "{username}:{password}".

      • logout

        void logout()
        Logs the user out. That is invalidating the session associated with the JSESSION ID cookie. For a "non-private" DM installation the response is 204 No Content. For a "private" DM installation the response is 401 Authorization Required. In this case the webclient is supposed to shutdown the DM GUI then. The webclient of a "private" DM installation must only be visible/usable when logged in.

      • getUsername

        String getUsername()
        Returns the username of the logged in user.
        Returns:
        The username, or null if no user is logged in.

      • getUsernameTopic

        Topic getUsernameTopic()
        Returns the "Username" topic of the logged in user.
        Returns:
        The "Username" topic (type dmx.accesscontrol.username), or null if no user is logged in.

      • getPrivateWorkspace

        Topic getPrivateWorkspace()
        Returns the private workspace of the logged in user.

        Note: a user can have more than one private workspace. This method returns only the first one.

        Returns:
        The logged in user's private workspace (a topic of type "Workspace").
        Throws:
        IllegalStateException - if no user is logged in.
        RuntimeException - if the logged in user has no private workspace.

      • checkAdmin

        void checkAdmin()
        Checks if the current user is a DMX admin and throws AccessControlException if not. Note: if invoked as "System" no AccessControlException is thrown.
        Throws:
        AccessControlException - if the current user is not a DMX admin.

      • createUserAccount

        Topic createUserAccount​(Credentials cred)
        Creates an user account. Only DMX admins are allowed to create user accounts.
        Returns:
        The "Username" topic of the created user account.
        Throws:
        RuntimeException - if the requesting user is not a DMX admin.

      • _createUserAccount

        Topic _createUserAccount​(Credentials cred)
                  throws Exception
        Creates an user account. This is a privileged method: no permissions are checked.

        Security: this method is not callable from outside as it has no REST interface. So the DMX platform is still secure. On the other hand, a 3rd-party plugin which provides a RESTful interface to this method is required to apply an additional authorization measure, e.g. a short-living access token sent via email.

        Returns:
        The "Username" topic of the created user account.
        Throws:
        Exception

      • createUsername

        Topic createUsername​(String username)
        Creates a Username topic and a private workspace. TODO: rename to createUsernameAndPrivateWorkspace?
        Returns:
        The created "Username" topic.

      • getUsernameTopic

        Topic getUsernameTopic​(String username)
        Returns the "Username" topic for the specified username (case-insensitive).
        Parameters:
        username - a username. Must not be null.
        Returns:
        The "Username" topic (type dmx.accesscontrol.username), or null if no such username exists.

      • getWorkspaceOwner

        String getWorkspaceOwner​(long workspaceId)
        Returns the owner of a workspace.
        Returns:
        The username of the owner, or null if no owner is set.

      • setWorkspaceOwner

        void setWorkspaceOwner​(Topic workspace,
                       String username)
        Sets the owner of a workspace. ### TODO: should take an ID instead a topic. ### Core service must be extended with a property setter.

      • enrichWithOwnerInfo

        void enrichWithOwnerInfo​(Topic workspace)
        Retrieves the OWNER and stores it in the given topic's model (under synthetic child type URI dmx.accesscontrol.owner).

      • getMemberships

        List<RelatedTopic> getMemberships​(String username)
        Returns the workspaces of the given user.
        Returns:
        a list of Workspace topics. The "relating" part is the Membership association.

      • getMemberships

        List<RelatedTopic> getMemberships​(long workspaceId)
        Returns the members of the given workspace.
        Returns:
        a list of Username topics. The "relating" part is the Membership association.

      • isMember

        boolean isMember​(String username,
                 long workspaceId)
        Checks if a user is a member of the given workspace.
        Parameters:
        username - the user. If null is passed, false is returned. If an unknown username is passed an exception is thrown.
        workspaceId - the workspace.
        Returns:
        true if the user is a member, false otherwise.

      • getMembership

        Assoc getMembership​(String username,
                    long workspaceId)
        Returns:
        the Membership assoc between the given username and workspace, or null if the user is not a member.

      • createMembership

        void createMembership​(String username,
                      long workspaceId)
        Makes the given user a member of the given workspace.

      • bulkUpdateMemberships

        List<RelatedTopic> bulkUpdateMemberships​(String username,
                                         IdList addWorkspaceIds,
                                         IdList removeWorkspaceIds)
        Returns:
        a list of Workspace topics. The "relating" part is the Membership association.

      • bulkUpdateMemberships

        List<RelatedTopic> bulkUpdateMemberships​(long workspaceId,
                                         IdList addUserIds,
                                         IdList removeUserIds)
        Returns:
        a list of Username topics. The "relating" part is the Membership association.

      • getAdminWorkspaceId

        long getAdminWorkspaceId()

      • getPermissions

        Permissions getPermissions​(long objectId)
        Parameters:
        objectId - a topic ID, or an association ID.
        Returns:
        A Permissions object with one entry: dmx.accesscontrol.operation.write.

      • getCreator

        String getCreator​(long objectId)
        Returns the creator of a topic or an association.
        Returns:
        The username of the creator, or null if no creator is set.

      • getModifier

        String getModifier​(long objectId)
        Returns the modifier of a topic or an association.
        Returns:
        The username of the modifier, or null if no modifier is set.

      • enrichWithUserInfo

        void enrichWithUserInfo​(DMXObject object)
        Retrieves the CREATOR/MODIFIER usernames and stores them in the given object's model (under synthetic child type URIs dmx.accesscontrol.creator and dmx.accesscontrol.modifier).

      • registerAuthorizationMethod

        void registerAuthorizationMethod​(String name,
                                 AuthorizationMethod am)
        Registers an authorization method under the given name, e.g. "LDAP".
        Throws:
        RuntimeException - if an authorization method is already registered under the given name.

      • unregisterAuthorizationMethod

        void unregisterAuthorizationMethod​(String name)
        Unregisters the authorization method that has been registered under the given name. If no authorization method is registered under that name, nothing happens.