public interface AccessControlService
Modifier and Type | Field and Description |
---|---|
static String |
ADMIN_INITIAL_PASSWORD |
static String |
ADMIN_USERNAME |
static String |
ADMIN_WORKSPACE_NAME |
static SharingMode |
ADMIN_WORKSPACE_SHARING_MODE |
static String |
ADMIN_WORKSPACE_URI |
static String |
DEFAULT_PRIVATE_WORKSPACE_NAME |
static String |
SYSTEM_WORKSPACE_NAME |
static SharingMode |
SYSTEM_WORKSPACE_SHARING_MODE |
static String |
SYSTEM_WORKSPACE_URI |
Modifier and Type | Method and Description |
---|---|
Topic |
_createUserAccount(Credentials cred)
Creates an user account.
|
List<RelatedTopic> |
bulkUpdateMemberships(long workspaceId,
IdList addUserIds,
IdList removeUserIds) |
List<RelatedTopic> |
bulkUpdateMemberships(String username,
IdList addWorkspaceIds,
IdList removeWorkspaceIds) |
void |
checkAdmin()
Checks if the current user is a DMX admin and throws AccessControlException if not.
|
void |
createMembership(String username,
long workspaceId)
Makes the given user a member of the given workspace.
|
Topic |
createUserAccount(Credentials cred)
Creates an user account.
|
Topic |
createUsername(String username)
Creates a Username topic and a private workspace.
|
void |
enrichWithOwnerInfo(Topic workspace)
Retrieves the OWNER and stores it in the given topic's model (under synthetic child type URI
dmx.accesscontrol.owner ). |
void |
enrichWithUserInfo(DMXObject object)
Retrieves the CREATOR/MODIFIER usernames and stores them in the given object's model (under synthetic child type
URIs
dmx.accesscontrol.creator and dmx.accesscontrol.modifier ). |
long |
getAdminWorkspaceId() |
Collection<Assoc> |
getAssocsByCreator(String username) |
Set<String> |
getAuthorizationMethods()
Returns the names of all authorization methods, as registered by
registerAuthorizationMethod(java.lang.String, systems.dmx.accesscontrol.AuthorizationMethod) . |
String |
getCreator(long objectId)
Returns the creator of a topic or an association.
|
Assoc |
getMembership(String username,
long workspaceId) |
List<RelatedTopic> |
getMemberships(long workspaceId)
Returns the members of the given workspace.
|
List<RelatedTopic> |
getMemberships(String username)
Returns the workspaces of the given user.
|
String |
getModifier(long objectId)
Returns the modifier of a topic or an association.
|
Permissions |
getPermissions(long objectId) |
Topic |
getPrivateWorkspace()
Returns the private workspace of the logged in user.
|
Collection<Topic> |
getTopicsByCreator(String username) |
String |
getUsername()
Returns the username of the logged in user.
|
Topic |
getUsernameTopic()
Returns the "Username" topic of the logged in user.
|
Topic |
getUsernameTopic(String username)
Returns the "Username" topic for the specified username (case-insensitive).
|
String |
getWorkspaceOwner(long workspaceId)
Returns the owner of a workspace.
|
Collection<Topic> |
getWorkspacesByOwner(String username) |
boolean |
isMember(String username,
long workspaceId)
Checks if a user is a member of the given workspace.
|
void |
login()
Checks whether the credentials in the authorization string match an existing User Account,
and if so, creates an HTTP session.
|
void |
logout()
Logs the user out.
|
void |
registerAuthorizationMethod(String name,
AuthorizationMethod am)
Registers an authorization method under the given name, e.g.
|
void |
setWorkspaceOwner(Topic workspace,
String username)
Sets the owner of a workspace.
|
void |
unregisterAuthorizationMethod(String name)
Unregisters the authorization method that has been registered under the given name.
|
static final String ADMIN_USERNAME
static final String ADMIN_INITIAL_PASSWORD
static final String ADMIN_WORKSPACE_NAME
static final String ADMIN_WORKSPACE_URI
static final SharingMode ADMIN_WORKSPACE_SHARING_MODE
static final String SYSTEM_WORKSPACE_NAME
static final String SYSTEM_WORKSPACE_URI
static final SharingMode SYSTEM_WORKSPACE_SHARING_MODE
static final String DEFAULT_PRIVATE_WORKSPACE_NAME
void login()
authHeader
- the authorization string containing the credentials. ### FIXDOC
Formatted like a "Authorization" HTTP header value. That is, "Basic " appended by the
Base64 encoded form of "{username}:{password}".void logout()
String getUsername()
null
if no user is logged in.Topic getUsernameTopic()
dmx.accesscontrol.username
),
or null
if no user is logged in.Topic getPrivateWorkspace()
Note: a user can have more than one private workspace. This method returns only the first one.
IllegalStateException
- if no user is logged in.RuntimeException
- if the logged in user has no private workspace.void checkAdmin()
AccessControlException
- if the current user is not a DMX admin.Topic createUserAccount(Credentials cred)
RuntimeException
- if the requesting user is not a DMX admin.Topic _createUserAccount(Credentials cred) throws Exception
Security: this method is not callable from outside as it has no REST interface. So the DMX platform is still secure. On the other hand, a 3rd-party plugin which provides a RESTful interface to this method is required to apply an additional authorization measure, e.g. a short-living access token sent via email.
Exception
Topic createUsername(String username)
Topic getUsernameTopic(String username)
username
- a username. Must not be null.dmx.accesscontrol.username
),
or null
if no such username exists.String getWorkspaceOwner(long workspaceId)
null
if no owner is set.void setWorkspaceOwner(Topic workspace, String username)
void enrichWithOwnerInfo(Topic workspace)
dmx.accesscontrol.owner
).List<RelatedTopic> getMemberships(String username)
List<RelatedTopic> getMemberships(long workspaceId)
boolean isMember(String username, long workspaceId)
username
- the user.
If null
is passed, false
is returned.
If an unknown username is passed an exception is thrown.workspaceId
- the workspace.true
if the user is a member, false
otherwise.Assoc getMembership(String username, long workspaceId)
null
if the
user is not a member.void createMembership(String username, long workspaceId)
List<RelatedTopic> bulkUpdateMemberships(String username, IdList addWorkspaceIds, IdList removeWorkspaceIds)
List<RelatedTopic> bulkUpdateMemberships(long workspaceId, IdList addUserIds, IdList removeUserIds)
long getAdminWorkspaceId()
Permissions getPermissions(long objectId)
objectId
- a topic ID, or an association ID.dmx.accesscontrol.operation.write
.String getCreator(long objectId)
null
if no creator is set.String getModifier(long objectId)
null
if no modifier is set.void enrichWithUserInfo(DMXObject object)
dmx.accesscontrol.creator
and dmx.accesscontrol.modifier
).Collection<Topic> getWorkspacesByOwner(String username)
Collection<Topic> getTopicsByCreator(String username)
Collection<Assoc> getAssocsByCreator(String username)
Set<String> getAuthorizationMethods()
registerAuthorizationMethod(java.lang.String, systems.dmx.accesscontrol.AuthorizationMethod)
.registerAuthorizationMethod(java.lang.String, systems.dmx.accesscontrol.AuthorizationMethod)
, but is an integral part of the DMX platform.void registerAuthorizationMethod(String name, AuthorizationMethod am)
RuntimeException
- if an authorization method is already registered under the given name.void unregisterAuthorizationMethod(String name)
Copyright © 2023. All Rights Reserved.