| /******************************************************************************* |
| * Copyright (c) 2008-2011 Chair for Applied Software Engineering, |
| * Technische Universitaet Muenchen. |
| * All rights reserved. This program and the accompanying materials |
| * are made available under the terms of the Eclipse Public License v1.0 |
| * which accompanies this distribution, and is available at |
| * http://www.eclipse.org/legal/epl-v10.html |
| * |
| * Contributors: |
| * koegel |
| ******************************************************************************/ |
| package org.eclipse.emf.emfstore.internal.client.accesscontrol; |
| |
| import org.eclipse.emf.emfstore.internal.client.model.Usersession; |
| import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException; |
| import org.eclipse.emf.emfstore.internal.server.model.ProjectId; |
| import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser; |
| import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.ProjectAdminRole; |
| import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.Role; |
| import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.ServerAdmin; |
| |
| /** |
| * Helper class for access control checks. |
| * |
| * @author koegel |
| */ |
| public class AccessControlHelper { |
| |
| private final ACUser user; |
| |
| /** |
| * Default constructor. |
| * |
| * @param usersession the user session that needs to be checked |
| */ |
| public AccessControlHelper(Usersession usersession) { |
| user = usersession.getACUser(); |
| } |
| |
| /** |
| * Check if user has read access to given project id. |
| * |
| * @param projectId the project id |
| * @throws AccessControlException if access is not permitted. |
| */ |
| public void checkReadAccess(ProjectId projectId) throws AccessControlException { |
| for (final Role role : user.getRoles()) { |
| if (role.canRead(projectId, null)) { |
| return; |
| } |
| } |
| throw new AccessControlException(); |
| } |
| |
| /** |
| * Check write access for the given project. |
| * |
| * @param projectId |
| * the ID of a project |
| * @throws AccessControlException if access is denied |
| */ |
| public void checkWriteAccess(ProjectId projectId) throws AccessControlException { |
| |
| for (final Role role : user.getRoles()) { |
| if (role.canDelete(projectId, null) |
| || role.canCreate(projectId, null) |
| || role.canModify(projectId, null)) { |
| return; |
| } |
| } |
| |
| throw new AccessControlException(); |
| } |
| |
| /** |
| * Check project administrator access for the given project. |
| * |
| * @throws AccessControlException if access is denied. |
| */ |
| public void checkProjectAdminAccess() throws AccessControlException { |
| for (final Role role : user.getRoles()) { |
| if (ServerAdmin.class.isInstance(role) || ProjectAdminRole.class.isInstance(role)) { |
| return; |
| } |
| } |
| throw new AccessControlException(); |
| } |
| |
| /** |
| * Check project administrator access for the given project. |
| * |
| * @param projectId the project id |
| * @throws AccessControlException if access is denied. |
| */ |
| public void checkProjectAdminAccess(ProjectId projectId) throws AccessControlException { |
| for (final Role role : user.getRoles()) { |
| if (role.canAdministrate(projectId)) { |
| return; |
| } |
| } |
| throw new AccessControlException(); |
| } |
| |
| /** |
| * Check the server admin access. |
| * |
| * @throws AccessControlException if access is denied. |
| */ |
| public void checkServerAdminAccess() throws AccessControlException { |
| for (final Role role : user.getRoles()) { |
| if (role instanceof ServerAdmin) { |
| return; |
| } |
| } |
| throw new AccessControlException(); |
| } |
| } |