Google Git
Sign in
eclipse / emf-store / org.eclipse.emf.emfstore.core / 3d78610d9e5693f966e2000e70dcb6766ce618ca / . / bundles / org.eclipse.emf.emfstore.client / src / org / eclipse / emf / emfstore / internal / client / accesscontrol / AccessControlHelper.java
blob: acd729d83430e86e4719108174b38752cf459a9d [file] [log] [blame]
/*******************************************************************************
* Copyright (c) 2008-2011 Chair for Applied Software Engineering,
* Technische Universitaet Muenchen.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* koegel
******************************************************************************/
package org.eclipse.emf.emfstore.internal.client.accesscontrol;
import org.eclipse.emf.emfstore.internal.client.model.Usersession;
import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException;
import org.eclipse.emf.emfstore.internal.server.model.ProjectId;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.ProjectAdminRole;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.Role;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.ServerAdmin;
/**
* Helper class for access control checks.
*
* @author koegel
*/
public class AccessControlHelper {
private final ACUser user;
/**
* Default constructor.
*
* @param usersession the user session that needs to be checked
*/
public AccessControlHelper(Usersession usersession) {
user = usersession.getACUser();
}
/**
* Check if user has read access to given project id.
*
* @param projectId the project id
* @throws AccessControlException if access is not permitted.
*/
public void checkReadAccess(ProjectId projectId) throws AccessControlException {
for (final Role role : user.getRoles()) {
if (role.canRead(projectId, null)) {
return;
}
}
throw new AccessControlException();
}
/**
* Check write access for the given project.
*
* @param projectId
* the ID of a project
* @throws AccessControlException if access is denied
*/
public void checkWriteAccess(ProjectId projectId) throws AccessControlException {
for (final Role role : user.getRoles()) {
if (role.canDelete(projectId, null)
|| role.canCreate(projectId, null)
|| role.canModify(projectId, null)) {
return;
}
}
throw new AccessControlException();
}
/**
* Check project administrator access for the given project.
*
* @throws AccessControlException if access is denied.
*/
public void checkProjectAdminAccess() throws AccessControlException {
for (final Role role : user.getRoles()) {
if (ServerAdmin.class.isInstance(role) || ProjectAdminRole.class.isInstance(role)) {
return;
}
}
throw new AccessControlException();
}
/**
* Check project administrator access for the given project.
*
* @param projectId the project id
* @throws AccessControlException if access is denied.
*/
public void checkProjectAdminAccess(ProjectId projectId) throws AccessControlException {
for (final Role role : user.getRoles()) {
if (role.canAdministrate(projectId)) {
return;
}
}
throw new AccessControlException();
}
/**
* Check the server admin access.
*
* @throws AccessControlException if access is denied.
*/
public void checkServerAdminAccess() throws AccessControlException {
for (final Role role : user.getRoles()) {
if (role instanceof ServerAdmin) {
return;
}
}
throw new AccessControlException();
}
}