| /******************************************************************************* |
| * Copyright 2011 Chair for Applied Software Engineering, |
| * Technische Universitaet Muenchen. |
| * All rights reserved. This program and the accompanying materials |
| * are made available under the Eclipse Public License v1.0 |
| * which accompanies this distribution, and is available at |
| * http://www.eclipse.org/legal/epl-v10.html |
| * |
| * Contributors: |
| ******************************************************************************/ |
| package org.eclipse.emf.emfstore.server.accesscontrol; |
| |
| import java.util.Set; |
| |
| import org.eclipse.emf.ecore.EObject; |
| import org.eclipse.emf.emfstore.server.core.MethodInvocation; |
| import org.eclipse.emf.emfstore.server.exceptions.AccessControlException; |
| import org.eclipse.emf.emfstore.server.model.ProjectId; |
| import org.eclipse.emf.emfstore.server.model.SessionId; |
| import org.eclipse.emf.emfstore.server.model.accesscontrol.ACOrgUnitId; |
| import org.eclipse.emf.emfstore.server.model.accesscontrol.ACUser; |
| |
| /** |
| * Control for the authorization of users. |
| * |
| * @author koegel |
| */ |
| public interface AuthorizationControl { |
| |
| /** |
| * Check if the given session is valid. |
| * |
| * @param sessionId the session id |
| * @throws AccessControlException if the session is invalid |
| */ |
| void checkSession(SessionId sessionId) throws AccessControlException; |
| |
| /** |
| * Check if the session is valid for admin access to the given project. |
| * |
| * @param sessionId the session id |
| * @param projectId the project id |
| * @throws AccessControlException if the session is invalid for admin access |
| */ |
| void checkProjectAdminAccess(SessionId sessionId, ProjectId projectId) throws AccessControlException; |
| |
| /** |
| * Check if the session is valid for server admin access. |
| * |
| * @param sessionId the session id |
| * @throws AccessControlException if the session is invalid for server admin access |
| */ |
| void checkServerAdminAccess(SessionId sessionId) throws AccessControlException; |
| |
| /** |
| * Check if the session may read the given model elements in the project. |
| * |
| * @param sessionId session id |
| * @param projectId project id |
| * @param modelElements a set of model elements |
| * @throws AccessControlException if the session may not read any of the model elements |
| */ |
| void checkReadAccess(SessionId sessionId, ProjectId projectId, Set<EObject> modelElements) |
| throws AccessControlException; |
| |
| /** |
| * Check if the session may write the given model elements in the project. |
| * |
| * @param sessionId session id |
| * @param projectId project id |
| * @param modelElements a set of model elements |
| * @throws AccessControlException if the session may not write any of the model elements |
| */ |
| void checkWriteAccess(SessionId sessionId, ProjectId projectId, Set<EObject> modelElements) |
| throws AccessControlException; |
| |
| /** |
| * This method looks up the session id on the server and returns the relating user. Please notice that the returned |
| * user also contains roles which are not contained in the original user. These extra roles come from the user's |
| * groups. |
| * |
| * @param sessionId session id |
| * @return ACUser user with roles from resolved user and it's groups |
| * @throws AccessControlException exception |
| */ |
| ACUser resolveUser(SessionId sessionId) throws AccessControlException; |
| |
| /** |
| * This method looks up the orgUnit id the server and returns the relating user. Please notice that the returned |
| * user also contains roles which are not contained in the original user. These extra roles come from the user's |
| * groups. |
| * |
| * @param orgUnitId OrgUnit id |
| * @return ACUser user with roles from resolved user and it's groups |
| * @throws AccessControlException exception |
| */ |
| ACUser resolveUser(ACOrgUnitId orgUnitId) throws AccessControlException; |
| |
| /** |
| * Checks whether a given operation may be executed. |
| * |
| * @param op |
| * the operation the user intends to execute |
| * |
| * @throws AccessControlException in case access is denied |
| */ |
| void checkAccess(MethodInvocation op) throws AccessControlException; |
| } |