Overview  Package   Class  Use  Tree  Deprecated  Index 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.eclipse.emf.emfstore.internal.server.accesscontrol
Interface AuthorizationControl

All Known Subinterfaces:
AccessControl
All Known Implementing Classes:
AccessControlImpl
public interface AuthorizationControl

Control for the authorization of users.

Author:
koegel

Method Summary
 void checkAccess(MethodInvocation op)
          Checks whether a given operation may be executed.
 boolean checkProjectAdminAccess(SessionId sessionId, ProjectId projectId)
          Check if the session is valid for admin access to the given project.
 boolean checkProjectAdminAccess(SessionId sessionId, ProjectId projectId, PAPrivileges privileg)
          Check if the session is valid for admin access to the given project.
 boolean checkProjectAdminAccessForOrgUnit(SessionId sessionId, ACOrgUnitId orgUnitId)
          Check if the session is valid for admin access to the given organizational unit.
 boolean checkProjectAdminAccessForOrgUnit(SessionId sessionId, ACOrgUnitId orgUnitId, Set<ProjectId> projectIds)
          Check if the session is valid for admin access to the given organizational unit.
 void checkReadAccess(SessionId sessionId, ProjectId projectId, Set<org.eclipse.emf.ecore.EObject> modelElements)
          Check if the session may read the given model elements in the project.
 void checkServerAdminAccess(SessionId sessionId)
          Check if the session is valid for server admin access.
 void checkSession(SessionId sessionId)
          Check if the given session is valid.
 void checkWriteAccess(SessionId sessionId, ProjectId projectId, Set<org.eclipse.emf.ecore.EObject> modelElements)
          Check if the session may write the given model elements in the project.
 SessionId resolveSessionById(String sessionId)
          Given an session ID as a string, returns the corresponding session, if any.
 ACUser resolveUser(ACOrgUnitId orgUnitId)
          This method looks up the orgUnit id the server and returns the relating user.
 ACUser resolveUser(SessionId sessionId)
          This method looks up the session id on the server and returns the relating user.
 

Method Detail

checkSession

void checkSession(SessionId sessionId)
                  throws AccessControlException
Check if the given session is valid.

Parameters:
sessionId - the session id
Throws:
AccessControlException - if the session is invalid

checkProjectAdminAccess

boolean checkProjectAdminAccess(SessionId sessionId,
                                ProjectId projectId,
                                PAPrivileges privileg)
                                throws AccessControlException
Check if the session is valid for admin access to the given project.

Parameters:
sessionId - the session id
projectId - the project id. May be null
privileg - the PAPrivileges to be checked
Returns:
true, if permission is granted via the server admin role, false otherwise
Throws:
AccessControlException - if the session is invalid for admin access

checkProjectAdminAccessForOrgUnit

boolean checkProjectAdminAccessForOrgUnit(SessionId sessionId,
                                          ACOrgUnitId orgUnitId)
                                          throws AccessControlException
Check if the session is valid for admin access to the given organizational unit.

Parameters:
sessionId - the session id
orgUnitId - the ID of an organizational unit
Returns:
true, if permission is granted via the server admin role, false otherwise
Throws:
AccessControlException - if the session is invalid for admin access

checkProjectAdminAccessForOrgUnit

boolean checkProjectAdminAccessForOrgUnit(SessionId sessionId,
                                          ACOrgUnitId orgUnitId,
                                          Set<ProjectId> projectIds)
                                          throws AccessControlException
Check if the session is valid for admin access to the given organizational unit.

Parameters:
sessionId - the session id
orgUnitId - the ID of an organizational unit
projectIds - the set of ProjectIds for which to check access for
Returns:
true, if permission is granted via the server admin role, false otherwise
Throws:
AccessControlException - if the session is invalid for admin access

checkProjectAdminAccess

boolean checkProjectAdminAccess(SessionId sessionId,
                                ProjectId projectId)
                                throws AccessControlException
Check if the session is valid for admin access to the given project.

Parameters:
sessionId - the session id
projectId - the project id. May be null
Returns:
true, if permission is granted via the server admin role, false otherwise
Throws:
AccessControlException - if the session is invalid for admin access

checkServerAdminAccess

void checkServerAdminAccess(SessionId sessionId)
                            throws AccessControlException
Check if the session is valid for server admin access.

Parameters:
sessionId - the session id
Throws:
AccessControlException - if the session is invalid for server admin access

checkReadAccess

void checkReadAccess(SessionId sessionId,
                     ProjectId projectId,
                     Set<org.eclipse.emf.ecore.EObject> modelElements)
                     throws AccessControlException
Check if the session may read the given model elements in the project.

Parameters:
sessionId - session id
projectId - project id
modelElements - a set of model elements
Throws:
AccessControlException - if the session may not read any of the model elements

checkWriteAccess

void checkWriteAccess(SessionId sessionId,
                      ProjectId projectId,
                      Set<org.eclipse.emf.ecore.EObject> modelElements)
                      throws AccessControlException
Check if the session may write the given model elements in the project.

Parameters:
sessionId - session id
projectId - project id
modelElements - a set of model elements
Throws:
AccessControlException - if the session may not write any of the model elements

resolveUser

ACUser resolveUser(SessionId sessionId)
                   throws AccessControlException
This method looks up the session id on the server and returns the relating user. Please notice that the returned user also contains roles which are not contained in the original user. These extra roles come from the user's groups.

Parameters:
sessionId - session id
Returns:
ACUser user with roles from resolved user and it's groups
Throws:
AccessControlException - exception

resolveUser

ACUser resolveUser(ACOrgUnitId orgUnitId)
                   throws AccessControlException
This method looks up the orgUnit id the server and returns the relating user. Please notice that the returned user also contains roles which are not contained in the original user. These extra roles come from the user's groups.

Parameters:
orgUnitId - OrgUnit id
Returns:
ACUser user with roles from resolved user and it's groups
Throws:
AccessControlException - exception

checkAccess

void checkAccess(MethodInvocation op)
                 throws AccessControlException
Checks whether a given operation may be executed.

Parameters:
op - the operation the user intends to execute
Throws:
AccessControlException - in case access is denied

resolveSessionById

SessionId resolveSessionById(String sessionId)
Given an session ID as a string, returns the corresponding session, if any.

Parameters:
sessionId - the session ID to be resolved
Returns:
the resolved session ID, if any, otherwise null
Overview  Package   Class  Use  Tree  Deprecated  Index 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2015. All Rights Reserved.