WikittyServiceAuthorisation (Wikitty

java.lang.Object
- org.nuiton.wikitty.services.WikittyServiceDelegator
- - org.nuiton.wikitty.services.WikittyServiceAuthorisation

All Implemented Interfaces:

WikittyService
```
public class WikittyServiceAuthorisation
extends WikittyServiceDelegator
```
Cette classe gere les autorisations d'acces en utilisant les WikittyAuthorization, il faut donc que la personne soit loggue et donc qu'il y ait un WikittyServiceAuthentication dans la pile des services, le plus souvent avant le WikittyServiceAuthorisation pour que la methode de login ne but pas sur les autorisations. FIXME add security policy level two on wikittyAuthorisation to prevent writing

Version:

$Revision$ Last update: $Date$ by : $Author$

Author:

poussin

Nested Class Summary
- Nested classes/interfaces inherited from interface org.nuiton.wikitty.WikittyService
  WikittyService.ServiceListenerType

Field Summary

Fields
Modifier and Type	Field and Description
`protected String`	`appAdminGroupId` cache de l'id du groupe AppAdmin
`static String`	`PUBLIC` special ID can be used in WikittyAuthorization to mark that all user isMember

Fields inherited from class org.nuiton.wikitty.services.WikittyServiceDelegator
anonymousClient, delegate

Constructor Summary

Constructors
Constructor and Description

WikittyServiceAuthorisation(org.nuiton.config.ApplicationConfig config, WikittyService ws)

Constructors
Constructor and Description
`WikittyServiceAuthorisation(org.nuiton.config.ApplicationConfig config, WikittyService ws)`

Method Summary

Methods
Modifier and Type	Method and Description
`protected WikittyQuery`	`addAuthorisationCondition(WikittyQuery q)` Ajoute une condition pour filtre en plus les objets seulement lisible par l'utilisateur loggue.
`protected boolean`	`canAdmin(String securityToken, String userId, String extensionName, Wikitty wikitty)`
`boolean`	`canDelete(String securityToken, String wikittyId)` Verifie que l'utilisateur associe au securityToken peut supprimer le wikitty dont on passe l'identifiant.
`boolean`	`canRead(String securityToken, String wikittyId)` Un utilisateur peu lire un objet, s'il est Reader ou a defaut: - owner - AppAdmin - Admin - Writer
`protected boolean`	`canRead(String securityToken, String userId, String extensionName, Wikitty wikitty)`
`protected boolean`	`canWrite(String securityToken, String userId, String extensionName, Wikitty wikitty)`
`boolean`	`canWrite(String securityToken, Wikitty wikitty)` Verifie si l'utilisateur lie au securityToken a le droit d'ecrire le Wikitty passe en argument.
`void`	`checkDelete(String securityToken, Collection<String> ids)` Check if we can delete all id passed in argument
`protected void`	`checkDeleteExtension(String securityToken, Collection<String> extNames)`
`protected void`	`checkStore(String securityToken, Collection<Wikitty> wikitties)` Indique si on a bien le droit d'enregistrer tout les wikitties de la collection.
`protected void`	`checkStoreExtension(String securityToken, Collection<WikittyExtension> exts)`
`WikittyEvent`	`clear(String securityToken)` Use with caution : It will delete ALL data ! This operation should be disabled in production environment.
`WikittyEvent`	`delete(String securityToken, Collection<String> ids)` Delete all object if id exists.
`WikittyEvent`	`deleteExtension(String securityToken, Collection<String> extNames)` Delete all extension if id exists and no wikitty used this extension.
`WikittyEvent`	`deleteTree(String securityToken, String treeNodeId)` Delete specified tree node and all sub nodes.
`List<WikittyQueryResult<Map<String,Object>>>`	`findAllByQuery(String securityToken, List<WikittyQuery> queries)` Ajoute dans les queries si demande (WikittyQuery#checkAuthorisation) ou si necessaire (WikittyQuery commence par un Select) une condition supplementaire qui filtre les objets remontes en fonction de ce qu'a le droit l'utilisateur courant.
`List<Map<String,Object>>`	`findByQuery(String securityToken, List<WikittyQuery> queries)` Ajoute dans les queries si demande (WikittyQuery#checkAuthorisation) ou si necessaire (WikittyQuery commence par un Select) une condition supplementaire qui filtre les objets remontes en fonction de ce qu'a le droit l'utilisateur courant.
`WikittyQueryResultTreeNode<String>`	`findTreeNode(String securityToken, String wikittyId, int depth, boolean count, WikittyQuery filter)` Ajoute dans filter (si non null) et si demande (WikittyQuery#checkAuthorisation) une condition supplementaire qui filtre les objets remontes en fonction de ce qu'a le droit l'utilisateur courant.
`protected Wikitty`	`getAppAdminGroup(String securityToken)` get the wikitty with extension WikittyGroup that contains all app-admin.
`protected String`	`getUserId(String securityToken)` tell who own a token (who got this token after login).
`protected boolean`	`isAdmin(String securityToken, String userId, Wikitty wikitty, String extensionName)`
`protected boolean`	`isAppAdmin(String securityToken, String userId)` check if a given user belong to the group of app-admins.
`protected boolean`	`isMember(String securityToken, String userId, Set<String> groupOrUser)` Verifie recursivement si un utilisateur est dans un groupe qui peut etre constitue d'autre groupe ou d'utilisateur
`protected boolean`	`isMember(String securityToken, String userId, Wikitty extensionRights, String fqFieldName)` `isMember(String, String, Wikitty, String, boolean)` with default value
`protected boolean`	`isMember(String securityToken, String userId, Wikitty extensionRights, String fqFieldName, boolean considerEmptyGroupAsMembership)` check if a user is listed in a level of rights
`protected boolean`	`isOwner(String securityToken, String userId, Wikitty wikitty, String extensionName)` true if given user is owner
`protected boolean`	`isReader(String securityToken, String userId, Wikitty wikitty, String extensionName)`
`protected boolean`	`isWriter(String securityToken, String userId, Wikitty wikitty, String extensionName)`
`protected void`	`refuseUnauthorizedRead(String securityToken, String userId, Wikitty wikitty)` throw an exception if read is not allowed
`WikittyEvent`	`replay(String securityToken, List<WikittyEvent> events, boolean force)` Replay all events in argument on this WikittyService
`List<Wikitty>`	`restore(String securityToken, List<String> ids)` Restore wikitty
`protected Wikitty`	`restoreExtensionAuthorisation(String securityToken, String extensionName)` restore the wikitty authorisation attached to given extension.
`protected Wikitty`	`restoreExtensionAuthorisation(String securityToken, WikittyExtension extension)` restore the wikitty authorisation attached to given extension.
`Wikitty`	`restoreVersion(String securityToken, String wikittyId, String version)` Restore wikitty in specifique version.
`WikittyEvent`	`store(String securityToken, Collection<Wikitty> wikitties, boolean force)` Manage Update and creation.
`WikittyEvent`	`storeExtension(String securityToken, Collection<WikittyExtension> exts)` Manage Update and creation
`void`	`syncSearchEngine(String securityToken)` Synchronise search engine with wikitty storage engine, i.e.
`protected boolean`	`userIsAnonymousOrAppAdmin(String securityToken, String userId)` if app-admin group exists, return true if given userId is app-admin if app-admin group doesn't exists, return true if user is anonymous

Methods inherited from class org.nuiton.wikitty.services.WikittyServiceDelegator
addWikittyServiceListener, exists, findAllByCriteria, findByCriteria, findTreeNode, getAllExtensionIds, getAllExtensionsRequires, getAnonymousClient, getClient, getDelegate, getToken, isDeleted, login, logout, removeWikittyServiceListener, restoreExtension, restoreExtensionAndDependenciesLastVesion, restoreExtensionLastVersion, setDelegate

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - PUBLIC
```
public static final String PUBLIC
```
    special ID can be used in WikittyAuthorization to mark that all user isMember
    
    See Also:
    Constant Field Values
  - appAdminGroupId
```
protected transient String appAdminGroupId
```
    cache de l'id du groupe AppAdmin
- Constructor Detail
  - WikittyServiceAuthorisation
```
public WikittyServiceAuthorisation(org.nuiton.config.ApplicationConfig config,
                           WikittyService ws)
```
    Parameters:
    config -
    ws -
- Method Detail
  - clear
```
public WikittyEvent clear(String securityToken)
```
    Description copied from interface: WikittyService
    
    Use with caution : It will delete ALL data ! This operation should be disabled in production environment.
    
    Specified by:
    
    clear in interface WikittyService
    
    Overrides:
    
    clear in class WikittyServiceDelegator
    
    Parameters:
    securityToken - security token
  - replay
```
public WikittyEvent replay(String securityToken,
                  List<WikittyEvent> events,
                  boolean force)
```
    Description copied from interface: WikittyService
    
    Replay all events in argument on this WikittyService
    
    Specified by:
    
    replay in interface WikittyService
    
    Overrides:
    
    replay in class WikittyServiceDelegator
    
    Parameters:
    securityToken - security token
    events - event to replay
    force - for to not change wikitty version (use version in wikitty present in event)
    
    Returns:
    new event that represent all event passed in argument. if arguement have: store, store, delete, clear, store. Return event resume all by only one clear + store, because all action before clear is not necessary. Similarly for store + delete for the same object. (note: perhaps this broke history, when history are implanted and two serveur must have same history ?)
  - userIsAnonymousOrAppAdmin
```
protected boolean userIsAnonymousOrAppAdmin(String securityToken,
                                String userId)
```
    if app-admin group exists, return true if given userId is app-admin if app-admin group doesn't exists, return true if user is anonymous
  - store
```
public WikittyEvent store(String securityToken,
                 Collection<Wikitty> wikitties,
                 boolean force)
```
    Description copied from interface: WikittyService
    
    Manage Update and creation.
    
    Specified by:
    
    store in interface WikittyService
    
    Overrides:
    
    store in class WikittyServiceDelegator
    
    Parameters:
    securityToken - security token
    wikitties - list of wikitty to be persisted
    force - boolean force non version version increment on saved wikitty or force version on wikitty creation (version 0.0)
    
    Returns:
    update response
  - restore
```
public List<Wikitty> restore(String securityToken,
                    List<String> ids)
```
    Description copied from interface: WikittyService
    
    Restore wikitty
    
    Specified by:
    
    restore in interface WikittyService
    
    Overrides:
    
    restore in class WikittyServiceDelegator
    
    Parameters:
    securityToken - security token
    ids - list of wikitty ids to restore
    
    Returns:
    list of corresponding wikitty, if one id is not valid (no object or deleted or no authorisation) this id return null and result list can have null elements
  - findAllByQuery
```
public List<WikittyQueryResult<Map<String,Object>>> findAllByQuery(String securityToken,
                                                          List<WikittyQuery> queries)
```
    Ajoute dans les queries si demande (WikittyQuery#checkAuthorisation) ou si necessaire (WikittyQuery commence par un Select) une condition supplementaire qui filtre les objets remontes en fonction de ce qu'a le droit l'utilisateur courant.
    
    Specified by:
    
    findAllByQuery in interface WikittyService
    
    Overrides:
    
    findAllByQuery in class WikittyServiceDelegator
    
    Parameters:
    securityToken -
    queries -
    
    Returns:
  - findByQuery
```
public List<Map<String,Object>> findByQuery(String securityToken,
                                   List<WikittyQuery> queries)
```
    Ajoute dans les queries si demande (WikittyQuery#checkAuthorisation) ou si necessaire (WikittyQuery commence par un Select) une condition supplementaire qui filtre les objets remontes en fonction de ce qu'a le droit l'utilisateur courant.
    
    Specified by:
    
    findByQuery in interface WikittyService
    
    Overrides:
    
    findByQuery in class WikittyServiceDelegator
    
    Parameters:
    securityToken -
    queries -
    
    Returns:
  - findTreeNode
```
public WikittyQueryResultTreeNode<String> findTreeNode(String securityToken,
                                              String wikittyId,
                                              int depth,
                                              boolean count,
                                              WikittyQuery filter)
```
    Ajoute dans filter (si non null) et si demande (WikittyQuery#checkAuthorisation) une condition supplementaire qui filtre les objets remontes en fonction de ce qu'a le droit l'utilisateur courant.
    
    Specified by:
    
    findTreeNode in interface WikittyService
    
    Overrides:
    
    findTreeNode in class WikittyServiceDelegator
    
    Parameters:
    securityToken -
    queries -
    
    Returns:
  - addAuthorisationCondition
```
protected WikittyQuery addAuthorisationCondition(WikittyQuery q)
```
    Ajoute une condition pour filtre en plus les objets seulement lisible par l'utilisateur loggue.
    
    Parameters:
    q - La requete a modifier
    
    Returns:
    une nouvelle requete avec la clause en plus
  - checkStore
```
protected void checkStore(String securityToken,
              Collection<Wikitty> wikitties)
```
    Indique si on a bien le droit d'enregistrer tout les wikitties de la collection. Des que pour un wikitty on a pas les droits, une exception est levee.
    
    Parameters:
    securityToken -
    wikitties -
  - refuseUnauthorizedRead
```
protected void refuseUnauthorizedRead(String securityToken,
                          String userId,
                          Wikitty wikitty)
```
    throw an exception if read is not allowed
  - canRead
```
protected boolean canRead(String securityToken,
              String userId,
              String extensionName,
              Wikitty wikitty)
```
  - canWrite
```
protected boolean canWrite(String securityToken,
               String userId,
               String extensionName,
               Wikitty wikitty)
```
  - canAdmin
```
protected boolean canAdmin(String securityToken,
               String userId,
               String extensionName,
               Wikitty wikitty)
```
  - delete
```
public WikittyEvent delete(String securityToken,
                  Collection<String> ids)
```
    Description copied from interface: WikittyService
    
    Delete all object if id exists.
    
    Specified by:
    
    delete in interface WikittyService
    
    Overrides:
    
    delete in class WikittyServiceDelegator
    
    Parameters:
    securityToken - security token
    ids - object's ids to remove
  - checkDelete
```
public void checkDelete(String securityToken,
               Collection<String> ids)
```
    Check if we can delete all id passed in argument
    
    Parameters:
    securityToken -
    ids -
  - canWrite
```
public boolean canWrite(String securityToken,
               Wikitty wikitty)
```
    Description copied from interface: WikittyService
    
    Verifie si l'utilisateur lie au securityToken a le droit d'ecrire le Wikitty passe en argument. On ne peut pas passer seulement l'id du wikitty en parametre car de nouvelles extensions ont peut lui etre ajouter depuis la derniere sauvegarde
    
    Specified by:
    
    canWrite in interface WikittyService
    
    Overrides:
    
    canWrite in class WikittyServiceDelegator
    
    Parameters:
    securityToken - le token de securite qui permet de retrouver l'utilisateur et ainsi verifier les droits
    wikitty - le wikitty a sauver
    
    Returns:
    vrai si l'utilisateur peut sauver l'objet
  - canDelete
```
public boolean canDelete(String securityToken,
                String wikittyId)
```
    Description copied from interface: WikittyService
    
    Verifie que l'utilisateur associe au securityToken peut supprimer le wikitty dont on passe l'identifiant. Seul le propriétaire de l'objet ou un admin peut supprimer un objet. Si l'id de l'objet est invalide, la methode retourne true, car la suppression d'un id invalide ne fait rien
    
    Specified by:
    
    canDelete in interface WikittyService
    
    Overrides:
    
    canDelete in class WikittyServiceDelegator
    
    Parameters:
    securityToken - security token
    wikittyId - wikitty id
    
    Returns:
    vrai le la suppression ne posera pas de probleme.
  - canRead
```
public boolean canRead(String securityToken,
              String wikittyId)
```
    Description copied from interface: WikittyService
    
    Un utilisateur peu lire un objet, s'il est Reader ou a defaut: - owner - AppAdmin - Admin - Writer
    
    Specified by:
    
    canRead in interface WikittyService
    
    Overrides:
    
    canRead in class WikittyServiceDelegator
    
    Parameters:
    securityToken - security token
    wikittyId - wikitty id
    
    Returns:
    vrai si l'utilisateur peut lire l'obbjet. Si l'id est invalide alors on retourne false (l'utilisateur ne peut pas lire un objet qui n'existe pas)
  - checkStoreExtension
```
protected void checkStoreExtension(String securityToken,
                       Collection<WikittyExtension> exts)
```
  - checkDeleteExtension
```
protected void checkDeleteExtension(String securityToken,
                        Collection<String> extNames)
```
  - storeExtension
```
public WikittyEvent storeExtension(String securityToken,
                          Collection<WikittyExtension> exts)
```
    Description copied from interface: WikittyService
    
    Manage Update and creation
    
    Specified by:
    
    storeExtension in interface WikittyService
    
    Overrides:
    
    storeExtension in class WikittyServiceDelegator
    
    Parameters:
    securityToken - security token
    exts - list of wikitty extension to be persisted
    
    Returns:
    update response
  - deleteExtension
```
public WikittyEvent deleteExtension(String securityToken,
                           Collection<String> extNames)
```
    Description copied from interface: WikittyService
    
    Delete all extension if id exists and no wikitty used this extension. extension name must be just the name (extName)
    
    Specified by:
    
    deleteExtension in interface WikittyService
    
    Overrides:
    
    deleteExtension in class WikittyServiceDelegator
    
    Parameters:
    securityToken - security token
    extNames - extension's names to remove
  - deleteTree
```
public WikittyEvent deleteTree(String securityToken,
                      String treeNodeId)
```
    Description copied from interface: WikittyService
    
    Delete specified tree node and all sub nodes.
    
    Specified by:
    
    deleteTree in interface WikittyService
    
    Overrides:
    
    deleteTree in class WikittyServiceDelegator
    
    Parameters:
    securityToken - security token
    treeNodeId - tree node id to delete
    
    Returns:
    delete wikitty ids
  - restoreVersion
```
public Wikitty restoreVersion(String securityToken,
                     String wikittyId,
                     String version)
```
    Description copied from interface: WikittyService
    
    Restore wikitty in specifique version. Authorisation is checked on last version even for previous wikitty version
    
    Specified by:
    
    restoreVersion in interface WikittyService
    
    Overrides:
    
    restoreVersion in class WikittyServiceDelegator
    
    Parameters:
    securityToken - security token
  - syncSearchEngine
```
public void syncSearchEngine(String securityToken)
```
    Description copied from interface: WikittyService
    
    Synchronise search engine with wikitty storage engine, i.e. clear and reindex all wikitties.
    
    Specified by:
    
    syncSearchEngine in interface WikittyService
    
    Overrides:
    
    syncSearchEngine in class WikittyServiceDelegator
    
    Parameters:
    securityToken - security token
  - getUserId
```
protected String getUserId(String securityToken)
```
    tell who own a token (who got this token after login).
    
    Parameters:
    securityToken - the token whose owner will be returned
    
    Returns:
    a wikitty Id (wikitty has extension WikittyUser)
  - isReader
```
protected boolean isReader(String securityToken,
               String userId,
               Wikitty wikitty,
               String extensionName)
```
    Parameters:
    securityToken -
    userId -
    wikitty -
    extensionName - may be null
    
    Returns:
  - isWriter
```
protected boolean isWriter(String securityToken,
               String userId,
               Wikitty wikitty,
               String extensionName)
```
    Parameters:
    securityToken -
    userId -
    wikitty -
    extensionName - may be null
    
    Returns:
  - isAdmin
```
protected boolean isAdmin(String securityToken,
              String userId,
              Wikitty wikitty,
              String extensionName)
```
    Parameters:
    securityToken -
    userId -
    wikitty -
    extensionName - may be null
    
    Returns:
  - isOwner
```
protected boolean isOwner(String securityToken,
              String userId,
              Wikitty wikitty,
              String extensionName)
```
    true if given user is owner
    
    Parameters:
    securityToken -
    userId -
    wikitty -
    extensionName - may be null
    
    Returns:
  - isMember
```
protected boolean isMember(String securityToken,
               String userId,
               Wikitty extensionRights,
               String fqFieldName)
```
    isMember(String, String, Wikitty, String, boolean) with default value
  - isMember
```
protected boolean isMember(String securityToken,
               String userId,
               Wikitty extensionRights,
               String fqFieldName,
               boolean considerEmptyGroupAsMembership)
```
    check if a user is listed in a level of rights
    
    Parameters:
    securityToken -
    userId - the userId to look for
    extensionRights - a wikitty with WikittyAuthorisation as extension OR meta-extension
    fqFieldName - the field to look into, it should be one of the field of extension WikittyAuthorisation it has to be a FQN and may contain an extension-name if using meta-extension
    considerEmptyGroupAsMembership - if true, an empty field value will be considered as "every-one is in the group". Most of the time, it will be false but true should be passed for "reader" level because user has right to read if he belongs to "reader" OR if reader is empty
    
    Returns:
    true if userId appear in the single/list of group/user of given field
  - isAppAdmin
```
protected boolean isAppAdmin(String securityToken,
                 String userId)
```
    check if a given user belong to the group of app-admins.
  - getAppAdminGroup
```
protected Wikitty getAppAdminGroup(String securityToken)
```
    get the wikitty with extension WikittyGroup that contains all app-admin.
  - isMember
```
protected boolean isMember(String securityToken,
               String userId,
               Set<String> groupOrUser)
```
    Verifie recursivement si un utilisateur est dans un groupe qui peut etre constitue d'autre groupe ou d'utilisateur
    
    Parameters:
    userId - l'utilisateur recherche
    groupOrUser - la liste des id d'utilisateurs ou d'autres groupes
    
    Returns:
    vrai si userId est retrouve, false sinon
  - restoreExtensionAuthorisation
```
protected Wikitty restoreExtensionAuthorisation(String securityToken,
                                    WikittyExtension extension)
```
    restore the wikitty authorisation attached to given extension.
    
    Returns:
    a wikitty with WikittyAuthorisation extension, or null if given extension has no security policy attached
  - restoreExtensionAuthorisation
```
protected Wikitty restoreExtensionAuthorisation(String securityToken,
                                    String extensionName)
```
    restore the wikitty authorisation attached to given extension.
    
    Returns:
    a wikitty with WikittyAuthorisation extension, or null if given extension has no security policy attached

Class WikittyServiceAuthorisation

Nested Class Summary

Nested classes/interfaces inherited from interface org.nuiton.wikitty.WikittyService

Field Summary

Fields inherited from class org.nuiton.wikitty.services.WikittyServiceDelegator

Constructor Summary

Method Summary

Methods inherited from class org.nuiton.wikitty.services.WikittyServiceDelegator

Methods inherited from class java.lang.Object

Field Detail

PUBLIC

appAdminGroupId

Constructor Detail

WikittyServiceAuthorisation

Method Detail

clear

replay

userIsAnonymousOrAppAdmin

store

restore

findAllByQuery

findByQuery

findTreeNode

addAuthorisationCondition

checkStore

refuseUnauthorizedRead

canRead

canWrite

canAdmin

delete

checkDelete

canWrite

canDelete

canRead

checkStoreExtension

checkDeleteExtension

storeExtension

deleteExtension

deleteTree

restoreVersion

syncSearchEngine

getUserId

isReader

isWriter

isAdmin

isOwner

isMember

isMember

isAppAdmin

getAppAdminGroup

isMember

restoreExtensionAuthorisation

restoreExtensionAuthorisation