Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.nuiton.wikitty.services
Class WikittyServiceSecurity

java.lang.Object
  extended by org.nuiton.wikitty.services.WikittyServiceDelegator
      extended by org.nuiton.wikitty.services.WikittyServiceSecurity
All Implemented Interfaces:
WikittyService
public class WikittyServiceSecurity
extends WikittyServiceDelegator

FIXME add security policy level two on wikittyAuthorisation to prevent writing

Version:
$Revision: 825 $ Last update: $Date: 2011-04-20 23:01:17 +0200 (mer., 20 avril 2011) $ by : $Author: bpoussin $
Author:
poussin

Nested Class Summary
 
Nested classes/interfaces inherited from interface org.nuiton.wikitty.WikittyService
WikittyService.ServiceListenerType
 
Field Summary
protected  String appAdminGroupId
          cache de l'id du groupe AppAdmin
 
Fields inherited from class org.nuiton.wikitty.services.WikittyServiceDelegator
delegate
 
Constructor Summary
WikittyServiceSecurity(org.nuiton.util.ApplicationConfig config, WikittyService ws)
           
 
Method Summary
 void addWikittyServiceListener(WikittyListener listener, WikittyService.ServiceListenerType type)
          Add new wikitty service listener.
protected  boolean canAdmin(String securityToken, String userId, String extensionName, Wikitty wikitty)
           
 boolean canDelete(String securityToken, String wikittyId)
          Verifie que l'utilisateur associe au securityToken peut supprimer le wikitty dont on passe l'identifiant.
 boolean canRead(String securityToken, String wikittyId)
          Un utilisateur peu lire un objet, s'il est Reader ou a defaut: - owner - AppAdmin - Admin - Writer
protected  boolean canRead(String securityToken, String userId, String extensionName, Wikitty wikitty)
           
protected  boolean canWrite(String securityToken, String userId, String extensionName, Wikitty wikitty)
           
 boolean canWrite(String securityToken, Wikitty wikitty)
          Verifie si l'utilisateur lie au securityToken a le droit d'ecrire le Wikitty passe en argument.
 void checkDelete(String securityToken, Collection<String> ids)
          Check if we can delete all id passed in argument
protected  void checkDeleteExtension(String securityToken, Collection<String> extNames)
           
protected  void checkStore(String securityToken, Collection<Wikitty> wikitties)
          Indique si on a bien le droit d'enregistrer tout les wikitties de la collection.
protected  void checkStoreExtension(String securityToken, Collection<WikittyExtension> exts)
           
 WikittyEvent clear(String securityToken)
          Use with caution : It will delete ALL indexes from search engine !
 WikittyEvent delete(String securityToken, Collection<String> ids)
          Delete all object if id exists.
 WikittyEvent deleteExtension(String securityToken, Collection<String> extNames)
          Delete all extension if id exists and no wikitty used this extension.
 WikittyEvent deleteTree(String securityToken, String treeNodeId)
          Delete specified tree node and all sub nodes.
protected  Wikitty getAppAdminGroup(String securityToken)
          get the wikitty with extension WikittyGroup that contains all app-admin.
protected  String getUserId(String securityToken)
          tell who own a token (who got this token after login).
protected  boolean isAdmin(String securityToken, String userId, Wikitty wikitty, String extensionName)
           
protected  boolean isAppAdmin(String securityToken, String userId)
          check if a given user belong to the group of app-admins.
protected  boolean isMember(String securityToken, String userId, Set<String> groupOrUser)
          Verifie recursivement si un utilisateur est dans un groupe qui peut etre constitue d'autre groupe ou d'utilisateur
protected  boolean isMember(String securityToken, String userId, Wikitty extensionRights, String fqFieldName)
          isMember(String, String, Wikitty, String, boolean) with default value
protected  boolean isMember(String securityToken, String userId, Wikitty extensionRights, String fqFieldName, boolean considerEmptyGroupAsMembership)
          check if a user is listed in a level of rights
protected  boolean isOwner(String securityToken, String userId, Wikitty wikitty, String extensionName)
          true if given user is owner
protected  boolean isReader(String securityToken, String userId, Wikitty wikitty, String extensionName)
           
protected  boolean isWriter(String securityToken, String userId, Wikitty wikitty, String extensionName)
           
 String login(String login, String password)
          Authenticate someone on WikittyService. securityToken returned must be used to call others methods
 void logout(String securityToken)
          Unanthenticate someone by disabled securityToken
protected  void refuseUnauthorizedRead(String securityToken, String userId, Wikitty wikitty)
          throw an exception if read is not allowed
 void removeWikittyServiceListener(WikittyListener listener, WikittyService.ServiceListenerType type)
          Remove wikitty service listener.
 WikittyEvent replay(String securityToken, List<WikittyEvent> events, boolean force)
          Replay all events in argument on this WikittyService
 List<Wikitty> restore(String securityToken, List<String> ids)
          Restore wikitty
protected  Wikitty restoreExtensionAuthorisation(String securityToken, String extensionName)
          restore the wikitty authorisation attached to given extension.
protected  Wikitty restoreExtensionAuthorisation(String securityToken, WikittyExtension extension)
          restore the wikitty authorisation attached to given extension.
 Wikitty restoreVersion(String securityToken, String wikittyId, String version)
          Restore wikitty in specifique version.
 WikittyEvent store(String securityToken, Collection<Wikitty> wikitties, boolean force)
          Manage Update and creation.
 WikittyEvent storeExtension(String securityToken, Collection<WikittyExtension> exts)
          Manage Update and creation
 void syncSearchEngine(String securityToken)
          Synchronise search engine with wikitty storage engine, i.e. clear and reindex all wikitties.
protected  boolean userIsAnonymousOrAppAdmin(String securityToken, String userId)
          if app-admin group exists, return true if given userId is app-admin if app-admin group doesn't exists, return true if user is anonymous
 
Methods inherited from class org.nuiton.wikitty.services.WikittyServiceDelegator
exists, findAllByCriteria, findByCriteria, findTreeNode, getAllExtensionIds, getAllExtensionsRequires, getDelegate, isDeleted, restoreExtension, restoreExtensionLastVersion, setDelegate
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

appAdminGroupId

protected transient String appAdminGroupId
cache de l'id du groupe AppAdmin

Constructor Detail

WikittyServiceSecurity

public WikittyServiceSecurity(org.nuiton.util.ApplicationConfig config,
                              WikittyService ws)
Parameters:
config - not use currently but needed in futur
ws -
Method Detail

addWikittyServiceListener

public void addWikittyServiceListener(WikittyListener listener,
                                      WikittyService.ServiceListenerType type)
Description copied from interface: WikittyService
Add new wikitty service listener. Warning, listener is referenced as WeakReference, but sure to another reference to work.

Specified by:
addWikittyServiceListener in interface WikittyService
Overrides:
addWikittyServiceListener in class WikittyServiceDelegator
Parameters:
listener - listener to add
type - type of event to listen
See Also:
WikittyService.ServiceListenerType

removeWikittyServiceListener

public void removeWikittyServiceListener(WikittyListener listener,
                                         WikittyService.ServiceListenerType type)
Description copied from interface: WikittyService
Remove wikitty service listener. Warning, listener is referenced as WeakReference, but sure to another reference to work.

Specified by:
removeWikittyServiceListener in interface WikittyService
Overrides:
removeWikittyServiceListener in class WikittyServiceDelegator
Parameters:
listener - listener to remove
type - type of event to listen
See Also:
WikittyService.ServiceListenerType

login

public String login(String login,
                    String password)
Description copied from interface: WikittyService
Authenticate someone on WikittyService. securityToken returned must be used to call others methods

Specified by:
login in interface WikittyService
Overrides:
login in class WikittyServiceDelegator
Parameters:
login - can be application specifique login, but best practice is to use email user
Returns:
return token securityToken

logout

public void logout(String securityToken)
Description copied from interface: WikittyService
Unanthenticate someone by disabled securityToken

Specified by:
logout in interface WikittyService
Overrides:
logout in class WikittyServiceDelegator
Parameters:
securityToken - security token previously returned by login. If securityToken is not valid, this method do nothing

clear

public WikittyEvent clear(String securityToken)
Description copied from interface: WikittyService
Use with caution : It will delete ALL indexes from search engine ! This operation should be disabled in production environment.

Specified by:
clear in interface WikittyService
Overrides:
clear in class WikittyServiceDelegator
Parameters:
securityToken - security token

replay

public WikittyEvent replay(String securityToken,
                           List<WikittyEvent> events,
                           boolean force)
Description copied from interface: WikittyService
Replay all events in argument on this WikittyService

Specified by:
replay in interface WikittyService
Overrides:
replay in class WikittyServiceDelegator
Parameters:
securityToken - security token
events - event to replay
force - for to not change wikitty version (use version in wikitty present in event)
Returns:
new event that represent all event passed in argument. if arguement have: store, store, delete, clear, store. Return event resume all by only one clear + store, because all action before clear is not necessary. Similarly for store + delete for the same object. (note: perhaps this broke history, when history are implanted and two serveur must have same history ?)

userIsAnonymousOrAppAdmin

protected boolean userIsAnonymousOrAppAdmin(String securityToken,
                                            String userId)
if app-admin group exists, return true if given userId is app-admin if app-admin group doesn't exists, return true if user is anonymous

store

public WikittyEvent store(String securityToken,
                          Collection<Wikitty> wikitties,
                          boolean force)
Description copied from interface: WikittyService
Manage Update and creation.

Specified by:
store in interface WikittyService
Overrides:
store in class WikittyServiceDelegator
Parameters:
securityToken - security token
wikitties - list of wikitty to be persisted
force - boolean force non version version increment on saved wikitty or force version on wikitty creation (version 0.0)
Returns:
update response

checkStore

protected void checkStore(String securityToken,
                          Collection<Wikitty> wikitties)
Indique si on a bien le droit d'enregistrer tout les wikitties de la collection. Des que pour un wikitty on a pas les droits, une exception est levee.

Parameters:
securityToken -
wikitties -

restore

public List<Wikitty> restore(String securityToken,
                             List<String> ids)
Description copied from interface: WikittyService
Restore wikitty

Specified by:
restore in interface WikittyService
Overrides:
restore in class WikittyServiceDelegator
Parameters:
securityToken - security token
ids - list of wikitty ids to restore
Returns:
list of corresponding wikitty, if one id is not valid (no object or deleted or no authorisation) this id return null and result list can have null elements

refuseUnauthorizedRead

protected void refuseUnauthorizedRead(String securityToken,
                                      String userId,
                                      Wikitty wikitty)
throw an exception if read is not allowed

canRead

protected boolean canRead(String securityToken,
                          String userId,
                          String extensionName,
                          Wikitty wikitty)

canWrite

protected boolean canWrite(String securityToken,
                           String userId,
                           String extensionName,
                           Wikitty wikitty)

canAdmin

protected boolean canAdmin(String securityToken,
                           String userId,
                           String extensionName,
                           Wikitty wikitty)

delete

public WikittyEvent delete(String securityToken,
                           Collection<String> ids)
Description copied from interface: WikittyService
Delete all object if id exists.

Specified by:
delete in interface WikittyService
Overrides:
delete in class WikittyServiceDelegator
Parameters:
securityToken - security token
ids - object's ids to remove

checkDelete

public void checkDelete(String securityToken,
                        Collection<String> ids)
Check if we can delete all id passed in argument

Parameters:
securityToken -
ids -

canWrite

public boolean canWrite(String securityToken,
                        Wikitty wikitty)
Description copied from interface: WikittyService
Verifie si l'utilisateur lie au securityToken a le droit d'ecrire le Wikitty passe en argument. On ne peut pas passer seulement l'id du wikitty en parametre car de nouvelles extensions ont peut lui etre ajouter depuis la derniere sauvegarde

Specified by:
canWrite in interface WikittyService
Overrides:
canWrite in class WikittyServiceDelegator
Parameters:
securityToken - le token de securite qui permet de retrouver l'utilisateur et ainsi verifier les droits
wikitty - le wikitty a sauver
Returns:
vrai si l'utilisateur peut sauver l'objet

canDelete

public boolean canDelete(String securityToken,
                         String wikittyId)
Description copied from interface: WikittyService
Verifie que l'utilisateur associe au securityToken peut supprimer le wikitty dont on passe l'identifiant. Seul le propriƩtaire de l'objet ou un admin peut supprimer un objet. Si l'id de l'objet est invalide, la methode retourne true, car la suppression d'un id invalide ne fait rien

Specified by:
canDelete in interface WikittyService
Overrides:
canDelete in class WikittyServiceDelegator
Parameters:
securityToken - security token
wikittyId - wikitty id
Returns:
vrai le la suppression ne posera pas de probleme.

canRead

public boolean canRead(String securityToken,
                       String wikittyId)
Description copied from interface: WikittyService
Un utilisateur peu lire un objet, s'il est Reader ou a defaut: - owner - AppAdmin - Admin - Writer

Specified by:
canRead in interface WikittyService
Overrides:
canRead in class WikittyServiceDelegator
Parameters:
securityToken - security token
wikittyId - wikitty id
Returns:
vrai si l'utilisateur peut lire l'obbjet

checkStoreExtension

protected void checkStoreExtension(String securityToken,
                                   Collection<WikittyExtension> exts)

checkDeleteExtension

protected void checkDeleteExtension(String securityToken,
                                    Collection<String> extNames)

storeExtension

public WikittyEvent storeExtension(String securityToken,
                                   Collection<WikittyExtension> exts)
Description copied from interface: WikittyService
Manage Update and creation

Specified by:
storeExtension in interface WikittyService
Overrides:
storeExtension in class WikittyServiceDelegator
Parameters:
securityToken - security token
exts - list of wikitty extension to be persisted
Returns:
update response

deleteExtension

public WikittyEvent deleteExtension(String securityToken,
                                    Collection<String> extNames)
Description copied from interface: WikittyService
Delete all extension if id exists and no wikitty used this extension. extension name must be just the name (extName)

Specified by:
deleteExtension in interface WikittyService
Overrides:
deleteExtension in class WikittyServiceDelegator
Parameters:
securityToken - security token
extNames - extension's names to remove

deleteTree

public WikittyEvent deleteTree(String securityToken,
                               String treeNodeId)
Description copied from interface: WikittyService
Delete specified tree node and all sub nodes.

Specified by:
deleteTree in interface WikittyService
Overrides:
deleteTree in class WikittyServiceDelegator
Parameters:
securityToken - security token
treeNodeId - tree node id to delete
Returns:
delete wikitty ids

restoreVersion

public Wikitty restoreVersion(String securityToken,
                              String wikittyId,
                              String version)
Description copied from interface: WikittyService
Restore wikitty in specifique version. Authorisation is checked on last version even for previous wikitty version

Specified by:
restoreVersion in interface WikittyService
Overrides:
restoreVersion in class WikittyServiceDelegator
Parameters:
securityToken - security token

syncSearchEngine

public void syncSearchEngine(String securityToken)
Description copied from interface: WikittyService
Synchronise search engine with wikitty storage engine, i.e. clear and reindex all wikitties.

Specified by:
syncSearchEngine in interface WikittyService
Overrides:
syncSearchEngine in class WikittyServiceDelegator
Parameters:
securityToken - security token

getUserId

protected String getUserId(String securityToken)
tell who own a token (who got this token after login).

Parameters:
securityToken - the token whose owner will be returned
Returns:
a wikitty Id (wikitty has extension WikittyUser)

isReader

protected boolean isReader(String securityToken,
                           String userId,
                           Wikitty wikitty,
                           String extensionName)
Parameters:
securityToken -
userId -
wikitty -
extensionName - may be null
Returns:

isWriter

protected boolean isWriter(String securityToken,
                           String userId,
                           Wikitty wikitty,
                           String extensionName)
Parameters:
securityToken -
userId -
wikitty -
extensionName - may be null
Returns:

isAdmin

protected boolean isAdmin(String securityToken,
                          String userId,
                          Wikitty wikitty,
                          String extensionName)
Parameters:
securityToken -
userId -
wikitty -
extensionName - may be null
Returns:

isOwner

protected boolean isOwner(String securityToken,
                          String userId,
                          Wikitty wikitty,
                          String extensionName)
true if given user is owner

Parameters:
securityToken -
userId -
wikitty -
extensionName - may be null
Returns:

isMember

protected boolean isMember(String securityToken,
                           String userId,
                           Wikitty extensionRights,
                           String fqFieldName)
isMember(String, String, Wikitty, String, boolean) with default value

isMember

protected boolean isMember(String securityToken,
                           String userId,
                           Wikitty extensionRights,
                           String fqFieldName,
                           boolean considerEmptyGroupAsMembership)
check if a user is listed in a level of rights

Parameters:
securityToken -
userId - the userId to look for
extensionRights - a wikitty with WikittyAuthorisation as extension OR meta-extension
fqFieldName - the field to look into, it should be one of the field of extension WikittyAuthorisation it has to be a FQN and may contain an extension-name if using meta-extension
considerEmptyGroupAsMembership - if true, an empty field value will be considered as "every-one is in the group". Most of the time, it will be false but true should be passed for "reader" level because user has right to read if he belongs to "reader" OR if reader is empty
Returns:
true if userId appear in the single/list of group/user of given field

isAppAdmin

protected boolean isAppAdmin(String securityToken,
                             String userId)
check if a given user belong to the group of app-admins.

getAppAdminGroup

protected Wikitty getAppAdminGroup(String securityToken)
get the wikitty with extension WikittyGroup that contains all app-admin.

isMember

protected boolean isMember(String securityToken,
                           String userId,
                           Set<String> groupOrUser)
Verifie recursivement si un utilisateur est dans un groupe qui peut etre constitue d'autre groupe ou d'utilisateur

Parameters:
userId - l'utilisateur recherche
groupOrUser - la liste des id d'utilisateurs ou d'autres groupes
Returns:
vrai si userId est retrouve, false sinon

restoreExtensionAuthorisation

protected Wikitty restoreExtensionAuthorisation(String securityToken,
                                                WikittyExtension extension)
restore the wikitty authorisation attached to given extension.

Returns:
a wikitty with WikittyAuthorisation extension, or null if given extension has no security policy attached

restoreExtensionAuthorisation

protected Wikitty restoreExtensionAuthorisation(String securityToken,
                                                String extensionName)
restore the wikitty authorisation attached to given extension.

Returns:
a wikitty with WikittyAuthorisation extension, or null if given extension has no security policy attached
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2009-2011 CodeLutin. All Rights Reserved.