AccessControlHelper.java

/*******************************************************************************
 * Copyright (c) 2008-2011 Chair for Applied Software Engineering,
 * Technische Universitaet Muenchen.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 * koegel
 ******************************************************************************/
package org.eclipse.emf.emfstore.internal.client.accesscontrol;

import org.eclipse.emf.emfstore.internal.client.model.Usersession;
import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException;
import org.eclipse.emf.emfstore.internal.server.model.ProjectId;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.ProjectAdminRole;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.Role;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.ServerAdmin;

/**
 * Helper class for access control checks.
 *
 * @author koegel
 */
public class AccessControlHelper {

	private final ACUser user;

	/**
	 * Default constructor.
	 *
	 * @param usersession the user session that needs to be checked
	 */
	public AccessControlHelper(Usersession usersession) {
		user = usersession.getACUser();
	}

	/**
	 * Check if user has read access to given project id.
	 *
	 * @param projectId the project id
	 * @throws AccessControlException if access is not permitted.
	 */
	public void checkReadAccess(ProjectId projectId) throws AccessControlException {
		for (final Role role : user.getRoles()) {
			if (role.canRead(projectId, null)) {
				return;
			}
		}
		throw new AccessControlException();
	}

	/**
	 * Check write access for the given project.
	 *
	 * @param projectId
	 *            the ID of a project
	 * @throws AccessControlException if access is denied
	 */
	public void checkWriteAccess(ProjectId projectId) throws AccessControlException {

		for (final Role role : user.getRoles()) {
			if (role.canDelete(projectId, null)
				|| role.canCreate(projectId, null)
				|| role.canModify(projectId, null)) {
				return;
			}
		}

		throw new AccessControlException();
	}

	/**
	 * Check project administrator access for the given project.
	 *
	 * @throws AccessControlException if access is denied.
	 */
	public void checkProjectAdminAccess() throws AccessControlException {
		for (final Role role : user.getRoles()) {
			if (ServerAdmin.class.isInstance(role) || ProjectAdminRole.class.isInstance(role)) {
				return;
			}
		}
		throw new AccessControlException();
	}

	/**
	 * Check project administrator access for the given project.
	 *
	 * @param projectId the project id
	 * @throws AccessControlException if access is denied.
	 */
	public void checkProjectAdminAccess(ProjectId projectId) throws AccessControlException {
		for (final Role role : user.getRoles()) {
			if (role.canAdministrate(projectId)) {
				return;
			}
		}
		throw new AccessControlException();
	}

	/**
	 * Check the server admin access.
	 *
	 * @throws AccessControlException if access is denied.
	 */
	public void checkServerAdminAccess() throws AccessControlException {
		for (final Role role : user.getRoles()) {
			if (role instanceof ServerAdmin) {
				return;
			}
		}
		throw new AccessControlException();
	}
}