Package ch.colabproject.colab.api.controller.security

Class SecurityManager

  • public class SecurityManager
extends Object
    To check access rights.
    Author:
    maxence

    • Constructor Detail

      • SecurityManager

        public SecurityManager()

    • Method Detail

      • assertAndGetCurrentUser

        public User assertAndGetCurrentUser()
        Get the current user if it exists.
        Returns:
        the current user
        Throws:
        ch.colabproject.colab.generator.model.exceptions.HttpErrorMessage - authRequired if currentUser is not authenticated

      • assertConditionTx

        public void assertConditionTx​(Conditions.Condition condition,
                              String message)
        Assert the given condition is true
        Parameters:
        condition - the condition to check
        message - message to log in case the assertion failed
        Throws:
        ch.colabproject.colab.generator.model.exceptions.HttpErrorMessage -
        • with authenticationRequired if assertion fails and current user is not authenticated;
        • with forbidden if the authenticated user does not have enough permission

      • assertCreatePermissionTx

        public void assertCreatePermissionTx​(WithPermission o)
        Assert the currentUser has right to create the given object
        Parameters:
        o - object the user want to create

      • assertReadPermissionTx

        public void assertReadPermissionTx​(WithPermission o)
        Assert the currentUser has right to read the given object
        Parameters:
        o - object the user want to read

      • assertUpdatePermissionTx

        public void assertUpdatePermissionTx​(WithPermission o)
        Assert the currentUser has right to update the given object
        Parameters:
        o - object the user want to update

      • assertDeletePermissionTx

        public void assertDeletePermissionTx​(WithPermission o)
        Assert the currentUser has right to update the given object
        Parameters:
        o - object the user want to delete

      • areUserTeammate

        public boolean areUserTeammate​(User a,
                               User b)
        Are two user team mate?
        Parameters:
        a - a user
        b - another user
        Returns:
        true if both user are both member of the same team

      • doUsersHaveCommonProject

        public boolean doUsersHaveCommonProject​(User a,
                                        User b)
        Do the two users have common project ?
        Parameters:
        a - one user
        b - another user
        Returns:
        true if both users are related to the same project

      • hasReadWriteAccess

        public boolean hasReadWriteAccess​(Card card)
        Has the current user read/write access to the given card
        Parameters:
        card - the card
        Returns:
        true if current user can write the card

      • hasReadAccess

        public boolean hasReadAccess​(Card card)
        Has the current user the right to read the given card ?
        Parameters:
        card - the card to read
        Returns:
        true if current user can read the card

      • isCurrentUserMemberOfTheProjectTeam

        public boolean isCurrentUserMemberOfTheProjectTeam​(Project project)
        Is the current user member of the team of the given project?
        Parameters:
        project - the project
        Returns:
        true if the user if member of the project team

      • isCurrentUserOwnerOfTheProject

        public boolean isCurrentUserOwnerOfTheProject​(Project project)
        Is the current user the project owner ?
        Parameters:
        project - the project
        Returns:
        true if the current user is owner of the project

      • isCurrentUserInternalToProject

        public boolean isCurrentUserInternalToProject​(Project project)
        Is the current user internal to the project team?
        Parameters:
        project - the project
        Returns:
        true if the current user is internal to the project

      • isCardTypeOrRefReadableByCurrentUser

        public boolean isCardTypeOrRefReadableByCurrentUser​(Long cardTypeOrRefId)
        Has the current user the right to read the card type (/ reference) ?

        A user can read

        • any global published card type
        • any card type (/ reference) defined in a project he is member of
        • and all the chain of targets of those card types references
        Parameters:
        cardTypeOrRefId - the id of the card type or reference
        Returns:
        true if the current user can read the card type or reference

      • isProjectReadableByCurrentUser

        public boolean isProjectReadableByCurrentUser​(Long projectId)
        Has the current user the right to read the project ?

        A user can read any project he is a member of, has instance maker for or any project which contains a card type or reference the current user has a read access.

        Parameters:
        projectId - the id of the project
        Returns:
        True if the current user can read the project

      • isCopyParamReadableByCurrentUser

        public boolean isCopyParamReadableByCurrentUser​(Long projectId)
        Has the current user the right to read the project copy params ?

        A user can read any project he is a member of or has instance maker for.

        Parameters:
        projectId - the id of the project
        Returns:
        True if the current user can read the project