[New] Added StrolchTransaction.assertHasRole() and .assertHasAnyRole()

2019-01-07 13:56:35 +01:00 · 2019-01-07 13:56:35 +01:00 · 3bbfcab345
parent c67858ce5e
commit 3bbfcab345
4 changed files with 44 additions and 0 deletions
--- a/li.strolch.agent/src/main/java/li/strolch/persistence/api/AbstractTransaction.java
+++ b/li.strolch.agent/src/main/java/li/strolch/persistence/api/AbstractTransaction.java
@ -935,6 +935,18 @@ public abstract class AbstractTransaction implements StrolchTransaction {
 				.validateAction(new TransactedRestrictable(this, operation.getPrivilegeName(element), element));
 	}

+	@Override
+	public void assertHasRole(String roleName) throws AccessDeniedException {
+		DBC.PRE.assertNotNull("roleName must not be null", roleName);
+		getPrivilegeContext().assertHasRole(roleName);
+	}
+
+	@Override
+	public void assertHasAnyRole(String... roleNames) throws AccessDeniedException {
+		DBC.PRE.assertNotNull("roleNames must not be null", roleNames);
+		getPrivilegeContext().assertHasAnyRole(roleNames);
+	}
+
 	@Override
 	public void add(Resource resource) throws StrolchModelException {
 		DBC.PRE.assertNotNull("resource must not be null", resource);
--- a/li.strolch.agent/src/main/java/li/strolch/persistence/api/StrolchTransaction.java
+++ b/li.strolch.agent/src/main/java/li/strolch/persistence/api/StrolchTransaction.java
@ -1244,4 +1244,26 @@ public interface StrolchTransaction extends AutoCloseable {
 	 * 		if the session for this TX does not have the required privilege
 	 */
 	void assertHasPrivilege(Operation operation, StrolchRootElement element) throws AccessDeniedException;
+
+	/**
+	 * Asserts that the current {@link Certificate} has the given role
+	 *
+	 * @param roleName
+	 * 		the name of the role the user should have
+	 *
+	 * @throws AccessDeniedException
+	 * 		if the session for this TX does not have the given role
+	 */
+	void assertHasRole(String roleName) throws AccessDeniedException;
+
+	/**
+	 * Asserts that the current {@link Certificate} has at least one of the given roles
+	 *
+	 * @param roleNames
+	 * 		the list of roles to check if the session for this TX has at least one of them
+	 *
+	 * @throws AccessDeniedException
+	 * 		if the session for this TX does not have any of the given roles
+	 */
+	void assertHasAnyRole(String... roleNames) throws AccessDeniedException;
 }
--- a/li.strolch.agent/src/main/java/li/strolch/runtime/StrolchConstants.java
+++ b/li.strolch.agent/src/main/java/li/strolch/runtime/StrolchConstants.java
@ -61,6 +61,11 @@ public class StrolchConstants {
 	 */
 	public static final String INTERPRETATION_ACTIVITY_REF = StrolchModelConstants.INTERPRETATION_ACTIVITY_REF;

+	/**
+	 * @see StrolchModelConstants#ROLE_STROLCH_ADMIN
+	 */
+	public static final String ROLE_STROLCH_ADMIN = StrolchModelConstants.ROLE_STROLCH_ADMIN;
+
 	public static String makeRealmKey(String realmName, String key) {
 		String realmKey = key;
 		if (!realmName.equals(DEFAULT_REALM))
--- a/li.strolch.model/src/main/java/li/strolch/model/StrolchModelConstants.java
+++ b/li.strolch.model/src/main/java/li/strolch/model/StrolchModelConstants.java
@ -62,4 +62,9 @@ public class StrolchModelConstants {
 	public static final String SUFFIX_REF = "-Ref";
 	public static final String BAG_RELATIONS = "relations";
 	public static final String BAG_PARAMETERS = "parameters";
+
+	/**
+	 * ID of the admin role which has access to all resources
+	 */
+	public static final String ROLE_STROLCH_ADMIN = "StrolchAdmin";
 }