diff --git a/li.strolch.agent/src/main/java/li/strolch/persistence/api/AbstractTransaction.java b/li.strolch.agent/src/main/java/li/strolch/persistence/api/AbstractTransaction.java index 9e7f4b7c1..47e2c3cc7 100644 --- a/li.strolch.agent/src/main/java/li/strolch/persistence/api/AbstractTransaction.java +++ b/li.strolch.agent/src/main/java/li/strolch/persistence/api/AbstractTransaction.java @@ -935,6 +935,18 @@ public abstract class AbstractTransaction implements StrolchTransaction { .validateAction(new TransactedRestrictable(this, operation.getPrivilegeName(element), element)); } + @Override + public void assertHasRole(String roleName) throws AccessDeniedException { + DBC.PRE.assertNotNull("roleName must not be null", roleName); + getPrivilegeContext().assertHasRole(roleName); + } + + @Override + public void assertHasAnyRole(String... roleNames) throws AccessDeniedException { + DBC.PRE.assertNotNull("roleNames must not be null", roleNames); + getPrivilegeContext().assertHasAnyRole(roleNames); + } + @Override public void add(Resource resource) throws StrolchModelException { DBC.PRE.assertNotNull("resource must not be null", resource); diff --git a/li.strolch.agent/src/main/java/li/strolch/persistence/api/StrolchTransaction.java b/li.strolch.agent/src/main/java/li/strolch/persistence/api/StrolchTransaction.java index 02bdbeb64..75f8f47b1 100644 --- a/li.strolch.agent/src/main/java/li/strolch/persistence/api/StrolchTransaction.java +++ b/li.strolch.agent/src/main/java/li/strolch/persistence/api/StrolchTransaction.java @@ -1244,4 +1244,26 @@ public interface StrolchTransaction extends AutoCloseable { * if the session for this TX does not have the required privilege */ void assertHasPrivilege(Operation operation, StrolchRootElement element) throws AccessDeniedException; + + /** + * Asserts that the current {@link Certificate} has the given role + * + * @param roleName + * the name of the role the user should have + * + * @throws AccessDeniedException + * if the session for this TX does not have the given role + */ + void assertHasRole(String roleName) throws AccessDeniedException; + + /** + * Asserts that the current {@link Certificate} has at least one of the given roles + * + * @param roleNames + * the list of roles to check if the session for this TX has at least one of them + * + * @throws AccessDeniedException + * if the session for this TX does not have any of the given roles + */ + void assertHasAnyRole(String... roleNames) throws AccessDeniedException; } diff --git a/li.strolch.agent/src/main/java/li/strolch/runtime/StrolchConstants.java b/li.strolch.agent/src/main/java/li/strolch/runtime/StrolchConstants.java index 183cde0c3..74b3182d6 100644 --- a/li.strolch.agent/src/main/java/li/strolch/runtime/StrolchConstants.java +++ b/li.strolch.agent/src/main/java/li/strolch/runtime/StrolchConstants.java @@ -61,6 +61,11 @@ public class StrolchConstants { */ public static final String INTERPRETATION_ACTIVITY_REF = StrolchModelConstants.INTERPRETATION_ACTIVITY_REF; + /** + * @see StrolchModelConstants#ROLE_STROLCH_ADMIN + */ + public static final String ROLE_STROLCH_ADMIN = StrolchModelConstants.ROLE_STROLCH_ADMIN; + public static String makeRealmKey(String realmName, String key) { String realmKey = key; if (!realmName.equals(DEFAULT_REALM)) diff --git a/li.strolch.model/src/main/java/li/strolch/model/StrolchModelConstants.java b/li.strolch.model/src/main/java/li/strolch/model/StrolchModelConstants.java index 6d21fcb37..56d73bc93 100644 --- a/li.strolch.model/src/main/java/li/strolch/model/StrolchModelConstants.java +++ b/li.strolch.model/src/main/java/li/strolch/model/StrolchModelConstants.java @@ -62,4 +62,9 @@ public class StrolchModelConstants { public static final String SUFFIX_REF = "-Ref"; public static final String BAG_RELATIONS = "relations"; public static final String BAG_PARAMETERS = "parameters"; + + /** + * ID of the admin role which has access to all resources + */ + public static final String ROLE_STROLCH_ADMIN = "StrolchAdmin"; }