Package org.exoplatform.social.service.rest

Class SecurityManager

java.lang.Object

org.exoplatform.social.service.rest.SecurityManager

public class SecurityManager
extends Object

The security manager helper class for Social Rest APIs.

Since:

1.2.0-GA, Jun 17, 2011

Author:

hoatle (hoatlevan at gmail dot com), phuonglm

Constructor Summary

Constructors

Constructor	Description
SecurityManager()

Method Summary

Modifier and Type	Method	Description
static boolean	canAccessActivity(org.exoplatform.container.PortalContainer portalContainer, String userIdentityId, org.exoplatform.social.core.activity.model.ExoSocialActivity existingActivity)	Checks if an authenticated remoteId of user can access an existing activity.
static boolean	canAccessActivity(org.exoplatform.container.PortalContainer portalContainer, org.exoplatform.social.core.identity.model.Identity authenticatedIdentity, org.exoplatform.social.core.activity.model.ExoSocialActivity existingActivity)	Checks if an authenticated identity can access an existing activity.
static boolean	canAccessActivityStream(org.exoplatform.container.PortalContainer portalContainer, org.exoplatform.social.core.identity.model.Identity authenticatedIdentity, org.exoplatform.social.core.identity.model.Identity ownerStream)	Checks if an authenticated identity could access the activity stream of an owner stream identity.
static boolean	canCommentToActivity(org.exoplatform.container.PortalContainer portalContainer, org.exoplatform.social.core.identity.model.Identity authenticatedIdentity, org.exoplatform.social.core.activity.model.ExoSocialActivity existingActivity)	Checks if an authenticated identity has the permission to comment on an existing activity.
static boolean	canDeleteActivity(org.exoplatform.container.PortalContainer portalContainer, org.exoplatform.social.core.identity.model.Identity authenticatedIdentity, org.exoplatform.social.core.activity.model.ExoSocialActivity existingActivity)	Checks if an authenticated identity has the permission to delete an existing activity.
static boolean	canDeleteComment(org.exoplatform.container.PortalContainer portalContainer, org.exoplatform.social.core.identity.model.Identity authenticatedIdentity, org.exoplatform.social.core.activity.model.ExoSocialActivity existingComment)	Checks if an authenticated identity has the permission to delete an existing comment.
static boolean	canPostActivity(org.exoplatform.container.PortalContainer portalContainer, org.exoplatform.social.core.identity.model.Identity authenticatedIdentity, org.exoplatform.social.core.identity.model.Identity ownerIdentityStream)	Checks if an poster identity has the permission to post activities on an owner identity stream.
static org.exoplatform.social.core.identity.model.Identity	getAuthenticatedUserIdentity()	Deprecated. use Util.getAuthenticatedUserIdentity(String) instead.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SecurityManager

public SecurityManager()

Method Details

canAccessActivity

public static boolean canAccessActivity(org.exoplatform.container.PortalContainer portalContainer,
 String userIdentityId,
 org.exoplatform.social.core.activity.model.ExoSocialActivity existingActivity)

Checks if an authenticated remoteId of user can access an existing activity.

If the authenticated identity is the one who posted that existing activity, return true.
If the existing activity belongs to that authenticated identity's activity stream, return true.
If the existing activity belongs to that authenticated identity's connections' activity stream, return true.
If the existing activity belongs to a space stream that the authenticated is a space member, return true.
Otherwise, return false.

Parameters:

portalContainer - the specified portal container

userIdentityId - the authenticated identity to check

existingActivity - the existing activity to check

Returns:

true or false

canAccessActivity

public static boolean canAccessActivity(org.exoplatform.container.PortalContainer portalContainer,
 org.exoplatform.social.core.identity.model.Identity authenticatedIdentity,
 org.exoplatform.social.core.activity.model.ExoSocialActivity existingActivity)

Checks if an authenticated identity can access an existing activity.

If the authenticated identity is the one who posted that existing activity, return true.
If the existing activity belongs to that authenticated identity's activity stream, return true.
If the existing activity belongs to that authenticated identity's connections' activity stream, return true.
If the existing activity belongs to a space stream that the authenticated is a space member, return true.
Otherwise, return false.

Parameters:

portalContainer - the specified portal container

authenticatedIdentity - the authenticated identity to check

existingActivity - the existing activity to check

Returns:

true or false

canPostActivity

public static boolean canPostActivity(org.exoplatform.container.PortalContainer portalContainer,
 org.exoplatform.social.core.identity.model.Identity authenticatedIdentity,
 org.exoplatform.social.core.identity.model.Identity ownerIdentityStream)

Checks if an poster identity has the permission to post activities on an owner identity stream.

If posterIdentity is the same as ownerIdentityStream, return true.
If ownerIdentityStream is a user identity, and poster identity is connected to owner identity stream, return true.
If ownerIdentityStream is a space identity, and poster identity is a member of that space, return true.
Otherwise, return false.

Parameters:

portalContainer - the specified portal container

authenticatedIdentity - the authenticated identity to check

ownerIdentityStream - the identity of an existing activity stream.

Returns:

true or false

canDeleteActivity

public static boolean canDeleteActivity(org.exoplatform.container.PortalContainer portalContainer,
 org.exoplatform.social.core.identity.model.Identity authenticatedIdentity,
 org.exoplatform.social.core.activity.model.ExoSocialActivity existingActivity)

Checks if an authenticated identity has the permission to delete an existing activity.

If the authenticated identity is the identity who creates that existing activity, return true.
If the authenticated identity is the stream owner of that existing activity, return true.
Otherwise, return false.

Parameters:

portalContainer - the specified portal container

authenticatedIdentity - the identity to check

existingActivity - the existing activity

Returns:

true or false

canCommentToActivity

public static boolean canCommentToActivity(org.exoplatform.container.PortalContainer portalContainer,
 org.exoplatform.social.core.identity.model.Identity authenticatedIdentity,
 org.exoplatform.social.core.activity.model.ExoSocialActivity existingActivity)

Checks if an authenticated identity has the permission to comment on an existing activity.

If commenterIdentity is the one who creates the existing activity, return true.
If commenterIdentity is the one who is connected to existing activity's user identity, return true.
If commenterIdentity is the one who is a member of the existing activity's space identity, return true.
Otherwise, return false.

Parameters:

portalContainer - the specified portal container

authenticatedIdentity - the authenticated identity to check

existingActivity - the existing activity

Returns:

true or false

canDeleteComment

public static boolean canDeleteComment(org.exoplatform.container.PortalContainer portalContainer,
 org.exoplatform.social.core.identity.model.Identity authenticatedIdentity,
 org.exoplatform.social.core.activity.model.ExoSocialActivity existingComment)

Checks if an authenticated identity has the permission to delete an existing comment.

If authenticatedIdentity is the one who creates the existing comment, return true.
If authenticatedIdentity is the one who create the activity for that existing comment, return true. If authenticatedIdentity is the one who is the stream owner of that comment to an activity, return true.
If authenticatedIdentity is the one who is a manager of the existing activity's space identity, return true.
Otherwise, return false.

Parameters:

portalContainer - the specified portal container

authenticatedIdentity - the authenticated identity to check

existingComment - the existing comment

Returns:

true or false

getAuthenticatedUserIdentity

public static org.exoplatform.social.core.identity.model.Identity getAuthenticatedUserIdentity()

Deprecated.

use Util.getAuthenticatedUserIdentity(String) instead.

Gets the current logged in Identity, if not logged in return null

Returns:

logged in Identity or null

Since:

1.2.2

canAccessActivityStream

public static boolean canAccessActivityStream(org.exoplatform.container.PortalContainer portalContainer,
 org.exoplatform.social.core.identity.model.Identity authenticatedIdentity,
 org.exoplatform.social.core.identity.model.Identity ownerStream)

Checks if an authenticated identity could access the activity stream of an owner stream identity. If the owner stream is a user identity, return true. If the owner stream is a space identity, return true only if the authenticated identity is the space member. Note that: this can work only with access permission of user - user, user - space. If there is other identity type, this will return true.

Parameters:

portalContainer - the portal container

authenticatedIdentity - the authenticated identity

ownerStream - the stream owner identity

Returns:

true or false to indicate access permission

Since:

1.2.3