note description: "API interface to authorization services." author: "Patrick Ruckstuhl " date: "$Date$" revision: "$Revision$" class AUTHORIZATION_SERVICE inherit API_SERVICE create make feature -- Basic operations is_allowed (a_session: STRING; a_right: STRING): BOOLEAN_REF -- Is a_session allowed to do a_right? do Result := is_allowed_project (a_session, a_right, 0) end is_allowed_project (a_session: STRING; a_right: STRING; a_project_id: INTEGER_REF): BOOLEAN_REF -- Is `a_session' allowed to do `a_right' in a project with ID `a_project_id'? local l_msg: O_USER_AUTHORIZED_FOR_PROJECT_MESSAGE do -- argument validiation check_anonymous_session (a_session) if not is_valid_session (a_session) then last_fault := err_invalid_session elseif not is_valid_right (a_right) then last_fault := err_invalid_right elseif a_project_id < 0 then last_fault := err_invalid_project else -- generate and send message create l_msg.make (create {A_STRING_VALUE}.make (a_session), create {A_STRING_VALUE}.make (a_right), create {A_INTEGER_VALUE}.make (a_project_id.item)) send_and_wait_for_reply (l_msg) if is_ok then create Result Result.set_item (True) elseif last_fault.is_equal (err_access_denied) then create Result Result.set_item (False) last_fault := Void end end end is_allowed_community (a_session: STRING; a_right: STRING; a_community_name: STRING): BOOLEAN_REF -- Is `a_session' allowed to do `a_right' in a community with name `a_community_name'? local l_msg: O_USER_AUTHORIZED_FOR_COMMUNITY_MESSAGE do -- argument validiation check_anonymous_session (a_session) if not is_valid_session (a_session) then last_fault := err_invalid_session elseif not is_valid_right (a_right) then last_fault := err_invalid_right elseif a_community_name = Void then last_fault := err_invalid_community else -- generate and send message create l_msg.make (create {A_STRING_VALUE}.make (a_session), create {A_STRING_VALUE}.make (a_right), create {A_STRING_VALUE}.make (a_community_name)) send_and_wait_for_reply (l_msg) if is_ok then create Result Result.set_item (True) elseif last_fault.is_equal (err_access_denied) then create Result Result.set_item (False) last_fault := Void end end end feature -- Creation new_tuple (a_name: STRING): TUPLE -- Tuple of default-valued arguments to pass to call `a_name'. do if a_name.is_equal (is_allowed_name) then create {TUPLE [STRING, STRING]}Result elseif a_name.is_equal (is_allowed_project_name) then create {TUPLE [STRING, STRING, INTEGER_REF]}Result elseif a_name.is_equal (is_allowed_community_name) then create {TUPLE [STRING, STRING, STRING]}Result end end feature -- Initialisation self_register -- Register all actions for this service do register_with_help (agent is_allowed, is_allowed_name, "Is session allowed to do something?") register_with_help (agent is_allowed_project, is_allowed_project_name, "Is session allowed to do something in a project?") register_with_help (agent is_allowed_community, is_allowed_community_name, "Is session allowed to do something in a community?") end feature {NONE} -- Implementation is_allowed_name: STRING = "is_allowed" is_allowed_project_name: STRING = "is_allowed_project" is_allowed_community_name: STRING = "is_allowed_community" end