jeudi 8 janvier 2015

Is it a good practice to embed access control to document?

Is it a good practice to embed access control to document?


The goal is to have a way to control the access to a Document with minimal middle components. Such that the Document stored (with the access control fields) will not be returned but a Data Transfer Object instead (e.g DocumentDTO.java)


Access like, who can read it or update it. Also if it is a public document or not. Where if the boolean public for write is set to true, the system will disregard the access control list embedded in the Document.


Is this a good idea? Or a better approach or pattern is needed?


Here is the Document.java:



@Entity
public class Document {

    @Id(prefix = "document")
    private String id;

    @Kind
    private String kind;

    private String userId;

    private List<String> readAccess;

    private List<String> writeAccess;

    // Keys to view document
    private List<String> readKeys;

    // Keys to modify/delete document
    private List<String> writeKeys;

    // Overrides all read access
    private boolean isPublicRead = false;

    // Overrides all write access
    private boolean isPublicWrite = false;

    @Flat
    private Map fields;

    public Document(){}

    public Document(String kind){}

    public String getKind() {
        return kind;
    }

    public void setKind(String kind) {
        this.kind = kind;
    }

    public void setField(String name, Object value){
        if(fields == null){
            fields = new LinkedHashMap();
        }
        fields.put(name, value);
    }

    public Object getField(String name){
        if(fields == null){
            fields = new LinkedHashMap();
        }
        return fields.get(name);
    }

    public String getId() {
        return id;
    }

    public void setId(String id) {
        this.id = id;
    }

    public String getUserId() {
        return userId;
    }

    public void setUserId(String userId) {
        this.userId = userId;
    }

    public List<String> getReadAccess() {
        return readAccess;
    }

    public void setReadAccess(List<String> readAccess) {
        this.readAccess = readAccess;
    }

    public List<String> getWriteAccess() {
        return writeAccess;
    }

    public void setWriteAccess(List<String> writeAccess) {
        this.writeAccess = writeAccess;
    }

    public boolean hasReadAccess(String userId){
        return readAccess.contains(userId) ? true : false;
    }

    public boolean hasWriteAccess(String userId){
        return writeAccess.contains(userId) ? true : false;
    }

    public boolean addReadAccess(String userId){
        return readAccess.add(userId);
    }

    public boolean addWriteAccess(String userId){
        return writeAccess.add(userId);
    }


    public boolean isPublicRead() {
        return isPublicRead;
    }

    public void setPublicRead(boolean isPublicRead) {
        this.isPublicRead = isPublicRead;
    }

    public boolean isPublicWrite() {
        return isPublicWrite;
    }

    public void setPublicWrite(boolean isPublicWrite) {
        this.isPublicWrite = isPublicWrite;
    }

    public List<String> getReadKeys() {
        return readKeys;
    }

    public void setReadKeys(List<String> readKeys) {
        this.readKeys = readKeys;
    }

    public List<String> getWriteKeys() {
        return writeKeys;
    }

    public void setWriteKeys(List<String> writeKeys) {
        this.writeKeys = writeKeys;
    }

    public boolean addReadKey(String keyHash){
        return readKeys.add(userId);
    }

    public boolean addWriteKey(String keyHash){
        return writeKeys.add(userId);
    }

}

Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)