Class SessionControl

    • Field Detail

      • log

        private static final org.slf4j.Logger log
        Log core events.
      • clientId

        private final int clientId
        The id of the ClientData. 0 = no client
      • externalClientId

        private final String externalClientId
        The external id of the ClientData. null = no client
      • remoteId

        private final String remoteId
        The remote IP.
      • location

        private GeoLocation location
        Location of the remote IP.
        Since:
        3.12
      • locationLoaded

        private boolean locationLoaded
      • dbControlCache

        private final Map<DbControl,​String> dbControlCache
        Holds all created DbControl object, so we can close them if the user logs out. We use only the keys of the map since there is no WeakHashSet class.
      • lastAccess

        private long lastAccess
        The time of the last access to this object.
      • closed

        private boolean closed
        If the session control has been closed it can no longer be used.
      • pluginId

        private int pluginId
      • jobId

        private int jobId
    • Constructor Detail

      • SessionControl

        SessionControl​(String id,
                       SessionControl parent,
                       PluginDefinition plugin,
                       Job job)
        Create a new session control object using another one as the template. Permissions and settings are copied/referenced from the parent session control. If the plugin uses permissions those permissions are loaded and used for access control.
        Parameters:
        id - The ID if the new session control
        parent - The parent session control
        plugin - The plugin that is executing
      • SessionControl

        SessionControl​(String id,
                       String externalClientId,
                       boolean failIfNoClient,
                       String remoteId)
                throws BaseException
        Creates a new SessionControl object.
        Parameters:
        id - The id used in Application.newSessionControl(String,String,String)
        externalClientId - Optional external ID of the client application in use
        failIfNoClient - If TRUE, an exception is thrown if an external client id has been specified, but not found
        remoteId - For example, the IP-address
        Throws:
        BaseException
    • Method Detail

      • isClosed

        public boolean isClosed()
        If this session control has been closed or not. A closed session control can't be used.
        Returns:
        TRUE if the session control is closed
        Since:
        2.4.5
      • close

        public void close()
        Close this session control so it can't be used again.
        Specified by:
        close in interface AutoCloseable
        Since:
        2.4.5
      • getExternalClientId

        public String getExternalClientId()
        Get the external id of the Client application in use.
        Returns:
        A java.lang.String object.
        See Also:
        getClientId()
      • newDbControl

        public DbControl newDbControl()
                               throws BaseException
        Create a new DbControl object for this session.
        Returns:
        A DbControl object
        Throws:
        BaseException - If there is an error
      • login

        void login​(Keyring keyring)
      • getUnverifiedDeviceInfo

        public SessionControl.UnverifiedDeviceInfo getUnverifiedDeviceInfo()
        Get information about a device that is currently waiting to be verified. If this method returns a non-null value a verification has been sent to the user via email. This code should be used as a parameter when calling verifyDevice(String, boolean).
        Returns:
        Information about the unverified device, or null if device verification is not needed
        Since:
        3.12
      • verifyDevice

        public void verifyDevice​(String code,
                                 boolean rememberDevice)
        Call this method to verify a device. If device verification is not needed at this moment, an LoginException is thrown. If the verification fails the login process must be re-started from the beginning. There is no second try. If the verification is successful, the user will be logged in after this method completes.
        Parameters:
        code - The verification code that was sent (by email) to the user
        rememberDevice - A flag indicating if the device should be remembered. If not, the device needs to be verified again the next time it is used
        Since:
        3.12
        See Also:
        getUnverifiedDeviceInfo()
      • verifyUserInternal

        AuthenticatedUser verifyUserInternal​(Session session,
                                             LoginRequest loginRequest)
        Verify the user with internal authentication. If the LoginRequest has a user id this is used first, otherwise the login is used.
      • loadDevice

        private UserDeviceData loadDevice​(Session session,
                                          LoginRequest loginRequest,
                                          AuthenticatedUser authUser)
        Verify the device the user is using. The verification is done if the current client application supports it and if the user has enabled device verification. If the device is found to be unverified a UnverifiedLoginInfo instance is created and returned.
        Returns:
        An UserDeviceData object if device verification is supported and needed, null to continue with normal login
        Since:
        3.12, 3.17
      • isAllowedToUseClient

        public boolean isAllowedToUseClient​(String externalClientId)
        Checks if this session control can be used by the given client application. It is allowed if the given id is the same as when this session control was created, or if there is a logged in user that is allowed to use the given client.
        Parameters:
        externalClientId - The external id of the client to check
        Returns:
        TRUE if the client can be used, FALSE if not
        Since:
        3.9
      • getClientWithExternalId

        private ClientData getClientWithExternalId​(String externalId)
      • getLoggedInUserLogin

        public String getLoggedInUserLogin()
        Get the login name of the currently logged in user. Returns null if no user is logged in.
        Since:
        3.15.1
        See Also:
        User.getLogin()
      • getLoggedInUserName

        public String getLoggedInUserName()
        Get the name of the currently logged in user. Returns null if no user is logged in.
        Since:
        3.15.1
        See Also:
        User.getName()
      • getAuthenticationMethod

        public AuthenticationMethod getAuthenticationMethod()
        Get the method that was used to authenticate the currently logged in user. Internal authentication return AuthenticationMethod.INTERNAL.
        Returns:
        An AuthenticationMethod object or null if no user is logged in
        Since:
        3.3
      • getCurrentSessionId

        public int getCurrentSessionId()
        Get the id of the current user session, or 0 if no user is logged in. Use Session.getById(DbControl, int) to the Session object.
        Returns:
        The session id, or 0 if no user is logged in
        Since:
        2.13
      • getPluginId

        public int getPluginId()
        Get the id of the plug-in that is currently running with this session control.
        Returns:
        The plug-in id, or 0 if not running by a plug-in
        Since:
        2.13
      • getJobId

        public int getJobId()
        Get the id of the job that is currently running with this session control.
        Returns:
        The job id, or 0 if not running by a job
        Since:
        2.13
      • isImpersonated

        public boolean isImpersonated()
        Check if the logged in user was impersonated by another user.
        Returns:
        TRUE or FALSE
        See Also:
        impersonateLogin(int, String)
      • reloadPermissions

        public void reloadPermissions()
        Tell the core to reload the logged in users permission the next time the client application needs to check the permissions.
      • reloadSettings

        public void reloadSettings​(boolean onlyClientDefaultSettings,
                                   boolean saveCurrentUserSettings)
                            throws BaseException
        Reloads user- and client-specific settings.
        Parameters:
        onlyClientDefaultSettings - Setting this to TRUE will only reload ClientDefaultSetting:s
        saveCurrentUserSettings - Setting this to TRUE will save the current user-specific settings before reloading them. This parameter is ignored if onlyClientDefaultSettings is true. The settings are never changed if the logged in user is a multi-user account.
        Throws:
        BaseException - If the settings cannot be reloaded
      • getActiveProjectName

        public String getActiveProjectName()
        Get the name of the active project, or null if no project is active.
        Since:
        3.15.1
        See Also:
        setActiveProject(Project)
      • getActiveProjectPermissions

        public Set<Permission> getActiveProjectPermissions()
        Get the permissions that the logged in user has in the currently active project.
        Returns:
        A Set with the permissions
        Since:
        3.1
      • getPluginSessionControl

        public PluginSessionControl getPluginSessionControl​(PluginDefinition plugin,
                                                            Job job)
        Create a new session control for executing a plugin.
        Parameters:
        plugin - The plugin to execute
        job - The job that executes the plug-in, or null
        Returns:
        A plugin session control
        Since:
        2.15 (was package private before that)
      • getJobSessionControl

        public PluginSessionControl getJobSessionControl​(Job job)
        Create a new session control for executing a job. The new session control will inherit all settings from this session control.
        Since:
        3.3
      • hasSystemPermission

        public boolean hasSystemPermission​(Permission permission)
        Check if the logged in user has the specified system permission.
        Parameters:
        permission - One of the system permission constants defined by the Permission enumeration
        Returns:
        TRUE if the logged in user has the permission, FALSE otherwise
      • hasPermission

        public boolean hasPermission​(Permission permission,
                                     Item itemType)
        Check if the logged in user has the specfied permission for all item of the specified type. This method checks the permissions given to the roles the user is a member of and, if a plugin is active, the permissions given to the plugin.
        Parameters:
        permission - One of the permissions constants defined by the Permission enumeration
        itemType - One of the item constants defined by the Item enumeration
        Returns:
        TRUE if the logged in user has the permission, FALSE otherwise
      • isDenied

        public boolean isDenied​(Permission permission,
                                Item itemType)
        Check if the logged in user has been denied the specified permission for items of the specified type. This method checks the permissions given to the roles the user is a member of and, if a plugin is active, the permissions given to the plugin. Note that this method is not the inverse of the hasPermission(Permission, Item) method. Both methods may return false in which case the system also checks ownership and sharing information to determine if access is granted. If this method return TRUE the hasPermission method always return false.
        Parameters:
        permission - One of the permissions constants defined by the Permission enumeration
        itemType - One of the item constants defined by the Item enumeration
        Returns:
        TRUE if the logged in user is denied the permission, FALSE otherwise
      • getRolePermissions

        int getRolePermissions​(Item itemType)
        Get all role-based permissions for the specified type of items.
      • getPluginPermissions

        PluginPermission getPluginPermissions​(Item itemType)
        Get all plugin-specific permissions for the specified item type.
      • getSharedPermissions

        int getSharedPermissions​(ShareableData shareableData)
        Get the shared permissions for a ShareableData object.
      • getAllPermissions

        int getAllPermissions​(Item itemType,
                              UserData owner,
                              ItemKeyData itemKey,
                              ProjectKeyData projectKey)
        Get the combined permissions for an item of the specified type, owned by the specified user and shared with the specified item and project keys.
      • isMemberOf

        public boolean isMemberOf​(Group group)
        Check if the logged in user is a member, directly or indirectly, of the specified group.
        Parameters:
        group - The group to check
        Returns:
        TRUE if the user is a member, FALSE otherwise
      • isMemberOf

        public boolean isMemberOf​(Role role)
        Check if the logged in user is a member of the specified role.
        Parameters:
        role - The role to check
        Returns:
        TRUE if the user is a member, FALSE otherwise
      • isMemberOf

        public boolean isMemberOf​(Project project)
        Check if the logged in user is a member, directly or indirectly, of the specified project.
        Parameters:
        project - The project to check
        Returns:
        TRUE if the user is a member, FALSE otherwise
      • getProjectPermission

        int getProjectPermission​(Project project)
      • isFriendOf

        public boolean isFriendOf​(User user)
        Check if the logged in user is a friend of of the specified user. A users is a friend if the logged in user is a member, directly or indirectly, of a group where the other user is direct member.
        Parameters:
        user - The user to check
        Returns:
        TRUE if the user is a friend, FALSE otherwise
      • getAllRoles

        public Set<Integer> getAllRoles()
        Get the id of all roles where the logged in user is a member.
        Returns:
        A Set containing role id:s, or null
        Since:
        3.11
      • getActiveRoles

        public Set<Integer> getActiveRoles()
        Get the id of all active roles where the logged in user is a member.
        Returns:
        A Set containing role id:s or null
        Since:
        3.11
      • getInactiveRoles

        public Set<Integer> getInactiveRoles()
        Get the id of all inactive roles where the logged in user is a member.
        Returns:
        A Set containing role id:s or null
        Since:
        3.11
      • isRoleInactive

        public boolean isRoleInactive​(int roleId)
        Is the given role inactive or not? Note that if the user is not a member of the given role FALSE is returned.
        Parameters:
        roleId - The id of the role to check
        Returns:
        TRUE if the role is inactive, FALSE if not (or if the user is not a member)
        Since:
        3.11
      • setRoleInactive

        public boolean setRoleInactive​(int roleId,
                                       boolean inactive)
        Set a role as active or inactive.
        Parameters:
        roleId - The id of the role to set
        inactive - TRUE to set the role to inactive, FALSE to set it to active
        Returns:
        TRUE if a change was made, FALSE if not (or if the user is not a member of the role)
        Since:
        3.11
      • getGroups

        public Set<Integer> getGroups()
        Get the id of all groups where the logged in user is a member, directly or indirectly.
        Returns:
        A Set containing group id:s
      • getFriends

        public Set<Integer> getFriends()
        Get the id of all friends to logged in user. A users is a friend if the logged in user is a member, directly or indirectly, of a group where the other user is direct member.
        Returns:
        A Set containing user id:s
      • getProjects

        public Set<Integer> getProjects()
        Get the id of all projects where the logged in user is a member, directly or indirectly.
        Returns:
        A Set containing project id:s
      • getItemKeys

        public Set<Integer> getItemKeys()
        Get the id of all item keys where the logged in user has read permission.
        Returns:
        A Set containing item key id:s
      • getItemKeys

        public Set<Integer> getItemKeys​(Permission permission)
        Get the id of all item keys where the logged in user has the requested permission.
        Parameters:
        permission - Requested permissions.
        Returns:
        A Set containing item key id:s
      • getProjectKeys

        public Set<Integer> getProjectKeys()
        Get the id of all project keys where the logged in user has read permission.
        Returns:
        A Set containing project key id:s
      • getProjectKeys

        public Set<Integer> getProjectKeys​(Permission permission)
        Get the id of all project keys where the logged in user has the requested permission.
        Parameters:
        permission - The requested permissions
        Returns:
        A Set containing project key id:s
      • getCurrentContext

        public ItemContext getCurrentContext​(Item item,
                                             ItemContext defaultContext)
        Same as: getCurrentContext(item, "", defaultContext).
        Parameters:
        item - Type of item for which current context should be returned.
        defaultContext - A default context to copy values from if a new context must be created
        Returns:
        A ItemContext object.
        See Also:
        getCurrentContext(Item, String, ItemContext)
      • getCurrentContext

        public ItemContext getCurrentContext​(Item item,
                                             String subContext,
                                             ItemContext defaultContext)
        Get the current context. If no current context exists for the item/subcontext and a user is logged in, the default context will be loaded from the database. If it doesn't exist in the database or no user is logged in a new current context will be created. If a default context is specified the settings will be copied to the new context. The current context is automatically saved in the database when the user logs out.
        Parameters:
        item - The type of item to get the context for
        subContext - Current sub context.
        defaultContext - A default context to copy values from if a new context must be created.
        Returns:
        A ItemContext object.
        Throws:
        InvalidDataException - If the item is null
        BaseException - If there is another error
        See Also:
        getCurrentContext(Item), loadContextInternal(Item, String, String), saveCurrentContextAs(Item, String, boolean, boolean)
      • getContext

        public ItemContext getContext​(int contextId)
        Load a context without making it the current context. If a saved context with the specified ID doesn't exists, or if the logged in user does't have permission to read it, null is returned.
        Parameters:
        contextId - The ID of the context to load
        Returns:
        An ItemContext object or null
        Throws:
        NotLoggedInException - If no user is logged in
        BaseException - If there is another error
        See Also:
        loadContext(int), getContextNames(Item)
      • saveCurrentContextAs

        public int saveCurrentContextAs​(Item item,
                                        String subContext,
                                        String name,
                                        boolean overwrite,
                                        boolean isPublic)
                                 throws PermissionDeniedException,
                                        InvalidDataException,
                                        ItemAlreadyExistsException,
                                        BaseException
        Save the current context as a named context. Named contexts are stored in the database and can be loaded at any time with the loadContext(int) method. If no current context exists, this method does nothing.
        Parameters:
        item - The type of item to save the current context for
        subContext - The name of the sub-context
        name - The name of the context
        overwrite - If TRUE, an existing context with the same name is overwritten, otherwise an exception is thrown
        isPublic - If the saved context should be visible to everyone or not (requires Permission.SHARE_TO_EVERYONE permission)
        Returns:
        Saved context's id as an int.
        Throws:
        PermissionDeniedException - If no user is logged in, or if the logged in user is a multi-user account or if the isPublic parameter is true but the logged in user doesn't have SHARE_TO_EVERYONE permission
        InvalidDataException - If the item or name parameter is null
        ItemAlreadyExistsException - If another context with the same name exists and the overwrite parameter is FALSE
        BaseException - If there is another error
      • getContextNames

        public Enumeration<Integer,​String> getContextNames​(Item item,
                                                                 String subContext)
                                                          throws InvalidDataException,
                                                                 BaseException
        Get a list with the names of all named contexts for a given item and subcontext.
        Parameters:
        item - Item for which named contexts should be returned
        subContext - Certain sub context to return contexts for.
        Returns:
        A enumeration containing the id and names, the list will be empty if no user is logged in or if no names contexts exists for the specified item type/subcontext
        Throws:
        InvalidDataException - If the item parameter is null
        BaseException - If there is another error
      • loadContextInternal

        private ItemContext loadContextInternal​(int contextId)
                                         throws BaseException
        Load a context with the specified ID. If no context with that ID exists or if the context belongs to a different client application or user and not is public null is returned.
        Throws:
        BaseException
      • loadContextInternal

        private ItemContext loadContextInternal​(Item item,
                                                String subContext,
                                                String name)
                                         throws BaseException
        Load a named context. Returns null if no context with the specified name exists for the specified item type/subcontext.
        Throws:
        BaseException
      • saveAllCurrentContexts

        private void saveAllCurrentContexts​(Session session,
                                            UserData userData,
                                            ClientData clientData)
      • getAllCurrentContexts

        public List<ItemContext> getAllCurrentContexts​(boolean inMemory,
                                                       boolean inDatabase)
        Get a list with the current default contexts. The list may include, only in-memory contexts, in-database contexts, or both. If both options are enabled and an in-memory context also has a database representation, both are included in the list. Eg. the list may include more than one context were ItemContext.getContextId() returns the same value.
        Parameters:
        inMemory - If TRUE, the in-memory contexts are included in the list
        inDatabase - If TRUE, the in-database contexts are included in the list
        Returns:
        A list with ItemContext objects
        Since:
        2.15
      • deleteCurrentContexts

        public int deleteCurrentContexts​(Item itemType,
                                         boolean inMemory,
                                         boolean inDatabase)
        Delete all default contexts for the logged in user.
        Parameters:
        itemType - The item type to delete the contexts for, or null to delete all contexts
        inMemory - TRUE to delete in-memory contexts
        inDatabase - TRUE to delete in-database contexts
        Returns:
        The number of contexts deleted
        Since:
        2.8
      • getLocale

        public Locale getLocale()
        Get the locale that is curently assigned to this session control.
        Returns:
        A Locale object
        Since:
        2.16
      • getSessionSetting

        public <T> T getSessionSetting​(String name)
        Get the value of a session setting with the specified name.
        Parameters:
        name - The name of the setting
        Returns:
        A object with the value of the setting, or null if no setting is found
      • setSessionSetting

        public <T> T setSessionSetting​(String name,
                                       Object value)
        Set the value of a session setting.
        Parameters:
        name - The name of the setting
        value - The new value of the setting, or null to remove the setting
        Returns:
        The old value of the setting, or null if it did not exist
      • getUserClientSetting

        public String getUserClientSetting​(String name)
        Get the value of the UserClientSetting with the specified name. If no user is logged in null is returned.
        Parameters:
        name - The name of the setting
        Returns:
        A string with the value of the setting, or null if no setting is found
      • setUserClientSetting

        public String setUserClientSetting​(String name,
                                           String value)
        Set the value of a UserClientSetting.
        Parameters:
        name - The name of the setting
        value - The new value of the setting, or null to remove the setting
        Returns:
        The old value of the setting, or null if it did not exist or no user is logged in
      • getUserDefaultSetting

        public String getUserDefaultSetting​(String name)
        Get the value of the UserDefaultSetting with the specified name.
        Parameters:
        name - The name of the setting
        Returns:
        A string with the value of the setting, or null if no setting is found
      • setUserDefaultSetting

        public String setUserDefaultSetting​(String name,
                                            String value)
        Set the value of a UserDefaultSetting.
        Parameters:
        name - The name of the setting
        value - The new value of the setting, or null to remove the setting
        Returns:
        The old value of the setting, or null if it did not exist or no user is logged in
      • getClientDefaultSetting

        public String getClientDefaultSetting​(String name)
        Get the value of the ClientDefaultSetting with the specified name.
        Parameters:
        name - The name of the setting
        Returns:
        A string with the value of the setting, or null if no setting is found
      • saveAllUserSettings

        private void saveAllUserSettings​(Session session)
        Saves all user settings.
      • clearDbControlCache

        protected void clearDbControlCache()