public boolean addUser(String username) {} // Create a new user

// With the default password and isAdmin==false

public boolean addUser(String username, boolean isAdmin) {} // Create a new user

// and specify their admin status

public boolean removeUser(String username) {} // Remove a user (names should be unique)

public boolean giveAdmin(String username) {} // Give a user admin power

public boolean takeAdmin(String username) {} // Remove a user's admin power

public boolean resetPassword(String username) {} // Reset a user's password

These six methods are collectively the admin methods of AccessControl. During the normal operation of your program, they should only be run when an administrator is logged in. To meet this requirement, we have two options. We can either (A) have each admin method check whether the current user is an admin and fail if they arent, or (B) make sure we never call these methods if the current user is not an admin. Please follow option A. If an admin method call fails for any reason, it should return false. If it succeeds, return true. In addition to failing due to lack of administrator powers, each method can fail in one other way: The addUser methods can fail if a user with that username already exists. Duplicate users arent allowed. The other admin methods each fail if the designated username does not refer to any User in the system.

Here is a test method that makes sure addUser(String username) correctly fails when the currentUser is not an admin:

11 12

/* * Create a new AccessControl and do not log in an admin. * Verify that addUser(String username) returns false * and that the new user is not added. * @return boolean test passed */ public static boolean testAddUser1() { AccessControl ac = new AccessControl(); String user = "alexi"; boolean addUserReport = ac.addUser(user); if (addUserReport) return false; // addUserReport should be false // Make sure user wasn't added anyway return !AccessControl.isValidLogin(user, "changeme"); }