Adding self editing of author lists, NIHVIVO-1155

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/FakeSelfEditingIdentifierFactory.java

@@ -40,9 +40,9 @@ public class FakeSelfEditingIdentifierFactory implements IdentifierBundleFactory
                 if( ind != null ){        
                     String causeOfBlacklist = SelfEditingIdentifierFactory.checkForBlacklisted(ind, context);
                     if( causeOfBlacklist == SelfEditingIdentifierFactory.NOT_BLACKLISTED )
-                        ib.add( new SelfEditingIdentifierFactory.SelfEditing( ind, SelfEditingIdentifierFactory.NOT_BLACKLISTED ) );
+                        ib.add( new SelfEditingIdentifierFactory.SelfEditing( ind, SelfEditingIdentifierFactory.NOT_BLACKLISTED, true ) );
                     else
-                        ib.add( new SelfEditingIdentifierFactory.SelfEditing( ind, causeOfBlacklist ) );
+                        ib.add( new SelfEditingIdentifierFactory.SelfEditing( ind, causeOfBlacklist, true) );
                 }
             }
         }

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/SelfEditingIdentifierFactory.java

@@ -89,7 +89,7 @@ public class SelfEditingIdentifierFactory implements IdentifierBundleFactory {
             if( ind != null ){
                 String blacklisted = checkForBlacklisted(ind, context);
                 
-                selfE = new SelfEditing( ind ,blacklisted );                
+                selfE = new SelfEditing( ind ,blacklisted , false);                
                 idb.add(  selfE );
                 log.debug("Found an Individual for netId " + cuwebauthUser + " URI: " + ind.getURI() );
             }else{
@@ -264,12 +264,18 @@ public class SelfEditingIdentifierFactory implements IdentifierBundleFactory {
     public static class SelfEditing implements Identifier{        
         final Individual individual;
         final String blacklisted;        
+        final boolean faked; //if this is true it was setup by FakeSeflEditingIdentifierFactory 
+                        
+        public SelfEditing ( Individual individual, String blacklisted ){
+          this(individual,blacklisted,false);   
+        }
         
-        public SelfEditing ( Individual individual, String blacklisted){
+        public SelfEditing ( Individual individual, String blacklisted, boolean faked){
             if( individual == null )
                 throw new IllegalArgumentException("Individual must not be null");            
             this.individual = individual;
             this.blacklisted = blacklisted;            
+            this.faked = faked;
         }
         public String getValue(){
             return individual.getURI();
@@ -284,6 +290,9 @@ public class SelfEditingIdentifierFactory implements IdentifierBundleFactory {
             return "SelfEditing as " + getValue() +
             (getBlacklisted()!=null?  " blacklisted by via " + getBlacklisted():"");
         }
+        public boolean isFake() {
+            return faked;
+        }
     }
     
     public static SelfEditing getSelfEditingIdentifier( IdentifierBundle whoToAuth ){

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DbAdminEditingPolicy.java

@@ -5,8 +5,6 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -17,10 +15,10 @@ import edu.cornell.mannlib.vedit.beans.LoginFormBean;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.DbAdminEditingIdentifierFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.DbAdminEditingIdentifierFactory.DbAdminEditingId;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
@@ -127,14 +125,14 @@ public class DbAdminEditingPolicy implements VisitingPolicyIface {
         }
     }
 
-    public PolicyDecision isAuthorized(IdentifierBundle whomToAuth, RequestedAction whatToAuth) {
+    public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, RequestedAction whatToAuth) {
         BasicPolicyDecision pd = new BasicPolicyDecision(this.defaultFailure,"not yet set");
-        if( whomToAuth == null )
+        if( whoToAuth == null )
             return pd.setMessage("whomToAuth was null");
         if(whatToAuth == null)
             return pd.setMessage("whatToAuth was null");
-        
+                
-        String roleStr = getRoleOf(whomToAuth);
+        String roleStr = getRoleOf(whoToAuth);
         if (roleStr == null)
             return pd.setMessage("Unable to get a role for the dbAdmin from IdBundle");
         
@@ -142,15 +140,26 @@ public class DbAdminEditingPolicy implements VisitingPolicyIface {
             if( Integer.parseInt( roleStr ) /*<*/ != LoginFormBean.DBA) {
                 return pd.setMessage("DbAdminEditingPolicy found role of "+roleStr+" and only authorizes for users logged in as DB_ADMIN");
             }
-        } catch(NumberFormatException nef){}
+        } catch(NumberFormatException nef){
-                 
+            log.debug(nef,nef);
+        }
+        
+        try{
+            SelfEditing sei = SelfEditingIdentifierFactory.getSelfEditingIdentifier(whoToAuth);
+            if( sei != null && sei.isFake() ){
+                return pd.setMessage("DbAdminEditingPolicy will not authorize actions for a fake self editor");                
+            }
+        }catch( Exception e ){
+            log.debug(e,e);
+        }
+        
         if (whatToAuth instanceof OntoRequestedAction)
             return pd.setMessage("DbAdminEditingPolicy doesn't authorize OntoRequestedActions");
         if (whatToAuth instanceof AdminRequestedAction)
             return pd.setMessage("DbAdminEditingPolicy doesn't authorize AdminRequestedActions");
 
         //kick off the visitor pattern
-        return whatToAuth.accept(this, whomToAuth);
+        return whatToAuth.accept(this, whoToAuth);
     }
 
     

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyList.java

@@ -53,6 +53,7 @@ public class PolicyList extends ArrayList<PolicyIface> implements PolicyIface{
                 log.error("ignoring exception in policy " + policy.toString(), th );
             }
         }
+        log.debug("decision " + pd + " for " + whatToAuth);
         return pd;
     }
 

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java

@@ -9,7 +9,14 @@ import java.util.Set;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import com.hp.hpl.jena.ontology.Individual;
+import com.hp.hpl.jena.ontology.OntModel;
+import com.hp.hpl.jena.rdf.model.NodeIterator;
+import com.hp.hpl.jena.rdf.model.Property;
+import com.hp.hpl.jena.rdf.model.Resource;
+import com.hp.hpl.jena.rdf.model.ResourceFactory;
 import com.hp.hpl.jena.rdf.model.impl.Util;
+import com.hp.hpl.jena.shared.Lock;
 
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
@@ -50,10 +57,6 @@ import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
 public class SelfEditingPolicy implements VisitingPolicyIface {
     protected static Log log = LogFactory.getLog( SelfEditingPolicy.class );
 
-    /** regex for extracting a namespace from a URI */
-    // Do not use this; use Jena's splitNamespace() util instead.
-    //private Pattern ns = Pattern.compile("([^#]*#)[^#]*");
-
     /**
      * Namespaces from which Self Editors should not be able to use resources.
      */
@@ -65,19 +68,26 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
     /** URIs of resources that SelfEditors should not be able to use in statements*/
     protected  Set<String>prohibitedResources;
 
+    /** URIs of properties from prohibited namespaces that Self Editors need to be
+     * able to edit */
+    protected  Set<String> editableVitroUris;       
+    
+    protected OntModel model;
+    
     /** Indicates which Authorization to use when the user isn't explicitly authorized. */
     private static Authorization defaultFailure = Authorization.INCONCLUSIVE;
 
-    /** URIs of properties from prohibited namespaces that Self Editors need to be
+    
-     * able to edit */
+
-    protected  Set<String> editableVitroUris;
 
     public SelfEditingPolicy(
             Set<String>prohibitedProperties,
             Set<String>prohibitedResources,
             Set<String>prohibitedNamespaces,
-            Set<String> editableVitroUris ){
+            Set<String> editableVitroUris ,
-
+            OntModel model){
+        this.model = model;
+        
         if( prohibitedProperties != null )
             this.prohibitedProperties = prohibitedProperties;
         else
@@ -161,7 +171,7 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
             if (id instanceof SelfEditing) {
                 SelfEditing seu = (SelfEditing) id;
                 uriStr = seu.getValue();
-                log.debug("found SelfEditingUri" + uriStr);
+                log.debug("found SelfEditingUri " + uriStr);
                 break;
             }
         }
@@ -389,6 +399,10 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
         if( ids == null || action == null )
             return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy, null action or ids");
 
+        if( "http://vivoweb.org/ontology/core#informationResourceInAuthorship".equals( action.getUriOfPredicate() ) ){
+            return canEditAuthorship(ids, action, model);            
+        }
+        
         //cannot edit resources related to system
         if( !canModifyResource( action.uriOfObject ) )
             return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin resources; " +
@@ -462,6 +476,45 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
         return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"SelfEditingPolicy does not authorize administrative modifications");
     }
 
+
+    private PolicyDecision canEditAuthorship(IdentifierBundle ids, EditObjPropStmt action, OntModel model2) {        
+        PolicyDecision pd = null;
+        String selfEditorUri = SelfEditingIdentifierFactory.getSelfEditingUri(ids);
+        if( selfEditorUri == null || selfEditorUri.isEmpty() )
+            return pd;
+                
+        model2.enterCriticalSection(Lock.READ);
+        try{
+            if( action != null && action.getUriOfObject() != null ){
+                Individual authorship = model2.getIndividual(action.getUriOfObject());
+                if( authorship != null ){                    
+                    NodeIterator authors = authorship.listPropertyValues(LINKED_AUTHOR_PROPERTY );
+                    try{
+                        while(authors.hasNext()){
+                            Resource author = (Resource)authors.nextNode();
+                            if( author != null && selfEditorUri.equals( author.getURI() ) ){
+                                pd = new BasicPolicyDecision(Authorization.AUTHORIZED, "SelfEditingPolicy, may edit because SelfEditor is author");
+                                
+                            }                        
+                        }
+                    }finally{
+                        if( authors != null)
+                            authors.close();
+                    }                    
+                }
+            }
+        }finally{
+            model2.leaveCriticalSection();
+        }
+        if( pd == null )
+            return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
+            "SelfEditingPolicy from canEditAuthorship");
+        else
+            return pd;
+    }
+
+    private static Property LINKED_AUTHOR_PROPERTY = ResourceFactory.createProperty("http://vivoweb.org/ontology/core#linkedAuthor");
+    
     public String toString(){
         return "SelfEditingPolicy " + hashCode()
         + " nspaces: " + prohibitedNs.size() + " prohibited Props: "
@@ -472,4 +525,6 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
     public static void setDefaultFailure( Authorization defaultFail){
         SelfEditingPolicy.defaultFailure = defaultFail;       
     }
+    
+    
 }

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetup.java

@@ -73,10 +73,10 @@ public class SelfEditingPolicySetup  implements ServletContextListener  {
     
     public void contextDestroyed(ServletContextEvent sce) { /*nothing*/  }
     
-    public static SelfEditingPolicy makeSelfEditPolicyFromModel( Model model ){
+    public static SelfEditingPolicy makeSelfEditPolicyFromModel( OntModel model ){
         SelfEditingPolicy pol = null;
         if( model == null )
-            pol = new SelfEditingPolicy(null,null,null,null);
+            pol = new SelfEditingPolicy(null,null,null,null, null);
         else{
             Set<String> prohibitedProps = new HashSet<String>();
             //ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROPERTY_SELFEDITPROHIBITEDANNOT ) );
@@ -92,13 +92,13 @@ public class SelfEditingPolicySetup  implements ServletContextListener  {
                     }
                 }
             }
-            pol = new SelfEditingPolicy(prohibitedProps,null,null,null);
+            pol = new SelfEditingPolicy(prohibitedProps,null,null,null,model);
         }               
         return pol;
     }
         
     
-    public static void replaceSelfEditing( ServletContext sc, Model model ){
+    public static void replaceSelfEditing( ServletContext sc, OntModel model ){
         ServletPolicyList.replacePolicy(sc, makeSelfEditPolicyFromModel(model));
     }    
 }

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/DropDataPropStmt.java

@@ -44,6 +44,10 @@ public class DropDataPropStmt implements RequestedAction {
         return RequestActionConstants.actionNamespace + this.getClass().getName();
     }
 
+    public String toString(){ 
+        return "DropDataPropStmt <"+dataPropStmt.getIndividualURI()+"> <"+dataPropStmt.getDatapropURI()+">" ;
+    }
+    
     /*
      * TODO: needs to be fixed to work with lang/datatype literals
      */

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/SingleParameterAction.java

@@ -13,4 +13,7 @@ public abstract class SingleParameterAction implements RequestedAction {
         this.subjectUri = subjectUri;
     }
 
+    public String toString(){
+        return this.getClass().getName() + " <"+subjectUri+">"; 
+    }
 }

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/ThreeParameterAction.java

@@ -33,4 +33,9 @@ public abstract class ThreeParameterAction implements RequestedAction{
     public void setUriOfSubject(String uriOfSubject) {
         this.uriOfSubject = uriOfSubject;
     }
+    
+    public String toString(){
+        return this.getClass().getName() +
+        " <" + uriOfSubject + "> <" + uriOfPredicate + "> <" + uriOfObject + ">";
+    }
 }

webapp/src/edu/cornell/mannlib/vitro/webapp/edit/listener/impl/EditProhibitionListener.java

@@ -7,7 +7,7 @@ import javax.servlet.ServletContext;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import com.hp.hpl.jena.rdf.model.Model;
+import com.hp.hpl.jena.ontology.OntModel;
 
 import edu.cornell.mannlib.vedit.beans.EditProcessObject;
 import edu.cornell.mannlib.vedit.listener.ChangeListener;
@@ -28,7 +28,7 @@ public class EditProhibitionListener implements ChangeListener {
 
     public void doDeleted(Object oldObj, EditProcessObject epo) {
         Property p = (Property) oldObj;
-        Model model = (Model) context.getAttribute("jenaOntModel");
+        OntModel model = (OntModel) context.getAttribute("jenaOntModel");
         BaseResourceBean.RoleLevel oldRoleLevel = p.getProhibitedFromUpdateBelowRoleLevel();
         if (oldRoleLevel != null) {
             log.debug("replacing all edit prohibition policies after deletion");
@@ -57,7 +57,7 @@ public class EditProhibitionListener implements ChangeListener {
 
     public void doInserted(Object newObj, EditProcessObject epo) {
         Property p = (Property) newObj;
-        Model model = (Model) context.getAttribute("jenaOntModel");
+        OntModel model = (OntModel) context.getAttribute("jenaOntModel");
         BaseResourceBean.RoleLevel newRoleLevel = p.getProhibitedFromUpdateBelowRoleLevel();
         if (newRoleLevel != null) { // note have to replace even at same level since may have been unspecified
             if (newRoleLevel.compareTo(BaseResourceBean.RoleLevel.SELF)==0) {
@@ -91,7 +91,7 @@ public class EditProhibitionListener implements ChangeListener {
     public void doUpdated(Object oldObj, Object newObj, EditProcessObject epo) {
         Property oldP = (Property) oldObj;
         Property newP = (Property) newObj;
-        Model model = (Model) context.getAttribute("jenaOntModel");
+        OntModel model = (OntModel) context.getAttribute("jenaOntModel");
         BaseResourceBean.RoleLevel oldRoleLevel = oldP.getProhibitedFromUpdateBelowRoleLevel();
         BaseResourceBean.RoleLevel newRoleLevel = newP.getProhibitedFromUpdateBelowRoleLevel();
         if (newRoleLevel != null) { // will always be true since select box has no non-empty choices

webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/PropertyEditLinks.java

@@ -303,7 +303,7 @@ public class PropertyEditLinks extends TagSupport{
 
     protected LinkStruct[] doDataPropStmt(DataPropertyStatement dpropStmt, EditLinkAccess[] allowedAccessTypeArray, String contextPath) {
         if( allowedAccessTypeArray == null || dpropStmt == null || allowedAccessTypeArray.length == 0 ) {
-            log.info("null or empty access type array in doDataPropStmt for "+dpropStmt.getDatapropURI());
+            log.debug("null or empty access type array in doDataPropStmt for "+dpropStmt.getDatapropURI());
             return empty_array;
         }
         LinkStruct[] links = new LinkStruct[2];
@@ -432,7 +432,7 @@ public class PropertyEditLinks extends TagSupport{
 
     protected LinkStruct[] doObjPropStmt(ObjectPropertyStatement opropStmt, EditLinkAccess[] allowedAccessTypeArray, String contextPath) {
         if( allowedAccessTypeArray == null || opropStmt == null || allowedAccessTypeArray.length == 0 ) {
-            log.info("null or empty access type array in doObjPropStmt for "+opropStmt.getPropertyURI());
+            log.debug("null or empty access type array in doObjPropStmt for "+opropStmt.getPropertyURI());
             return empty_array;
         }
         

webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java

@@ -54,7 +54,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
     
     @Before
     public void setUp() throws Exception {
-        policy = new SelfEditingPolicy(null,null,null,null);
+        policy = new SelfEditingPolicy(null,null,null,null,null);
         
         
         ids = new ArrayIdentifierBundle();
@@ -92,7 +92,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
         badProps.add("http://mannlib.cornell.edu/bad#prp333");
         badProps.add("http://mannlib.cornell.edu/bad#prp777");
         badProps.add("http://mannlib.cornell.edu/bad#prp0020");
-        SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps,null,null,null);
+        SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps,null,null,null,null);
         
         RequestedAction whatToAuth = new AddObjectPropStmt(
                 SELFEDITOR_URI,"http://mannlib.cornell.edu/bad#prp234" ,SAFE_RESOURCE);                
@@ -184,7 +184,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
     public void testForbiddenMoniker(){
     	  Set<String> badProps = new HashSet<String>();
           badProps.add(VitroVocabulary.MONIKER);          
-          SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps,null,null,null);
+          SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps,null,null,null,null);
           
           RequestedAction whatToAuth = null;
           
@@ -212,7 +212,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
           
           //try where moniker is permitted
           badProps = new HashSet<String>();                   
-          badPropPolicy = new SelfEditingPolicy(badProps,null,null,null);                    
+          badPropPolicy = new SelfEditingPolicy(badProps,null,null,null,null);                    
           
           whatToAuth = new AddDataPropStmt(
                   SELFEDITOR_URI, VitroVocabulary.MONIKER ,"somevalue", null, null);