Adding self editing of author lists, NIHVIVO-1155
This commit is contained in:
bdc34
parent
0cb06a1615
commit
23bc237950
12 changed files with 125 additions and 39 deletions
|
|
@ -40,9 +40,9 @@ public class FakeSelfEditingIdentifierFactory implements IdentifierBundleFactory
|
|||
if( ind != null ){
|
||||
String causeOfBlacklist = SelfEditingIdentifierFactory.checkForBlacklisted(ind, context);
|
||||
if( causeOfBlacklist == SelfEditingIdentifierFactory.NOT_BLACKLISTED )
|
||||
ib.add( new SelfEditingIdentifierFactory.SelfEditing( ind, SelfEditingIdentifierFactory.NOT_BLACKLISTED ) );
|
||||
ib.add( new SelfEditingIdentifierFactory.SelfEditing( ind, SelfEditingIdentifierFactory.NOT_BLACKLISTED, true ) );
|
||||
else
|
||||
ib.add( new SelfEditingIdentifierFactory.SelfEditing( ind, causeOfBlacklist ) );
|
||||
ib.add( new SelfEditingIdentifierFactory.SelfEditing( ind, causeOfBlacklist, true) );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ public class SelfEditingIdentifierFactory implements IdentifierBundleFactory {
|
|||
if( ind != null ){
|
||||
String blacklisted = checkForBlacklisted(ind, context);
|
||||
|
||||
selfE = new SelfEditing( ind ,blacklisted );
|
||||
selfE = new SelfEditing( ind ,blacklisted , false);
|
||||
idb.add( selfE );
|
||||
log.debug("Found an Individual for netId " + cuwebauthUser + " URI: " + ind.getURI() );
|
||||
}else{
|
||||
|
|
@ -264,12 +264,18 @@ public class SelfEditingIdentifierFactory implements IdentifierBundleFactory {
|
|||
public static class SelfEditing implements Identifier{
|
||||
final Individual individual;
|
||||
final String blacklisted;
|
||||
final boolean faked; //if this is true it was setup by FakeSeflEditingIdentifierFactory
|
||||
|
||||
public SelfEditing ( Individual individual, String blacklisted ){
|
||||
this(individual,blacklisted,false);
|
||||
}
|
||||
|
||||
public SelfEditing ( Individual individual, String blacklisted, boolean faked){
|
||||
if( individual == null )
|
||||
throw new IllegalArgumentException("Individual must not be null");
|
||||
this.individual = individual;
|
||||
this.blacklisted = blacklisted;
|
||||
this.faked = faked;
|
||||
}
|
||||
public String getValue(){
|
||||
return individual.getURI();
|
||||
|
|
@ -284,6 +290,9 @@ public class SelfEditingIdentifierFactory implements IdentifierBundleFactory {
|
|||
return "SelfEditing as " + getValue() +
|
||||
(getBlacklisted()!=null? " blacklisted by via " + getBlacklisted():"");
|
||||
}
|
||||
public boolean isFake() {
|
||||
return faked;
|
||||
}
|
||||
}
|
||||
|
||||
public static SelfEditing getSelfEditingIdentifier( IdentifierBundle whoToAuth ){
|
||||
|
|
|
|||
|
|
@ -5,8 +5,6 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy;
|
|||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
|
@ -17,10 +15,10 @@ import edu.cornell.mannlib.vedit.beans.LoginFormBean;
|
|||
import edu.cornell.mannlib.vitro.webapp.auth.identifier.DbAdminEditingIdentifierFactory;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.identifier.DbAdminEditingIdentifierFactory.DbAdminEditingId;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
|
||||
|
|
@ -127,14 +125,14 @@ public class DbAdminEditingPolicy implements VisitingPolicyIface {
|
|||
}
|
||||
}
|
||||
|
||||
public PolicyDecision isAuthorized(IdentifierBundle whomToAuth, RequestedAction whatToAuth) {
|
||||
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, RequestedAction whatToAuth) {
|
||||
BasicPolicyDecision pd = new BasicPolicyDecision(this.defaultFailure,"not yet set");
|
||||
if( whomToAuth == null )
|
||||
if( whoToAuth == null )
|
||||
return pd.setMessage("whomToAuth was null");
|
||||
if(whatToAuth == null)
|
||||
return pd.setMessage("whatToAuth was null");
|
||||
|
||||
String roleStr = getRoleOf(whomToAuth);
|
||||
String roleStr = getRoleOf(whoToAuth);
|
||||
if (roleStr == null)
|
||||
return pd.setMessage("Unable to get a role for the dbAdmin from IdBundle");
|
||||
|
||||
|
|
@ -142,7 +140,18 @@ public class DbAdminEditingPolicy implements VisitingPolicyIface {
|
|||
if( Integer.parseInt( roleStr ) /*<*/ != LoginFormBean.DBA) {
|
||||
return pd.setMessage("DbAdminEditingPolicy found role of "+roleStr+" and only authorizes for users logged in as DB_ADMIN");
|
||||
}
|
||||
} catch(NumberFormatException nef){}
|
||||
} catch(NumberFormatException nef){
|
||||
log.debug(nef,nef);
|
||||
}
|
||||
|
||||
try{
|
||||
SelfEditing sei = SelfEditingIdentifierFactory.getSelfEditingIdentifier(whoToAuth);
|
||||
if( sei != null && sei.isFake() ){
|
||||
return pd.setMessage("DbAdminEditingPolicy will not authorize actions for a fake self editor");
|
||||
}
|
||||
}catch( Exception e ){
|
||||
log.debug(e,e);
|
||||
}
|
||||
|
||||
if (whatToAuth instanceof OntoRequestedAction)
|
||||
return pd.setMessage("DbAdminEditingPolicy doesn't authorize OntoRequestedActions");
|
||||
|
|
@ -150,7 +159,7 @@ public class DbAdminEditingPolicy implements VisitingPolicyIface {
|
|||
return pd.setMessage("DbAdminEditingPolicy doesn't authorize AdminRequestedActions");
|
||||
|
||||
//kick off the visitor pattern
|
||||
return whatToAuth.accept(this, whomToAuth);
|
||||
return whatToAuth.accept(this, whoToAuth);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -53,6 +53,7 @@ public class PolicyList extends ArrayList<PolicyIface> implements PolicyIface{
|
|||
log.error("ignoring exception in policy " + policy.toString(), th );
|
||||
}
|
||||
}
|
||||
log.debug("decision " + pd + " for " + whatToAuth);
|
||||
return pd;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,14 @@ import java.util.Set;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import com.hp.hpl.jena.ontology.Individual;
|
||||
import com.hp.hpl.jena.ontology.OntModel;
|
||||
import com.hp.hpl.jena.rdf.model.NodeIterator;
|
||||
import com.hp.hpl.jena.rdf.model.Property;
|
||||
import com.hp.hpl.jena.rdf.model.Resource;
|
||||
import com.hp.hpl.jena.rdf.model.ResourceFactory;
|
||||
import com.hp.hpl.jena.rdf.model.impl.Util;
|
||||
import com.hp.hpl.jena.shared.Lock;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
|
||||
|
|
@ -50,10 +57,6 @@ import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
|
|||
public class SelfEditingPolicy implements VisitingPolicyIface {
|
||||
protected static Log log = LogFactory.getLog( SelfEditingPolicy.class );
|
||||
|
||||
/** regex for extracting a namespace from a URI */
|
||||
// Do not use this; use Jena's splitNamespace() util instead.
|
||||
//private Pattern ns = Pattern.compile("([^#]*#)[^#]*");
|
||||
|
||||
/**
|
||||
* Namespaces from which Self Editors should not be able to use resources.
|
||||
*/
|
||||
|
|
@ -65,18 +68,25 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
|
|||
/** URIs of resources that SelfEditors should not be able to use in statements*/
|
||||
protected Set<String>prohibitedResources;
|
||||
|
||||
/** Indicates which Authorization to use when the user isn't explicitly authorized. */
|
||||
private static Authorization defaultFailure = Authorization.INCONCLUSIVE;
|
||||
|
||||
/** URIs of properties from prohibited namespaces that Self Editors need to be
|
||||
* able to edit */
|
||||
protected Set<String> editableVitroUris;
|
||||
|
||||
protected OntModel model;
|
||||
|
||||
/** Indicates which Authorization to use when the user isn't explicitly authorized. */
|
||||
private static Authorization defaultFailure = Authorization.INCONCLUSIVE;
|
||||
|
||||
|
||||
|
||||
|
||||
public SelfEditingPolicy(
|
||||
Set<String>prohibitedProperties,
|
||||
Set<String>prohibitedResources,
|
||||
Set<String>prohibitedNamespaces,
|
||||
Set<String> editableVitroUris ){
|
||||
Set<String> editableVitroUris ,
|
||||
OntModel model){
|
||||
this.model = model;
|
||||
|
||||
if( prohibitedProperties != null )
|
||||
this.prohibitedProperties = prohibitedProperties;
|
||||
|
|
@ -389,6 +399,10 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
|
|||
if( ids == null || action == null )
|
||||
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy, null action or ids");
|
||||
|
||||
if( "http://vivoweb.org/ontology/core#informationResourceInAuthorship".equals( action.getUriOfPredicate() ) ){
|
||||
return canEditAuthorship(ids, action, model);
|
||||
}
|
||||
|
||||
//cannot edit resources related to system
|
||||
if( !canModifyResource( action.uriOfObject ) )
|
||||
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin resources; " +
|
||||
|
|
@ -462,6 +476,45 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
|
|||
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"SelfEditingPolicy does not authorize administrative modifications");
|
||||
}
|
||||
|
||||
|
||||
private PolicyDecision canEditAuthorship(IdentifierBundle ids, EditObjPropStmt action, OntModel model2) {
|
||||
PolicyDecision pd = null;
|
||||
String selfEditorUri = SelfEditingIdentifierFactory.getSelfEditingUri(ids);
|
||||
if( selfEditorUri == null || selfEditorUri.isEmpty() )
|
||||
return pd;
|
||||
|
||||
model2.enterCriticalSection(Lock.READ);
|
||||
try{
|
||||
if( action != null && action.getUriOfObject() != null ){
|
||||
Individual authorship = model2.getIndividual(action.getUriOfObject());
|
||||
if( authorship != null ){
|
||||
NodeIterator authors = authorship.listPropertyValues(LINKED_AUTHOR_PROPERTY );
|
||||
try{
|
||||
while(authors.hasNext()){
|
||||
Resource author = (Resource)authors.nextNode();
|
||||
if( author != null && selfEditorUri.equals( author.getURI() ) ){
|
||||
pd = new BasicPolicyDecision(Authorization.AUTHORIZED, "SelfEditingPolicy, may edit because SelfEditor is author");
|
||||
|
||||
}
|
||||
}
|
||||
}finally{
|
||||
if( authors != null)
|
||||
authors.close();
|
||||
}
|
||||
}
|
||||
}
|
||||
}finally{
|
||||
model2.leaveCriticalSection();
|
||||
}
|
||||
if( pd == null )
|
||||
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
|
||||
"SelfEditingPolicy from canEditAuthorship");
|
||||
else
|
||||
return pd;
|
||||
}
|
||||
|
||||
private static Property LINKED_AUTHOR_PROPERTY = ResourceFactory.createProperty("http://vivoweb.org/ontology/core#linkedAuthor");
|
||||
|
||||
public String toString(){
|
||||
return "SelfEditingPolicy " + hashCode()
|
||||
+ " nspaces: " + prohibitedNs.size() + " prohibited Props: "
|
||||
|
|
@ -472,4 +525,6 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
|
|||
public static void setDefaultFailure( Authorization defaultFail){
|
||||
SelfEditingPolicy.defaultFailure = defaultFail;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -73,10 +73,10 @@ public class SelfEditingPolicySetup implements ServletContextListener {
|
|||
|
||||
public void contextDestroyed(ServletContextEvent sce) { /*nothing*/ }
|
||||
|
||||
public static SelfEditingPolicy makeSelfEditPolicyFromModel( Model model ){
|
||||
public static SelfEditingPolicy makeSelfEditPolicyFromModel( OntModel model ){
|
||||
SelfEditingPolicy pol = null;
|
||||
if( model == null )
|
||||
pol = new SelfEditingPolicy(null,null,null,null);
|
||||
pol = new SelfEditingPolicy(null,null,null,null, null);
|
||||
else{
|
||||
Set<String> prohibitedProps = new HashSet<String>();
|
||||
//ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROPERTY_SELFEDITPROHIBITEDANNOT ) );
|
||||
|
|
@ -92,13 +92,13 @@ public class SelfEditingPolicySetup implements ServletContextListener {
|
|||
}
|
||||
}
|
||||
}
|
||||
pol = new SelfEditingPolicy(prohibitedProps,null,null,null);
|
||||
pol = new SelfEditingPolicy(prohibitedProps,null,null,null,model);
|
||||
}
|
||||
return pol;
|
||||
}
|
||||
|
||||
|
||||
public static void replaceSelfEditing( ServletContext sc, Model model ){
|
||||
public static void replaceSelfEditing( ServletContext sc, OntModel model ){
|
||||
ServletPolicyList.replacePolicy(sc, makeSelfEditPolicyFromModel(model));
|
||||
}
|
||||
}
|
||||
|
|
@ -44,6 +44,10 @@ public class DropDataPropStmt implements RequestedAction {
|
|||
return RequestActionConstants.actionNamespace + this.getClass().getName();
|
||||
}
|
||||
|
||||
public String toString(){
|
||||
return "DropDataPropStmt <"+dataPropStmt.getIndividualURI()+"> <"+dataPropStmt.getDatapropURI()+">" ;
|
||||
}
|
||||
|
||||
/*
|
||||
* TODO: needs to be fixed to work with lang/datatype literals
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -13,4 +13,7 @@ public abstract class SingleParameterAction implements RequestedAction {
|
|||
this.subjectUri = subjectUri;
|
||||
}
|
||||
|
||||
public String toString(){
|
||||
return this.getClass().getName() + " <"+subjectUri+">";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,4 +33,9 @@ public abstract class ThreeParameterAction implements RequestedAction{
|
|||
public void setUriOfSubject(String uriOfSubject) {
|
||||
this.uriOfSubject = uriOfSubject;
|
||||
}
|
||||
|
||||
public String toString(){
|
||||
return this.getClass().getName() +
|
||||
" <" + uriOfSubject + "> <" + uriOfPredicate + "> <" + uriOfObject + ">";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ import javax.servlet.ServletContext;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import com.hp.hpl.jena.rdf.model.Model;
|
||||
import com.hp.hpl.jena.ontology.OntModel;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.EditProcessObject;
|
||||
import edu.cornell.mannlib.vedit.listener.ChangeListener;
|
||||
|
|
@ -28,7 +28,7 @@ public class EditProhibitionListener implements ChangeListener {
|
|||
|
||||
public void doDeleted(Object oldObj, EditProcessObject epo) {
|
||||
Property p = (Property) oldObj;
|
||||
Model model = (Model) context.getAttribute("jenaOntModel");
|
||||
OntModel model = (OntModel) context.getAttribute("jenaOntModel");
|
||||
BaseResourceBean.RoleLevel oldRoleLevel = p.getProhibitedFromUpdateBelowRoleLevel();
|
||||
if (oldRoleLevel != null) {
|
||||
log.debug("replacing all edit prohibition policies after deletion");
|
||||
|
|
@ -57,7 +57,7 @@ public class EditProhibitionListener implements ChangeListener {
|
|||
|
||||
public void doInserted(Object newObj, EditProcessObject epo) {
|
||||
Property p = (Property) newObj;
|
||||
Model model = (Model) context.getAttribute("jenaOntModel");
|
||||
OntModel model = (OntModel) context.getAttribute("jenaOntModel");
|
||||
BaseResourceBean.RoleLevel newRoleLevel = p.getProhibitedFromUpdateBelowRoleLevel();
|
||||
if (newRoleLevel != null) { // note have to replace even at same level since may have been unspecified
|
||||
if (newRoleLevel.compareTo(BaseResourceBean.RoleLevel.SELF)==0) {
|
||||
|
|
@ -91,7 +91,7 @@ public class EditProhibitionListener implements ChangeListener {
|
|||
public void doUpdated(Object oldObj, Object newObj, EditProcessObject epo) {
|
||||
Property oldP = (Property) oldObj;
|
||||
Property newP = (Property) newObj;
|
||||
Model model = (Model) context.getAttribute("jenaOntModel");
|
||||
OntModel model = (OntModel) context.getAttribute("jenaOntModel");
|
||||
BaseResourceBean.RoleLevel oldRoleLevel = oldP.getProhibitedFromUpdateBelowRoleLevel();
|
||||
BaseResourceBean.RoleLevel newRoleLevel = newP.getProhibitedFromUpdateBelowRoleLevel();
|
||||
if (newRoleLevel != null) { // will always be true since select box has no non-empty choices
|
||||
|
|
|
|||
|
|
@ -303,7 +303,7 @@ public class PropertyEditLinks extends TagSupport{
|
|||
|
||||
protected LinkStruct[] doDataPropStmt(DataPropertyStatement dpropStmt, EditLinkAccess[] allowedAccessTypeArray, String contextPath) {
|
||||
if( allowedAccessTypeArray == null || dpropStmt == null || allowedAccessTypeArray.length == 0 ) {
|
||||
log.info("null or empty access type array in doDataPropStmt for "+dpropStmt.getDatapropURI());
|
||||
log.debug("null or empty access type array in doDataPropStmt for "+dpropStmt.getDatapropURI());
|
||||
return empty_array;
|
||||
}
|
||||
LinkStruct[] links = new LinkStruct[2];
|
||||
|
|
@ -432,7 +432,7 @@ public class PropertyEditLinks extends TagSupport{
|
|||
|
||||
protected LinkStruct[] doObjPropStmt(ObjectPropertyStatement opropStmt, EditLinkAccess[] allowedAccessTypeArray, String contextPath) {
|
||||
if( allowedAccessTypeArray == null || opropStmt == null || allowedAccessTypeArray.length == 0 ) {
|
||||
log.info("null or empty access type array in doObjPropStmt for "+opropStmt.getPropertyURI());
|
||||
log.debug("null or empty access type array in doObjPropStmt for "+opropStmt.getPropertyURI());
|
||||
return empty_array;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
|
|||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
policy = new SelfEditingPolicy(null,null,null,null);
|
||||
policy = new SelfEditingPolicy(null,null,null,null,null);
|
||||
|
||||
|
||||
ids = new ArrayIdentifierBundle();
|
||||
|
|
@ -92,7 +92,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
|
|||
badProps.add("http://mannlib.cornell.edu/bad#prp333");
|
||||
badProps.add("http://mannlib.cornell.edu/bad#prp777");
|
||||
badProps.add("http://mannlib.cornell.edu/bad#prp0020");
|
||||
SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps,null,null,null);
|
||||
SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps,null,null,null,null);
|
||||
|
||||
RequestedAction whatToAuth = new AddObjectPropStmt(
|
||||
SELFEDITOR_URI,"http://mannlib.cornell.edu/bad#prp234" ,SAFE_RESOURCE);
|
||||
|
|
@ -184,7 +184,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
|
|||
public void testForbiddenMoniker(){
|
||||
Set<String> badProps = new HashSet<String>();
|
||||
badProps.add(VitroVocabulary.MONIKER);
|
||||
SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps,null,null,null);
|
||||
SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps,null,null,null,null);
|
||||
|
||||
RequestedAction whatToAuth = null;
|
||||
|
||||
|
|
@ -212,7 +212,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
|
|||
|
||||
//try where moniker is permitted
|
||||
badProps = new HashSet<String>();
|
||||
badPropPolicy = new SelfEditingPolicy(badProps,null,null,null);
|
||||
badPropPolicy = new SelfEditingPolicy(badProps,null,null,null,null);
|
||||
|
||||
whatToAuth = new AddDataPropStmt(
|
||||
SELFEDITOR_URI, VitroVocabulary.MONIKER ,"somevalue", null, null);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue