diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicy.java index 034baced5..b0478d76a 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicy.java @@ -45,6 +45,7 @@ public class InformationResourceEditingPolicy extends BaseSelfEditingPolicy + "informationResourceInAuthorship"; private static final String URI_LINKED_AUTHOR_PROPERTY = NS_CORE + "linkedAuthor"; + private static final String URI_FEATURES_PROPERTY = NS_CORE + "features"; private final OntModel model; @@ -85,7 +86,8 @@ public class InformationResourceEditingPolicy extends BaseSelfEditingPolicy /** * The user can edit a data property if it is not restricted and if it is - * about an information resource which he authored or edited. + * about an information resource which he authored or edited, or in which he + * is featured. */ private PolicyDecision isAuthorizedForDataPropertyAction( List userUris, AbstractDataPropertyAction action) { @@ -106,6 +108,9 @@ public class InformationResourceEditingPolicy extends BaseSelfEditingPolicy if (anyUrisInCommon(userUris, getUrisOfAuthors(subject))) { return authorizedSubjectAuthor(); } + if (anyUrisInCommon(userUris, getUrisOfFeatured(subject))) { + return authorizedSubjectFeatured(); + } } return userNotAuthorizedToStatement(); @@ -113,7 +118,8 @@ public class InformationResourceEditingPolicy extends BaseSelfEditingPolicy /** * The user can edit an object property if it is not restricted and if it is - * about an information resource which he authored or edited. + * about an information resource which he authored or edited, or in which he + * is featured. */ private PolicyDecision isAuthorizedForObjectPropertyAction( List userUris, AbstractObjectPropertyAction action) { @@ -138,6 +144,9 @@ public class InformationResourceEditingPolicy extends BaseSelfEditingPolicy if (anyUrisInCommon(userUris, getUrisOfAuthors(subject))) { return authorizedSubjectAuthor(); } + if (anyUrisInCommon(userUris, getUrisOfFeatured(subject))) { + return authorizedSubjectFeatured(); + } } if (isInformationResource(object)) { @@ -147,6 +156,9 @@ public class InformationResourceEditingPolicy extends BaseSelfEditingPolicy if (anyUrisInCommon(userUris, getUrisOfAuthors(object))) { return authorizedObjectAuthor(); } + if (anyUrisInCommon(userUris, getUrisOfFeatured(object))) { + return authorizedObjectFeatured(); + } } return userNotAuthorizedToStatement(); @@ -224,6 +236,28 @@ public class InformationResourceEditingPolicy extends BaseSelfEditingPolicy } } + private List getUrisOfFeatured(String infoResourceUri) { + List list = new ArrayList(); + + Selector selector = createSelector(infoResourceUri, + URI_FEATURES_PROPERTY, null); + + StmtIterator stmts = null; + model.enterCriticalSection(Lock.READ); + try { + stmts = model.listStatements(selector); + while (stmts.hasNext()) { + list.add(stmts.next().getObject().toString()); + } + return list; + } finally { + if (stmts != null) { + stmts.close(); + } + model.leaveCriticalSection(); + } + } + /** Note that we must already be in a critical section! */ private List getUrisOfAuthors(Resource authorship) { List list = new ArrayList(); @@ -287,4 +321,12 @@ public class InformationResourceEditingPolicy extends BaseSelfEditingPolicy private PolicyDecision authorizedObjectAuthor() { return authorizedDecision("User is author of the object of the statement"); } + + private PolicyDecision authorizedSubjectFeatured() { + return authorizedDecision("User is featured in the subject of the statement"); + } + + private PolicyDecision authorizedObjectFeatured() { + return authorizedDecision("User is featured in the object of the statement"); + } } diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicyTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicyTest.java index 94a1534f5..b18fe7622 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicyTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicyTest.java @@ -4,6 +4,7 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy; import static edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization.AUTHORIZED; import static edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization.INCONCLUSIVE; +import static org.junit.Assert.*; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; @@ -84,9 +85,13 @@ public class InformationResourceEditingPolicyTest extends AbstractTestClass { + "bozoWroteIt"; private static final String URI_BOZO_EDITED_IT = NS_PERMITTED + "bozoEditedIt"; + private static final String URI_BOZO_FEATURED_IN_IT = NS_PERMITTED + + "bozoFeaturedInIt"; private static final String URI_JOE_WROTE_IT = NS_PERMITTED + "joeWroteIt"; private static final String URI_JOE_EDITED_IT = NS_PERMITTED + "joeEditedIt"; + private static final String URI_JOE_FEATURED_IN_IT = NS_PERMITTED + + "joeFeaturedInIt"; private static OntModel ontModel; @@ -199,7 +204,7 @@ public class InformationResourceEditingPolicyTest extends AbstractTestClass { } @Test - public void dataPropSubjectIsInfoResourceButNoAuthorsOrEditors() { + public void dataPropSubjectIsInfoResourceButNoAuthorsOrEditorsOrFeatured() { action = new AddDataPropStmt(URI_NOBODY_WROTE_IT, URI_PERMITTED_PREDICATE, "junk", null, null); assertDecision(INCONCLUSIVE, policy.isAuthorized(idJoe, action)); @@ -220,6 +225,13 @@ public class InformationResourceEditingPolicyTest extends AbstractTestClass { assertDecision(INCONCLUSIVE, policy.isAuthorized(idJoe, action)); } + @Test + public void dataPropSubjectIsInfoResourceButWrongFeatured() { + action = new AddDataPropStmt(URI_BOZO_FEATURED_IN_IT, + URI_PERMITTED_PREDICATE, "junk", null, null); + assertDecision(INCONCLUSIVE, policy.isAuthorized(idJoe, action)); + } + @Test public void dataPropSubjectIsInfoResourceWithSelfEditingAuthor() { action = new AddDataPropStmt(URI_JOE_WROTE_IT, URI_PERMITTED_PREDICATE, @@ -236,6 +248,14 @@ public class InformationResourceEditingPolicyTest extends AbstractTestClass { assertDecision(AUTHORIZED, policy.isAuthorized(idBozoAndJoe, action)); } + @Test + public void dataPropSubjectIsInfoResourceWithSelfEditingFeatured() { + action = new AddDataPropStmt(URI_JOE_FEATURED_IN_IT, + URI_PERMITTED_PREDICATE, "junk", null, null); + assertDecision(AUTHORIZED, policy.isAuthorized(idJoe, action)); + assertDecision(AUTHORIZED, policy.isAuthorized(idBozoAndJoe, action)); + } + @Test public void objectPropSubjectIsRestricted() { action = new AddObjectPropStmt(URI_RESTRICTED_RESOURCE, @@ -272,7 +292,7 @@ public class InformationResourceEditingPolicyTest extends AbstractTestClass { } @Test - public void objectPropSubjectIsInfoResourceButNoAuthorsOrEditors() { + public void objectPropSubjectIsInfoResourceButNoAuthorsOrEditorsOrFeatured() { action = new AddObjectPropStmt(URI_NOBODY_WROTE_IT, URI_PERMITTED_PREDICATE, URI_PERMITTED_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(idJoe, action)); @@ -293,6 +313,13 @@ public class InformationResourceEditingPolicyTest extends AbstractTestClass { assertDecision(INCONCLUSIVE, policy.isAuthorized(idJoe, action)); } + @Test + public void objectPropSubjectIsInfoResourceButWrongFeatured() { + action = new AddObjectPropStmt(URI_BOZO_FEATURED_IN_IT, + URI_PERMITTED_PREDICATE, URI_PERMITTED_RESOURCE); + assertDecision(INCONCLUSIVE, policy.isAuthorized(idJoe, action)); + } + @Test public void objectPropSubjectIsInfoResourceWithSelfEditingAuthor() { action = new AddObjectPropStmt(URI_JOE_WROTE_IT, @@ -309,6 +336,14 @@ public class InformationResourceEditingPolicyTest extends AbstractTestClass { assertDecision(AUTHORIZED, policy.isAuthorized(idBozoAndJoe, action)); } + @Test + public void objectPropSubjectIsInfoResourceWithSelfEditingFeatured() { + action = new AddObjectPropStmt(URI_JOE_FEATURED_IN_IT, + URI_PERMITTED_PREDICATE, URI_PERMITTED_RESOURCE); + assertDecision(AUTHORIZED, policy.isAuthorized(idJoe, action)); + assertDecision(AUTHORIZED, policy.isAuthorized(idBozoAndJoe, action)); + } + @Test public void objectPropObjectIsInfoResourcebutNobodyIsSelfEditing() { action = new AddObjectPropStmt(URI_PERMITTED_RESOURCE, @@ -338,6 +373,13 @@ public class InformationResourceEditingPolicyTest extends AbstractTestClass { assertDecision(INCONCLUSIVE, policy.isAuthorized(idJoe, action)); } + @Test + public void objectPropObjectIsInfoResourceButWrongFeatured() { + action = new AddObjectPropStmt(URI_PERMITTED_RESOURCE, + URI_PERMITTED_PREDICATE, URI_BOZO_FEATURED_IN_IT); + assertDecision(INCONCLUSIVE, policy.isAuthorized(idJoe, action)); + } + @Test public void objectPropObjectIsInfoResourceWithSelfEditingAuthor() { action = new AddObjectPropStmt(URI_PERMITTED_RESOURCE, @@ -354,6 +396,14 @@ public class InformationResourceEditingPolicyTest extends AbstractTestClass { assertDecision(AUTHORIZED, policy.isAuthorized(idBozoAndJoe, action)); } + @Test + public void objectPropObjectIsInfoResourceWithSelfEditingFeatured() { + action = new AddObjectPropStmt(URI_PERMITTED_RESOURCE, + URI_PERMITTED_PREDICATE, URI_JOE_FEATURED_IN_IT); + assertDecision(AUTHORIZED, policy.isAuthorized(idJoe, action)); + assertDecision(AUTHORIZED, policy.isAuthorized(idBozoAndJoe, action)); + } + // ---------------------------------------------------------------------- // helper methods // ---------------------------------------------------------------------- diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/resources/InformationResourceEditingPolicyTest.n3 b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/resources/InformationResourceEditingPolicyTest.n3 index b08ae21d0..39be6f576 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/resources/InformationResourceEditingPolicyTest.n3 +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/resources/InformationResourceEditingPolicyTest.n3 @@ -86,6 +86,19 @@ mydomain:bozoEditedIt bib:editor mydomain:bozo ; . +# +# info resource with Bozo featured +# +mydomain:bozoFeaturedInIt + a core:BlogPosting ; + a core:InformationResource ; + a bib:Article ; + a bib:Document ; + a owl:Thing ; + rdfs:label "Bozo is featured" ; + core:features mydomain:bozo ; + . + # # info resource with Joe as author # @@ -119,3 +132,16 @@ mydomain:joeEditedIt rdfs:label "Joe is editor" ; bib:editor mydomain:joe ; . + +# +# info resource with Joe featured +# +mydomain:joeFeaturedInIt + a core:BlogPosting ; + a core:InformationResource ; + a bib:Article ; + a bib:Document ; + a owl:Thing ; + rdfs:label "Joe is featured" ; + core:features mydomain:joe ; + .