diff --git a/webapp/config/web.xml b/webapp/config/web.xml index 773c9a1bc..a049e239d 100644 --- a/webapp/config/web.xml +++ b/webapp/config/web.xml @@ -163,12 +163,6 @@ - - edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerSetup diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/SelfEditingIdentifierFactory.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/SelfEditingIdentifierFactory.java deleted file mode 100644 index 5807e9ce7..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/SelfEditingIdentifierFactory.java +++ /dev/null @@ -1,363 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.identifier; - -import java.io.File; -import java.io.FileFilter; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; - -import javax.servlet.ServletContext; -import javax.servlet.ServletRequest; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import com.hp.hpl.jena.query.Query; -import com.hp.hpl.jena.query.QueryExecution; -import com.hp.hpl.jena.query.QueryExecutionFactory; -import com.hp.hpl.jena.query.QueryFactory; -import com.hp.hpl.jena.query.QuerySolution; -import com.hp.hpl.jena.query.ResultSet; -import com.hp.hpl.jena.rdf.model.Literal; -import com.hp.hpl.jena.rdf.model.Model; -import com.hp.hpl.jena.rdf.model.RDFNode; -import com.hp.hpl.jena.rdf.model.Resource; - -import edu.cornell.mannlib.vedit.beans.LoginStatusBean; -import edu.cornell.mannlib.vitro.webapp.beans.Individual; -import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration; -import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao; -import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory; - -/** - * Attempts to pull a NetId and a SelfEditing identifier from the externally - * authorized username. - */ -public class SelfEditingIdentifierFactory implements IdentifierBundleFactory { - private static final Log log = LogFactory.getLog(SelfEditingIdentifierFactory.class); - - private static final int MAXIMUM_USERNAME_LENGTH = 100; - - @Override - public IdentifierBundle getIdentifierBundle(ServletRequest request, - HttpSession session, ServletContext context) { - if (!(request instanceof HttpServletRequest)) { - log.debug("request is null or not an HttpServletRequest"); - return null; - } - HttpServletRequest req = (HttpServletRequest) request; - log.debug("request is for " + req.getRequestURI()); - - NetId netId = figureNetId(req); - SelfEditing selfId = figureSelfEditingId(req); - - return buildIdentifierBundle(netId, selfId); - } - - /** - * If the user is externally authorized, create a NetId identifier. - */ - private NetId figureNetId(HttpServletRequest req) { - LoginStatusBean bean = LoginStatusBean.getBean(req); - String username = bean.getUsername(); - - if (!bean.isLoggedIn()) { - log.debug("No NetId: not logged in."); - return null; - } - - if (isEmpty(username)) { - log.debug("No NetId: username is empty."); - return null; - } - - if (!bean.hasExternalAuthentication()) { - log.debug("No NetId: user '" + bean.getUsername() + - "' did not use external authentication."); - return null; - } - - if (username.length() > MAXIMUM_USERNAME_LENGTH) { - log.info("The external username is longer than " + MAXIMUM_USERNAME_LENGTH - + " chars; this may be a malicious request"); - return null; - } - - return new NetId(username); - } - - /** - * If the authorized username is associated with an Individual in the model, - * create a SelfEditing identifier. - */ - private SelfEditing figureSelfEditingId(HttpServletRequest req) { - LoginStatusBean bean = LoginStatusBean.getBean(req); - String username = bean.getUsername(); - - if (!bean.isLoggedIn()) { - log.debug("No SelfEditing: not logged in."); - return null; - } - - if (isEmpty(username)) { - log.debug("No SelfEditing: username is empty."); - return null; - } - - HttpSession session = req.getSession(false); - if (session == null) { - log.debug("No SelfEditing: session is null."); - return null; - } - - ServletContext context = session.getServletContext(); - WebappDaoFactory wdf = (WebappDaoFactory) context - .getAttribute("webappDaoFactory"); - if (wdf == null) { - log.error("Could not get a WebappDaoFactory from the ServletContext"); - return null; - } - - IndividualDao indDao = wdf.getIndividualDao(); - - SelfEditingConfiguration sec = SelfEditingConfiguration.getBean(req); - String uri = sec.getIndividualUriFromUsername(indDao, username); - if (uri == null) { - log.debug("Could not find an Individual with a netId of " - + username); - return null; - } - - Individual ind = indDao.getIndividualByURI(uri); - if (ind == null) { - log.warn("Found a URI for the netId " + username - + " but could not build Individual"); - return null; - } - - log.debug("Found an Individual for netId " + username + " URI: " + uri); - String blacklisted = checkForBlacklisted(ind, context); - return new SelfEditing(ind, blacklisted, false); - } - - /** - * Create a bundle that holds the identifiers we created, or null if we - * didn't create any. - */ - private IdentifierBundle buildIdentifierBundle(NetId netId, - SelfEditing selfId) { - if (netId == null && selfId == null) { - log.debug("no self-editing IDs in the session"); - return null; - } - - IdentifierBundle idb = new ArrayIdentifierBundle(); - if (netId != null) { - idb.add(netId); - log.debug("added NetId from session: " + netId); - } - if (selfId != null) { - idb.add(selfId); - log.debug("added SelfEditing from Session: " + selfId); - } - return idb; - } - - private boolean isEmpty(String string) { - return (string == null || string.isEmpty()); - } - - // ---------------------------------------------------------------------- - // static utility methods - // ---------------------------------------------------------------------- - - public static final String NOT_BLACKLISTED = null; - private final static String BLACKLIST_SPARQL_DIR = "/admin/selfEditBlacklist"; - - /** - * Runs through .sparql files in the BLACKLIST_SPARQL_DIR, the first that returns one - * or more rows will be cause the user to be blacklisted. The first variable from - * the first solution set will be returned. - */ - public static String checkForBlacklisted(Individual ind, ServletContext context) { - if( ind == null || context == null ) { - log.error("could not check for Blacklist, null individual or context"); - return NOT_BLACKLISTED; - } - String realPath = context.getRealPath(BLACKLIST_SPARQL_DIR); - File blacklistDir = new File(realPath ); - if( !blacklistDir.exists()){ - log.debug("could not find blacklist directory " + realPath); - return NOT_BLACKLISTED; - } - if( ! blacklistDir.canRead() || ! blacklistDir.isDirectory() ){ - log.debug("cannot read blacklist directory " + realPath); - return NOT_BLACKLISTED; - } - - log.debug("checking directlry " + realPath + " for blacklisting sparql query files"); - File[] files = blacklistDir.listFiles(new FileFilter(){ - @Override - public boolean accept(File pathname) { - return pathname.getName().endsWith(".sparql"); - }} - ); - - String reasonForBlacklist = NOT_BLACKLISTED; - for( File file : files ){ - try{ - reasonForBlacklist = runSparqlFileForBlacklist( file, ind, context); - if( reasonForBlacklist != NOT_BLACKLISTED ) - break; - }catch(RuntimeException ex){ - log.error("Could not run blacklist check query for file " + - file.getAbsolutePath() + File.separatorChar + file.getName(), - ex); - } - } - return reasonForBlacklist; - } - - /** - * Runs the SPARQL query in the file with the uri of the individual - * substituted in. If there are any solution sets, then the URI of - * the variable named "cause" will be returned, make sure that it is a - * resource with a URI. Otherwise null will be returned. - * The URI of ind will be substituted into the query where ever the - * token "?individualURI" is found. - */ - private static String runSparqlFileForBlacklist - (File file, Individual ind, ServletContext context) - { - if( !file.canRead() ){ - log.debug("cannot read blacklisting SPARQL file " + file.getName()); - return NOT_BLACKLISTED; - } - String queryString = null; - FileInputStream fis = null; - try{ - fis = new FileInputStream(file); - byte b[]= new byte[fis.available()]; - fis.read(b); - queryString = new String(b); - }catch( FileNotFoundException fnfe){ - log.debug(fnfe); - return NOT_BLACKLISTED; - }catch( IOException ioe){ - log.debug(ioe); - return NOT_BLACKLISTED; - }finally{ - try { - fis.close(); - } catch (IOException e) { - log.warn("could not close file", e); - } - } - - if( queryString == null || queryString.length() == 0 ){ - log.debug(file.getName() + " is empty"); - return NOT_BLACKLISTED; - } - Model model = (Model)context.getAttribute("jenaOntModel"); - // VitroRequest request = new VitroRequest(req); - // Dataset dataset = request.getDataset(); - - queryString = queryString.replaceAll("\\?individualURI", "<" + ind.getURI() + ">"); - log.debug(queryString); - Query query = QueryFactory.create(queryString); - QueryExecution qexec = QueryExecutionFactory.create(query,model); - try{ - ResultSet results = qexec.execSelect(); - while(results.hasNext()){ - QuerySolution solution = results.nextSolution(); - if( solution.contains("cause") ){ - RDFNode node = solution.get("cause"); - if( node.canAs( Resource.class ) ){ - Resource x = solution.getResource("cause"); - return x.getURI(); - }else if( node.canAs(Literal.class)){ - Literal x = (Literal)node.as(Literal.class); - return x.getString(); - } - }else{ - log.error("Query solution must contain a variable \"cause\" of type Resource or Literal."); - return null; - } - } - }finally{ qexec.close(); } - return null; - } - - public static SelfEditing getSelfEditingIdentifier( IdentifierBundle whoToAuth ){ - if( whoToAuth == null ) return null; - for(Identifier id : whoToAuth){ - if (id instanceof SelfEditing) - return (SelfEditing)id; - } - return null; - } - - public static String getSelfEditingUri( IdentifierBundle whoToAuth){ - SelfEditing sid = getSelfEditingIdentifier(whoToAuth); - if( sid != null ) - return sid.getValue(); - else - return null; - } - - // ---------------------------------------------------------------------- - // Helper classes - // ---------------------------------------------------------------------- - - public static class NetId implements Identifier{ - public final String value; - public NetId(String value){ - this.value = value; - } - public String getValue(){return value;} - public String toString(){ return "NetID: " + value;} - } - - - /** - * An identifier with the Individual that represents the human self-editor. - */ - public static class SelfEditing implements Identifier{ - final Individual individual; - final String blacklisted; - final boolean faked; //if this is true it was setup by FakeSeflEditingIdentifierFactory - - public SelfEditing ( Individual individual, String blacklisted ){ - this(individual,blacklisted,false); - } - - public SelfEditing ( Individual individual, String blacklisted, boolean faked){ - if( individual == null ) - throw new IllegalArgumentException("Individual must not be null"); - this.individual = individual; - this.blacklisted = blacklisted; - this.faked = faked; - } - public String getValue(){ - return individual.getURI(); - } - public Individual getIndividual(){ - return individual; - } - public String getBlacklisted(){ - return blacklisted; - } - public String toString(){ - return "SelfEditing as " + getValue() + - (getBlacklisted()!=null? " blacklisted via " + getBlacklisted():""); - } - public boolean isFake() { - return faked; - } - } - -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java index 8735456ff..c1d394e00 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java @@ -14,6 +14,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.CommonIdentifierB import edu.cornell.mannlib.vitro.webapp.auth.policy.DisplayRestrictedDataByRoleLevelPolicy; import edu.cornell.mannlib.vitro.webapp.auth.policy.DisplayRestrictedDataToSelfPolicy; import edu.cornell.mannlib.vitro.webapp.auth.policy.EditRestrictedDataByRoleLevelPolicy; +import edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy; import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; import edu.cornell.mannlib.vitro.webapp.auth.policy.UseRestrictedPagesByRoleLevelPolicy; import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup; @@ -43,6 +44,8 @@ public class CommonPolicyFamilySetup implements ServletContextListener { ServletPolicyList.addPolicy(ctx, new UseRestrictedPagesByRoleLevelPolicy()); + ServletPolicyList.addPolicy(ctx, new SelfEditingPolicy(ctx)); + // This factory creates Identifiers for all of the above policies. CommonIdentifierBundleFactory factory = new CommonIdentifierBundleFactory( ctx); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetup.java deleted file mode 100644 index d513e971d..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetup.java +++ /dev/null @@ -1,65 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.policy.setup; - -import javax.servlet.ServletContext; -import javax.servlet.ServletContextEvent; -import javax.servlet.ServletContextListener; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory; -import edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; -import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup; - -/** - * Policy for SelfEditors. This will set up the self-editing policy which will - * will look for SelfEditing identifier in the IdentifierBundle. If the user is - * associated with a URI in the system then they will be allowed to edit - * resources related to that URI. - * - * To use this add it as a listener to the web.xml. - */ -public class SelfEditingPolicySetup implements ServletContextListener { - private static final Log log = LogFactory - .getLog(SelfEditingPolicySetup.class.getName()); - public static final String SELF_EDITING_POLICY_WAS_SETUP = "selfEditingPolicyWasSetup"; - - @Override - public void contextInitialized(ServletContextEvent sce) { - ServletContext ctx = sce.getServletContext(); - - if (AbortStartup.isStartupAborted(ctx)) { - return; - } - - try { - log.debug("Setting up SelfEditingPolicy"); - - // need to make a policy and add it to the ServletContext - SelfEditingPolicy cep = new SelfEditingPolicy(ctx); - ServletPolicyList.addPolicy(ctx, cep); - - // need to put an IdentifierFactory for SelfEditingIds into the - // ServletContext - ActiveIdentifierBundleFactories.addFactory(sce, - new SelfEditingIdentifierFactory()); - - sce.getServletContext().setAttribute(SELF_EDITING_POLICY_WAS_SETUP, - Boolean.TRUE); - - log.debug("Finished setting up SelfEditingPolicy: " + cep); - } catch (Exception e) { - log.error("could not run SelfEditingPolicySetup: " + e); - AbortStartup.abortStartup(ctx); - throw new RuntimeException(e); - } - } - - @Override - public void contextDestroyed(ServletContextEvent sce) { /* nothing */ - } -} \ No newline at end of file diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserRetryController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserRetryController.java index a64ff5996..36d5d7c6f 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserRetryController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserRetryController.java @@ -27,7 +27,6 @@ import edu.cornell.mannlib.vedit.listener.ChangeListener; import edu.cornell.mannlib.vedit.util.FormUtils; import edu.cornell.mannlib.vedit.validator.ValidationObject; import edu.cornell.mannlib.vedit.validator.Validator; -import edu.cornell.mannlib.vitro.webapp.auth.policy.setup.SelfEditingPolicySetup; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.ManageUserAccounts; import edu.cornell.mannlib.vitro.webapp.beans.User; diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetupTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java similarity index 95% rename from webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetupTest.java rename to webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java index 9b12d4598..e6bd402df 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetupTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java @@ -1,310 +1,310 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.policy.setup; - -import java.io.InputStream; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.log4j.Level; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; - -import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelperStub; -import stubs.javax.servlet.ServletContextStub; - -import com.hp.hpl.jena.ontology.OntModel; -import com.hp.hpl.jena.rdf.model.ModelFactory; -import com.hp.hpl.jena.rdf.model.impl.RDFDefaultErrorHandler; - -import edu.cornell.mannlib.vitro.testing.AbstractTestClass; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasAssociatedIndividual; -import edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy; -import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt; -import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; -import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl; -import edu.cornell.mannlib.vitro.webapp.beans.Individual; -import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl; -import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; - -public class SelfEditingPolicySetupTest extends AbstractTestClass { - private static final Log log = LogFactory - .getLog(SelfEditingPolicySetupTest.class); - - /** We may edit objects in this arbitrary namespace. */ - private static final String SAFE_NS = "http://test.mannlib.cornell.edu/ns/01#"; - - /** We are not allowed to edit objects in the administrative namespace. */ - private static final String ADMIN_NS = VitroVocabulary.vitroURI; - - /** The URI of a SelfEditor. */ - private static final String SELFEDITOR_URI = SAFE_NS + "individual000"; - - /** Some things that are safe to edit. */ - private static final String SAFE_RESOURCE = SAFE_NS + "individual123"; - private static final String SAFE_PREDICATE = SAFE_NS + "hasHairStyle"; - - /** Some things that are not safe to edit. */ - private static final String ADMIN_RESOURCE = ADMIN_NS + "individual666"; - private static final String ADMIN_PREDICATE_1 = ADMIN_NS + "hasSuperPowers"; - private static final String ADMIN_PREDICATE_2 = ADMIN_NS + "mayPrintMoney"; - private static final String ADMIN_PREDICATE_3 = ADMIN_NS - + "getsOutOfJailFree"; - private static final String ADMIN_PREDICATE_4 = ADMIN_NS + "canDeleteModel"; - - /** The policy we are testing. */ - SelfEditingPolicy policy; - - /** A SelfEditing individual identifier. */ - Individual seIndividual; - - /** A bundle that contains a SelfEditing individual. */ - IdentifierBundle ids; - - @Before - public void setUp() throws Exception { - InputStream is = getClass().getResourceAsStream( - "./SelfEditingPolicySetupTest.xml"); - Assert.assertNotNull(is); - - // suppress the warning messages from loading the model. - setLoggerLevel(RDFDefaultErrorHandler.class, Level.OFF); - - OntModel model = ModelFactory.createOntologyModel(); - model.read(is, ""); - Assert.assertNotNull(model); - Assert.assertTrue(model.size() > 0); - - ServletContextStub ctx = new ServletContextStub(); - PropertyRestrictionPolicyHelper.setBean(ctx, - PropertyRestrictionPolicyHelperStub - .getInstance(new String[] { ADMIN_NS })); - - policy = new SelfEditingPolicy(ctx); - Assert.assertNotNull(policy); - - seIndividual = new IndividualImpl(); - seIndividual.setURI(SELFEDITOR_URI); - - ids = new ArrayIdentifierBundle(); - ids.add(new HasAssociatedIndividual(SELFEDITOR_URI)); - - // setLoggerLevel(SelfEditingPolicySetupTest.class, Level.DEBUG); - } - - // ---------------------------------------------------------------------- - // General tests - // ---------------------------------------------------------------------- - - @Test - public void nullRequestedAction() { - PolicyDecision dec = policy.isAuthorized(ids, null); - Assert.assertNotNull(dec); - Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized()); - } - - @Test - public void nullIdentifierBundle() { - AddObjectPropStmt whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, - SAFE_PREDICATE, SAFE_RESOURCE); - PolicyDecision dec = policy.isAuthorized(null, whatToAuth); - Assert.assertNotNull(dec); - Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized()); - } - - @Test - public void noSelfEditorIdentifier() { - ids.clear(); - ids.add(new Identifier() { /* empty identifier */ - }); - assertAddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE, - Authorization.INCONCLUSIVE); - } - - // ---------------------------------------------------------------------- - // Tests against AddObjectPropStmt - // ---------------------------------------------------------------------- - - @Test - public void addObjectPropStmtSuccess1() { - assertAddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE, - Authorization.AUTHORIZED); - } - - @Test - public void addObjectPropStmtSuccess2() { - assertAddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI, - Authorization.AUTHORIZED); - } - - @Test - public void addObjectPropStmtUnsafePredicate1() { - assertAddObjectPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_1, - SAFE_RESOURCE, Authorization.INCONCLUSIVE); - } - - @Test - public void addObjectPropStmtUnsafePredicate2() { - assertAddObjectPropStmt(SAFE_RESOURCE, ADMIN_PREDICATE_1, - SELFEDITOR_URI, Authorization.INCONCLUSIVE); - } - - @Test - public void addObjectPropStmtUnsafePredicate3() { - assertAddObjectPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_2, - SAFE_RESOURCE, Authorization.INCONCLUSIVE); - } - - @Test - public void addObjectPropStmtUnsafePredicate4() { - assertAddObjectPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_3, - SAFE_RESOURCE, Authorization.INCONCLUSIVE); - } - - @Test - public void addObjectPropStmtUnsafePredicate5() { - assertAddObjectPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_4, - SAFE_RESOURCE, Authorization.INCONCLUSIVE); - } - - // ---------------------------------------------------------------------- - // Tests against EditObjPropStmt - // ---------------------------------------------------------------------- - - @Test - public void editObjectPropStmtSuccess1() { - assertEditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE, - Authorization.AUTHORIZED); - } - - @Test - public void editObjectPropStmtSuccess2() { - assertEditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI, - Authorization.AUTHORIZED); - } - - @Test - public void editObjectPropStmtEditorNotInvolved() { - // this is the case where the editor is not part of the stmt - assertEditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SAFE_RESOURCE, - Authorization.INCONCLUSIVE); - } - - @Test - public void editObjectPropStmtUnsafeResource() { - assertEditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, ADMIN_RESOURCE, - Authorization.INCONCLUSIVE); - } - - @Test - public void editObjectPropStmtUnsafePredicate1() { - assertEditObjPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_4, SAFE_RESOURCE, - Authorization.INCONCLUSIVE); - } - - @Test - public void editObjectPropStmtUnsafePredicate2() { - assertEditObjPropStmt(SAFE_RESOURCE, ADMIN_PREDICATE_4, SELFEDITOR_URI, - Authorization.INCONCLUSIVE); - } - - @Test - public void editObjectPropStmtUnsafeBoth() { - assertEditObjPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_4, - ADMIN_RESOURCE, Authorization.INCONCLUSIVE); - } - - // ---------------------------------------------------------------------- - // Tests against EditDataPropStmt - // ---------------------------------------------------------------------- - - @Test - public void editDataPropSuccess() { - assertEditDataPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, "junk", - Authorization.AUTHORIZED); - } - - @Test - public void editDataPropUnsafePredicate() { - assertEditDataPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_1, "junk", - Authorization.INCONCLUSIVE); - } - - @Test - public void editDataPropUnsafeResource() { - assertEditDataPropStmt(ADMIN_RESOURCE, SAFE_PREDICATE, null, - Authorization.INCONCLUSIVE); - } - - @Test - public void editDataPropNoCloseRelation() { - assertEditDataPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, null, - Authorization.INCONCLUSIVE); - } - - @Test - public void editDataPropModelProhibited() { - // model prohibited - assertEditDataPropStmt(SAFE_RESOURCE, ADMIN_PREDICATE_1, null, - Authorization.INCONCLUSIVE); - } - - // ------------------------------------------------------------------------ - // Support methods - // ------------------------------------------------------------------------ - - /** - * Create an {@link AddObjectPropStmt}, test it, and compare to expected - * results. - */ - private void assertAddObjectPropStmt(String uriOfSub, String uriOfPred, - String uriOfObj, Authorization expectedAuthorization) { - AddObjectPropStmt whatToAuth = new AddObjectPropStmt(uriOfSub, - uriOfPred, uriOfObj); - PolicyDecision dec = policy.isAuthorized(ids, whatToAuth); - log.debug(dec); - Assert.assertNotNull(dec); - Assert.assertEquals(expectedAuthorization, dec.getAuthorized()); - } - - /** - * Create an {@link EditObjPropStmt}, test it, and compare to expected - * results. - */ - private void assertEditObjPropStmt(String uriOfSub, String uriOfPred, - String uriOfObj, Authorization expectedAuthorization) { - EditObjPropStmt whatToAuth = new EditObjPropStmt(uriOfSub, uriOfPred, - uriOfObj); - PolicyDecision dec = policy.isAuthorized(ids, whatToAuth); - log.debug(dec); - Assert.assertNotNull(dec); - Assert.assertEquals(expectedAuthorization, dec.getAuthorized()); - } - - /** - * Create an {@link EditDataPropStmt}, test it, and compare to expected - * results. - */ - private void assertEditDataPropStmt(String individualURI, - String datapropURI, String data, Authorization expectedAuthorization) { - DataPropertyStatement dps = new DataPropertyStatementImpl(); - dps.setIndividualURI(individualURI); - dps.setDatapropURI(datapropURI); - dps.setData(data); - - EditDataPropStmt whatToAuth = new EditDataPropStmt(dps); - PolicyDecision dec = policy.isAuthorized(ids, whatToAuth); - log.debug(dec); - Assert.assertNotNull(dec); - Assert.assertEquals(expectedAuthorization, dec.getAuthorized()); - } -} +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.auth.policy; + +import java.io.InputStream; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.log4j.Level; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; + +import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelperStub; +import stubs.javax.servlet.ServletContextStub; + +import com.hp.hpl.jena.ontology.OntModel; +import com.hp.hpl.jena.rdf.model.ModelFactory; +import com.hp.hpl.jena.rdf.model.impl.RDFDefaultErrorHandler; + +import edu.cornell.mannlib.vitro.testing.AbstractTestClass; +import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle; +import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; +import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; +import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasAssociatedIndividual; +import edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy; +import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt; +import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl; +import edu.cornell.mannlib.vitro.webapp.beans.Individual; +import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl; +import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; + +public class SelfEditingPolicy_2_Test extends AbstractTestClass { + private static final Log log = LogFactory + .getLog(SelfEditingPolicy_2_Test.class); + + /** We may edit objects in this arbitrary namespace. */ + private static final String SAFE_NS = "http://test.mannlib.cornell.edu/ns/01#"; + + /** We are not allowed to edit objects in the administrative namespace. */ + private static final String ADMIN_NS = VitroVocabulary.vitroURI; + + /** The URI of a SelfEditor. */ + private static final String SELFEDITOR_URI = SAFE_NS + "individual000"; + + /** Some things that are safe to edit. */ + private static final String SAFE_RESOURCE = SAFE_NS + "individual123"; + private static final String SAFE_PREDICATE = SAFE_NS + "hasHairStyle"; + + /** Some things that are not safe to edit. */ + private static final String ADMIN_RESOURCE = ADMIN_NS + "individual666"; + private static final String ADMIN_PREDICATE_1 = ADMIN_NS + "hasSuperPowers"; + private static final String ADMIN_PREDICATE_2 = ADMIN_NS + "mayPrintMoney"; + private static final String ADMIN_PREDICATE_3 = ADMIN_NS + + "getsOutOfJailFree"; + private static final String ADMIN_PREDICATE_4 = ADMIN_NS + "canDeleteModel"; + + /** The policy we are testing. */ + SelfEditingPolicy policy; + + /** A SelfEditing individual identifier. */ + Individual seIndividual; + + /** A bundle that contains a SelfEditing individual. */ + IdentifierBundle ids; + + @Before + public void setUp() throws Exception { + InputStream is = getClass().getResourceAsStream( + "./SelfEditingPolicy_2_Test.xml"); + Assert.assertNotNull(is); + + // suppress the warning messages from loading the model. + setLoggerLevel(RDFDefaultErrorHandler.class, Level.OFF); + + OntModel model = ModelFactory.createOntologyModel(); + model.read(is, ""); + Assert.assertNotNull(model); + Assert.assertTrue(model.size() > 0); + + ServletContextStub ctx = new ServletContextStub(); + PropertyRestrictionPolicyHelper.setBean(ctx, + PropertyRestrictionPolicyHelperStub + .getInstance(new String[] { ADMIN_NS })); + + policy = new SelfEditingPolicy(ctx); + Assert.assertNotNull(policy); + + seIndividual = new IndividualImpl(); + seIndividual.setURI(SELFEDITOR_URI); + + ids = new ArrayIdentifierBundle(); + ids.add(new HasAssociatedIndividual(SELFEDITOR_URI)); + + // setLoggerLevel(SelfEditingPolicySetupTest.class, Level.DEBUG); + } + + // ---------------------------------------------------------------------- + // General tests + // ---------------------------------------------------------------------- + + @Test + public void nullRequestedAction() { + PolicyDecision dec = policy.isAuthorized(ids, null); + Assert.assertNotNull(dec); + Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized()); + } + + @Test + public void nullIdentifierBundle() { + AddObjectPropStmt whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, + SAFE_PREDICATE, SAFE_RESOURCE); + PolicyDecision dec = policy.isAuthorized(null, whatToAuth); + Assert.assertNotNull(dec); + Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized()); + } + + @Test + public void noSelfEditorIdentifier() { + ids.clear(); + ids.add(new Identifier() { /* empty identifier */ + }); + assertAddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE, + Authorization.INCONCLUSIVE); + } + + // ---------------------------------------------------------------------- + // Tests against AddObjectPropStmt + // ---------------------------------------------------------------------- + + @Test + public void addObjectPropStmtSuccess1() { + assertAddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE, + Authorization.AUTHORIZED); + } + + @Test + public void addObjectPropStmtSuccess2() { + assertAddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI, + Authorization.AUTHORIZED); + } + + @Test + public void addObjectPropStmtUnsafePredicate1() { + assertAddObjectPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_1, + SAFE_RESOURCE, Authorization.INCONCLUSIVE); + } + + @Test + public void addObjectPropStmtUnsafePredicate2() { + assertAddObjectPropStmt(SAFE_RESOURCE, ADMIN_PREDICATE_1, + SELFEDITOR_URI, Authorization.INCONCLUSIVE); + } + + @Test + public void addObjectPropStmtUnsafePredicate3() { + assertAddObjectPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_2, + SAFE_RESOURCE, Authorization.INCONCLUSIVE); + } + + @Test + public void addObjectPropStmtUnsafePredicate4() { + assertAddObjectPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_3, + SAFE_RESOURCE, Authorization.INCONCLUSIVE); + } + + @Test + public void addObjectPropStmtUnsafePredicate5() { + assertAddObjectPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_4, + SAFE_RESOURCE, Authorization.INCONCLUSIVE); + } + + // ---------------------------------------------------------------------- + // Tests against EditObjPropStmt + // ---------------------------------------------------------------------- + + @Test + public void editObjectPropStmtSuccess1() { + assertEditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE, + Authorization.AUTHORIZED); + } + + @Test + public void editObjectPropStmtSuccess2() { + assertEditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI, + Authorization.AUTHORIZED); + } + + @Test + public void editObjectPropStmtEditorNotInvolved() { + // this is the case where the editor is not part of the stmt + assertEditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SAFE_RESOURCE, + Authorization.INCONCLUSIVE); + } + + @Test + public void editObjectPropStmtUnsafeResource() { + assertEditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, ADMIN_RESOURCE, + Authorization.INCONCLUSIVE); + } + + @Test + public void editObjectPropStmtUnsafePredicate1() { + assertEditObjPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_4, SAFE_RESOURCE, + Authorization.INCONCLUSIVE); + } + + @Test + public void editObjectPropStmtUnsafePredicate2() { + assertEditObjPropStmt(SAFE_RESOURCE, ADMIN_PREDICATE_4, SELFEDITOR_URI, + Authorization.INCONCLUSIVE); + } + + @Test + public void editObjectPropStmtUnsafeBoth() { + assertEditObjPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_4, + ADMIN_RESOURCE, Authorization.INCONCLUSIVE); + } + + // ---------------------------------------------------------------------- + // Tests against EditDataPropStmt + // ---------------------------------------------------------------------- + + @Test + public void editDataPropSuccess() { + assertEditDataPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, "junk", + Authorization.AUTHORIZED); + } + + @Test + public void editDataPropUnsafePredicate() { + assertEditDataPropStmt(SELFEDITOR_URI, ADMIN_PREDICATE_1, "junk", + Authorization.INCONCLUSIVE); + } + + @Test + public void editDataPropUnsafeResource() { + assertEditDataPropStmt(ADMIN_RESOURCE, SAFE_PREDICATE, null, + Authorization.INCONCLUSIVE); + } + + @Test + public void editDataPropNoCloseRelation() { + assertEditDataPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, null, + Authorization.INCONCLUSIVE); + } + + @Test + public void editDataPropModelProhibited() { + // model prohibited + assertEditDataPropStmt(SAFE_RESOURCE, ADMIN_PREDICATE_1, null, + Authorization.INCONCLUSIVE); + } + + // ------------------------------------------------------------------------ + // Support methods + // ------------------------------------------------------------------------ + + /** + * Create an {@link AddObjectPropStmt}, test it, and compare to expected + * results. + */ + private void assertAddObjectPropStmt(String uriOfSub, String uriOfPred, + String uriOfObj, Authorization expectedAuthorization) { + AddObjectPropStmt whatToAuth = new AddObjectPropStmt(uriOfSub, + uriOfPred, uriOfObj); + PolicyDecision dec = policy.isAuthorized(ids, whatToAuth); + log.debug(dec); + Assert.assertNotNull(dec); + Assert.assertEquals(expectedAuthorization, dec.getAuthorized()); + } + + /** + * Create an {@link EditObjPropStmt}, test it, and compare to expected + * results. + */ + private void assertEditObjPropStmt(String uriOfSub, String uriOfPred, + String uriOfObj, Authorization expectedAuthorization) { + EditObjPropStmt whatToAuth = new EditObjPropStmt(uriOfSub, uriOfPred, + uriOfObj); + PolicyDecision dec = policy.isAuthorized(ids, whatToAuth); + log.debug(dec); + Assert.assertNotNull(dec); + Assert.assertEquals(expectedAuthorization, dec.getAuthorized()); + } + + /** + * Create an {@link EditDataPropStmt}, test it, and compare to expected + * results. + */ + private void assertEditDataPropStmt(String individualURI, + String datapropURI, String data, Authorization expectedAuthorization) { + DataPropertyStatement dps = new DataPropertyStatementImpl(); + dps.setIndividualURI(individualURI); + dps.setDatapropURI(datapropURI); + dps.setData(data); + + EditDataPropStmt whatToAuth = new EditDataPropStmt(dps); + PolicyDecision dec = policy.isAuthorized(ids, whatToAuth); + log.debug(dec); + Assert.assertNotNull(dec); + Assert.assertEquals(expectedAuthorization, dec.getAuthorized()); + } +} diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetupTest.xml b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.xml similarity index 97% rename from webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetupTest.xml rename to webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.xml index c9cde7779..785f73d69 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetupTest.xml +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.xml @@ -1,45 +1,45 @@ - - - - - - - - - An ontology with a property with a prohibited annotation for unit testing. - - - - - - - true - - - - true - - - - true - - - - true - - - - - true - - - - - + + + + + + + + + An ontology with a property with a prohibited annotation for unit testing. + + + + + + + true + + + + true + + + + true + + + + true + + + + + true + + + + +