litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-1232 Create a base class so methods can be shared between SelfEditingPolicy and InformationResourceEditingPolicy

Browse source
This commit is contained in:
jeb228 2010-12-06 19:53:16 +00:00
parent 19bc848fe7
commit 373538c868
2 changed files with 68 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/BaseSelfEditingPolicy.java Normal file
View file

@ -0,0 +1,60 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.policy;
import java.util.ArrayList;
import java.util.List;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
/**
* A base class with utility methods for policies involving self-editing.
*/
public abstract class BaseSelfEditingPolicy {
protected List<String> getUrisOfSelfEditor(IdentifierBundle ids) {
List<String> uris = new ArrayList<String>();
if (ids != null) {
for (Identifier id : ids) {
if (id instanceof SelfEditing) {
SelfEditing selfEditId = (SelfEditing) id;
if (selfEditId.getBlacklisted() == null) {
uris.add(selfEditId.getValue());
}
}
}
}
return uris;
}
protected PolicyDecision cantModifyResource(String uri) {
return inconclusiveDecision("No access to admin resources; cannot modify "
+ uri);
}
protected PolicyDecision cantModifyPredicate(String uri) {
return inconclusiveDecision("No access to admin predicates; cannot modify "
+ uri);
}
protected PolicyDecision userNotAuthorizedToStatement() {
return inconclusiveDecision("User has no access to this statement.");
}
/** An INCONCLUSIVE decision with a message like "PolicyClass: message". */
protected PolicyDecision inconclusiveDecision(String message) {
return new BasicPolicyDecision(Authorization.INCONCLUSIVE, getClass()
.getSimpleName() + ": " + message);
}
/** An AUTHORIZED decision with a message like "PolicyClass: message". */
protected PolicyDecision authorizedDecision(String message) {
return new BasicPolicyDecision(Authorization.AUTHORIZED, getClass()
.getSimpleName() + ": " + message);
}
}

56
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java
View file

@ -2,7 +2,6 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy; package edu.cornell.mannlib.vitro.webapp.auth.policy;
import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
@ -11,10 +10,7 @@ import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.ontology.OntModel; import com.hp.hpl.jena.ontology.OntModel;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
@ -26,7 +22,8 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractRe
* Policy to use for Vivo Self-Editing based on NetId for use at Cornell. All * Policy to use for Vivo Self-Editing based on NetId for use at Cornell. All
* methods in this class should be thread safe and side effect free. * methods in this class should be thread safe and side effect free.
*/ */
public class SelfEditingPolicy implements PolicyIface { public class SelfEditingPolicy extends BaseSelfEditingPolicy implements
PolicyIface {
protected static Log log = LogFactory.getLog(SelfEditingPolicy.class); protected static Log log = LogFactory.getLog(SelfEditingPolicy.class);
protected final OntModel model; protected final OntModel model;
@ -40,21 +37,19 @@ public class SelfEditingPolicy implements PolicyIface {
prohibitedResources, prohibitedNamespaces, editableVitroUris); prohibitedResources, prohibitedNamespaces, editableVitroUris);
} }
private static final Authorization DEFAULT_AUTHORIZATION = Authorization.INCONCLUSIVE;
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
RequestedAction whatToAuth) { RequestedAction whatToAuth) {
if (whoToAuth == null) { if (whoToAuth == null) {
return defaultDecision("whoToAuth was null"); return inconclusiveDecision("whoToAuth was null");
} }
if (whatToAuth == null) { if (whatToAuth == null) {
return defaultDecision("whatToAuth was null"); return inconclusiveDecision("whatToAuth was null");
} }
List<String> userUris = getUrisOfSelfEditor(whoToAuth); List<String> userUris = getUrisOfSelfEditor(whoToAuth);
if (userUris.isEmpty()) { if (userUris.isEmpty()) {
return defaultDecision("Not self-editing."); return inconclusiveDecision("Not self-editing.");
} }
if (whatToAuth instanceof AbstractObjectPropertyAction) { if (whatToAuth instanceof AbstractObjectPropertyAction) {
@ -71,7 +66,7 @@ public class SelfEditingPolicy implements PolicyIface {
return isAuthorizedForResourceAction((AbstractResourceAction) whatToAuth); return isAuthorizedForResourceAction((AbstractResourceAction) whatToAuth);
} }
return defaultDecision("Does not authorize " return inconclusiveDecision("Does not authorize "
+ whatToAuth.getClass().getSimpleName() + " actions"); + whatToAuth.getClass().getSimpleName() + " actions");
} }
@ -165,45 +160,6 @@ public class SelfEditingPolicy implements PolicyIface {
return false; return false;
} }
private List<String> getUrisOfSelfEditor(IdentifierBundle ids) {
List<String> uris = new ArrayList<String>();
if (ids != null) {
for (Identifier id : ids) {
if (id instanceof SelfEditing) {
SelfEditing selfEditId = (SelfEditing) id;
if (selfEditId.getBlacklisted() == null) {
uris.add(selfEditId.getValue());
}
}
}
}
return uris;
}
protected PolicyDecision cantModifyResource(String uri) {
return defaultDecision("No access to admin resources; cannot modify "
+ uri);
}
protected PolicyDecision cantModifyPredicate(String uri) {
return defaultDecision("No access to admin predicates; cannot modify "
+ uri);
}
private PolicyDecision userNotAuthorizedToStatement() {
return defaultDecision("User has no access to this statement.");
}
private PolicyDecision defaultDecision(String message) {
return new BasicPolicyDecision(DEFAULT_AUTHORIZATION,
"SelfEditingPolicy: " + message);
}
private PolicyDecision authorizedDecision(String message) {
return new BasicPolicyDecision(Authorization.AUTHORIZED,
"SelfEditingPolicy: " + message);
}
@Override @Override
public String toString() { public String toString() {
return "SelfEditingPolicy " + hashCode() + "[" + restrictor + "]"; return "SelfEditingPolicy " + hashCode() + "[" + restrictor + "]";