VIVO-695 VIVO-699 Refactor and optimize the PropertyRestrictionBean

Formerly the PropertyRestrictionPolicyHelper.
This commit is contained in:
Jim Blake 2014-12-10 15:01:51 -05:00
parent da9e244c18
commit 481d3fc1d8
30 changed files with 1321 additions and 1116 deletions

View file

@ -12,7 +12,7 @@ import static org.junit.Assert.assertNull;
import org.junit.Before;
import org.junit.Test;
import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelperStub;
import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionBeanStub;
import stubs.javax.servlet.ServletContextStub;
import com.hp.hpl.jena.ontology.OntModel;
@ -23,7 +23,6 @@ import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasProfile;
import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
@ -71,9 +70,8 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
public void setUp() throws Exception {
ctx = new ServletContextStub();
PropertyRestrictionPolicyHelper prph = PropertyRestrictionPolicyHelperStub
PropertyRestrictionBeanStub
.getInstance(new String[] { UNSAFE_NS });
PropertyRestrictionPolicyHelper.setBean(ctx, prph);
policy = new SelfEditingPolicy(ctx);
@ -87,14 +85,13 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
@Test
public void testProhibitedProperties() {
PropertyRestrictionPolicyHelper prph = PropertyRestrictionPolicyHelperStub
PropertyRestrictionBeanStub
.getInstance(new String[] { UNSAFE_NS }, new String[] {
"http://mannlib.cornell.edu/bad#prp234",
"http://mannlib.cornell.edu/bad#prp999",
"http://mannlib.cornell.edu/bad#prp333",
"http://mannlib.cornell.edu/bad#prp777",
"http://mannlib.cornell.edu/bad#prp0020" });
PropertyRestrictionPolicyHelper.setBean(ctx, prph);
whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI,
new Property("http://mannlib.cornell.edu/bad#prp234"), SAFE_RESOURCE);

View file

@ -10,7 +10,7 @@ import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelperStub;
import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionBeanStub;
import stubs.javax.servlet.ServletContextStub;
import com.hp.hpl.jena.ontology.OntModel;
@ -22,7 +22,6 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasProfile;
import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement;
@ -78,9 +77,7 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass {
@Before
public void setUp() throws Exception {
ServletContextStub ctx = new ServletContextStub();
PropertyRestrictionPolicyHelper.setBean(ctx,
PropertyRestrictionPolicyHelperStub
.getInstance(new String[] { ADMIN_NS }));
PropertyRestrictionBeanStub.getInstance(new String[] { ADMIN_NS });
policy = new SelfEditingPolicy(ctx);
Assert.assertNotNull(policy);

View file

@ -0,0 +1,511 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.policy.bean;
import static edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionLevels.Which.DISPLAY;
import static edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionLevels.Which.MODIFY;
import static edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionLevels.Which.PUBLISH;
import static edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel.CURATOR;
import static edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel.DB_ADMIN;
import static edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel.EDITOR;
import static edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel.NOBODY;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import java.util.Arrays;
import java.util.List;
import org.junit.Before;
import org.junit.Test;
import stubs.edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDaoStub;
import stubs.edu.cornell.mannlib.vitro.webapp.dao.FauxPropertyDaoStub;
import stubs.edu.cornell.mannlib.vitro.webapp.dao.ObjectPropertyDaoStub;
import stubs.edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactoryStub;
import stubs.edu.cornell.mannlib.vitro.webapp.modelaccess.ContextModelAccessStub;
import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionLevels.Which;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
import edu.cornell.mannlib.vitro.webapp.beans.FauxProperty;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
import edu.cornell.mannlib.vitro.webapp.dao.PropertyDao.FullPropertyKey;
/**
* If we believe that authorization will succeed regardless of user role, check
* that it succeeds with the lowest role.
*
* If we believe that authorization will fail regardless of user role, check
* that it fails with the highest role.
*
* If we believe that authorization depends on the user role, it should pass if
* the user role is higher than or equal to the threshold, and fail if the user
* role is less than the threshold.
*
* Note that we can't set a threshold to be tested to either the lowest or
* highest role, or the attempt to test with higher or lower role will throw an
* exception.
*/
public class PropertyRestrictionBeanImplTest extends AbstractTestClass {
private static final String NS_PROHIBITED = "http://prbi.prohibited/";
private static final String URI_RESOURCE_EXCEPTIONAL = NS_PROHIBITED
+ "exceptionalResource";
private static final String URI_PREDICATE_EXCEPTIONAL = NS_PROHIBITED
+ "exceptionalPredicate";
private static final List<String> PROHIBITED_NAMESPACES = Arrays
.asList(new String[] { NS_PROHIBITED });
private static final List<String> PERMITTED_EXCEPTIONS = Arrays
.asList(new String[] { URI_RESOURCE_EXCEPTIONAL,
URI_PREDICATE_EXCEPTIONAL });
private static final String URI_RESOURCE_ANY = "http://prbi.test/anyResource";
private static final String URI_RESOURCE_PROHIBITED = NS_PROHIBITED
+ "resource";
private static final String URI_PREDICATE_BARE = "http://prbi.test/barePredicate";
private static final String URI_PREDICATE_PROHIBITED = NS_PROHIBITED
+ "predicate";
private static final String URI_PREDICATE_UNKNOWN = "http://prbi.test/unknownPredicate";
private static final String URI_DOMAIN_1 = "http://prbi.test/domain1";
private static final String URI_RANGE_1 = "http://prbi.test/range1";
private static final String URI_DOMAIN_2 = "http://prbi.test/domain2";
private static final String URI_RANGE_2 = "http://prbi.test/range2";
private PropertyRestrictionBeanImpl bean;
private ObjectProperty barePredicate;
private ObjectProperty prohibitedPredicate;
private ObjectProperty exceptionalPredicate;
private ObjectProperty unknownPredicate;
private FauxProperty emptyFaux;
private FauxProperty restrictedFaux;
private FauxProperty unknownFaux;
@Before
public void setup() {
barePredicate = createObjectProperty(null, URI_PREDICATE_BARE, null,
EDITOR, CURATOR, DB_ADMIN);
unknownPredicate = createObjectProperty(null, URI_PREDICATE_UNKNOWN,
null, null, null, null);
prohibitedPredicate = createObjectProperty(null,
URI_PREDICATE_PROHIBITED, null, null, null, null);
exceptionalPredicate = createObjectProperty(null,
URI_PREDICATE_EXCEPTIONAL, null, CURATOR, EDITOR, EDITOR);
emptyFaux = createFauxProperty(URI_DOMAIN_1, URI_PREDICATE_BARE,
URI_RANGE_1, null, null, null);
restrictedFaux = createFauxProperty(URI_DOMAIN_2, URI_PREDICATE_BARE,
URI_RANGE_2, EDITOR, DB_ADMIN, CURATOR);
unknownFaux = createFauxProperty(URI_DOMAIN_1, URI_PREDICATE_UNKNOWN,
URI_RANGE_1, NOBODY, NOBODY, NOBODY);
ObjectPropertyDaoStub opDao = new ObjectPropertyDaoStub();
opDao.addObjectProperty(barePredicate);
opDao.addObjectProperty(prohibitedPredicate);
opDao.addObjectProperty(exceptionalPredicate);
DataPropertyDaoStub dpDao = new DataPropertyDaoStub();
FauxPropertyDaoStub fpDao = new FauxPropertyDaoStub();
fpDao.insertFauxProperty(emptyFaux);
fpDao.insertFauxProperty(restrictedFaux);
WebappDaoFactoryStub wadf = new WebappDaoFactoryStub();
wadf.setObjectPropertyDao(opDao);
wadf.setDataPropertyDao(dpDao);
wadf.setFauxPropertyDao(fpDao);
ContextModelAccessStub models = new ContextModelAccessStub();
models.setWebappDaoFactory(wadf);
bean = new PropertyRestrictionBeanImpl(PROHIBITED_NAMESPACES,
PERMITTED_EXCEPTIONS, models);
}
private ObjectProperty createObjectProperty(String domainUri, String uri,
String rangeUri, RoleLevel displayThreshold,
RoleLevel modifyThreshold, RoleLevel publishThreshold) {
ObjectProperty op = new ObjectProperty();
op.setURI(uri);
op.setDomainVClassURI(domainUri);
op.setRangeVClassURI(rangeUri);
op.setHiddenFromDisplayBelowRoleLevel(displayThreshold);
op.setProhibitedFromUpdateBelowRoleLevel(modifyThreshold);
op.setHiddenFromPublishBelowRoleLevel(publishThreshold);
return op;
}
private FauxProperty createFauxProperty(String domainUri, String uri,
String rangeUri, RoleLevel displayThreshold,
RoleLevel modifyThreshold, RoleLevel publishThreshold) {
FauxProperty fp = new FauxProperty(domainUri, uri, rangeUri);
fp.setHiddenFromDisplayBelowRoleLevel(displayThreshold);
fp.setProhibitedFromUpdateBelowRoleLevel(modifyThreshold);
fp.setHiddenFromPublishBelowRoleLevel(publishThreshold);
return fp;
}
// ----------------------------------------------------------------------
// Resources
// ----------------------------------------------------------------------
@Test
public void nullResource_display_false() {
assertFalse(bean.canDisplayResource(null, highestRole()));
}
@Test
public void anyResource_display_true() {
assertTrue(bean.canDisplayResource(URI_RESOURCE_ANY, lowestRole()));
}
@Test
public void anyResource_nullUserRole_display_false() {
assertFalse(bean.canDisplayResource(URI_RESOURCE_ANY, null));
}
@Test
public void nullResource_modify_false() {
assertFalse(bean.canModifyResource(null, highestRole()));
}
@Test
public void prohibitedResource_modify_false() {
assertFalse(bean.canModifyResource(URI_RESOURCE_PROHIBITED,
highestRole()));
}
@Test
public void exceptionalResource_modify_true() {
assertTrue(bean.canModifyResource(URI_RESOURCE_EXCEPTIONAL,
lowestRole()));
}
@Test
public void unremarkableResource_modify_true() {
assertTrue(bean.canModifyResource(URI_RESOURCE_ANY, lowestRole()));
}
@Test
public void unremarkableResource_nullUserRole_modify_false() {
assertFalse(bean.canModifyResource(URI_RESOURCE_ANY, null));
}
@Test
public void nullResource_publish_false() {
assertFalse(bean.canPublishResource(null, highestRole()));
}
@Test
public void anyResource_publish_true() {
assertTrue(bean.canPublishResource(URI_RESOURCE_ANY, lowestRole()));
}
@Test
public void anyResource_nullUserRole_publish_false() {
assertFalse(bean.canPublishResource(URI_RESOURCE_ANY, null));
}
// ----------------------------------------------------------------------
// Predicates
// ----------------------------------------------------------------------
// ----- display
@Test
public void nullPredicate_display_false() {
assertFalse(bean.canDisplayPredicate(null, highestRole()));
}
@Test
public void barePredicate_display_byRole() {
assertTrue(bean.canDisplayPredicate(barePredicate,
higherRole(barePredicate, DISPLAY)));
assertTrue(bean.canDisplayPredicate(barePredicate,
sameRole(barePredicate, DISPLAY)));
assertFalse(bean.canDisplayPredicate(barePredicate,
lowerRole(barePredicate, DISPLAY)));
}
@Test
public void unknownBarePredicate_display_true() {
assertTrue(bean.canDisplayPredicate(unknownPredicate, lowestRole()));
}
@Test
public void emptyQualifiedPredicate_display_byBareRole() {
assertTrue(bean.canDisplayPredicate(asProperty(emptyFaux),
higherRole(barePredicate, DISPLAY)));
assertTrue(bean.canDisplayPredicate(asProperty(emptyFaux),
sameRole(barePredicate, DISPLAY)));
assertFalse(bean.canDisplayPredicate(asProperty(emptyFaux),
lowerRole(barePredicate, DISPLAY)));
}
@Test
public void restrictedQualifiedPredicate_display_byRole() {
assertTrue(bean.canDisplayPredicate(asProperty(restrictedFaux),
higherRole(restrictedFaux, DISPLAY)));
assertTrue(bean.canDisplayPredicate(asProperty(restrictedFaux),
sameRole(restrictedFaux, DISPLAY)));
assertFalse(bean.canDisplayPredicate(asProperty(restrictedFaux),
lowerRole(restrictedFaux, DISPLAY)));
}
@Test
public void unknownQualifiedPredicate_display_true() {
assertTrue(bean.canDisplayPredicate(asProperty(unknownFaux),
lowestRole()));
}
// ----- modify
@Test
public void nullPredicate_modify_false() {
assertFalse(bean.canModifyPredicate(null, highestRole()));
}
@Test
public void prohibitedPredicate_modify_false() {
assertFalse(bean.canModifyPredicate(prohibitedPredicate, lowestRole()));
}
@Test
public void exceptionalPredicate_modify_byRole() {
assertTrue(bean.canModifyPredicate(exceptionalPredicate,
higherRole(exceptionalPredicate, MODIFY)));
assertTrue(bean.canModifyPredicate(exceptionalPredicate,
sameRole(exceptionalPredicate, MODIFY)));
assertFalse(bean.canModifyPredicate(exceptionalPredicate,
lowerRole(exceptionalPredicate, MODIFY)));
}
@Test
public void barePredicate_modify_byRole() {
assertTrue(bean.canModifyPredicate(barePredicate,
higherRole(barePredicate, MODIFY)));
assertTrue(bean.canModifyPredicate(barePredicate,
sameRole(barePredicate, MODIFY)));
assertFalse(bean.canModifyPredicate(barePredicate,
lowerRole(barePredicate, MODIFY)));
}
@Test
public void unknownBarePredicate_modify_true() {
assertTrue(bean.canModifyPredicate(unknownPredicate, lowestRole()));
}
@Test
public void emptyQualifiedPredicate_modify_byBareRole() {
assertTrue(bean.canModifyPredicate(asProperty(emptyFaux),
higherRole(barePredicate, MODIFY)));
assertTrue(bean.canModifyPredicate(asProperty(emptyFaux),
sameRole(barePredicate, MODIFY)));
assertFalse(bean.canModifyPredicate(asProperty(emptyFaux),
lowerRole(barePredicate, MODIFY)));
}
@Test
public void restrictedQualifiedPredicate_modify_byRole() {
assertTrue(bean.canModifyPredicate(asProperty(restrictedFaux),
higherRole(restrictedFaux, MODIFY)));
assertTrue(bean.canModifyPredicate(asProperty(restrictedFaux),
sameRole(restrictedFaux, MODIFY)));
assertFalse(bean.canModifyPredicate(asProperty(restrictedFaux),
lowerRole(restrictedFaux, MODIFY)));
}
@Test
public void unknownQualifiedPredicate_modify_true() {
assertTrue(bean.canModifyPredicate(asProperty(unknownFaux),
lowestRole()));
}
// ----- publish
@Test
public void nullPredicate_publish_false() {
assertFalse(bean.canPublishPredicate(null, highestRole()));
}
@Test
public void barePredicate_publish_byRole() {
assertTrue(bean.canPublishPredicate(barePredicate,
higherRole(barePredicate, PUBLISH)));
assertTrue(bean.canPublishPredicate(barePredicate,
sameRole(barePredicate, PUBLISH)));
assertFalse(bean.canPublishPredicate(barePredicate,
lowerRole(barePredicate, PUBLISH)));
}
@Test
public void unknownBarePredicate_publish_true() {
assertTrue(bean.canPublishPredicate(unknownPredicate, lowestRole()));
}
@Test
public void emptyQualifiedPredicate_publish_byBareRole() {
assertTrue(bean.canPublishPredicate(asProperty(emptyFaux),
higherRole(barePredicate, PUBLISH)));
assertTrue(bean.canPublishPredicate(asProperty(emptyFaux),
sameRole(barePredicate, PUBLISH)));
assertFalse(bean.canPublishPredicate(asProperty(emptyFaux),
lowerRole(barePredicate, PUBLISH)));
}
@Test
public void restrictedQualifiedPredicate_publish_byRole() {
assertTrue(bean.canPublishPredicate(asProperty(restrictedFaux),
higherRole(restrictedFaux, PUBLISH)));
assertTrue(bean.canPublishPredicate(asProperty(restrictedFaux),
sameRole(restrictedFaux, PUBLISH)));
assertFalse(bean.canPublishPredicate(asProperty(restrictedFaux),
lowerRole(restrictedFaux, PUBLISH)));
}
@Test
public void unknownQualifiedPredicate_publish_true() {
assertTrue(bean.canPublishPredicate(asProperty(unknownFaux),
lowestRole()));
}
// ----------------------------------------------------------------------
// update permissions
// ----------------------------------------------------------------------
@Test
public void updateToAllowDisplay() {
RoleLevel desiredDisplayLevel = lowerRole(barePredicate, DISPLAY);
assertFalse(bean
.canDisplayPredicate(barePredicate, desiredDisplayLevel));
bean.updateProperty(updatedLevels(barePredicate, desiredDisplayLevel,
sameRole(barePredicate, MODIFY),
sameRole(barePredicate, PUBLISH)));
assertTrue(bean.canDisplayPredicate(barePredicate, desiredDisplayLevel));
}
@Test
public void updateToAllowModify() {
RoleLevel desiredModifyLevel = lowerRole(barePredicate, MODIFY);
assertFalse(bean.canModifyPredicate(barePredicate, desiredModifyLevel));
bean.updateProperty(updatedLevels(barePredicate,
sameRole(barePredicate, DISPLAY), desiredModifyLevel,
sameRole(barePredicate, PUBLISH)));
assertTrue(bean.canModifyPredicate(barePredicate, desiredModifyLevel));
}
@Test
public void updateToAllowPublish() {
RoleLevel desiredPublishLevel = lowerRole(barePredicate, PUBLISH);
assertFalse(bean
.canPublishPredicate(barePredicate, desiredPublishLevel));
bean.updateProperty(updatedLevels(barePredicate,
sameRole(barePredicate, DISPLAY),
sameRole(barePredicate, MODIFY), desiredPublishLevel));
assertTrue(bean.canPublishPredicate(barePredicate, desiredPublishLevel));
}
@Test
public void updateToDisallowDisplay() {
RoleLevel desiredDisplayLevel = sameRole(barePredicate, DISPLAY);
assertTrue(bean.canDisplayPredicate(barePredicate, desiredDisplayLevel));
bean.updateProperty(updatedLevels(barePredicate,
higherRole(barePredicate, DISPLAY),
sameRole(barePredicate, MODIFY),
sameRole(barePredicate, PUBLISH)));
assertFalse(bean
.canDisplayPredicate(barePredicate, desiredDisplayLevel));
}
@Test
public void updateToDisallowModify() {
RoleLevel desiredModifyLevel = sameRole(barePredicate, MODIFY);
assertTrue(bean.canModifyPredicate(barePredicate, desiredModifyLevel));
bean.updateProperty(updatedLevels(barePredicate,
sameRole(barePredicate, DISPLAY),
higherRole(barePredicate, MODIFY),
sameRole(barePredicate, PUBLISH)));
assertFalse(bean.canModifyPredicate(barePredicate, desiredModifyLevel));
}
@Test
public void updateToDisallowPublish() {
RoleLevel desiredPublishLevel = sameRole(barePredicate, PUBLISH);
assertTrue(bean.canPublishPredicate(barePredicate, desiredPublishLevel));
bean.updateProperty(updatedLevels(barePredicate,
sameRole(barePredicate, DISPLAY),
sameRole(barePredicate, MODIFY),
higherRole(barePredicate, PUBLISH)));
assertFalse(bean
.canPublishPredicate(barePredicate, desiredPublishLevel));
}
// ----------------------------------------------------------------------
// Helper methods
// ----------------------------------------------------------------------
private RoleLevel lowestRole() {
return RoleLevel.values()[0];
}
private RoleLevel highestRole() {
RoleLevel[] values = RoleLevel.values();
return values[values.length - 1];
}
private RoleLevel sameRole(RoleRestrictedProperty p, Which which) {
switch (which) {
case DISPLAY:
return p.getHiddenFromDisplayBelowRoleLevel();
case MODIFY:
return p.getProhibitedFromUpdateBelowRoleLevel();
default: // PUBLISH
return p.getHiddenFromPublishBelowRoleLevel();
}
}
private RoleLevel lowerRole(RoleRestrictedProperty p, Which which) {
return RoleLevel.values()[sameRole(p, which).ordinal() - 1];
}
private RoleLevel higherRole(RoleRestrictedProperty p, Which which) {
return RoleLevel.values()[sameRole(p, which).ordinal() + 1];
}
private Property asProperty(FauxProperty fp) {
Property p = new Property();
p.setURI(fp.getBaseURI());
p.setDomainVClassURI(fp.getDomainURI());
p.setRangeVClassURI(fp.getRangeURI());
return p;
}
private PropertyRestrictionLevels updatedLevels(RoleRestrictedProperty p,
RoleLevel displayLevel, RoleLevel modifyLevel,
RoleLevel publishLevel) {
return new PropertyRestrictionLevels(new FullPropertyKey(p),
displayLevel, modifyLevel, publishLevel);
}
}

View file

@ -1,331 +0,0 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.policy.bean;
import static edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel.CURATOR;
import static edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel.DB_ADMIN;
import static edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel.EDITOR;
import static edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel.NOBODY;
import static edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel.PUBLIC;
import static edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel.SELF;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.junit.Before;
import org.junit.Test;
import com.hp.hpl.jena.ontology.OntModel;
import com.hp.hpl.jena.ontology.OntModelSpec;
import com.hp.hpl.jena.rdf.model.ModelFactory;
import com.hp.hpl.jena.rdf.model.Property;
import com.hp.hpl.jena.rdf.model.Resource;
import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
import edu.cornell.mannlib.vitro.webapp.dao.PropertyDao.FullPropertyKey;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
/**
* Check that the bean gets built properly, and check that the bean works
* properly.
*/
public class PropertyRestrictionPolicyHelperTest extends AbstractTestClass {
private static final Log log = LogFactory
.getLog(PropertyRestrictionPolicyHelperTest.class);
private static final String PROPERTY_DISPLAY_THRESHOLD = VitroVocabulary.HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT;
private static final String PROPERTY_MODIFY_THRESHOLD = VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT;
private static final String PROPERTY_PUBLISH_THRESHOLD = VitroVocabulary.HIDDEN_FROM_PUBLISH_BELOW_ROLE_LEVEL_ANNOT;
private static final String[] PROHIBITED_NAMESPACES = new String[] {
VitroVocabulary.vitroURI, "" };
private static final String[] PERMITTED_EXCEPTIONS = new String[] { VitroVocabulary.MONIKER };
private OntModel ontModel;
private ModelWrapper wrapper;
private PropertyRestrictionPolicyHelper bean;
@Before
public void setLoggingLevel() {
// setLoggerLevel(PropertyRestrictionPolicyHelper.class, Level.DEBUG);
}
private FullPropertyKey key(String predicateURI) {
return new FullPropertyKey(predicateURI);
}
@Before
public void createTheBean() {
Map<FullPropertyKey, RoleLevel> displayLevels = new HashMap<>();
displayLevels.put(key("http://predicates#display_curator"), CURATOR);
displayLevels.put(key("http://predicates#display_hidden"), NOBODY);
Map<FullPropertyKey, RoleLevel> modifyLevels = new HashMap<>();
modifyLevels.put(key("http://predicates#modify_self"), SELF);
modifyLevels.put(key("http://predicates#modify_curator"), CURATOR);
modifyLevels.put(key("http://predicates#modify_hidden"), NOBODY);
Map<FullPropertyKey, RoleLevel> publishLevels = new HashMap<>();
publishLevels.put(key("http://predicates#publish_curator"), CURATOR);
publishLevels.put(key("http://predicates#publish_hidden"), NOBODY);
bean = new PropertyRestrictionPolicyHelper(
Arrays.asList(PROHIBITED_NAMESPACES),
Arrays.asList(PERMITTED_EXCEPTIONS), displayLevels,
modifyLevels, publishLevels);
}
@Before
public void createTheModel() {
ontModel = ModelFactory.createOntologyModel(OntModelSpec.OWL_DL_MEM);
wrapper = new ModelWrapper(ontModel);
wrapper.add("http://thresholds#display_public",
PROPERTY_DISPLAY_THRESHOLD, PUBLIC.getURI());
wrapper.add("http://thresholds#display_hidden",
PROPERTY_DISPLAY_THRESHOLD, NOBODY.getURI());
wrapper.add("http://thresholds#modify_editor",
PROPERTY_MODIFY_THRESHOLD, EDITOR.getURI());
wrapper.add("http://thresholds#modify_curator",
PROPERTY_MODIFY_THRESHOLD, CURATOR.getURI());
wrapper.add("http://thresholds#publish_public",
PROPERTY_PUBLISH_THRESHOLD, PUBLIC.getURI());
wrapper.add("http://thresholds#publish_hidden",
PROPERTY_PUBLISH_THRESHOLD, NOBODY.getURI());
}
// ----------------------------------------------------------------------
// test the bean
// ----------------------------------------------------------------------
@Test
public void displayResource() {
assertEquals("display a random resource", true,
bean.canDisplayResource("http://someRandom#string", null));
}
@Test
public void modifyResourceNoRestriction() {
assertEquals("modify a random resource", true,
bean.canModifyResource("http://someRandom#string", null));
}
@Test
public void modifyResourceProhibitedNamespace() {
assertEquals("modify a prohibited resource", false,
bean.canModifyResource(PROHIBITED_NAMESPACES[0] + "random",
null));
}
@Test
public void publishResource() {
assertEquals("publish a random resource", true,
bean.canPublishResource("http://someRandom#string", null));
}
@Test
public void modifyResourcePermittedException() {
assertEquals("modify a exception resource", true,
bean.canModifyResource(PERMITTED_EXCEPTIONS[0], null));
}
@Test
public void displayPredicateNoRestriction() {
assertEquals("displayPredicate: open", true, bean.canDisplayPredicate(
createVitroProperty("http://predicates#open"), PUBLIC));
}
@Test
public void displayPredicateRestrictionLower() {
assertEquals("displayPredicate: lower restriction", true,
bean.canDisplayPredicate(
createVitroProperty("http://predicates#display_self"),
CURATOR));
}
@Test
public void displayPredicateRestrictionEqual() {
assertEquals(
"displayPredicate: equal restriction",
true,
bean.canDisplayPredicate(
createVitroProperty("http://predicates#display_curator"),
CURATOR));
}
@Test
public void displayPredicateRestrictionHigher() {
assertEquals(
"displayPredicate: higher restriction",
false,
bean.canDisplayPredicate(
createVitroProperty("http://predicates#display_hidden"),
CURATOR));
}
@Test
public void modifyPredicateNoRestriction() {
assertEquals("modifyPredicate: open", true, bean.canModifyPredicate(
new edu.cornell.mannlib.vitro.webapp.beans.Property(
"http://predicates#open"), PUBLIC));
}
@Test
public void modifyPredicateRestrictionLower() {
assertEquals("modifyPredicate: lower restriction", true,
bean.canModifyPredicate(
new edu.cornell.mannlib.vitro.webapp.beans.Property(
"http://predicates#modify_self"), CURATOR));
}
@Test
public void modifyPredicateRestrictionEqual() {
assertEquals("modifyPredicate: equal restriction", true,
bean.canModifyPredicate(
new edu.cornell.mannlib.vitro.webapp.beans.Property(
"http://predicates#modify_curator"), CURATOR));
}
@Test
public void modifyPredicateRestrictionHigher() {
assertEquals("modifyPredicate: higher restriction", false,
bean.canModifyPredicate(
new edu.cornell.mannlib.vitro.webapp.beans.Property(
"http://predicates#modify_hidden"), CURATOR));
}
@Test
public void modifyPredicateProhibitedNamespace() {
assertEquals(
"modifyPredicate: prohibited namespace",
false,
bean.canModifyPredicate(
new edu.cornell.mannlib.vitro.webapp.beans.Property(
PROHIBITED_NAMESPACES[0] + "randoom"), DB_ADMIN));
}
@Test
public void modifyPredicatePermittedException() {
assertEquals("modifyPredicate: permitted exception", true,
bean.canModifyPredicate(
new edu.cornell.mannlib.vitro.webapp.beans.Property(
PERMITTED_EXCEPTIONS[0]), DB_ADMIN));
}
@Test
public void publishPredicateNoRestriction() {
assertEquals("publishPredicate: open", true, bean.canPublishPredicate(
createVitroProperty("http://predicates#open"), PUBLIC));
}
@Test
public void publishPredicateRestrictionLower() {
assertEquals("publishPredicate: lower restriction", true,
bean.canPublishPredicate(
createVitroProperty("http://predicates#publish_self"),
CURATOR));
}
@Test
public void publishPredicateRestrictionEqual() {
assertEquals(
"publishPredicate: equal restriction",
true,
bean.canPublishPredicate(
createVitroProperty("http://predicates#publish_curator"),
CURATOR));
}
@Test
public void publishPredicateRestrictionHigher() {
assertEquals(
"publishPredicate: higher restriction",
false,
bean.canPublishPredicate(
createVitroProperty("http://predicates#publish_hidden"),
CURATOR));
}
// ----------------------------------------------------------------------
// test the bean builder
// ----------------------------------------------------------------------
@Test
public void buildDisplayThresholds() {
Map<FullPropertyKey, BaseResourceBean.RoleLevel> expectedMap = new HashMap<>();
expectedMap.put(key("http://thresholds#display_public"), PUBLIC);
expectedMap.put(key("http://thresholds#display_hidden"), NOBODY);
Map<String, RoleLevel> actualMap = populateThresholdMap(PROPERTY_DISPLAY_THRESHOLD);
assertEquals("display thresholds", expectedMap, actualMap);
}
@Test
public void buildModifyThresholds() {
Map<FullPropertyKey, BaseResourceBean.RoleLevel> expectedMap = new HashMap<>();
expectedMap.put(key("http://thresholds#modify_editor"), EDITOR);
expectedMap.put(key("http://thresholds#modify_curator"), CURATOR);
Map<String, RoleLevel> actualMap = populateThresholdMap(PROPERTY_MODIFY_THRESHOLD);
assertEquals("modify thresholds", expectedMap, actualMap);
}
@Test
public void buildPublishThresholds() {
Map<FullPropertyKey, BaseResourceBean.RoleLevel> expectedMap = new HashMap<>();
expectedMap.put(key("http://thresholds#publish_public"), PUBLIC);
expectedMap.put(key("http://thresholds#publish_hidden"), NOBODY);
Map<String, RoleLevel> actualMap = populateThresholdMap(PROPERTY_PUBLISH_THRESHOLD);
assertEquals("publish thresholds", expectedMap, actualMap);
}
/** Invoke the private static method "populateThresholdMap" */
private Map<String, RoleLevel> populateThresholdMap(String propertyUri) {
Map<String, RoleLevel> map = new HashMap<String, BaseResourceBean.RoleLevel>();
try {
Class<?> clazz = PropertyRestrictionPolicyHelper.class;
Method method = clazz.getDeclaredMethod("populateThresholdMap",
OntModel.class, Map.class, String.class);
method.setAccessible(true);
method.invoke(null, ontModel, map, propertyUri);
return map;
} catch (Exception e) {
fail("failed to populate the map: propertyUri='" + propertyUri
+ "', " + e);
return null;
}
}
private static class ModelWrapper {
private final OntModel model;
public ModelWrapper(OntModel model) {
this.model = model;
}
public void add(String subjectUri, String propertyUri, String objectUri) {
Resource subject = model.getResource(subjectUri);
Property property = model.getProperty(propertyUri);
Resource object = model.getResource(objectUri);
model.add(subject, property, object);
}
}
private edu.cornell.mannlib.vitro.webapp.beans.Property createVitroProperty(
String propertyURI) {
return new edu.cornell.mannlib.vitro.webapp.beans.Property(propertyURI);
}
}

View file

@ -0,0 +1,122 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import com.hp.hpl.jena.rdf.model.impl.Util;
import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionBean;
import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionLevels;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
/**
* Allow the unit test to specify a variety of restrictions
*/
public class PropertyRestrictionBeanStub extends PropertyRestrictionBean {
// ----------------------------------------------------------------------
// Stub infrastructure
// ----------------------------------------------------------------------
/** Don't prohibit or restrict anything. */
public static PropertyRestrictionBean getInstance() {
return getInstance(null, null);
}
/** Prohibit some namespaces. */
public static PropertyRestrictionBeanStub getInstance(
String[] restrictedNamespaces) {
return getInstance(restrictedNamespaces, null);
}
/**
* Prohibit some namespaces and restrict some properties from modification
* by anybody. They may still be displayed or published.
*
* We can implement more granular control if we need it.
*/
public static PropertyRestrictionBeanStub getInstance(
String[] restrictedNamespaces, String[] restrictedProperties) {
PropertyRestrictionBeanStub stub = new PropertyRestrictionBeanStub(
restrictedNamespaces, restrictedProperties);
PropertyRestrictionBean.instance = stub;
return stub;
}
private final Set<String> restrictedNamespaces;
private final Set<String> restrictedProperties;
private PropertyRestrictionBeanStub(String[] restrictedNamespaces,
String[] restrictedProperties) {
this.restrictedNamespaces = (restrictedNamespaces == null) ? Collections
.<String> emptySet() : new HashSet<>(
Arrays.asList(restrictedNamespaces));
this.restrictedProperties = (restrictedProperties == null) ? Collections
.<String> emptySet() : new HashSet<>(
Arrays.asList(restrictedProperties));
}
private boolean isPermittedNamespace(String uri) {
return !restrictedNamespaces.contains(namespace(uri));
}
private String namespace(String uri) {
return uri.substring(0, Util.splitNamespace(uri));
}
private boolean isPermittedProperty(String uri) {
return !restrictedProperties.contains(uri);
}
// ----------------------------------------------------------------------
// Stub methods
// ----------------------------------------------------------------------
@Override
public boolean canDisplayResource(String resourceUri, RoleLevel userRole) {
return isPermittedNamespace(resourceUri);
}
@Override
public boolean canModifyResource(String resourceUri, RoleLevel userRole) {
return isPermittedNamespace(resourceUri)
&& isPermittedProperty(resourceUri);
}
@Override
public boolean canPublishResource(String resourceUri, RoleLevel userRole) {
return isPermittedNamespace(resourceUri);
}
@Override
public boolean canDisplayPredicate(Property predicate, RoleLevel userRole) {
return isPermittedNamespace(predicate.getURI());
}
@Override
public boolean canModifyPredicate(Property predicate, RoleLevel userRole) {
return isPermittedNamespace(predicate.getURI())
&& isPermittedProperty(predicate.getURI());
}
@Override
public boolean canPublishPredicate(Property predicate, RoleLevel userRole) {
return isPermittedNamespace(predicate.getURI());
}
// ----------------------------------------------------------------------
// Un-implemented methods
// ----------------------------------------------------------------------
@Override
public void updateProperty(PropertyRestrictionLevels levels) {
throw new RuntimeException(
"PropertyRestrictionBeanStub.updateProperty() not implemented.");
}
}

View file

@ -1,63 +0,0 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
import edu.cornell.mannlib.vitro.webapp.dao.PropertyDao.FullPropertyKey;
/**
* Allow the unit test to specify a variety of restrictions
*/
public class PropertyRestrictionPolicyHelperStub extends
PropertyRestrictionPolicyHelper {
/** Don't prohibit or restrict anything. */
public static PropertyRestrictionPolicyHelper getInstance() {
return getInstance(null, null);
}
/** Prohibit some namespaces. */
public static PropertyRestrictionPolicyHelperStub getInstance(
String[] restrictedNamespaces) {
return getInstance(restrictedNamespaces, null);
}
/**
* Prohibit some namespaces and restrict some properties from modification
* by anybody.
*/
public static PropertyRestrictionPolicyHelperStub getInstance(
String[] restrictedNamespaces, String[] restrictedProperties) {
Set<String> namespaceSet = new HashSet<String>();
if (restrictedNamespaces != null) {
namespaceSet.addAll(Arrays.asList(restrictedNamespaces));
}
Map<FullPropertyKey, RoleLevel> thresholdMap = new HashMap<>();
if (restrictedProperties != null) {
for (String prop : restrictedProperties) {
thresholdMap.put(new FullPropertyKey(prop), RoleLevel.NOBODY);
}
}
return new PropertyRestrictionPolicyHelperStub(namespaceSet, null,
null, thresholdMap, null);
}
private PropertyRestrictionPolicyHelperStub(
Set<String> modifyRestrictedNamespaces,
Set<String> modifyPermittedExceptions,
Map<FullPropertyKey, RoleLevel> displayThresholds,
Map<FullPropertyKey, RoleLevel> modifyThresholds,
Map<FullPropertyKey, RoleLevel> publishThresholds) {
super(modifyRestrictedNamespaces, modifyPermittedExceptions,
displayThresholds, modifyThresholds, publishThresholds);
}
}

View file

@ -2,6 +2,7 @@
package stubs.edu.cornell.mannlib.vitro.webapp.dao;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
@ -57,6 +58,11 @@ public class DataPropertyDaoStub implements DataPropertyDao {
// Stub methods
// ----------------------------------------------------------------------
@Override
public List<DataProperty> getAllDataProperties() {
return new ArrayList<>(dpMap.values());
}
@Override
public DataProperty getDataPropertyByURI(String dataPropertyURI) {
return dpMap.get(dataPropertyURI);
@ -189,12 +195,6 @@ public class DataPropertyDaoStub implements DataPropertyDao {
"PropertyDao.getClassesWithRestrictionOnProperty() not implemented.");
}
@Override
public List getAllDataProperties() {
throw new RuntimeException(
"DataPropertyDao.getAllDataProperties() not implemented.");
}
@Override
public List getAllExternalIdDataProperties() {
throw new RuntimeException(

View file

@ -2,9 +2,11 @@
package stubs.edu.cornell.mannlib.vitro.webapp.dao;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import edu.cornell.mannlib.vitro.webapp.beans.FauxProperty;
import edu.cornell.mannlib.vitro.webapp.dao.FauxPropertyDao;
@ -19,7 +21,7 @@ public class FauxPropertyDaoStub implements FauxPropertyDao {
// ----------------------------------------------------------------------
private final Map<FullPropertyKey, FauxProperty> props = new HashMap<>();
// ----------------------------------------------------------------------
// Stub methods
// ----------------------------------------------------------------------
@ -30,28 +32,32 @@ public class FauxPropertyDaoStub implements FauxPropertyDao {
return props.get(new FullPropertyKey(domainUri, baseUri, rangeUri));
}
@Override
public List<FauxProperty> getFauxPropertiesForBaseUri(String uri) {
List<FauxProperty> list = new ArrayList<>();
for (FauxProperty fp : props.values()) {
if (Objects.equals(fp.getBaseURI(), uri)) {
list.add(fp);
}
}
return list;
}
@Override
public void insertFauxProperty(FauxProperty fp) {
props.put(new FullPropertyKey(fp), fp);
}
// ----------------------------------------------------------------------
// Un-implemented methods
// ----------------------------------------------------------------------
@Override
public List<FauxProperty> getFauxPropertiesForBaseUri(String uri) {
throw new RuntimeException(
"FauxPropertyDaoStub.getFauxPropertiesForBaseUri() not implemented.");
}
@Override
public FauxProperty getFauxPropertyFromContextUri(String contextUri) {
throw new RuntimeException(
"FauxPropertyDaoStub.getFauxPropertyFromContextUri() not implemented.");
}
@Override
public void insertFauxProperty(FauxProperty fp) {
throw new RuntimeException(
"FauxPropertyDaoStub.insertFauxProperty() not implemented.");
}
@Override
public void updateFauxProperty(FauxProperty fp) {
throw new RuntimeException(

View file

@ -2,6 +2,7 @@
package stubs.edu.cornell.mannlib.vitro.webapp.dao;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@ -40,17 +41,18 @@ public class ObjectPropertyDaoStub implements ObjectPropertyDao {
opMap.put(uri, property);
}
public void setCustomListViewConfigFileName(ObjectProperty property, String filename) {
public void setCustomListViewConfigFileName(ObjectProperty property,
String filename) {
if (property == null) {
throw new NullPointerException("property may not be null.");
}
String uri = property.getURI();
if (uri == null) {
throw new NullPointerException("uri may not be null.");
}
configFilesMap.put(uri, filename);
}
@ -58,6 +60,11 @@ public class ObjectPropertyDaoStub implements ObjectPropertyDao {
// Stub methods
// ----------------------------------------------------------------------
@Override
public List<ObjectProperty> getAllObjectProperties() {
return new ArrayList<>(opMap.values());
}
@Override
public ObjectProperty getObjectPropertyByURI(String objectPropertyURI) {
if (objectPropertyURI == null) {
@ -65,18 +72,18 @@ public class ObjectPropertyDaoStub implements ObjectPropertyDao {
}
return opMap.get(objectPropertyURI);
}
@Override
public ObjectProperty getObjectPropertyByURIs(String objectPropertyURI,
String domainURI, String rangeURI) {
return getObjectPropertyByURI(objectPropertyURI);
}
@Override
public ObjectProperty getObjectPropertyByURIs(String objectPropertyURI,
String domainURI, String rangeURI, ObjectProperty base) {
return getObjectPropertyByURI(objectPropertyURI);
}
@Override
public ObjectProperty getObjectPropertyByURIs(String objectPropertyURI,
String domainURI, String rangeURI) {
return getObjectPropertyByURI(objectPropertyURI);
}
@Override
public ObjectProperty getObjectPropertyByURIs(String objectPropertyURI,
String domainURI, String rangeURI, ObjectProperty base) {
return getObjectPropertyByURI(objectPropertyURI);
}
@Override
public String getCustomListViewConfigFileName(ObjectProperty objectProperty) {
@ -194,12 +201,6 @@ public class ObjectPropertyDaoStub implements ObjectPropertyDao {
"ObjectPropertyDaoStub.getClassesWithRestrictionOnProperty() not implemented.");
}
@Override
public List<ObjectProperty> getAllObjectProperties() {
throw new RuntimeException(
"ObjectPropertyDaoStub.getAllObjectProperties() not implemented.");
}
@Override
public List<ObjectProperty> getObjectPropertiesForObjectPropertyStatements(
List objectPropertyStatements) {