NIHVIVO-3523 Break up the CommonIdentifierBundleFactory into several pieces: one for each type of Identifier. Add some unit tests.

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/common/CommonIdentifierBundleFactory.java

@@ -1,243 +0,0 @@
-/* $This file is distributed under the terms of the license in /doc/license.txt$ */
-
-package edu.cornell.mannlib.vitro.webapp.auth.identifier.common;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.servlet.ServletContext;
-import javax.servlet.ServletRequest;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundleFactory;
-import edu.cornell.mannlib.vitro.webapp.auth.permissions.Permission;
-import edu.cornell.mannlib.vitro.webapp.auth.permissions.PermissionRegistry;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
-import edu.cornell.mannlib.vitro.webapp.beans.Individual;
-import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
-import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration;
-import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
-import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
-import edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDao;
-import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
-
-/**
- * Create Identifiers that are recognized by the common policy family.
- */
-public class CommonIdentifierBundleFactory implements IdentifierBundleFactory {
-	private static final Log log = LogFactory
-			.getLog(CommonIdentifierBundleFactory.class);
-
-	private final ServletContext context;
-
-	public CommonIdentifierBundleFactory(ServletContext context) {
-		this.context = context;
-	}
-
-	@Override
-	public IdentifierBundle getIdentifierBundle(ServletRequest request,
-			HttpSession session, ServletContext unusedContext) {
-
-		// If this is not an HttpServletRequest, we might as well fail now.
-		HttpServletRequest req = (HttpServletRequest) request;
-
-		ArrayIdentifierBundle bundle = new ArrayIdentifierBundle();
-
-		bundle.addAll(createUserIdentifiers(req));
-		bundle.addAll(createRootUserIdentifiers(req));
-		bundle.addAll(createRoleLevelIdentifiers(req));
-		bundle.addAll(createBlacklistOrAssociatedIndividualIdentifiers(req));
-		bundle.addAll(createExplicitProxyEditingIdentifiers(req));
-		bundle.addAll(createPermissionIdentifiers(req));
-
-		return bundle;
-	}
-
-	/**
-	 * If the user is logged in, create an identifier that shows his URI.
-	 */
-	private Collection<? extends Identifier> createUserIdentifiers(
-			HttpServletRequest req) {
-		LoginStatusBean bean = LoginStatusBean.getBean(req);
-		if (bean.isLoggedIn()) {
-			return Collections.singleton(new IsUser(bean.getUserURI()));
-		} else {
-			return Collections.emptySet();
-		}
-	}
-
-	private Collection<? extends Identifier> createRootUserIdentifiers(
-			HttpServletRequest req) {
-		UserAccount user = LoginStatusBean.getCurrentUser(req);
-		if ((user != null) && user.isRootUser()) {
-			return Collections.singleton(new IsRootUser());
-		} else {
-			return Collections.emptySet();
-		}
-	}
-
-	/**
-	 * Create an identifier that shows the role level of the current user, or
-	 * PUBLIC if the user is not logged in.
-	 */
-	private Collection<? extends Identifier> createRoleLevelIdentifiers(
-			HttpServletRequest req) {
-		RoleLevel roleLevel = RoleLevel.getRoleFromLoginStatus(req);
-		return Collections.singleton(new HasRoleLevel(roleLevel));
-	}
-
-	/**
-	 * Find all of the individuals that are associated with the current user,
-	 * and create either an IsBlacklisted or HasAssociatedIndividual for each
-	 * one.
-	 */
-	private Collection<? extends Identifier> createBlacklistOrAssociatedIndividualIdentifiers(
-			HttpServletRequest req) {
-		Collection<Identifier> ids = new ArrayList<Identifier>();
-
-		for (Individual ind : getAssociatedIndividuals(req)) {
-			// If they are blacklisted, this factory will return an identifier
-			Identifier id = IsBlacklisted.getInstance(ind, context);
-			if (id != null) {
-				ids.add(id);
-			} else {
-				ids.add(new HasProfile(ind.getURI()));
-			}
-		}
-
-		return ids;
-	}
-
-	/**
-	 * Get all Individuals associated with the current user as SELF.
-	 */
-	private Collection<Individual> getAssociatedIndividuals(
-			HttpServletRequest req) {
-		Collection<Individual> individuals = new ArrayList<Individual>();
-
-		UserAccount user = LoginStatusBean.getCurrentUser(req);
-		if (user == null) {
-			log.debug("No Associated Individuals: not logged in.");
-			return individuals;
-		}
-
-		WebappDaoFactory wdf = (WebappDaoFactory) context
-				.getAttribute("webappDaoFactory");
-		if (wdf == null) {
-			log.error("Could not get a WebappDaoFactory from the ServletContext");
-			return individuals;
-		}
-
-		IndividualDao indDao = wdf.getIndividualDao();
-
-		SelfEditingConfiguration sec = SelfEditingConfiguration.getBean(req);
-		individuals.addAll(sec.getAssociatedIndividuals(indDao, user));
-
-		return individuals;
-	}
-
-	/**
-	 * Get all Individuals associated with the current user by explicit proxy
-	 * relationship.
-	 */
-	private Collection<? extends Identifier> createExplicitProxyEditingIdentifiers(
-			HttpServletRequest req) {
-		Collection<Identifier> ids = new ArrayList<Identifier>();
-
-		UserAccount user = LoginStatusBean.getCurrentUser(req);
-		if (user != null) {
-			for (String proxiedUri : user.getProxiedIndividualUris()) {
-				ids.add(new HasProxyEditingRights(proxiedUri));
-			}
-		}
-
-		return ids;
-	}
-
-	/**
-	 * Create an identifier for each Permission that the User has.
-	 */
-	private Collection<? extends Identifier> createPermissionIdentifiers(
-			HttpServletRequest req) {
-		UserAccount user = LoginStatusBean.getCurrentUser(req);
-		if (user == null) {
-			return createPublicPermissions();
-		} else {
-			return createUserPermissions(user);
-		}
-	}
-
-	private Collection<? extends Identifier> createPublicPermissions() {
-		Collection<Identifier> ids = new ArrayList<Identifier>();
-
-		WebappDaoFactory wdf = (WebappDaoFactory) context
-				.getAttribute("webappDaoFactory");
-		if (wdf == null) {
-			log.error("Could not get a WebappDaoFactory from the ServletContext");
-			return ids;
-		}
-
-		UserAccountsDao uaDao = wdf.getUserAccountsDao();
-
-		Set<String> permissionUris = new HashSet<String>();
-		for (PermissionSet ps : uaDao.getAllPermissionSets()) {
-			if (ps.isForPublic()) {
-				permissionUris.addAll(ps.getPermissionUris());
-			}
-		}
-
-		PermissionRegistry registry = PermissionRegistry.getRegistry(context);
-		for (String permissionUri : permissionUris) {
-			Permission permission = registry.getPermission(permissionUri);
-			ids.add(new HasPermission(permission));
-		}
-
-		return ids;
-	}
-
-	private Collection<? extends Identifier> createUserPermissions(UserAccount user) {
-		Collection<Identifier> ids = new ArrayList<Identifier>();
-
-		WebappDaoFactory wdf = (WebappDaoFactory) context
-				.getAttribute("webappDaoFactory");
-		if (wdf == null) {
-			log.error("Could not get a WebappDaoFactory from the ServletContext");
-			return ids;
-		}
-
-		UserAccountsDao uaDao = wdf.getUserAccountsDao();
-
-		Set<String> permissionUris = new HashSet<String>();
-		for (String psUri : user.getPermissionSetUris()) {
-			PermissionSet ps = uaDao.getPermissionSetByUri(psUri);
-			if (ps != null) {
-				permissionUris.addAll(ps.getPermissionUris());
-			}
-		}
-
-		PermissionRegistry registry = PermissionRegistry.getRegistry(context);
-		for (String permissionUri : permissionUris) {
-			Permission permission = registry.getPermission(permissionUri);
-			ids.add(new HasPermission(permission));
-		}
-
-		return ids;
-	}
-
-	@Override
-	public String toString() {
-		return this.getClass().getSimpleName() + " - " + hashCode();
-	}
-
-}

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/BaseIdentifierBundleFactory.java

@@ -0,0 +1,66 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletRequest;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundleFactory;
+import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
+import edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDao;
+import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
+
+/**
+ * Some fields and methods that are helpful to IdentifierBundleFactory classes.
+ */
+public abstract class BaseIdentifierBundleFactory implements
+		IdentifierBundleFactory {
+	protected final ServletContext ctx;
+	protected final WebappDaoFactory wdf;
+	protected final UserAccountsDao uaDao;
+	protected final IndividualDao indDao;
+
+	public BaseIdentifierBundleFactory(ServletContext ctx) {
+		if (ctx == null) {
+			throw new NullPointerException("ctx may not be null.");
+		}
+		this.ctx = ctx;
+
+		Object wdfObject = ctx.getAttribute("webappDaoFactory");
+		if (wdfObject instanceof WebappDaoFactory) {
+			this.wdf = (WebappDaoFactory) wdfObject;
+		} else {
+			throw new IllegalStateException(
+					"Didn't find a WebappDaoFactory in the context. Found '"
+							+ wdfObject + "' instead.");
+		}
+
+		this.uaDao = wdf.getUserAccountsDao();
+		this.indDao = wdf.getIndividualDao();
+	}
+
+	/**
+	 * This method should go away. Why are we passing anything other than the
+	 * request?
+	 */
+	@Override
+	public final IdentifierBundle getIdentifierBundle(ServletRequest request,
+			HttpSession session, ServletContext context) {
+		return getIdentifierBundle((HttpServletRequest) request);
+	}
+
+	@Override
+	public String toString() {
+		return this.getClass().getSimpleName() + " - " + hashCode();
+	}
+
+	/**
+	 * Return the IdentifierBundle from this factory. May return an empty
+	 * bundle, but never returns null.
+	 */
+	public abstract IdentifierBundle getIdentifierBundle(HttpServletRequest req);
+
+}

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasPermissionFactory.java

@@ -0,0 +1,93 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasPermission;
+import edu.cornell.mannlib.vitro.webapp.auth.permissions.Permission;
+import edu.cornell.mannlib.vitro.webapp.auth.permissions.PermissionRegistry;
+import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
+import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
+
+/**
+ * Figure out what Permissions the user is entitled to have.
+ */
+public class HasPermissionFactory extends BaseIdentifierBundleFactory {
+	private static final Log log = LogFactory
+			.getLog(HasPermissionFactory.class);
+
+	public HasPermissionFactory(ServletContext ctx) {
+		super(ctx);
+	}
+
+	@Override
+	public IdentifierBundle getIdentifierBundle(HttpServletRequest req) {
+		UserAccount user = LoginStatusBean.getCurrentUser(req);
+		if (user == null) {
+			return createPublicPermissions();
+		} else {
+			return createUserPermissions(user);
+		}
+	}
+
+	private IdentifierBundle createPublicPermissions() {
+		Set<String> permissionUris = new HashSet<String>();
+		for (PermissionSet ps : uaDao.getAllPermissionSets()) {
+			if (ps.isForPublic()) {
+				permissionUris.addAll(ps.getPermissionUris());
+			}
+		}
+		log.debug("Permission URIs: " + permissionUris);
+
+		return new ArrayIdentifierBundle(
+				getIdentifiersFromPermissions(getPermissionsForUris(permissionUris)));
+	}
+
+	private IdentifierBundle createUserPermissions(UserAccount user) {
+		Set<String> permissionUris = new HashSet<String>();
+		for (String psUri : user.getPermissionSetUris()) {
+			PermissionSet ps = uaDao.getPermissionSetByUri(psUri);
+			if (ps != null) {
+				permissionUris.addAll(ps.getPermissionUris());
+			}
+		}
+		log.debug("user permission sets: " + user.getPermissionSetUris());
+		log.debug("Permission URIs: " + permissionUris);
+
+		return new ArrayIdentifierBundle(
+				getIdentifiersFromPermissions(getPermissionsForUris(permissionUris)));
+	}
+
+	private Collection<Permission> getPermissionsForUris(
+			Collection<String> permissionUris) {
+		List<Permission> permissions = new ArrayList<Permission>();
+		PermissionRegistry registry = PermissionRegistry.getRegistry(ctx);
+		for (String uri : permissionUris) {
+			permissions.add(registry.getPermission(uri));
+		}
+		return permissions;
+	}
+
+	private List<HasPermission> getIdentifiersFromPermissions(
+			Collection<Permission> permissions) {
+		List<HasPermission> ids = new ArrayList<HasPermission>();
+		for (Permission permission : permissions) {
+			ids.add(new HasPermission(permission));
+		}
+		return ids;
+	}
+}

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProfileOrIsBlacklistedFactory.java

@@ -0,0 +1,72 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasProfile;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsBlacklisted;
+import edu.cornell.mannlib.vitro.webapp.beans.Individual;
+import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration;
+import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
+
+/**
+ * Find all of the individuals that are associated with the current user, and
+ * create either an IsBlacklisted or HasAssociatedIndividual for each one.
+ */
+public class HasProfileOrIsBlacklistedFactory extends
+		BaseIdentifierBundleFactory {
+	private static final Log log = LogFactory
+			.getLog(HasProfileOrIsBlacklistedFactory.class);
+
+	public HasProfileOrIsBlacklistedFactory(ServletContext ctx) {
+		super(ctx);
+	}
+
+	@Override
+	public IdentifierBundle getIdentifierBundle(HttpServletRequest req) {
+		ArrayIdentifierBundle ids = new ArrayIdentifierBundle();
+
+		for (Individual ind : getAssociatedIndividuals(req)) {
+			// If they are blacklisted, this factory will return an identifier
+			Identifier id = IsBlacklisted.getInstance(ind, ctx);
+			if (id != null) {
+				ids.add(id);
+			} else {
+				ids.add(new HasProfile(ind.getURI()));
+			}
+		}
+
+		return ids;
+	}
+
+	/**
+	 * Get all Individuals associated with the current user as SELF.
+	 */
+	private Collection<Individual> getAssociatedIndividuals(
+			HttpServletRequest req) {
+		Collection<Individual> individuals = new ArrayList<Individual>();
+
+		UserAccount user = LoginStatusBean.getCurrentUser(req);
+		if (user == null) {
+			log.debug("No Associated Individuals: not logged in.");
+			return individuals;
+		}
+
+		SelfEditingConfiguration sec = SelfEditingConfiguration.getBean(req);
+		individuals.addAll(sec.getAssociatedIndividuals(indDao, user));
+
+		return individuals;
+	}
+}

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasProxyEditingRightsFactory.java

@@ -0,0 +1,37 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+
+import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasProxyEditingRights;
+import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
+
+/**
+ * Find out what Profiles the User can edit through proxy.
+ */
+public class HasProxyEditingRightsFactory extends BaseIdentifierBundleFactory {
+
+	public HasProxyEditingRightsFactory(ServletContext ctx) {
+		super(ctx);
+	}
+
+	@Override
+	public IdentifierBundle getIdentifierBundle(HttpServletRequest req) {
+		ArrayIdentifierBundle ids = new ArrayIdentifierBundle();
+
+		UserAccount user = LoginStatusBean.getCurrentUser(req);
+		if (user != null) {
+			for (String proxiedUri : user.getProxiedIndividualUris()) {
+				ids.add(new HasProxyEditingRights(proxiedUri));
+			}
+		}
+
+		return ids;
+	}
+
+}

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasRoleLevelFactory.java

@@ -0,0 +1,29 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasRoleLevel;
+import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
+
+/**
+ * Create an identifier that shows the role level of the current user, or
+ * PUBLIC if the user is not logged in.
+ */
+public class HasRoleLevelFactory extends BaseIdentifierBundleFactory {
+
+	public HasRoleLevelFactory(ServletContext ctx) {
+		super(ctx);
+	}
+
+	@Override
+	public IdentifierBundle getIdentifierBundle(HttpServletRequest req) {
+		RoleLevel roleLevel = RoleLevel.getRoleFromLoginStatus(req);
+		return new ArrayIdentifierBundle(new HasRoleLevel(roleLevel));
+	}
+
+}

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsRootUserFactory.java

@@ -0,0 +1,34 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+
+import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsRootUser;
+import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
+
+/**
+ * If the user is logged in as a Root User, create an identifier.
+ */
+public class IsRootUserFactory extends BaseIdentifierBundleFactory {
+
+	public IsRootUserFactory(ServletContext ctx) {
+		super(ctx);
+	}
+
+	@Override
+	public IdentifierBundle getIdentifierBundle(HttpServletRequest req) {
+		UserAccount user = LoginStatusBean.getCurrentUser(req);
+		if ((user != null) && user.isRootUser()) {
+			return new ArrayIdentifierBundle(IsRootUser.INSTANCE);
+		} else {
+			return new ArrayIdentifierBundle();
+		}
+	}
+
+}
+

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsUserFactory.java

@@ -0,0 +1,32 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+
+import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsUser;
+
+/**
+ * If the user is logged in, create an Identifier.
+ */
+public class IsUserFactory extends BaseIdentifierBundleFactory {
+
+	public IsUserFactory(ServletContext ctx) {
+		super(ctx);
+	}
+
+	@Override
+	public IdentifierBundle getIdentifierBundle(HttpServletRequest req) {
+		LoginStatusBean bean = LoginStatusBean.getBean(req);
+		if (bean.isLoggedIn()) {
+			return new ArrayIdentifierBundle(new IsUser(bean.getUserURI()));
+		} else {
+			return new ArrayIdentifierBundle();
+		}
+	}
+
+}

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java

@@ -7,17 +7,24 @@ import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletContextListener;
 
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.CommonIdentifierBundleFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundleFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.HasPermissionFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.HasProfileOrIsBlacklistedFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.HasProxyEditingRightsFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.HasRoleLevelFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.IsRootUserFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.IsUserFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.DisplayRestrictedDataByRoleLevelPolicy;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.DisplayRestrictedDataToSelfPolicy;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.EditRestrictedDataByRoleLevelPolicy;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PermissionsPolicy;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
 import edu.cornell.mannlib.vitro.webapp.startup.StartupStatus;
 
 /**
- * Set up the common policy family, with Identifier factory.
+ * Set up the common policy family, with Identifier factories.
  */
 public class CommonPolicyFamilySetup implements ServletContextListener {
 
@@ -27,27 +34,31 @@ public class CommonPolicyFamilySetup implements ServletContextListener {
 		StartupStatus ss = StartupStatus.getBean(ctx);
 
 		try {
-			ServletPolicyList.addPolicy(ctx, new PermissionsPolicy());
+			policy(ctx, new PermissionsPolicy());
+			policy(ctx, new DisplayRestrictedDataByRoleLevelPolicy(ctx));
+			policy(ctx, new DisplayRestrictedDataToSelfPolicy(ctx));
+			policy(ctx, new EditRestrictedDataByRoleLevelPolicy(ctx));
+			policy(ctx, new SelfEditingPolicy(ctx));
 
-			ServletPolicyList.addPolicy(ctx,
+			factory(ctx, new IsUserFactory(ctx));
-					new DisplayRestrictedDataByRoleLevelPolicy(ctx));
+			factory(ctx, new IsRootUserFactory(ctx));
-			ServletPolicyList.addPolicy(ctx,
+			factory(ctx, new HasRoleLevelFactory(ctx));
-					new DisplayRestrictedDataToSelfPolicy(ctx));
+			factory(ctx, new HasProfileOrIsBlacklistedFactory(ctx));
-			ServletPolicyList.addPolicy(ctx,
+			factory(ctx, new HasPermissionFactory(ctx));
-					new EditRestrictedDataByRoleLevelPolicy(ctx));
+			factory(ctx, new HasProxyEditingRightsFactory(ctx));
-
-			ServletPolicyList.addPolicy(ctx, new SelfEditingPolicy(ctx));
-
-			// This factory creates Identifiers for all of the above policies.
-			CommonIdentifierBundleFactory factory = new CommonIdentifierBundleFactory(
-					ctx);
-
-			ActiveIdentifierBundleFactories.addFactory(sce, factory);
 		} catch (Exception e) {
 			ss.fatal(this, "could not run CommonPolicyFamilySetup", e);
 		}
 	}
 
+	private void policy(ServletContext ctx, PolicyIface policy) {
+		ServletPolicyList.addPolicy(ctx, policy);
+	}
+
+	private void factory(ServletContext ctx, IdentifierBundleFactory factory) {
+		ActiveIdentifierBundleFactories.addFactory(ctx, factory);
+	}
+
 	@Override
 	public void contextDestroyed(ServletContextEvent sce) { /* nothing */
 	}

webapp/test/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/HasPermissionFactoryTest.java

@@ -0,0 +1,277 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import stubs.edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDaoStub;
+import stubs.edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactoryStub;
+import stubs.javax.servlet.ServletContextStub;
+import stubs.javax.servlet.http.HttpServletRequestStub;
+import stubs.javax.servlet.http.HttpSessionStub;
+import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
+import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
+import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasPermission;
+import edu.cornell.mannlib.vitro.webapp.auth.permissions.Permission;
+import edu.cornell.mannlib.vitro.webapp.auth.permissions.PermissionRegistry;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
+import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
+import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
+
+/**
+ * Can we tell whether a user is logged in as root?
+ */
+public class HasPermissionFactoryTest extends AbstractTestClass {
+	private static final String USER_URI = "http://userUri";
+	private UserAccount user;
+
+	private LoginStatusBean lsb;
+
+	private PermissionSet emptyPublicPermissionSet;
+	private PermissionSet publicPermissionSet1;
+	private PermissionSet publicPermissionSet2;
+	private PermissionSet emptyLoggedInPermissionSet;
+	private PermissionSet loggedInPermissionSet1;
+	private PermissionSet loggedInPermissionSet2;
+
+	private Permission permissionP1a;
+	private Permission permissionP1b;
+	private Permission permissionP2;
+	private Permission permissionLI1;
+	private Permission permissionLI2a;
+	private Permission permissionLI2b;
+
+	private WebappDaoFactoryStub wdf;
+	private UserAccountsDaoStub uaDao;
+
+	private ServletContextStub ctx;
+	private HttpSessionStub session;
+	private HttpServletRequestStub req;
+
+	private HasPermissionFactory factory;
+
+	private IdentifierBundle actualIds;
+	private IdentifierBundle expectedIds;
+
+	@Before
+	public void setup() {
+		user = new UserAccount();
+		user.setUri(USER_URI);
+
+		lsb = new LoginStatusBean(USER_URI, AuthenticationSource.INTERNAL);
+
+		uaDao = new UserAccountsDaoStub();
+		uaDao.addUser(user);
+
+		wdf = new WebappDaoFactoryStub();
+		wdf.setUserAccountsDao(uaDao);
+
+		ctx = new ServletContextStub();
+		ctx.setAttribute("webappDaoFactory", wdf);
+
+		session = new HttpSessionStub();
+		session.setServletContext(ctx);
+
+		req = new HttpServletRequestStub();
+		req.setSession(session);
+
+		factory = new HasPermissionFactory(ctx);
+
+		preparePermissions();
+		preparePermissionSets();
+	}
+
+	private void preparePermissions() {
+		permissionP1a = new MyPermission("permissionP1a");
+		permissionP1b = new MyPermission("permissionP1b");
+		permissionP2 = new MyPermission("permissionP2");
+		permissionLI1 = new MyPermission("permissionLI1");
+		permissionLI2a = new MyPermission("permissionLI2a");
+		permissionLI2b = new MyPermission("permissionLI2b");
+		PermissionRegistry.createRegistry(
+				ctx,
+				list(permissionP1a, permissionP1b, permissionP2, permissionLI1,
+						permissionLI2a, permissionLI2b));
+	}
+
+	private void preparePermissionSets() {
+		emptyPublicPermissionSet = new PermissionSet();
+		emptyPublicPermissionSet.setUri("java:emptyPS");
+		emptyPublicPermissionSet.setLabel("emptyPublicPermissionSet");
+		emptyPublicPermissionSet.setForPublic(true);
+
+		publicPermissionSet1 = new PermissionSet();
+		publicPermissionSet1.setUri("java:publicPS1");
+		publicPermissionSet1.setLabel("publicPermissionSet1");
+		publicPermissionSet1.setForPublic(true);
+		setPermissions(publicPermissionSet1, permissionP1a, permissionP1b);
+
+		publicPermissionSet2 = new PermissionSet();
+		publicPermissionSet2.setUri("java:publicPS2");
+		publicPermissionSet2.setLabel("publicPermissionSet2");
+		publicPermissionSet2.setForPublic(true);
+		setPermissions(publicPermissionSet2, permissionP2);
+
+		emptyLoggedInPermissionSet = new PermissionSet();
+		emptyLoggedInPermissionSet.setUri("java:emptyPS");
+		emptyLoggedInPermissionSet.setLabel("emptyLoggedInPermissionSet");
+
+		loggedInPermissionSet1 = new PermissionSet();
+		loggedInPermissionSet1.setUri("java:loggedInPS1");
+		loggedInPermissionSet1.setLabel("loggedInPermissionSet1");
+		setPermissions(loggedInPermissionSet1, permissionLI1);
+
+		loggedInPermissionSet2 = new PermissionSet();
+		loggedInPermissionSet2.setUri("java:loggedInPS2");
+		loggedInPermissionSet2.setLabel("loggedInPermissionSet2");
+		setPermissions(loggedInPermissionSet2, permissionLI2a, permissionLI2b);
+
+		uaDao.addPermissionSet(emptyLoggedInPermissionSet);
+		uaDao.addPermissionSet(loggedInPermissionSet1);
+		uaDao.addPermissionSet(loggedInPermissionSet2);
+		// "public" permission sets are added for specific tests.
+	}
+
+	// ----------------------------------------------------------------------
+	// the tests
+	// ----------------------------------------------------------------------
+
+	@Test
+	public void notLoggedInNoPublicSets() {
+		expectedIds = new ArrayIdentifierBundle();
+		actualIds = factory.getIdentifierBundle(req);
+		assertEquals("no public sets", expectedIds, actualIds);
+	}
+
+	@Test
+	public void notLoggedInEmptyPublicSet() {
+		uaDao.addPermissionSet(emptyPublicPermissionSet);
+
+		expectedIds = new ArrayIdentifierBundle();
+		actualIds = factory.getIdentifierBundle(req);
+		assertEquals("empty public set", expectedIds, actualIds);
+	}
+
+	@Test
+	public void notLoggedInOnePublicSet() {
+		uaDao.addPermissionSet(publicPermissionSet1);
+
+		expectedIds = new ArrayIdentifierBundle(id(permissionP1a),
+				id(permissionP1b));
+		actualIds = factory.getIdentifierBundle(req);
+		assertEqualIds("one public set", expectedIds, actualIds);
+	}
+
+	@Test
+	public void notLoggedInTwoPublicSets() {
+		uaDao.addPermissionSet(publicPermissionSet1);
+		uaDao.addPermissionSet(publicPermissionSet2);
+
+		expectedIds = new ArrayIdentifierBundle(id(permissionP1a),
+				id(permissionP1b), id(permissionP2));
+		actualIds = factory.getIdentifierBundle(req);
+		assertEqualIds("two public sets", expectedIds, actualIds);
+	}
+
+	@Test
+	public void loggedInNoSets() {
+		LoginStatusBean.setBean(session, lsb);
+
+		expectedIds = new ArrayIdentifierBundle();
+		actualIds = factory.getIdentifierBundle(req);
+		assertEquals("no logged in sets", expectedIds, actualIds);
+	}
+
+	@Test
+	public void loggedInEmptySet() {
+		LoginStatusBean.setBean(session, lsb);
+		user.setPermissionSetUris(list(emptyLoggedInPermissionSet.getUri()));
+
+		expectedIds = new ArrayIdentifierBundle();
+		actualIds = factory.getIdentifierBundle(req);
+		assertEquals("empty logged in set", expectedIds, actualIds);
+	}
+
+	@Test
+	public void loggedInOneSet() {
+		LoginStatusBean.setBean(session, lsb);
+		user.setPermissionSetUris(list(loggedInPermissionSet1.getUri()));
+
+		expectedIds = new ArrayIdentifierBundle(id(permissionLI1));
+		actualIds = factory.getIdentifierBundle(req);
+		assertEqualIds("one logged in set", expectedIds, actualIds);
+	}
+
+	@Test
+	public void loggedInTwoSets() {
+		LoginStatusBean.setBean(session, lsb);
+		user.setPermissionSetUris(list(loggedInPermissionSet1.getUri(),
+				loggedInPermissionSet2.getUri()));
+
+		expectedIds = new ArrayIdentifierBundle(id(permissionLI1),
+				id(permissionLI2a), id(permissionLI2b));
+		actualIds = factory.getIdentifierBundle(req);
+		assertEqualIds("two logged in sets", expectedIds, actualIds);
+	}
+
+	// ----------------------------------------------------------------------
+	// helper methods
+	// ----------------------------------------------------------------------
+
+	private void setPermissions(PermissionSet ps, Permission... permissions) {
+		List<String> uris = new ArrayList<String>();
+		for (Permission p : permissions) {
+			uris.add(p.getUri());
+		}
+		ps.setPermissionUris(uris);
+	}
+
+	private HasPermission id(Permission p) {
+		return new HasPermission(p);
+	}
+
+	private <T> List<T> list(T... elements) {
+		List<T> l = new ArrayList<T>();
+		for (T element : elements) {
+			l.add(element);
+		}
+		return l;
+	}
+
+	private void assertEqualIds(String message, IdentifierBundle expected,
+			IdentifierBundle actual) {
+		Set<HasPermission> expectedSet = new HashSet<HasPermission>();
+		for (Identifier id : expected) {
+			expectedSet.add((HasPermission) id);
+		}
+		Set<HasPermission> actualSet = new HashSet<HasPermission>();
+		for (Identifier id : actual) {
+			actualSet.add((HasPermission) id);
+		}
+		assertEqualSets(message, expectedSet, actualSet);
+	}
+
+	private static class MyPermission extends Permission {
+		public MyPermission(String uri) {
+			super(uri);
+		}
+
+		@Override
+		public boolean isAuthorized(RequestedAction whatToAuth) {
+			return false;
+		}
+
+	}
+}

webapp/test/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsRootUserFactoryTest.java

@@ -0,0 +1,99 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import stubs.edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDaoStub;
+import stubs.edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactoryStub;
+import stubs.javax.servlet.ServletContextStub;
+import stubs.javax.servlet.http.HttpServletRequestStub;
+import stubs.javax.servlet.http.HttpSessionStub;
+import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
+import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
+import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsRootUser;
+import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
+
+/**
+ * Can we tell whether a user is logged in as root?
+ */
+public class IsRootUserFactoryTest extends AbstractTestClass {
+	private static final String PLAIN_USER_URI = "http://userUri";
+	private static final String ROOT_USER_URI = "http://rootUri";
+
+	private WebappDaoFactoryStub wdf;
+	private UserAccountsDaoStub uaDao;
+
+	private ServletContextStub ctx;
+	private HttpSessionStub session;
+	private HttpServletRequestStub req;
+
+	private IsRootUserFactory factory;
+
+	private IdentifierBundle actualIds;
+	private IdentifierBundle expectedIds;
+
+	@Before
+	public void setup() {
+		UserAccount plainUser = new UserAccount();
+		plainUser.setUri(PLAIN_USER_URI);
+		
+		UserAccount rootUser = new UserAccount();
+		rootUser.setUri(ROOT_USER_URI);
+		rootUser.setRootUser(true);
+		
+		uaDao = new UserAccountsDaoStub();
+		uaDao.addUser(plainUser);
+		uaDao.addUser(rootUser);
+		
+		wdf = new WebappDaoFactoryStub();
+		wdf.setUserAccountsDao(uaDao);
+
+		ctx = new ServletContextStub();
+		ctx.setAttribute("webappDaoFactory", wdf);
+
+		session = new HttpSessionStub();
+		session.setServletContext(ctx);
+
+		req = new HttpServletRequestStub();
+		req.setSession(session);
+
+		factory = new IsRootUserFactory(ctx);
+	}
+
+	@Test
+	public void notLoggedIn() {
+		expectedIds = new ArrayIdentifierBundle();
+		actualIds = factory.getIdentifierBundle(req);
+		assertEquals("empty bundle", expectedIds, actualIds);
+	}
+
+	@Test
+	public void loggedInNotRoot() {
+		LoginStatusBean lsb = new LoginStatusBean(PLAIN_USER_URI,
+				AuthenticationSource.EXTERNAL);
+		LoginStatusBean.setBean(session, lsb);
+
+		expectedIds = new ArrayIdentifierBundle();
+		actualIds = factory.getIdentifierBundle(req);
+		assertEquals("not root", expectedIds, actualIds);
+	}
+
+	@Test
+	public void loggedInAsRoot() {
+		LoginStatusBean lsb = new LoginStatusBean(ROOT_USER_URI,
+				AuthenticationSource.EXTERNAL);
+		LoginStatusBean.setBean(session, lsb);
+
+		expectedIds = new ArrayIdentifierBundle(IsRootUser.INSTANCE);
+		actualIds = factory.getIdentifierBundle(req);
+		assertEquals("root", expectedIds, actualIds);
+	}
+
+}

webapp/test/edu/cornell/mannlib/vitro/webapp/auth/identifier/factory/IsUserFactoryTest.java

@@ -0,0 +1,72 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.identifier.factory;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import stubs.edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactoryStub;
+import stubs.javax.servlet.ServletContextStub;
+import stubs.javax.servlet.http.HttpServletRequestStub;
+import stubs.javax.servlet.http.HttpSessionStub;
+import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
+import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
+import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsUser;
+
+/**
+ * The simplest of the IdentifierBundleFactory classes.
+ */
+public class IsUserFactoryTest extends AbstractTestClass {
+	private static final String USER_URI = "http://userUri";
+
+	private WebappDaoFactoryStub wdf;
+
+	private ServletContextStub ctx;
+	private HttpSessionStub session;
+	private HttpServletRequestStub req;
+
+	private IsUserFactory factory;
+
+	private IdentifierBundle actualIds;
+	private IdentifierBundle expectedIds;
+
+	@Before
+	public void setup() {
+		wdf = new WebappDaoFactoryStub();
+
+		ctx = new ServletContextStub();
+		ctx.setAttribute("webappDaoFactory", wdf);
+
+		session = new HttpSessionStub();
+		session.setServletContext(ctx);
+
+		req = new HttpServletRequestStub();
+		req.setSession(session);
+
+		factory = new IsUserFactory(ctx);
+	}
+
+	@Test
+	public void notLoggedIn() {
+		expectedIds = new ArrayIdentifierBundle();
+		actualIds = factory.getIdentifierBundle(req);
+		assertEquals("empty bundle", expectedIds, actualIds);
+	}
+
+	@Test
+	public void loggedIn() {
+		LoginStatusBean lsb = new LoginStatusBean(USER_URI,
+				AuthenticationSource.EXTERNAL);
+		LoginStatusBean.setBean(session, lsb);
+
+		expectedIds = new ArrayIdentifierBundle(new IsUser(USER_URI));
+		actualIds = factory.getIdentifierBundle(req);
+		assertEquals("user id", expectedIds, actualIds);
+	}
+
+}

webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java

@@ -36,7 +36,7 @@ import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
 import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.CommonIdentifierBundleFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.factory.HasRoleLevelFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.Permission;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.PermissionRegistry;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
@@ -163,7 +163,7 @@ public class AuthenticateTest extends AbstractTestClass {
 		new ConfigurationPropertiesStub().setBean(servletContext);
 
 		ActiveIdentifierBundleFactories.addFactory(servletContext,
-				new CommonIdentifierBundleFactory(servletContext));
+				new HasRoleLevelFactory(servletContext));
 	}
 
 	private UserAccount createUserFromUserInfo(UserInfo userInfo) {