From 21aede64890611a8c2a22732bfbdbbdf5178b4a6 Mon Sep 17 00:00:00 2001 From: briancaruso Date: Fri, 23 Mar 2012 19:26:44 +0000 Subject: [PATCH 01/25] Spelling mistake. --- .../mannlib/vitro/webapp/controller/edit/PrimitiveRdfEdit.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveRdfEdit.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveRdfEdit.java index 6acc48f91..cc02de81c 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveRdfEdit.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveRdfEdit.java @@ -32,7 +32,7 @@ public class PrimitiveRdfEdit extends VitroAjaxController { private static final long serialVersionUID = 1L; - //Using the same setsup as primitive delete + //Using the same setup as primitive delete @Override protected Actions requiredActions(VitroRequest vreq) { return SimplePermission.USE_BASIC_AJAX_CONTROLLERS.ACTIONS; From 490e0a18df64b5ee7f3103847ff77b686c8ed2d3 Mon Sep 17 00:00:00 2001 From: briancaruso Date: Fri, 23 Mar 2012 20:24:08 +0000 Subject: [PATCH 02/25] Fixing logger class. --- .../n3editing/configuration/generators/RDFSLabelGenerator.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/n3editing/configuration/generators/RDFSLabelGenerator.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/n3editing/configuration/generators/RDFSLabelGenerator.java index 591ca667e..55d56536c 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/n3editing/configuration/generators/RDFSLabelGenerator.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/n3editing/configuration/generators/RDFSLabelGenerator.java @@ -45,7 +45,7 @@ import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; */ public class RDFSLabelGenerator implements EditConfigurationGenerator { - private Log log = LogFactory.getLog(DefaultObjectPropertyFormGenerator.class); + private Log log = LogFactory.getLog(RDFSLabelGenerator.class); private String subjectUri = null; private String predicateUri = null; From e0594b26817c78537bda520718e59bb884dd062c Mon Sep 17 00:00:00 2001 From: j2blake Date: Sat, 24 Mar 2012 15:11:23 +0000 Subject: [PATCH 03/25] NIHVIVO-3542 BaseTemplateModel doesn't need to hold ServletContext, and the way it's set in a static field is dodgy. Remove it. --- .../webapp/controller/freemarker/FreemarkerSetup.java | 1 - .../webapp/web/templatemodels/BaseTemplateModel.java | 10 ---------- .../individual/BaseIndividualTemplateModel.java | 8 ++++++-- ...ctPropertyTemplateModel_PropertyListConfigTest.java | 2 -- 4 files changed, 6 insertions(+), 15 deletions(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerSetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerSetup.java index 0395ad07d..2949f999d 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerSetup.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerSetup.java @@ -18,7 +18,6 @@ public class FreemarkerSetup implements ServletContextListener { @Override public void contextInitialized(ServletContextEvent event) { ServletContext sc = event.getServletContext(); - BaseTemplateModel.setServletContext(sc); FreemarkerComponentGenerator.setServletContext(sc); UrlBuilder.contextPath = sc.getContextPath(); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/BaseTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/BaseTemplateModel.java index 740377a49..0bf05c3f6 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/BaseTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/BaseTemplateModel.java @@ -20,8 +20,6 @@ public abstract class BaseTemplateModel { private static final String URI_CHARACTERS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~:/?#[]@!$&%'()*+,;="; - protected static ServletContext servletContext; - // Convenience method so subclasses can call getUrl(path) protected String getUrl(String path) { return UrlBuilder.getUrl(path); @@ -73,12 +71,4 @@ public abstract class BaseTemplateModel { AntiScript.cleanMapValues(map); } - protected static ServletContext getServletContext() { - return servletContext; - } - - public static void setServletContext(ServletContext context) { - servletContext = context; - } - } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java index b01efe97c..53b5f3982 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java @@ -6,6 +6,8 @@ import java.util.Collection; import java.util.List; import java.util.Map; +import javax.servlet.ServletContext; + import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -37,12 +39,14 @@ public abstract class BaseIndividualTemplateModel extends BaseTemplateModel { protected final Individual individual; protected final LoginStatusBean loginStatusBean; protected final VitroRequest vreq; + private final ServletContext ctx; private final boolean editing; protected GroupedPropertyList propertyList; public BaseIndividualTemplateModel(Individual individual, VitroRequest vreq) { this.vreq = vreq; + this.ctx = vreq.getSession().getServletContext(); this.individual = individual; this.loginStatusBean = LoginStatusBean.getBean(vreq); // Needed for getting portal-sensitive urls. Remove if multi-portal support is removed. @@ -54,7 +58,7 @@ public abstract class BaseIndividualTemplateModel extends BaseTemplateModel { boolean isVClass = individual.isVClass(vClassUri); // If reasoning is asynchronous (under RDB), this inference may not have been made yet. // Check the superclasses of the individual's vclass. - SimpleReasoner simpleReasoner = (SimpleReasoner)getServletContext().getAttribute(SimpleReasoner.class.getName()); + SimpleReasoner simpleReasoner = (SimpleReasoner) ctx.getAttribute(SimpleReasoner.class.getName()); if (!isVClass && simpleReasoner != null && simpleReasoner.isABoxReasoningAsynchronous()) { log.debug("Checking superclasses to see if individual is a " + vClassUri + " because reasoning is asynchronous"); List directVClasses = individual.getVClasses(true); @@ -216,7 +220,7 @@ public abstract class BaseIndividualTemplateModel extends BaseTemplateModel { public String selfEditingId() { String id = null; String idMatchingProperty = - ConfigurationProperties.getBean(getServletContext()).getProperty("selfEditing.idMatchingProperty"); + ConfigurationProperties.getBean(ctx).getProperty("selfEditing.idMatchingProperty"); if (! StringUtils.isBlank(idMatchingProperty)) { WebappDaoFactory wdf = vreq.getUnfilteredWebappDaoFactory(); Collection ids = diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel_PropertyListConfigTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel_PropertyListConfigTest.java index cf405b7b0..9c92eb280 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel_PropertyListConfigTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel_PropertyListConfigTest.java @@ -135,8 +135,6 @@ public class ObjectPropertyTemplateModel_PropertyListConfigTest extends subject = new IndividualImpl(); - BaseTemplateModel.setServletContext(ctx); - Configuration fmConfig = new Configuration(); vreq.setAttribute("freemarkerConfig", fmConfig); tl = new TemplateLoaderStub(); From 122a34f7d968442115a5e0190e4a0091f6cb935a Mon Sep 17 00:00:00 2001 From: j2blake Date: Sat, 24 Mar 2012 16:27:33 +0000 Subject: [PATCH 04/25] NIHVIVO-3542 Clean up the PropertyStatementTemplateModel hierarchy. Make each of the subclasses immutable. Make NameStatementTemplateModel inherit from PropertySTM, not from DataPropertySTM. Remove the editing flag. --- .../freemarker/FreemarkerSetup.java | 2 - .../web/templatemodels/BaseTemplateModel.java | 2 - .../edit/EditConfigurationTemplateModel.java | 2 +- .../BaseIndividualTemplateModel.java | 2 +- .../CollatedObjectPropertyTemplateModel.java | 2 +- .../DataPropertyStatementTemplateModel.java | 102 ++++++------- .../individual/DataPropertyTemplateModel.java | 2 +- .../NameStatementTemplateModel.java | 99 ++++++++++--- .../ObjectPropertyStatementTemplateModel.java | 140 +++++++++--------- .../PropertyStatementTemplateModel.java | 26 +--- ...UncollatedObjectPropertyTemplateModel.java | 2 +- 11 files changed, 203 insertions(+), 178 deletions(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerSetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerSetup.java index 2949f999d..c7e390e19 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerSetup.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerSetup.java @@ -9,8 +9,6 @@ import javax.servlet.ServletContextListener; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import edu.cornell.mannlib.vitro.webapp.web.templatemodels.BaseTemplateModel; - public class FreemarkerSetup implements ServletContextListener { private static final Log log = LogFactory.getLog(FreemarkerSetup.class); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/BaseTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/BaseTemplateModel.java index 0bf05c3f6..282076feb 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/BaseTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/BaseTemplateModel.java @@ -4,8 +4,6 @@ package edu.cornell.mannlib.vitro.webapp.web.templatemodels; import java.util.Map; -import javax.servlet.ServletContext; - import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/edit/EditConfigurationTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/edit/EditConfigurationTemplateModel.java index bfea72c7d..2d442d048 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/edit/EditConfigurationTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/edit/EditConfigurationTemplateModel.java @@ -450,7 +450,7 @@ public class EditConfigurationTemplateModel extends BaseTemplateModel { predicateUri, objectKey, statementDisplay, - false, null, vreq); + null, vreq); ReadOnlyBeansWrapper wrapper = new ReadOnlyBeansWrapper(); return wrapper.wrap(osm); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java index 53b5f3982..34f2402ef 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java @@ -131,7 +131,7 @@ public abstract class BaseIndividualTemplateModel extends BaseTemplateModel { * are handled like ordinary ObjectProperty instances. */ public NameStatementTemplateModel getNameStatement() { - return new NameStatementTemplateModel(getUri(), vreq, editing); + return new NameStatementTemplateModel(getUri(), vreq); } /* These methods simply forward to the methods of the wrapped individual. It would be desirable to diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/CollatedObjectPropertyTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/CollatedObjectPropertyTemplateModel.java index 8ad485992..fd634595e 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/CollatedObjectPropertyTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/CollatedObjectPropertyTemplateModel.java @@ -218,7 +218,7 @@ public class CollatedObjectPropertyTemplateModel extends ObjectPropertyTemplateM } listForThisSubclass.add(new ObjectPropertyStatementTemplateModel(subjectUri, - propertyUri, objectKey, map, editing, getTemplateName(), vreq)); + propertyUri, objectKey, map, getTemplateName(), vreq)); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java index 46d29bb1c..04e3a4467 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java @@ -20,97 +20,61 @@ import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; import edu.cornell.mannlib.vitro.webapp.edit.n3editing.processEdit.RdfLiteralHash; public class DataPropertyStatementTemplateModel extends PropertyStatementTemplateModel { - private static final Log log = LogFactory.getLog(DataPropertyStatementTemplateModel.class); - private static final String EDIT_PATH = "editRequestDispatch"; - protected String value; + private final Literal literalValue; + private final String deleteUrl; + private final String editUrl; //Extended to include vitro request to check for special parameters public DataPropertyStatementTemplateModel(String subjectUri, String propertyUri, - Literal literal, boolean editing, VitroRequest vreq) { + Literal literal, VitroRequest vreq) { super(subjectUri, propertyUri, vreq); - //attempt to strip any odd HTML - this.value = cleanTextForDisplay( literal.getLexicalForm() ); + this.literalValue = literal; - setEditUrls(literal, editing, propertyUri); - } - - /* - * This method handles the special case where we are creating a DataPropertyStatementTemplateModel outside the GroupedPropertyList. - * Specifically, it allows rdfs:label to be treated like a data property statement and thus have editing links. It is not possible - * to handle rdfs:label like vitro links and vitroPublic image, because it is not possible to construct a DataProperty from - * rdfs:label. - */ - DataPropertyStatementTemplateModel(String subjectUri, String propertyUri, VitroRequest vreq) { - super(subjectUri, propertyUri, vreq); - } - - public void setValue(String value) { - this.value = value; - } - - protected void setEditUrls(Literal value, boolean editing, String propertyUri) { - - if ( ! editing ) { - return; - } - - DataPropertyStatement dps = new DataPropertyStatementImpl(subjectUri, propertyUri, value.getLexicalForm()); - // Language and datatype are needed to get the correct hash value - dps.setLanguage(value.getLanguage()); - dps.setDatatypeURI(value.getDatatypeURI()); - String dataPropHash = String.valueOf(RdfLiteralHash.makeRdfLiteralHash(dps)); - // Do delete url first, since used in building edit url - setDeleteUrl(propertyUri, dps, dataPropHash); - setEditUrl(propertyUri, dps, dataPropHash); + this.deleteUrl = makeDeleteUrl(); + this.editUrl = makeEditUrl(); } - - protected void setDeleteUrl(String propertyUri, DataPropertyStatement dps, String dataPropHash) { - - // Hack for rdfs:label - the policy doesn't prevent deletion. - if (propertyUri.equals(VitroVocabulary.LABEL)) { - return; - } - + private String makeDeleteUrl() { // Determine whether the statement can be deleted + DataPropertyStatement dps = makeStatement(); RequestedAction action = new DropDataPropStmt(dps); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { - return; + return ""; } ParamMap params = new ParamMap( "subjectUri", subjectUri, "predicateUri", propertyUri, - "datapropKey", dataPropHash, + "datapropKey", makeHash(dps), "cmd", "delete"); params.putAll(UrlBuilder.getModelParams(vreq)); - deleteUrl = UrlBuilder.getUrl(EDIT_PATH, params); - } - - protected void setEditUrl(String propertyUri, DataPropertyStatement dps, String dataPropHash) { + return UrlBuilder.getUrl(EDIT_PATH, params); + } + private String makeEditUrl() { // vitro:moniker is deprecated. We display existing data values so editors can // move them to other properties and delete, but don't allow editing. if ( propertyUri.equals(VitroVocabulary.MONIKER) ) { - return; + return ""; } // Determine whether the statement can be edited + DataPropertyStatement dps = makeStatement(); RequestedAction action = new EditDataPropStmt(dps); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { - return; + return ""; } ParamMap params = new ParamMap( "subjectUri", subjectUri, "predicateUri", propertyUri, - "datapropKey", dataPropHash); + "datapropKey", makeHash(dps)); if ( deleteUrl.isEmpty() ) { params.put("deleteProhibited", "prohibited"); @@ -118,14 +82,36 @@ public class DataPropertyStatementTemplateModel extends PropertyStatementTemplat params.putAll(UrlBuilder.getModelParams(vreq)); - editUrl = UrlBuilder.getUrl(EDIT_PATH, params); - } - + return UrlBuilder.getUrl(EDIT_PATH, params); + } + private DataPropertyStatement makeStatement() { + DataPropertyStatement dps = new DataPropertyStatementImpl(subjectUri, propertyUri, literalValue.getLexicalForm()); + // Language and datatype are needed to get the correct hash value + dps.setLanguage(literalValue.getLanguage()); + dps.setDatatypeURI(literalValue.getDatatypeURI()); + return dps; + } + + private String makeHash(DataPropertyStatement dps) { + // Language and datatype are needed to get the correct hash value + return String.valueOf(RdfLiteralHash.makeRdfLiteralHash(dps)); + } + /* Template properties */ public String getValue() { - return value; + //attempt to strip any odd HTML + return cleanTextForDisplay( literalValue.getLexicalForm() ); } + @Override + public String getDeleteUrl() { + return deleteUrl; + } + + @Override + public String getEditUrl() { + return editUrl; + } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java index 57fac3899..ea8b355e8 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java @@ -47,7 +47,7 @@ public class DataPropertyTemplateModel extends PropertyTemplateModel { DataPropertyStatementDao dpDao = vreq.getWebappDaoFactory().getDataPropertyStatementDao(); List values = dpDao.getDataPropertyValuesForIndividualByProperty(subject, dp); for (Literal value : values) { - statements.add(new DataPropertyStatementTemplateModel(subjectUri, propertyUri, value, editing, vreq)); + statements.add(new DataPropertyStatementTemplateModel(subjectUri, propertyUri, value, vreq)); } } else { log.debug("Data property " + getUri() + " is unpopulated."); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java index fd8d37f78..5a6ed1613 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java @@ -7,42 +7,105 @@ import org.apache.commons.logging.LogFactory; import org.openrdf.model.URI; import org.openrdf.model.impl.URIImpl; +import com.hp.hpl.jena.rdf.model.Literal; + +import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt; +import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; +import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder; +import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.ParamMap; import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao; import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory; import edu.cornell.mannlib.vitro.webapp.edit.EditLiteral; +import edu.cornell.mannlib.vitro.webapp.edit.n3editing.processEdit.RdfLiteralHash; -public class NameStatementTemplateModel extends - DataPropertyStatementTemplateModel { +/** + * This allows the template to treat an rdfs:label like a data property statement, and thus + * have an editing link. + * + * This has the same accessor methods as a DataPropertyStatementTemplateModel, but it is never + * part of the GroupedPropertyList, and it never has a deleteUrl. + */ +public class NameStatementTemplateModel extends PropertyStatementTemplateModel { + private static final Log log = LogFactory.getLog(NameStatementTemplateModel.class); - private static final Log log = LogFactory.getLog(NameStatementTemplateModel.class); + private final String stringValue; + private final String editUrl; - /* - * This method handles the special case where we are creating a DataPropertyStatementTemplateModel outside the GroupedPropertyList. - * Specifically, it allows rdfs:label to be treated like a data property statement and thus have editing links. - */ - NameStatementTemplateModel(String subjectUri, VitroRequest vreq, boolean editing) { + NameStatementTemplateModel(String subjectUri, VitroRequest vreq) { super(subjectUri, VitroVocabulary.LABEL, vreq); - WebappDaoFactory wdf = vreq.getWebappDaoFactory(); - // NIHVIVO-2466 Use the same methods to get the label that are used elsewhere in the // application, to guarantee consistent results for individuals with multiple labels // across the application. + WebappDaoFactory wdf = vreq.getWebappDaoFactory(); IndividualDao iDao = wdf.getIndividualDao(); EditLiteral literal = iDao.getLabelEditLiteral(subjectUri); - if (literal != null) { - value = cleanTextForDisplay( literal.getLexicalForm() ); - setEditUrls(literal, editing, propertyUri); + if (literal == null) { + // If the individual has no rdfs:label, use the local name. It will not be editable. (This replicates previous behavior; + // perhaps we would want to allow a label to be added. But such individuals do not usually have their profiles viewed or + // edited directly.) + URI uri = new URIImpl(subjectUri); + this.stringValue = uri.getLocalName(); + this.editUrl = ""; } else { - // If the individual has no rdfs:label, use the local name. It will not be editable. (This replicates previous behavior; - // perhaps we would want to allow a label to be added. But such individuals do not usually have their profiles viewed or - // edited directly.) - URI uri = new URIImpl(subjectUri); - value = uri.getLocalName(); + this.stringValue = cleanTextForDisplay( literal.getLexicalForm() ); + this.editUrl = makeEditUrl(literal); } } + + private String makeEditUrl(Literal literal) { + // Determine whether the statement can be edited + DataPropertyStatement dps = makeStatement(literal); + RequestedAction action = new EditDataPropStmt(dps); + if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { + return ""; + } + + ParamMap params = new ParamMap( + "subjectUri", subjectUri, + "predicateUri", propertyUri, + "datapropKey", makeHash(dps), + "deleteProhibited", "prohibited"); + + params.putAll(UrlBuilder.getModelParams(vreq)); + + return UrlBuilder.getUrl(EDIT_PATH, params); + } + + private DataPropertyStatement makeStatement(Literal literalValue) { + DataPropertyStatement dps = new DataPropertyStatementImpl(subjectUri, + propertyUri, literalValue.getLexicalForm()); + // Language and datatype are needed to get the correct hash value + dps.setLanguage(literalValue.getLanguage()); + dps.setDatatypeURI(literalValue.getDatatypeURI()); + return dps; + } + + private String makeHash(DataPropertyStatement dps) { + // Language and datatype are needed to get the correct hash value + return String.valueOf(RdfLiteralHash.makeRdfLiteralHash(dps)); + } + + /* Template properties */ + public String getValue() { + return stringValue; + } + + @Override + public String getDeleteUrl() { + return ""; + } + + @Override + public String getEditUrl() { + return editUrl; + } + } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java index 5c7d778ea..c47f02f68 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java @@ -2,6 +2,8 @@ package edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual; +import java.util.Collections; +import java.util.HashMap; import java.util.Map; import org.apache.commons.logging.Log; @@ -19,107 +21,93 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.ParamMa import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; public class ObjectPropertyStatementTemplateModel extends PropertyStatementTemplateModel { - private static final Log log = LogFactory.getLog(ObjectPropertyStatementTemplateModel.class); - private static final String EDIT_PATH = "editRequestDispatch"; - private final Map data; - // Used for editing private final String objectUri; private final String templateName; private final String objectKey; + private final String editUrl; + private final String deleteUrl; + public ObjectPropertyStatementTemplateModel(String subjectUri, String propertyUri, String objectKey, - Map data, boolean editing, String templateName, VitroRequest vreq) { + Map data, String templateName, VitroRequest vreq) { super(subjectUri, propertyUri, vreq); - this.data = data; + this.data = Collections.unmodifiableMap(new HashMap(data)); this.objectUri = data.get(objectKey); this.templateName = templateName; //to keep track of later this.objectKey = objectKey; - if ( editing ) { - setEditUrls(); - } + ObjectPropertyStatement ops = new ObjectPropertyStatementImpl(subjectUri, propertyUri, objectUri); + + // Do delete url first, since it is used in building edit url + this.deleteUrl = makeDeleteUrl(); + this.editUrl = makeEditUrl(ops); } - protected void setEditUrls() { - // If we are in edit mode, create the list of editing permissions. - // We do this now rather than in getEditUrl() and getDeleteUrl(), because getEditUrl() also needs to know - // whether a delete is allowed. - ObjectPropertyStatement ops = new ObjectPropertyStatementImpl(subjectUri, propertyUri, objectUri); - - // Do delete url first, since used in building edit url - setDeleteUrl(); - setEditUrl(ops); - } - - protected void setDeleteUrl() { - + private String makeDeleteUrl() { // Determine whether the statement can be deleted RequestedAction action = new DropObjectPropStmt(subjectUri, propertyUri, objectUri); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { - return; + return ""; } if (propertyUri.equals(VitroVocabulary.IND_MAIN_IMAGE)) { - deleteUrl = ObjectPropertyTemplateModel.getImageUploadUrl(subjectUri, "delete"); - } else { - ParamMap params = new ParamMap( - "subjectUri", subjectUri, - "predicateUri", propertyUri, - "objectUri", objectUri, - "cmd", "delete", - "objectKey", objectKey); - - for ( String key : data.keySet() ) { - String value = data.get(key); - // Remove an entry with a null value instead of letting it get passed - // as a param with an empty value, in order to align with behavior on - // profile page. E.g., if statement.moniker is null, a test for - // statement.moniker?? will yield different results if null on the - // profile page but an empty string on the deletion page. - if (value != null) { - params.put("statement_" + key, data.get(key)); - } - } - - params.put("templateName", templateName); - - params.putAll(UrlBuilder.getModelParams(vreq)); - - deleteUrl = UrlBuilder.getUrl(EDIT_PATH, params); - } - } - - protected void setEditUrl(ObjectPropertyStatement ops) { + return ObjectPropertyTemplateModel.getImageUploadUrl(subjectUri, "delete"); + } + ParamMap params = new ParamMap( + "subjectUri", subjectUri, + "predicateUri", propertyUri, + "objectUri", objectUri, + "cmd", "delete", + "objectKey", objectKey); + + for ( String key : data.keySet() ) { + String value = data.get(key); + // Remove an entry with a null value instead of letting it get passed + // as a param with an empty value, in order to align with behavior on + // profile page. E.g., if statement.moniker is null, a test for + // statement.moniker?? will yield different results if null on the + // profile page but an empty string on the deletion page. + if (value != null) { + params.put("statement_" + key, data.get(key)); + } + } + + params.put("templateName", templateName); + params.putAll(UrlBuilder.getModelParams(vreq)); + + return UrlBuilder.getUrl(EDIT_PATH, params); + } + + private String makeEditUrl(ObjectPropertyStatement ops) { // Determine whether the statement can be edited RequestedAction action = new EditObjPropStmt(ops); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { - return; + return ""; } if (propertyUri.equals(VitroVocabulary.IND_MAIN_IMAGE)) { - editUrl = ObjectPropertyTemplateModel.getImageUploadUrl(subjectUri, "edit"); - } else { - ParamMap params = new ParamMap( - "subjectUri", subjectUri, - "predicateUri", propertyUri, - "objectUri", objectUri); - - if ( deleteUrl.isEmpty() ) { - params.put("deleteProhibited", "prohibited"); - } - - params.putAll(UrlBuilder.getModelParams(vreq)); - - editUrl = UrlBuilder.getUrl(EDIT_PATH, params); - } - } - + return ObjectPropertyTemplateModel.getImageUploadUrl(subjectUri, "edit"); + } + + ParamMap params = new ParamMap( + "subjectUri", subjectUri, + "predicateUri", propertyUri, + "objectUri", objectUri); + + if ( deleteUrl.isEmpty() ) { + params.put("deleteProhibited", "prohibited"); + } + + params.putAll(UrlBuilder.getModelParams(vreq)); + + return UrlBuilder.getUrl(EDIT_PATH, params); + } /* Template methods */ @@ -130,5 +118,15 @@ public class ObjectPropertyStatementTemplateModel extends PropertyStatementTempl public String uri(String key) { return cleanURIForDisplay(data.get(key)); } + + @Override + public String getDeleteUrl() { + return deleteUrl; + } + @Override + public String getEditUrl() { + return editUrl; + } + } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyStatementTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyStatementTemplateModel.java index 7f3466c3d..1dfc9d2db 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyStatementTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyStatementTemplateModel.java @@ -2,46 +2,28 @@ package edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.web.templatemodels.BaseTemplateModel; public abstract class PropertyStatementTemplateModel extends BaseTemplateModel { + protected static final String EDIT_PATH = "editRequestDispatch"; - private static final Log log = LogFactory.getLog(PropertyStatementTemplateModel.class); - protected final VitroRequest vreq; - // Used for editing protected final String subjectUri; protected final String propertyUri; - protected String editUrl; - protected String deleteUrl; - PropertyStatementTemplateModel(String subjectUri, String propertyUri, VitroRequest vreq) { this.vreq = vreq; this.subjectUri = subjectUri; this.propertyUri = propertyUri; - editUrl = ""; - deleteUrl = ""; } - - /* Template properties */ - public String getEditUrl() { - return editUrl; - } - - public String getDeleteUrl() { - return deleteUrl; - } - + public abstract String getEditUrl(); + public abstract String getDeleteUrl(); public boolean isEditable() { - return ! editUrl.isEmpty(); + return ! getEditUrl().isEmpty(); } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/UncollatedObjectPropertyTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/UncollatedObjectPropertyTemplateModel.java index b9a79c11e..15f53b4c4 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/UncollatedObjectPropertyTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/UncollatedObjectPropertyTemplateModel.java @@ -41,7 +41,7 @@ public class UncollatedObjectPropertyTemplateModel extends ObjectPropertyTemplat String objectKey = getObjectKey(); for (Map map : statementData) { statements.add(new ObjectPropertyStatementTemplateModel(subjectUri, - propertyUri, objectKey, map, editing, getTemplateName(), vreq)); + propertyUri, objectKey, map, getTemplateName(), vreq)); } postprocessStatementList(statements); From 996ab4f47995af2b4a90b90e75a8e3ff54f541f6 Mon Sep 17 00:00:00 2001 From: j2blake Date: Wed, 28 Mar 2012 14:38:43 +0000 Subject: [PATCH 05/25] NIHVIVO-3659 This error can happen many, many times on a development system. The full stack trace is not helpful. --- .../vitro/webapp/filestorage/serving/FileServingServlet.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/filestorage/serving/FileServingServlet.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/filestorage/serving/FileServingServlet.java index 6feb5c1c6..ea73f4587 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/filestorage/serving/FileServingServlet.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/filestorage/serving/FileServingServlet.java @@ -110,7 +110,7 @@ public class FileServingServlet extends VitroHttpServlet { in = fileStorage.getInputStream(fileInfo.getBytestreamUri(), actualFilename); } catch (FileNotFoundException e) { - log.error(e, e); + log.error("Expected file doesn't exist: " + e); response.sendError(SC_INTERNAL_SERVER_ERROR, e.toString()); return; } From a7ced86d49997d0f505e9d4341d08d2121ced70f Mon Sep 17 00:00:00 2001 From: j2blake Date: Wed, 28 Mar 2012 18:38:32 +0000 Subject: [PATCH 06/25] Stop using VivoPolicy to suppress add, edit, and delete links. Use a hard-coded list for now, while waiting for the application ontology. --- .../individual/EditLinkSuppressor.java | 94 +++++++++++++++++++ .../ObjectPropertyStatementTemplateModel.java | 12 ++- .../ObjectPropertyTemplateModel.java | 4 + 3 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/EditLinkSuppressor.java diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/EditLinkSuppressor.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/EditLinkSuppressor.java new file mode 100644 index 000000000..87682ba6b --- /dev/null +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/EditLinkSuppressor.java @@ -0,0 +1,94 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual; + +import java.util.Arrays; +import java.util.List; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; + +/** + * Sometimes we don't want to show an Add, Edit, or Delete link for a particular + * property, no matter who the user is. + * + * TODO These are hard-coded while we wait for the Application Ontology to be + * implemented. + */ +public class EditLinkSuppressor { + private static final Log log = LogFactory.getLog(EditLinkSuppressor.class); + + private static final String CORE = "http://vivoweb.org/ontology/core#"; + private static final String PUB_TO_AUTHORSHIP = core("informationResourceInAuthorship"); + private static final String PERSON_TO_AUTHORSHIP = core("authorInAuthorship"); + private static final String AUTHORSHIP_TO_PERSON = core("linkedAuthor"); + private static final String AUTHORSHIP_TO_PUB = core("linkedInformationResource"); + private static final String INDIVIDUAL_TO_WEBPAGE = core("webpage"); + private static final String WEBPAGE_TO_INDIVIDUAL = core("webpageOf"); + private static final String HAS_RESEARCH_AREA = core("hasResearchArea"); + private static final String HAS_SUBJECT_AREA = core("hasSubjectArea"); + private static final String RESEARCH_AREA_OF = core("researchAreaOf"); + private static final String SUBJECT_AREA_FOR = core("subjectAreaFor"); + + private static String core(String localName) { + return CORE + localName; + } + + private static final List suppressAddLinksForThese = Arrays + .asList(new String[] { AUTHORSHIP_TO_PERSON, AUTHORSHIP_TO_PUB, + WEBPAGE_TO_INDIVIDUAL }); + + private static final List suppressEditLinksForThese = Arrays + .asList(new String[] { WEBPAGE_TO_INDIVIDUAL }); + + private static final List suppressDeleteLinksForThese = Arrays + .asList(new String[] { PUB_TO_AUTHORSHIP, PERSON_TO_AUTHORSHIP, + AUTHORSHIP_TO_PERSON, AUTHORSHIP_TO_PUB, + INDIVIDUAL_TO_WEBPAGE, WEBPAGE_TO_INDIVIDUAL, + HAS_RESEARCH_AREA, RESEARCH_AREA_OF, HAS_SUBJECT_AREA, + SUBJECT_AREA_FOR }); + + // TODO When we remove the hard-coding, vreq will allow us to find the + // application ontology model. + @SuppressWarnings("unused") + private final VitroRequest vreq; + + public EditLinkSuppressor(VitroRequest vreq) { + this.vreq = vreq; + } + + /** + * Should we suppress the Add link on this property? + */ + public boolean isAddLinkSuppressed(String propertyUri) { + if (propertyUri == null) { + log.error("Suppressing the add link on a null property."); + return true; + } + return suppressAddLinksForThese.contains(propertyUri); + } + + /** + * Should we suppress the Edit link on this property? + */ + public boolean isEditLinkSuppressed(String propertyUri) { + if (propertyUri == null) { + log.error("Suppressing the edit link on a null property."); + return true; + } + return suppressEditLinksForThese.contains(propertyUri); + } + + /** + * Should we suppress the Delete link on this property? + */ + public boolean isDeleteLinkSuppressed(String propertyUri) { + if (propertyUri == null) { + log.error("Suppressing the delete link on a null property."); + return true; + } + return suppressDeleteLinksForThese.contains(propertyUri); + } +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java index c47f02f68..81389cdd2 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java @@ -49,6 +49,11 @@ public class ObjectPropertyStatementTemplateModel extends PropertyStatementTempl } private String makeDeleteUrl() { + // Is the delete link suppressed for this property? + if (new EditLinkSuppressor(vreq).isDeleteLinkSuppressed(propertyUri)) { + return ""; + } + // Determine whether the statement can be deleted RequestedAction action = new DropObjectPropStmt(subjectUri, propertyUri, objectUri); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { @@ -85,7 +90,12 @@ public class ObjectPropertyStatementTemplateModel extends PropertyStatementTempl } private String makeEditUrl(ObjectPropertyStatement ops) { - // Determine whether the statement can be edited + // Is the edit link suppressed for this property? + if (new EditLinkSuppressor(vreq).isEditLinkSuppressed(propertyUri)) { + return ""; + } + + // Determine whether the statement can be edited RequestedAction action = new EditObjPropStmt(ops); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { return ""; diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java index 8761bf0e1..fa2f27ef8 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java @@ -102,6 +102,10 @@ public abstract class ObjectPropertyTemplateModel extends PropertyTemplateModel } protected void setAddUrl(Property property) { + // Is the add link suppressed for this property? + if (new EditLinkSuppressor(vreq).isAddLinkSuppressed(propertyUri)) { + return; + } // Determine whether a new statement can be added RequestedAction action = new AddObjectPropStmt(subjectUri, propertyUri, RequestActionConstants.SOME_URI); From bec33f53a7298f415f39e26d958aae50301e307c Mon Sep 17 00:00:00 2001 From: j2blake Date: Wed, 28 Mar 2012 20:35:35 +0000 Subject: [PATCH 07/25] Add toString() methods for better diagnostics. --- .../auth/requestedAction/display/DisplayDataProperty.java | 5 +++++ .../auth/requestedAction/display/DisplayObjectProperty.java | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayDataProperty.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayDataProperty.java index 9341cdd20..69d7f68e9 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayDataProperty.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayDataProperty.java @@ -16,4 +16,9 @@ public class DisplayDataProperty extends RequestedAction { public DataProperty getDataProperty() { return dataProperty; } + + @Override + public String toString() { + return "DisplayDataProperty[" + dataProperty + "]"; + } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayObjectProperty.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayObjectProperty.java index 49161abe1..ff7255b84 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayObjectProperty.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayObjectProperty.java @@ -16,4 +16,9 @@ public class DisplayObjectProperty extends RequestedAction { public ObjectProperty getObjectProperty() { return objectProperty; } + + @Override + public String toString() { + return "DisplayObjectProperty[" + objectProperty + "]"; + } } From 6ed41b7745fab7c585bfa12504d0773a150dc760 Mon Sep 17 00:00:00 2001 From: j2blake Date: Thu, 29 Mar 2012 15:03:21 +0000 Subject: [PATCH 08/25] Remove the restriction on the OWL namespace. There are several reasons why we will need to add statements that assign OWL attributes to resources. --- .../auth/policy/bean/PropertyRestrictionPolicyHelper.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelper.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelper.java index 273b9baa0..68ee18b04 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelper.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelper.java @@ -46,8 +46,7 @@ public class PropertyRestrictionPolicyHelper { .getLog(PropertyRestrictionPolicyHelper.class); private static final Collection PROHIBITED_NAMESPACES = Arrays - .asList(new String[] { VitroVocabulary.vitroURI, - VitroVocabulary.OWL, "" }); + .asList(new String[] { VitroVocabulary.vitroURI, "" }); private static final Collection PERMITTED_EXCEPTIONS = Arrays .asList(new String[] { From 71ed58cc2e0f6d10fef144553efc4a51dd7551b5 Mon Sep 17 00:00:00 2001 From: j2blake Date: Thu, 29 Mar 2012 16:36:09 +0000 Subject: [PATCH 09/25] Neither PUBLIC nor self-editors get to edit any properties by virtue of their role. --- .../auth/permissions/PermissionRegistry.java | 14 +++++++++++++- webapp/web/WEB-INF/resources/permission_config.n3 | 4 ---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionRegistry.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionRegistry.java index 44461249a..775ace11b 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionRegistry.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionRegistry.java @@ -145,6 +145,11 @@ public class PermissionRegistry { } } + /** + * There is no DisplayByRolePermission for self-editors. They get the + * same rights as PUBLIC. Other permissions give them their self-editing + * privileges. + */ private Collection createDisplayByRolePermissions( ServletContext ctx) { List list = new ArrayList(); @@ -159,13 +164,20 @@ public class PermissionRegistry { return list; } + /** + * There is no EditByRolePermission for PUBLIC or for self-editors. A + * property may be given an edit-level of "PUBLIC", but that may also + * simply be the default assigned to it when editing, and we don't want + * to recognize that. + * + * Other permissions give self-editors their editing privileges. + */ private Collection createEditByRolePermissions( ServletContext ctx) { List list = new ArrayList(); list.add(new EditByRolePermission("Admin", RoleLevel.DB_ADMIN, ctx)); list.add(new EditByRolePermission("Curator", RoleLevel.CURATOR, ctx)); list.add(new EditByRolePermission("Editor", RoleLevel.EDITOR, ctx)); - list.add(new EditByRolePermission("Public", RoleLevel.PUBLIC, ctx)); return list; } diff --git a/webapp/web/WEB-INF/resources/permission_config.n3 b/webapp/web/WEB-INF/resources/permission_config.n3 index f9378222e..13bf22021 100644 --- a/webapp/web/WEB-INF/resources/permission_config.n3 +++ b/webapp/web/WEB-INF/resources/permission_config.n3 @@ -137,7 +137,6 @@ auth:SELF_EDITOR # For role-based display and editing, SelfEditor is like Public. # SelfEditor uses its special permissions to edit/display its own values. auth:hasPermission displayByRole:Public ; - auth:hasPermission editByRole:Public ; . auth:PUBLIC @@ -150,7 +149,4 @@ auth:PUBLIC # role-based permissions for PUBLIC auth:hasPermission displayByRole:Public ; - - # why are some properties declared editable by PUBLIC, but we don't want them to be. - # auth:hasPermission editByRole:Public ; . From 96d45d3281a4c0693559c74b8c0d66944a612924 Mon Sep 17 00:00:00 2001 From: j2blake Date: Thu, 29 Mar 2012 16:37:11 +0000 Subject: [PATCH 10/25] Reduce the noise in the toString() of the DisplayObjectProperty requested action --- .../auth/requestedAction/display/DisplayObjectProperty.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayObjectProperty.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayObjectProperty.java index ff7255b84..3d3e8c4f7 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayObjectProperty.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/display/DisplayObjectProperty.java @@ -19,6 +19,6 @@ public class DisplayObjectProperty extends RequestedAction { @Override public String toString() { - return "DisplayObjectProperty[" + objectProperty + "]"; + return "DisplayObjectProperty[" + objectProperty.getLocalName() + "]"; } } From 37b0ad0e951fbc0de509533468f6e9718657b464 Mon Sep 17 00:00:00 2001 From: j2blake Date: Thu, 29 Mar 2012 19:49:11 +0000 Subject: [PATCH 11/25] Remove AuthTestController at /authtest - it has been replaced by /admin/showAuth --- .../vitro/webapp/auth/AuthTestController.java | 110 ------------------ webapp/web/WEB-INF/web.xml | 9 -- 2 files changed, 119 deletions(-) delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/AuthTestController.java diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/AuthTestController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/AuthTestController.java deleted file mode 100644 index dc6ccf53b..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/AuthTestController.java +++ /dev/null @@ -1,110 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; - -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.ServletOutputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.RequestIdentifiers; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyList; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet; - -/** - * Tests and gives info about the auth sysetm - * - * @author bdc34 - * - */ -public class AuthTestController extends VitroHttpServlet { - public void doGet(HttpServletRequest req, HttpServletResponse res ) - throws IOException, ServletException{ - super.doGet(req,res); - IdentifierBundle ids = RequestIdentifiers.getIdBundleForRequest(req); - ServletOutputStream out = res.getOutputStream(); - - listIdentifiers(out,ids); - - checkAuths(out,ids, getServletContext()); - - } - - private void listIdentifiers(ServletOutputStream out, IdentifierBundle ids) throws IOException{ - out.println("

Identifiers:

"); - out.println(""); - for( Object obj: ids){ - if( obj == null ){ - out.println("obj was null"); - continue; - } - out.println(""); - out.println(""); - out.println(""); - out.println(""); - } - out.println("
"+obj.getClass().getName() + ""+obj.toString() + "
"); - } - - - private void checkAuths(ServletOutputStream out, IdentifierBundle ids, ServletContext servletContext) - throws IOException{ - PolicyList policy = ServletPolicyList.getPolicies(servletContext); - out.println("

Authorization tests:

"); - - if (policy.isEmpty()) { - out.println("No Policy objects found in ServletContext. "); - } - out.println(""); - for(RequestedAction action: actions){ - out.println(""); - try { - PolicyDecision pd = policy.isAuthorized(ids, action); - if( pd == null) - out.println(""); - out.println(""); - } - } catch (Exception e) { - out.println(""); - e.printStackTrace(); - } - } - out.println("
"+action.getClass().getName()+"ERROR: PolicyDecision was null"); - else{ - out.println(""+ pd.getAuthorized() +""+ pd.getMessage() +" exception: " + e + "
"); - } - - - private static List actions = new ArrayList(); - static{ - actions.add(new AddDataPropStmt("http://some.non.existing.resource", "http://some.non.existing.dataproperty", "bogus value", null, null)); - actions.add(new AddObjectPropStmt("http://vivo.library.cornell.edu/abox#entity11821","vitro:headOf","http://vivo.library.cornell.edu/abox#entity1")); - actions.add(new AddObjectPropStmt("http://vivo.library.cornell.edu/abox#entity123","vitro:headOf","http://vivo.library.cornell.edu/abox#entity1")); - -// actions.add(new AddResource("http://bogus.REsourceType.uri","http://bogus.uri")); -// actions.add(new DropObjectPropStmt()); -// actions.add(new DefineObjectProperty()); -// actions.add(new DefineDataProperty()); -// actions.add(new RemoveOwlClass()); -// actions.add(new CreateOwlClass()); -// -// actions.add(new AddNewUser()); -// actions.add(new LoadOntology()); -// actions.add(new RebuildTextIndex()); -// actions.add(new RemoveUser()); -// actions.add(new ServerStatus()); -// actions.add(new UpdateTextIndex()); -// actions.add(new UploadFile("http://uri.of.entity.to.associate/uploaded/file/with","http://uri.of.association.property")); - } -} diff --git a/webapp/web/WEB-INF/web.xml b/webapp/web/WEB-INF/web.xml index f74ecde0e..ecc2e49de 100644 --- a/webapp/web/WEB-INF/web.xml +++ b/webapp/web/WEB-INF/web.xml @@ -1137,15 +1137,6 @@ /visualization - - authtest - edu.cornell.mannlib.vitro.webapp.auth.AuthTestController - - - authtest - /authtest - - primitiveRdfEdit edu.cornell.mannlib.vitro.webapp.controller.edit.PrimitiveRdfEdit From fc2052e0b7df9aceadeee6ffb5623a4b5e27171c Mon Sep 17 00:00:00 2001 From: j2blake Date: Fri, 30 Mar 2012 21:14:51 +0000 Subject: [PATCH 12/25] NIHVIVO-3404 Rename statement-related RequestedAction classes to consistent naming scheme. --- .../permissions/EditByRolePermission.java | 16 +-- .../webapp/auth/policy/PolicyHelper.java | 20 +-- .../RestrictHomeMenuItemEditingPolicy.java | 17 +-- .../webapp/auth/policy/SelfEditingPolicy.java | 16 +-- ... AbstractDataPropertyStatementAction.java} | 4 +- ...bstractObjectPropertyStatementAction.java} | 4 +- ...tmt.java => AddDataPropertyStatement.java} | 6 +- ...t.java => AddObjectPropertyStatement.java} | 4 +- ...mt.java => DropDataPropertyStatement.java} | 8 +- ....java => DropObjectPropertyStatement.java} | 4 +- ...mt.java => EditDataPropertyStatement.java} | 4 +- ....java => EditObjectPropertyStatement.java} | 6 +- .../controller/admin/ShowAuthController.java | 6 +- .../freemarker/ImageUploadController.java | 12 +- .../BaseIndividualTemplateModel.java | 8 +- .../DataPropertyStatementTemplateModel.java | 8 +- .../individual/DataPropertyTemplateModel.java | 4 +- .../NameStatementTemplateModel.java | 4 +- .../ObjectPropertyStatementTemplateModel.java | 8 +- .../ObjectPropertyTemplateModel.java | 4 +- .../policy/PolicyHelper_StatementsTest.java | 16 +-- .../auth/policy/SelfEditingPolicyTest.java | 126 +++++++++--------- .../auth/policy/SelfEditingPolicy_2_Test.java | 33 ++--- 23 files changed, 170 insertions(+), 168 deletions(-) rename webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/{AbstractDataPropertyAction.java => AbstractDataPropertyStatementAction.java} (78%) rename webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/{AbstractObjectPropertyAction.java => AbstractObjectPropertyStatementAction.java} (84%) rename webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/{AddDataPropStmt.java => AddDataPropertyStatement.java} (74%) rename webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/{AddObjectPropStmt.java => AddObjectPropertyStatement.java} (60%) rename webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/{DropDataPropStmt.java => DropDataPropertyStatement.java} (80%) rename webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/{DropObjectPropStmt.java => DropObjectPropertyStatement.java} (61%) rename webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/{EditDataPropStmt.java => EditDataPropertyStatement.java} (81%) rename webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/{EditObjPropStmt.java => EditObjectPropertyStatement.java} (65%) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/EditByRolePermission.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/EditByRolePermission.java index ece94bfae..f06a42ce9 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/EditByRolePermission.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/EditByRolePermission.java @@ -9,8 +9,8 @@ import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyStatementAction; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction; import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; /** @@ -55,10 +55,10 @@ public class EditByRolePermission extends Permission { public boolean isAuthorized(RequestedAction whatToAuth) { boolean result; - if (whatToAuth instanceof AbstractDataPropertyAction) { - result = isAuthorized((AbstractDataPropertyAction) whatToAuth); - } else if (whatToAuth instanceof AbstractObjectPropertyAction) { - result = isAuthorized((AbstractObjectPropertyAction) whatToAuth); + if (whatToAuth instanceof AbstractDataPropertyStatementAction) { + result = isAuthorized((AbstractDataPropertyStatementAction) whatToAuth); + } else if (whatToAuth instanceof AbstractObjectPropertyStatementAction) { + result = isAuthorized((AbstractObjectPropertyStatementAction) whatToAuth); } else { result = false; } @@ -76,7 +76,7 @@ public class EditByRolePermission extends Permission { * The user may add, edit, or delete this data property if they are allowed * to modify its subject and its predicate. */ - private boolean isAuthorized(AbstractDataPropertyAction action) { + private boolean isAuthorized(AbstractDataPropertyStatementAction action) { String subjectUri = action.getSubjectUri(); String predicateUri = action.getPredicateUri(); return canModifyResource(subjectUri) @@ -87,7 +87,7 @@ public class EditByRolePermission extends Permission { * The user may add, edit, or delete this data property if they are allowed * to modify its subject, its predicate, and its object. */ - private boolean isAuthorized(AbstractObjectPropertyAction action) { + private boolean isAuthorized(AbstractObjectPropertyStatementAction action) { String subjectUri = action.getUriOfSubject(); String predicateUri = action.getUriOfPredicate(); String objectUri = action.getUriOfObject(); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java index 896a2f3c8..cbef95b92 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java @@ -19,10 +19,10 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.RequestIdentifiers; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement; /** * A collection of static methods to help determine whether requested actions @@ -101,11 +101,11 @@ public class PolicyHelper { RequestedAction action; if (objectNode.isResource()) { - action = new AddObjectPropStmt(subject.getURI(), + action = new AddObjectPropertyStatement(subject.getURI(), predicate.getURI(), objectNode.asResource().getURI()); } else { - action = new AddDataPropStmt(subject.getURI(), predicate.getURI(), - objectNode.asLiteral()); + action = new AddDataPropertyStatement(subject.getURI(), + predicate.getURI(), objectNode.asLiteral()); } return isAuthorizedForActions(req, action); } @@ -153,11 +153,11 @@ public class PolicyHelper { RequestedAction action; if (objectNode.isResource()) { - action = new DropObjectPropStmt(subject.getURI(), + action = new DropObjectPropertyStatement(subject.getURI(), predicate.getURI(), objectNode.asResource().getURI()); } else { - action = new DropDataPropStmt(subject.getURI(), predicate.getURI(), - objectNode.asLiteral()); + action = new DropDataPropertyStatement(subject.getURI(), + predicate.getURI(), objectNode.asLiteral()); } return isAuthorizedForActions(req, action); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RestrictHomeMenuItemEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RestrictHomeMenuItemEditingPolicy.java index 4ed30639b..e7140b1a2 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RestrictHomeMenuItemEditingPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RestrictHomeMenuItemEditingPolicy.java @@ -10,9 +10,9 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement; import edu.cornell.mannlib.vitro.webapp.dao.DisplayVocabulary; /** @@ -23,16 +23,17 @@ public class RestrictHomeMenuItemEditingPolicy implements PolicyIface { @Override public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, RequestedAction whatToAuth) { - if (whatToAuth instanceof EditObjPropStmt) { - return isAuthorized((EditObjPropStmt) whatToAuth); - } else if (whatToAuth instanceof DropObjectPropStmt) { - return isAuthorized((DropObjectPropStmt) whatToAuth); + if (whatToAuth instanceof EditObjectPropertyStatement) { + return isAuthorized((EditObjectPropertyStatement) whatToAuth); + } else if (whatToAuth instanceof DropObjectPropertyStatement) { + return isAuthorized((DropObjectPropertyStatement) whatToAuth); } else { return notHandled(); } } - private PolicyDecision isAuthorized(AbstractObjectPropertyAction whatToAuth) { + private PolicyDecision isAuthorized( + AbstractObjectPropertyStatementAction whatToAuth) { if (whatToAuth.getUriOfPredicate() .equals(DisplayVocabulary.HAS_ELEMENT) && whatToAuth.getUriOfObject().equals( diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java index c50e3223f..185a5d0f1 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java @@ -12,8 +12,8 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasAssociatedIndi import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyStatementAction; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractResourceAction; import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; @@ -44,14 +44,14 @@ public class SelfEditingPolicy extends BaseSelfEditingPolicy implements return inconclusiveDecision("Not self-editing."); } - if (whatToAuth instanceof AbstractObjectPropertyAction) { + if (whatToAuth instanceof AbstractObjectPropertyStatementAction) { return isAuthorizedForObjectPropertyAction(userUris, - (AbstractObjectPropertyAction) whatToAuth); + (AbstractObjectPropertyStatementAction) whatToAuth); } - if (whatToAuth instanceof AbstractDataPropertyAction) { + if (whatToAuth instanceof AbstractDataPropertyStatementAction) { return isAuthorizedForDataPropertyAction(userUris, - (AbstractDataPropertyAction) whatToAuth); + (AbstractDataPropertyStatementAction) whatToAuth); } if (whatToAuth instanceof AbstractResourceAction) { @@ -67,7 +67,7 @@ public class SelfEditingPolicy extends BaseSelfEditingPolicy implements * about him. */ private PolicyDecision isAuthorizedForObjectPropertyAction( - List userUris, AbstractObjectPropertyAction action) { + List userUris, AbstractObjectPropertyStatementAction action) { String subject = action.getUriOfSubject(); String predicate = action.getUriOfPredicate(); String object = action.getUriOfObject(); @@ -94,7 +94,7 @@ public class SelfEditingPolicy extends BaseSelfEditingPolicy implements * about him. */ private PolicyDecision isAuthorizedForDataPropertyAction( - List userUris, AbstractDataPropertyAction action) { + List userUris, AbstractDataPropertyStatementAction action) { String subject = action.getSubjectUri(); String predicate = action.getPredicateUri(); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyAction.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java similarity index 78% rename from webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyAction.java rename to webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java index c6418fdd9..5d3ba5453 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyAction.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java @@ -7,11 +7,11 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct /** * A base class for requestion actions that relate to data properties. */ -public abstract class AbstractDataPropertyAction extends RequestedAction { +public abstract class AbstractDataPropertyStatementAction extends RequestedAction { private final String subjectUri; private final String predicateUri; - public AbstractDataPropertyAction(String subjectUri, String predicateUri) { + public AbstractDataPropertyStatementAction(String subjectUri, String predicateUri) { this.subjectUri = subjectUri; this.predicateUri = predicateUri; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyAction.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java similarity index 84% rename from webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyAction.java rename to webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java index 611015f03..29178e0c3 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyAction.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java @@ -8,12 +8,12 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct * A base class for requested actions that involve manipulating an object * property. */ -public abstract class AbstractObjectPropertyAction extends RequestedAction { +public abstract class AbstractObjectPropertyStatementAction extends RequestedAction { public final String uriOfSubject; public final String uriOfPredicate; public final String uriOfObject; - public AbstractObjectPropertyAction(String uriOfSubject, String uriOfPredicate, + public AbstractObjectPropertyStatementAction(String uriOfSubject, String uriOfPredicate, String uriOfObject) { this.uriOfSubject = uriOfSubject; this.uriOfPredicate = uriOfPredicate; diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropStmt.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropertyStatement.java similarity index 74% rename from webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropStmt.java rename to webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropertyStatement.java index ef2170321..02dad0792 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropStmt.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropertyStatement.java @@ -5,19 +5,19 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; import com.hp.hpl.jena.rdf.model.Literal; /** Should we allow the user to add this DataPropertyStatement? */ -public class AddDataPropStmt extends AbstractDataPropertyAction { +public class AddDataPropertyStatement extends AbstractDataPropertyStatementAction { protected String data; protected String dataType; protected String lang; - public AddDataPropStmt(String subjectUri, String predicateUri, String value, String dataType, String lang) { + public AddDataPropertyStatement(String subjectUri, String predicateUri, String value, String dataType, String lang) { super(subjectUri, predicateUri); this.data= value; this.dataType = dataType; this.lang = lang; } - public AddDataPropStmt(String subjectUri, String predicateUri, Literal literal) { + public AddDataPropertyStatement(String subjectUri, String predicateUri, Literal literal) { super(subjectUri, predicateUri); this.data= literal.getValue().toString(); this.dataType = literal.getDatatypeURI(); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropStmt.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropertyStatement.java similarity index 60% rename from webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropStmt.java rename to webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropertyStatement.java index 60a0e15d3..81179ea47 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropStmt.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropertyStatement.java @@ -3,9 +3,9 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; /** Should we allow the user to add this ObjectPropertyStatement? */ -public class AddObjectPropStmt extends AbstractObjectPropertyAction { +public class AddObjectPropertyStatement extends AbstractObjectPropertyStatementAction { - public AddObjectPropStmt(String uriOfSub, String uriOfPred, String uriOfObj) { + public AddObjectPropertyStatement(String uriOfSub, String uriOfPred, String uriOfObj) { super(uriOfSub, uriOfPred, uriOfObj); } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropStmt.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropertyStatement.java similarity index 80% rename from webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropStmt.java rename to webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropertyStatement.java index 44af36e89..7495e3780 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropStmt.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropertyStatement.java @@ -8,16 +8,16 @@ import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl; /** Should we allow the user to delete this DataPropertyStatement? */ -public class DropDataPropStmt extends AbstractDataPropertyAction { +public class DropDataPropertyStatement extends AbstractDataPropertyStatementAction { private final DataPropertyStatement dataPropStmt; - public DropDataPropStmt(DataPropertyStatement dps){ + public DropDataPropertyStatement(DataPropertyStatement dps){ super(dps.getIndividualURI(),dps.getDatapropURI() ); this.dataPropStmt = dps; } - public DropDataPropStmt(String subjectUri, String predicateUri, String data) { + public DropDataPropertyStatement(String subjectUri, String predicateUri, String data) { super(subjectUri, predicateUri); dataPropStmt = new DataPropertyStatementImpl(); dataPropStmt.setIndividualURI(subjectUri); @@ -25,7 +25,7 @@ public class DropDataPropStmt extends AbstractDataPropertyAction { dataPropStmt.setData(data); } - public DropDataPropStmt(String subjectUri, String predicateUri, Literal data) { + public DropDataPropertyStatement(String subjectUri, String predicateUri, Literal data) { super(subjectUri, predicateUri); dataPropStmt = new DataPropertyStatementImpl(); dataPropStmt.setIndividualURI(subjectUri); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropStmt.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropertyStatement.java similarity index 61% rename from webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropStmt.java rename to webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropertyStatement.java index 0b42365ae..3f2315f2b 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropStmt.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropertyStatement.java @@ -3,9 +3,9 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; /** Should we allow the user to delete this ObjectPropertyStatement? */ -public class DropObjectPropStmt extends AbstractObjectPropertyAction { +public class DropObjectPropertyStatement extends AbstractObjectPropertyStatementAction { - public DropObjectPropStmt(String sub, String pred, String obj) { + public DropObjectPropertyStatement(String sub, String pred, String obj) { super(sub, pred, obj); } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropStmt.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropertyStatement.java similarity index 81% rename from webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropStmt.java rename to webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropertyStatement.java index 8edfb31f6..700dfd5ab 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropStmt.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropertyStatement.java @@ -5,11 +5,11 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; /** Should we allow the user to edit this DataPropertyStatement? */ -public class EditDataPropStmt extends AbstractDataPropertyAction { +public class EditDataPropertyStatement extends AbstractDataPropertyStatementAction { private final DataPropertyStatement dataPropStmt; - public EditDataPropStmt(DataPropertyStatement dps){ + public EditDataPropertyStatement(DataPropertyStatement dps){ super(dps.getIndividualURI(), dps.getDatapropURI()); this.dataPropStmt = dps; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjPropStmt.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjectPropertyStatement.java similarity index 65% rename from webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjPropStmt.java rename to webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjectPropertyStatement.java index e5c53ec77..70b833b70 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjPropStmt.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjectPropertyStatement.java @@ -5,13 +5,13 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement; /** Should we allow the user to edit this ObjectPropertyStatement? */ -public class EditObjPropStmt extends AbstractObjectPropertyAction { +public class EditObjectPropertyStatement extends AbstractObjectPropertyStatementAction { - public EditObjPropStmt(ObjectPropertyStatement ops) { + public EditObjectPropertyStatement(ObjectPropertyStatement ops) { super(ops.getSubjectURI(), ops.getPropertyURI(), ops.getObjectURI()); } - public EditObjPropStmt(String subjectUri, String keywordPredUri, + public EditObjectPropertyStatement(String subjectUri, String keywordPredUri, String objectUri) { super(subjectUri, keywordPredUri, objectUri); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java index 7f6fc8e4a..d1df3e552 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java @@ -21,7 +21,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement; import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator; @@ -58,7 +58,7 @@ public class ShowAuthController extends FreemarkerHttpServlet { private List getSortedIdentifiers(VitroRequest vreq) { Map idMap = new TreeMap(); - for (Identifier id: RequestIdentifiers.getIdBundleForRequest(vreq)) { + for (Identifier id : RequestIdentifiers.getIdBundleForRequest(vreq)) { idMap.put(id.toString(), id); } return new ArrayList(idMap.values()); @@ -89,7 +89,7 @@ public class ShowAuthController extends FreemarkerHttpServlet { * this individual? */ private boolean mayEditIndividual(VitroRequest vreq, String individualUri) { - RequestedAction action = new EditObjPropStmt(individualUri, + RequestedAction action = new EditObjectPropertyStatement(individualUri, RequestActionConstants.SOME_URI, RequestActionConstants.SOME_URI); return PolicyHelper.isAuthorizedForActions(vreq, action); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java index bbcce862f..9a9b7a7c6 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java @@ -19,9 +19,9 @@ import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.Individual; import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; @@ -138,13 +138,13 @@ public class ImageUploadController extends FreemarkerHttpServlet { RequestedAction ra; if (ACTION_DELETE.equals(action) || ACTION_DELETE_EDIT.equals(action)) { - ra = new DropObjectPropStmt(entity.getURI(), + ra = new DropObjectPropertyStatement(entity.getURI(), VitroVocabulary.IND_MAIN_IMAGE, imageUri); } else if (imageUri != null) { - ra = new EditObjPropStmt(entity.getURI(), + ra = new EditObjectPropertyStatement(entity.getURI(), VitroVocabulary.IND_MAIN_IMAGE, imageUri); } else { - ra = new AddObjectPropStmt(entity.getURI(), + ra = new AddObjectPropertyStatement(entity.getURI(), VitroVocabulary.IND_MAIN_IMAGE, RequestActionConstants.SOME_URI); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java index 34f2402ef..88dc6e3d8 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java @@ -17,8 +17,8 @@ import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.Individual; import edu.cornell.mannlib.vitro.webapp.beans.VClass; @@ -112,10 +112,10 @@ public abstract class BaseIndividualTemplateModel extends BaseTemplateModel { * an object property to the Individual being shown. */ public boolean isEditable() { - AddDataPropStmt adps = new AddDataPropStmt(individual.getURI(), + AddDataPropertyStatement adps = new AddDataPropertyStatement(individual.getURI(), RequestActionConstants.SOME_URI, RequestActionConstants.SOME_LITERAL, null, null); - AddObjectPropStmt aops = new AddObjectPropStmt(individual.getURI(), + AddObjectPropertyStatement aops = new AddObjectPropertyStatement(individual.getURI(), RequestActionConstants.SOME_URI, RequestActionConstants.SOME_URI); return PolicyHelper.isAuthorizedForActions(vreq, new Actions(adps).or(aops)); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java index 04e3a4467..1d2e9a68b 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java @@ -9,8 +9,8 @@ import com.hp.hpl.jena.rdf.model.Literal; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; @@ -41,7 +41,7 @@ public class DataPropertyStatementTemplateModel extends PropertyStatementTemplat private String makeDeleteUrl() { // Determine whether the statement can be deleted DataPropertyStatement dps = makeStatement(); - RequestedAction action = new DropDataPropStmt(dps); + RequestedAction action = new DropDataPropertyStatement(dps); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { return ""; } @@ -66,7 +66,7 @@ public class DataPropertyStatementTemplateModel extends PropertyStatementTemplat // Determine whether the statement can be edited DataPropertyStatement dps = makeStatement(); - RequestedAction action = new EditDataPropStmt(dps); + RequestedAction action = new EditDataPropertyStatement(dps); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { return ""; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java index ea8b355e8..88b08c901 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java @@ -13,7 +13,7 @@ import com.hp.hpl.jena.rdf.model.Literal; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.DataProperty; import edu.cornell.mannlib.vitro.webapp.beans.Individual; import edu.cornell.mannlib.vitro.webapp.beans.Property; @@ -77,7 +77,7 @@ public class DataPropertyTemplateModel extends PropertyTemplateModel { } // Determine whether a new statement can be added - RequestedAction action = new AddDataPropStmt(subjectUri, propertyUri, RequestActionConstants.SOME_LITERAL, null, null); + RequestedAction action = new AddDataPropertyStatement(subjectUri, propertyUri, RequestActionConstants.SOME_LITERAL, null, null); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { return; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java index 5a6ed1613..89ecfd31e 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java @@ -11,7 +11,7 @@ import com.hp.hpl.jena.rdf.model.Literal; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; @@ -62,7 +62,7 @@ public class NameStatementTemplateModel extends PropertyStatementTemplateModel { private String makeEditUrl(Literal literal) { // Determine whether the statement can be edited DataPropertyStatement dps = makeStatement(literal); - RequestedAction action = new EditDataPropStmt(dps); + RequestedAction action = new EditDataPropertyStatement(dps); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { return ""; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java index 81389cdd2..dad8da209 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java @@ -11,8 +11,8 @@ import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatementImpl; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; @@ -55,7 +55,7 @@ public class ObjectPropertyStatementTemplateModel extends PropertyStatementTempl } // Determine whether the statement can be deleted - RequestedAction action = new DropObjectPropStmt(subjectUri, propertyUri, objectUri); + RequestedAction action = new DropObjectPropertyStatement(subjectUri, propertyUri, objectUri); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { return ""; } @@ -96,7 +96,7 @@ public class ObjectPropertyStatementTemplateModel extends PropertyStatementTempl } // Determine whether the statement can be edited - RequestedAction action = new EditObjPropStmt(ops); + RequestedAction action = new EditObjectPropertyStatement(ops); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { return ""; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java index fa2f27ef8..c71bc7732 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java @@ -17,7 +17,7 @@ import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.Individual; import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty; import edu.cornell.mannlib.vitro.webapp.beans.Property; @@ -108,7 +108,7 @@ public abstract class ObjectPropertyTemplateModel extends PropertyTemplateModel } // Determine whether a new statement can be added - RequestedAction action = new AddObjectPropStmt(subjectUri, propertyUri, RequestActionConstants.SOME_URI); + RequestedAction action = new AddObjectPropertyStatement(subjectUri, propertyUri, RequestActionConstants.SOME_URI); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { return; } diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java index 86da9b457..072c5abea 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java @@ -24,8 +24,8 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyStatementAction; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction; /** * Test the function of PolicyHelper in authorizing statements and models. @@ -235,17 +235,17 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { @Override public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, RequestedAction whatToAuth) { - if (whatToAuth instanceof AbstractDataPropertyAction) { - return isAuthorized((AbstractDataPropertyAction) whatToAuth); - } else if (whatToAuth instanceof AbstractObjectPropertyAction) { - return isAuthorized((AbstractObjectPropertyAction) whatToAuth); + if (whatToAuth instanceof AbstractDataPropertyStatementAction) { + return isAuthorized((AbstractDataPropertyStatementAction) whatToAuth); + } else if (whatToAuth instanceof AbstractObjectPropertyStatementAction) { + return isAuthorized((AbstractObjectPropertyStatementAction) whatToAuth); } else { return inconclusive(); } } private PolicyDecision isAuthorized( - AbstractDataPropertyAction whatToAuth) { + AbstractDataPropertyStatementAction whatToAuth) { if ((APPROVED_SUBJECT_URI.equals(whatToAuth.getSubjectUri())) && (APPROVED_PREDICATE_URI.equals(whatToAuth .getPredicateUri()))) { @@ -256,7 +256,7 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { } private PolicyDecision isAuthorized( - AbstractObjectPropertyAction whatToAuth) { + AbstractObjectPropertyStatementAction whatToAuth) { if ((APPROVED_SUBJECT_URI.equals(whatToAuth.uriOfSubject)) && (APPROVED_PREDICATE_URI .equals(whatToAuth.uriOfPredicate)) diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java index 61da9cbe0..a7c2d5207 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java @@ -31,11 +31,11 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlC import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl; import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl; @@ -88,75 +88,75 @@ public class SelfEditingPolicyTest extends AbstractTestClass { "http://mannlib.cornell.edu/bad#prp0020" }); PropertyRestrictionPolicyHelper.setBean(ctx, prph); - whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, + whatToAuth = new AddObjectPropertyStatement(SELFEDITOR_URI, "http://mannlib.cornell.edu/bad#prp234", SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, + whatToAuth = new AddObjectPropertyStatement(SAFE_RESOURCE, "http://mannlib.cornell.edu/bad#prp234", SELFEDITOR_URI); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, + whatToAuth = new AddObjectPropertyStatement(SELFEDITOR_URI, "http://mannlib.cornell.edu/bad#prp999", SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, + whatToAuth = new AddObjectPropertyStatement(SAFE_RESOURCE, "http://mannlib.cornell.edu/bad#prp999", SELFEDITOR_URI); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, - SELFEDITOR_URI); + whatToAuth = new AddObjectPropertyStatement(SAFE_RESOURCE, + SAFE_PREDICATE, SELFEDITOR_URI); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, - SAFE_RESOURCE); + whatToAuth = new AddObjectPropertyStatement(SELFEDITOR_URI, + SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE, - SAFE_RESOURCE); + whatToAuth = new AddObjectPropertyStatement(SELFEDITOR_URI, + UNSAFE_PREDICATE, SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); // now with dataprop statements - whatToAuth = new AddDataPropStmt(SELFEDITOR_URI, + whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI, "http://mannlib.cornell.edu/bad#prp234", "someString", null, null); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddDataPropStmt(SELFEDITOR_URI, + whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI, "http://mannlib.cornell.edu/bad#prp999", "someString", null, null); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddDataPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, - "someString", null, null); + whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI, + SAFE_PREDICATE, "someString", null, null); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddDataPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE, - "someString", null, null); + whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI, + UNSAFE_PREDICATE, "someString", null, null); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } @Test public void testVisitIdentifierBundleAddObjectPropStmt() { - whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, - SAFE_RESOURCE); + whatToAuth = new AddObjectPropertyStatement(SELFEDITOR_URI, + SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, - SELFEDITOR_URI); + whatToAuth = new AddObjectPropertyStatement(SAFE_RESOURCE, + SAFE_PREDICATE, SELFEDITOR_URI); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); // this is the case where the editor is not part of the stmt - whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, - SAFE_RESOURCE); + whatToAuth = new AddObjectPropertyStatement(SAFE_RESOURCE, + SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE, - SAFE_RESOURCE); + whatToAuth = new AddObjectPropertyStatement(SELFEDITOR_URI, + UNSAFE_PREDICATE, SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, - UNSAFE_RESOURCE); + whatToAuth = new AddObjectPropertyStatement(SELFEDITOR_URI, + SAFE_PREDICATE, UNSAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } @@ -173,25 +173,25 @@ public class SelfEditingPolicyTest extends AbstractTestClass { // @Test public void testVisitIdentifierBundleDropObjectPropStmt() { - whatToAuth = new DropObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, - SAFE_RESOURCE); + whatToAuth = new DropObjectPropertyStatement(SELFEDITOR_URI, + SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new DropObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, - SELFEDITOR_URI); + whatToAuth = new DropObjectPropertyStatement(SAFE_RESOURCE, + SAFE_PREDICATE, SELFEDITOR_URI); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); // this is the case where the editor is not part of the stmt - whatToAuth = new DropObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, - SAFE_RESOURCE); + whatToAuth = new DropObjectPropertyStatement(SAFE_RESOURCE, + SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new DropObjectPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE, - SAFE_RESOURCE); + whatToAuth = new DropObjectPropertyStatement(SELFEDITOR_URI, + UNSAFE_PREDICATE, SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new DropObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, - UNSAFE_RESOURCE); + whatToAuth = new DropObjectPropertyStatement(SELFEDITOR_URI, + SAFE_PREDICATE, UNSAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } @@ -219,50 +219,50 @@ public class SelfEditingPolicyTest extends AbstractTestClass { dps.setIndividualURI(SELFEDITOR_URI); dps.setDatapropURI(SAFE_PREDICATE); dps.setData("junk"); - whatToAuth = new EditDataPropStmt(dps); + whatToAuth = new EditDataPropertyStatement(dps); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); dps = new DataPropertyStatementImpl(); dps.setIndividualURI(SELFEDITOR_URI); dps.setDatapropURI(UNSAFE_PREDICATE); dps.setData("junk"); - whatToAuth = new EditDataPropStmt(dps); + whatToAuth = new EditDataPropertyStatement(dps); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); dps = new DataPropertyStatementImpl(); dps.setIndividualURI(UNSAFE_RESOURCE); dps.setDatapropURI(SAFE_PREDICATE); - whatToAuth = new EditDataPropStmt(dps); + whatToAuth = new EditDataPropertyStatement(dps); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); dps = new DataPropertyStatementImpl(); dps.setIndividualURI(SAFE_RESOURCE); dps.setDatapropURI(SAFE_PREDICATE); - whatToAuth = new EditDataPropStmt(dps); + whatToAuth = new EditDataPropertyStatement(dps); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } @Test public void testVisitIdentifierBundleEditObjPropStmt() { - whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, - SAFE_RESOURCE); + whatToAuth = new EditObjectPropertyStatement(SELFEDITOR_URI, + SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new EditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, - SELFEDITOR_URI); + whatToAuth = new EditObjectPropertyStatement(SAFE_RESOURCE, + SAFE_PREDICATE, SELFEDITOR_URI); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); // this is the case where the editor is not part of the stmt - whatToAuth = new EditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, - SAFE_RESOURCE); + whatToAuth = new EditObjectPropertyStatement(SAFE_RESOURCE, + SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE, - SAFE_RESOURCE); + whatToAuth = new EditObjectPropertyStatement(SELFEDITOR_URI, + UNSAFE_PREDICATE, SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, - UNSAFE_RESOURCE); + whatToAuth = new EditObjectPropertyStatement(SELFEDITOR_URI, + SAFE_PREDICATE, UNSAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } @@ -273,24 +273,24 @@ public class SelfEditingPolicyTest extends AbstractTestClass { @Test public void twoSEIsFindObjectPropertySubject() { setUpTwoSEIs(); - whatToAuth = new DropObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, - SAFE_RESOURCE); + whatToAuth = new DropObjectPropertyStatement(SELFEDITOR_URI, + SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); } @Test public void twoSEIsFindObjectPropertyObject() { setUpTwoSEIs(); - whatToAuth = new DropObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, - SELFEDITOR_URI); + whatToAuth = new DropObjectPropertyStatement(SAFE_RESOURCE, + SAFE_PREDICATE, SELFEDITOR_URI); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); } @Test public void twoSEIsDontFindInObjectProperty() { setUpTwoSEIs(); - whatToAuth = new DropObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, - SAFE_RESOURCE); + whatToAuth = new DropObjectPropertyStatement(SAFE_RESOURCE, + SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } @@ -302,7 +302,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass { dps.setIndividualURI(SELFEDITOR_URI); dps.setDatapropURI(SAFE_PREDICATE); dps.setData("junk"); - whatToAuth = new EditDataPropStmt(dps); + whatToAuth = new EditDataPropertyStatement(dps); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); } @@ -314,7 +314,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass { dps.setIndividualURI(SAFE_RESOURCE); dps.setDatapropURI(SAFE_PREDICATE); dps.setData("junk"); - whatToAuth = new EditDataPropStmt(dps); + whatToAuth = new EditDataPropertyStatement(dps); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java index 40d748341..dc0d4fc5e 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java @@ -26,9 +26,9 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasProfile; import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl; import edu.cornell.mannlib.vitro.webapp.beans.Individual; @@ -112,8 +112,8 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass { @Test public void nullIdentifierBundle() { - AddObjectPropStmt whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, - SAFE_PREDICATE, SAFE_RESOURCE); + AddObjectPropertyStatement whatToAuth = new AddObjectPropertyStatement( + SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE); PolicyDecision dec = policy.isAuthorized(null, whatToAuth); Assert.assertNotNull(dec); Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized()); @@ -261,13 +261,13 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass { // ------------------------------------------------------------------------ /** - * Create an {@link AddObjectPropStmt}, test it, and compare to expected - * results. + * Create an {@link AddObjectPropertyStatement}, test it, and compare to + * expected results. */ private void assertAddObjectPropStmt(String uriOfSub, String uriOfPred, String uriOfObj, Authorization expectedAuthorization) { - AddObjectPropStmt whatToAuth = new AddObjectPropStmt(uriOfSub, - uriOfPred, uriOfObj); + AddObjectPropertyStatement whatToAuth = new AddObjectPropertyStatement( + uriOfSub, uriOfPred, uriOfObj); PolicyDecision dec = policy.isAuthorized(ids, whatToAuth); log.debug(dec); Assert.assertNotNull(dec); @@ -275,13 +275,13 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass { } /** - * Create an {@link EditObjPropStmt}, test it, and compare to expected - * results. + * Create an {@link EditObjectPropertyStatement}, test it, and compare to + * expected results. */ private void assertEditObjPropStmt(String uriOfSub, String uriOfPred, String uriOfObj, Authorization expectedAuthorization) { - EditObjPropStmt whatToAuth = new EditObjPropStmt(uriOfSub, uriOfPred, - uriOfObj); + EditObjectPropertyStatement whatToAuth = new EditObjectPropertyStatement( + uriOfSub, uriOfPred, uriOfObj); PolicyDecision dec = policy.isAuthorized(ids, whatToAuth); log.debug(dec); Assert.assertNotNull(dec); @@ -289,8 +289,8 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass { } /** - * Create an {@link EditDataPropStmt}, test it, and compare to expected - * results. + * Create an {@link EditDataPropertyStatement}, test it, and compare to + * expected results. */ private void assertEditDataPropStmt(String individualURI, String datapropURI, String data, Authorization expectedAuthorization) { @@ -299,7 +299,8 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass { dps.setDatapropURI(datapropURI); dps.setData(data); - EditDataPropStmt whatToAuth = new EditDataPropStmt(dps); + EditDataPropertyStatement whatToAuth = new EditDataPropertyStatement( + dps); PolicyDecision dec = policy.isAuthorized(ids, whatToAuth); log.debug(dec); Assert.assertNotNull(dec); From 5ecf031baef9a3cd52b51e1d2375ced0270012bc Mon Sep 17 00:00:00 2001 From: j2blake Date: Fri, 30 Mar 2012 21:20:23 +0000 Subject: [PATCH 13/25] NIHVIVO-3404 Make instance fields on AbstractObjectPropertyStatementAction private. --- .../propstmt/AbstractObjectPropertyStatementAction.java | 6 +++--- .../webapp/auth/policy/PolicyHelper_StatementsTest.java | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java index 29178e0c3..d9351dfc9 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java @@ -9,9 +9,9 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct * property. */ public abstract class AbstractObjectPropertyStatementAction extends RequestedAction { - public final String uriOfSubject; - public final String uriOfPredicate; - public final String uriOfObject; + private final String uriOfSubject; + private final String uriOfPredicate; + private final String uriOfObject; public AbstractObjectPropertyStatementAction(String uriOfSubject, String uriOfPredicate, String uriOfObject) { diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java index 072c5abea..4675265ea 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java @@ -257,10 +257,10 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { private PolicyDecision isAuthorized( AbstractObjectPropertyStatementAction whatToAuth) { - if ((APPROVED_SUBJECT_URI.equals(whatToAuth.uriOfSubject)) + if ((APPROVED_SUBJECT_URI.equals(whatToAuth.getUriOfSubject())) && (APPROVED_PREDICATE_URI - .equals(whatToAuth.uriOfPredicate)) - && (APPROVED_OBJECT_URI.equals(whatToAuth.uriOfObject))) { + .equals(whatToAuth.getUriOfPredicate())) + && (APPROVED_OBJECT_URI.equals(whatToAuth.getUriOfObject()))) { return authorized(); } else { return inconclusive(); From e8fafcc10c6bb6666bba3f862956306ebd85010d Mon Sep 17 00:00:00 2001 From: j2blake Date: Fri, 30 Mar 2012 21:44:46 +0000 Subject: [PATCH 14/25] NIHVIVO-3404 Rename accessor methods on AbstractObjectPropertyStatementAction to be consistent with those on AbstractDataPropertyStatementAction. --- .../permissions/EditByRolePermission.java | 6 ++-- .../RestrictHomeMenuItemEditingPolicy.java | 4 +-- .../webapp/auth/policy/SelfEditingPolicy.java | 6 ++-- ...AbstractObjectPropertyStatementAction.java | 32 +++++++++---------- .../policy/PolicyHelper_StatementsTest.java | 6 ++-- 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/EditByRolePermission.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/EditByRolePermission.java index f06a42ce9..6d5e64363 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/EditByRolePermission.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/EditByRolePermission.java @@ -88,9 +88,9 @@ public class EditByRolePermission extends Permission { * to modify its subject, its predicate, and its object. */ private boolean isAuthorized(AbstractObjectPropertyStatementAction action) { - String subjectUri = action.getUriOfSubject(); - String predicateUri = action.getUriOfPredicate(); - String objectUri = action.getUriOfObject(); + String subjectUri = action.getSubjectUri(); + String predicateUri = action.getPredicateUri(); + String objectUri = action.getObjectUri(); return canModifyResource(subjectUri) && canModifyPredicate(predicateUri) && canModifyResource(objectUri); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RestrictHomeMenuItemEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RestrictHomeMenuItemEditingPolicy.java index e7140b1a2..25795b470 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RestrictHomeMenuItemEditingPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RestrictHomeMenuItemEditingPolicy.java @@ -34,9 +34,9 @@ public class RestrictHomeMenuItemEditingPolicy implements PolicyIface { private PolicyDecision isAuthorized( AbstractObjectPropertyStatementAction whatToAuth) { - if (whatToAuth.getUriOfPredicate() + if (whatToAuth.getPredicateUri() .equals(DisplayVocabulary.HAS_ELEMENT) - && whatToAuth.getUriOfObject().equals( + && whatToAuth.getObjectUri().equals( DisplayVocabulary.HOME_MENU_ITEM)) { return notAuthorized(); } else { diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java index 185a5d0f1..e3a6b8dec 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java @@ -68,9 +68,9 @@ public class SelfEditingPolicy extends BaseSelfEditingPolicy implements */ private PolicyDecision isAuthorizedForObjectPropertyAction( List userUris, AbstractObjectPropertyStatementAction action) { - String subject = action.getUriOfSubject(); - String predicate = action.getUriOfPredicate(); - String object = action.getUriOfObject(); + String subject = action.getSubjectUri(); + String predicate = action.getPredicateUri(); + String object = action.getObjectUri(); if (!canModifyResource(subject)) { return cantModifyResource(subject); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java index d9351dfc9..aa696e90f 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java @@ -9,32 +9,32 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct * property. */ public abstract class AbstractObjectPropertyStatementAction extends RequestedAction { - private final String uriOfSubject; - private final String uriOfPredicate; - private final String uriOfObject; + private final String subjectUri; + private final String predicateUri; + private final String objectUri; - public AbstractObjectPropertyStatementAction(String uriOfSubject, String uriOfPredicate, - String uriOfObject) { - this.uriOfSubject = uriOfSubject; - this.uriOfPredicate = uriOfPredicate; - this.uriOfObject = uriOfObject; + public AbstractObjectPropertyStatementAction(String subjectUri, String predicateUri, + String objectUri) { + this.subjectUri = subjectUri; + this.predicateUri = predicateUri; + this.objectUri = objectUri; } - public String getUriOfSubject() { - return uriOfSubject; + public String getSubjectUri() { + return subjectUri; } - public String getUriOfPredicate() { - return uriOfPredicate; + public String getPredicateUri() { + return predicateUri; } - public String getUriOfObject() { - return uriOfObject; + public String getObjectUri() { + return objectUri; } @Override public String toString() { - return this.getClass().getSimpleName() + ": <" + uriOfSubject + "> <" - + uriOfPredicate + "> <" + uriOfObject + ">"; + return this.getClass().getSimpleName() + ": <" + subjectUri + "> <" + + predicateUri + "> <" + objectUri + ">"; } } diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java index 4675265ea..e7498e424 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java @@ -257,10 +257,10 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { private PolicyDecision isAuthorized( AbstractObjectPropertyStatementAction whatToAuth) { - if ((APPROVED_SUBJECT_URI.equals(whatToAuth.getUriOfSubject())) + if ((APPROVED_SUBJECT_URI.equals(whatToAuth.getSubjectUri())) && (APPROVED_PREDICATE_URI - .equals(whatToAuth.getUriOfPredicate())) - && (APPROVED_OBJECT_URI.equals(whatToAuth.getUriOfObject()))) { + .equals(whatToAuth.getPredicateUri())) + && (APPROVED_OBJECT_URI.equals(whatToAuth.getObjectUri()))) { return authorized(); } else { return inconclusive(); From b0c7241ede42d129bbd080798595dbff09dc3451 Mon Sep 17 00:00:00 2001 From: j2blake Date: Fri, 30 Mar 2012 22:08:58 +0000 Subject: [PATCH 15/25] NIHVIVO-3404 Improve the hierarchy of statement-based RequestedActions. Add constructors that accept either individual URIs or PropertyStatements. Don't ask for or hold the value of a DataProperty, because it is never used by a policy or permission (at least so far). --- .../webapp/auth/policy/PolicyHelper.java | 4 +- .../AbstractDataPropertyStatementAction.java | 16 +++++-- ...AbstractObjectPropertyStatementAction.java | 22 +++++++--- .../AbstractPropertyStatementAction.java | 13 ++++++ .../propstmt/AddDataPropertyStatement.java | 41 ++++++------------ .../propstmt/AddObjectPropertyStatement.java | 15 +++++-- .../propstmt/DropDataPropertyStatement.java | 42 +++++-------------- .../propstmt/DropObjectPropertyStatement.java | 12 +++++- .../propstmt/EditDataPropertyStatement.java | 24 +++++------ .../propstmt/EditObjectPropertyStatement.java | 12 +++--- .../BaseIndividualTemplateModel.java | 3 +- .../individual/DataPropertyTemplateModel.java | 3 +- .../auth/policy/SelfEditingPolicyTest.java | 10 ++--- 13 files changed, 112 insertions(+), 105 deletions(-) create mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java index cbef95b92..f9ffbf5aa 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java @@ -105,7 +105,7 @@ public class PolicyHelper { predicate.getURI(), objectNode.asResource().getURI()); } else { action = new AddDataPropertyStatement(subject.getURI(), - predicate.getURI(), objectNode.asLiteral()); + predicate.getURI()); } return isAuthorizedForActions(req, action); } @@ -157,7 +157,7 @@ public class PolicyHelper { predicate.getURI(), objectNode.asResource().getURI()); } else { action = new DropDataPropertyStatement(subject.getURI(), - predicate.getURI(), objectNode.asLiteral()); + predicate.getURI()); } return isAuthorizedForActions(req, action); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java index 5d3ba5453..f61d3dd3e 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java @@ -3,19 +3,29 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; +import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; /** - * A base class for requestion actions that relate to data properties. + * A base class for requested actions that involve adding, editing, or dropping + * data property statements from a model. */ -public abstract class AbstractDataPropertyStatementAction extends RequestedAction { +public abstract class AbstractDataPropertyStatementAction extends + RequestedAction { private final String subjectUri; private final String predicateUri; - public AbstractDataPropertyStatementAction(String subjectUri, String predicateUri) { + public AbstractDataPropertyStatementAction(String subjectUri, + String predicateUri) { this.subjectUri = subjectUri; this.predicateUri = predicateUri; } + public AbstractDataPropertyStatementAction(DataPropertyStatement dps) { + this.subjectUri = (dps.getIndividual() == null) ? dps + .getIndividualURI() : dps.getIndividual().getURI(); + this.predicateUri = dps.getDatapropURI(); + } + public String getSubjectUri() { return subjectUri; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java index aa696e90f..53ba6d5d4 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java @@ -2,24 +2,34 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; +import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement; /** - * A base class for requested actions that involve manipulating an object - * property. + * A base class for requested actions that involve adding, editing, or deleting + * object property statements from a model. */ -public abstract class AbstractObjectPropertyStatementAction extends RequestedAction { +public abstract class AbstractObjectPropertyStatementAction extends + AbstractPropertyStatementAction { private final String subjectUri; private final String predicateUri; private final String objectUri; - public AbstractObjectPropertyStatementAction(String subjectUri, String predicateUri, - String objectUri) { + public AbstractObjectPropertyStatementAction(String subjectUri, + String predicateUri, String objectUri) { this.subjectUri = subjectUri; this.predicateUri = predicateUri; this.objectUri = objectUri; } + public AbstractObjectPropertyStatementAction(ObjectPropertyStatement ops) { + this.subjectUri = (ops.getSubject() == null) ? ops.getSubjectURI() + : ops.getSubject().getURI(); + this.predicateUri = (ops.getProperty() == null) ? ops.getPropertyURI() + : ops.getProperty().getURI(); + this.objectUri = (ops.getObject() == null) ? ops.getObjectURI() : ops + .getObject().getURI(); + } + public String getSubjectUri() { return subjectUri; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java new file mode 100644 index 000000000..c0c64589b --- /dev/null +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java @@ -0,0 +1,13 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; + +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; + +/** + * A base class for requested actions that involve adding, editing, or deleting + * statements from a model. + */ +public abstract class AbstractPropertyStatementAction extends RequestedAction { + +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropertyStatement.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropertyStatement.java index 02dad0792..0bf2d9721 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropertyStatement.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropertyStatement.java @@ -2,37 +2,20 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; -import com.hp.hpl.jena.rdf.model.Literal; +import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; -/** Should we allow the user to add this DataPropertyStatement? */ -public class AddDataPropertyStatement extends AbstractDataPropertyStatementAction { - protected String data; - protected String dataType; - protected String lang; - - public AddDataPropertyStatement(String subjectUri, String predicateUri, String value, String dataType, String lang) { - super(subjectUri, predicateUri); - this.data= value; - this.dataType = dataType; - this.lang = lang; - } +/** + * Should we allow the user to add this DataPropertyStatement to this model? + */ +public class AddDataPropertyStatement extends + AbstractDataPropertyStatementAction { - public AddDataPropertyStatement(String subjectUri, String predicateUri, Literal literal) { - super(subjectUri, predicateUri); - this.data= literal.getValue().toString(); - this.dataType = literal.getDatatypeURI(); - this.lang = literal.getLanguage(); - } - - public String getData() { - return data; - } + public AddDataPropertyStatement(String subjectUri, String predicateUri) { + super(subjectUri, predicateUri); + } - public String getDataType() { - return dataType; - } + public AddDataPropertyStatement(DataPropertyStatement dps) { + super(dps); + } - public String getLang() { - return lang; - } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropertyStatement.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropertyStatement.java index 81179ea47..f73059ab6 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropertyStatement.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropertyStatement.java @@ -2,10 +2,19 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; -/** Should we allow the user to add this ObjectPropertyStatement? */ -public class AddObjectPropertyStatement extends AbstractObjectPropertyStatementAction { +import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement; - public AddObjectPropertyStatement(String uriOfSub, String uriOfPred, String uriOfObj) { +/** + * Should we allow the user to add this ObjectPropertyStatement to this model? + */ +public class AddObjectPropertyStatement extends + AbstractObjectPropertyStatementAction { + public AddObjectPropertyStatement(String uriOfSub, String uriOfPred, + String uriOfObj) { super(uriOfSub, uriOfPred, uriOfObj); } + + public AddObjectPropertyStatement(ObjectPropertyStatement ops) { + super(ops); + } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropertyStatement.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropertyStatement.java index 7495e3780..1d9d3c925 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropertyStatement.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropertyStatement.java @@ -2,40 +2,20 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; -import com.hp.hpl.jena.rdf.model.Literal; - import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; -import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl; -/** Should we allow the user to delete this DataPropertyStatement? */ -public class DropDataPropertyStatement extends AbstractDataPropertyStatementAction { +/** + * Should we allow the user to delete this DataPropertyStatement from this + * model? + */ +public class DropDataPropertyStatement extends + AbstractDataPropertyStatementAction { - private final DataPropertyStatement dataPropStmt; - - public DropDataPropertyStatement(DataPropertyStatement dps){ - super(dps.getIndividualURI(),dps.getDatapropURI() ); - this.dataPropStmt = dps; - } - - public DropDataPropertyStatement(String subjectUri, String predicateUri, String data) { - super(subjectUri, predicateUri); - dataPropStmt = new DataPropertyStatementImpl(); - dataPropStmt.setIndividualURI(subjectUri); - dataPropStmt.setDatapropURI(predicateUri); - dataPropStmt.setData(data); - } - - public DropDataPropertyStatement(String subjectUri, String predicateUri, Literal data) { - super(subjectUri, predicateUri); - dataPropStmt = new DataPropertyStatementImpl(); - dataPropStmt.setIndividualURI(subjectUri); - dataPropStmt.setDatapropURI(predicateUri); - dataPropStmt.setData(data.getValue().toString()); + public DropDataPropertyStatement(String subjectUri, String predicateUri) { + super(subjectUri, predicateUri); } - public String data(){ return dataPropStmt.getData(); } - public String lang(){ return dataPropStmt.getLanguage(); } - public String datatype(){return dataPropStmt.getDatatypeURI(); } - - // TODO: needs to be fixed to work with lang/datatype literals + public DropDataPropertyStatement(DataPropertyStatement dps) { + super(dps); + } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropertyStatement.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropertyStatement.java index 3f2315f2b..6f4c33b07 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropertyStatement.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropertyStatement.java @@ -2,10 +2,18 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; -/** Should we allow the user to delete this ObjectPropertyStatement? */ -public class DropObjectPropertyStatement extends AbstractObjectPropertyStatementAction { +import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement; +/** + * Should we allow the user to delete this ObjectPropertyStatement from this + * model? + */ +public class DropObjectPropertyStatement extends AbstractObjectPropertyStatementAction { public DropObjectPropertyStatement(String sub, String pred, String obj) { super(sub, pred, obj); } + + public DropObjectPropertyStatement(ObjectPropertyStatement ops) { + super(ops); + } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropertyStatement.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropertyStatement.java index 700dfd5ab..e10479c54 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropertyStatement.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropertyStatement.java @@ -4,18 +4,16 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; -/** Should we allow the user to edit this DataPropertyStatement? */ -public class EditDataPropertyStatement extends AbstractDataPropertyStatementAction { +/** + * Should we allow the user to edit this DataPropertyStatement in this model? + */ +public class EditDataPropertyStatement extends + AbstractDataPropertyStatementAction { + public EditDataPropertyStatement(String subjectUri, String predicateUri) { + super(subjectUri, predicateUri); + } - private final DataPropertyStatement dataPropStmt; - - public EditDataPropertyStatement(DataPropertyStatement dps){ - super(dps.getIndividualURI(), dps.getDatapropURI()); - this.dataPropStmt = dps; - } - - public String data(){ return dataPropStmt.getData(); } - public String lang(){ return dataPropStmt.getLanguage(); } - public String datatype(){return dataPropStmt.getDatatypeURI(); } - + public EditDataPropertyStatement(DataPropertyStatement dps) { + super(dps); + } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjectPropertyStatement.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjectPropertyStatement.java index 70b833b70..359365ac4 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjectPropertyStatement.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjectPropertyStatement.java @@ -4,16 +4,16 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement; -/** Should we allow the user to edit this ObjectPropertyStatement? */ +/** + * Should we allow the user to edit this ObjectPropertyStatement in this model? + */ public class EditObjectPropertyStatement extends AbstractObjectPropertyStatementAction { - - public EditObjectPropertyStatement(ObjectPropertyStatement ops) { - super(ops.getSubjectURI(), ops.getPropertyURI(), ops.getObjectURI()); - } - public EditObjectPropertyStatement(String subjectUri, String keywordPredUri, String objectUri) { super(subjectUri, keywordPredUri, objectUri); } + public EditObjectPropertyStatement(ObjectPropertyStatement ops) { + super(ops); + } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java index 88dc6e3d8..0fe1b1f23 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java @@ -113,8 +113,7 @@ public abstract class BaseIndividualTemplateModel extends BaseTemplateModel { */ public boolean isEditable() { AddDataPropertyStatement adps = new AddDataPropertyStatement(individual.getURI(), - RequestActionConstants.SOME_URI, - RequestActionConstants.SOME_LITERAL, null, null); + RequestActionConstants.SOME_URI); AddObjectPropertyStatement aops = new AddObjectPropertyStatement(individual.getURI(), RequestActionConstants.SOME_URI, RequestActionConstants.SOME_URI); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java index 88b08c901..da5e5b609 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java @@ -11,7 +11,6 @@ import org.apache.commons.logging.LogFactory; import com.hp.hpl.jena.rdf.model.Literal; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.DataProperty; @@ -77,7 +76,7 @@ public class DataPropertyTemplateModel extends PropertyTemplateModel { } // Determine whether a new statement can be added - RequestedAction action = new AddDataPropertyStatement(subjectUri, propertyUri, RequestActionConstants.SOME_LITERAL, null, null); + RequestedAction action = new AddDataPropertyStatement(subjectUri, propertyUri); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { return; } diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java index a7c2d5207..28b240fdd 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java @@ -118,21 +118,19 @@ public class SelfEditingPolicyTest extends AbstractTestClass { // now with dataprop statements whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI, - "http://mannlib.cornell.edu/bad#prp234", "someString", null, - null); + "http://mannlib.cornell.edu/bad#prp234"); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI, - "http://mannlib.cornell.edu/bad#prp999", "someString", null, - null); + "http://mannlib.cornell.edu/bad#prp999"); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI, - SAFE_PREDICATE, "someString", null, null); + SAFE_PREDICATE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI, - UNSAFE_PREDICATE, "someString", null, null); + UNSAFE_PREDICATE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } From ed2f3ddc1290531007a20fa8a89df7a1b7f47875 Mon Sep 17 00:00:00 2001 From: j2blake Date: Sun, 1 Apr 2012 14:29:43 +0000 Subject: [PATCH 16/25] NIHVIVO-3404 Adjust the clients to use the most convenient constructor of EditDataPropertyStatement --- .../auth/policy/SelfEditingPolicyTest.java | 37 +++---------------- .../auth/policy/SelfEditingPolicy_2_Test.java | 7 +--- 2 files changed, 7 insertions(+), 37 deletions(-) diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java index 28b240fdd..7ce14b845 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java @@ -36,8 +36,6 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectP import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement; -import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; -import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl; import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl; import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; @@ -212,31 +210,16 @@ public class SelfEditingPolicyTest extends AbstractTestClass { // @Test public void testVisitIdentifierBundleEditDataPropStmt() { - - DataPropertyStatement dps = new DataPropertyStatementImpl(); - dps.setIndividualURI(SELFEDITOR_URI); - dps.setDatapropURI(SAFE_PREDICATE); - dps.setData("junk"); - whatToAuth = new EditDataPropertyStatement(dps); + whatToAuth = new EditDataPropertyStatement(SELFEDITOR_URI,SAFE_PREDICATE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - dps = new DataPropertyStatementImpl(); - dps.setIndividualURI(SELFEDITOR_URI); - dps.setDatapropURI(UNSAFE_PREDICATE); - dps.setData("junk"); - whatToAuth = new EditDataPropertyStatement(dps); + whatToAuth = new EditDataPropertyStatement(SELFEDITOR_URI, UNSAFE_PREDICATE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - dps = new DataPropertyStatementImpl(); - dps.setIndividualURI(UNSAFE_RESOURCE); - dps.setDatapropURI(SAFE_PREDICATE); - whatToAuth = new EditDataPropertyStatement(dps); + whatToAuth = new EditDataPropertyStatement(UNSAFE_RESOURCE, SAFE_PREDICATE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - dps = new DataPropertyStatementImpl(); - dps.setIndividualURI(SAFE_RESOURCE); - dps.setDatapropURI(SAFE_PREDICATE); - whatToAuth = new EditDataPropertyStatement(dps); + whatToAuth = new EditDataPropertyStatement(SAFE_RESOURCE, SAFE_PREDICATE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } @@ -296,11 +279,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass { public void twoSEIsFindDataPropertySubject() { setUpTwoSEIs(); - DataPropertyStatement dps = new DataPropertyStatementImpl(); - dps.setIndividualURI(SELFEDITOR_URI); - dps.setDatapropURI(SAFE_PREDICATE); - dps.setData("junk"); - whatToAuth = new EditDataPropertyStatement(dps); + whatToAuth = new EditDataPropertyStatement(SELFEDITOR_URI, SAFE_PREDICATE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); } @@ -308,11 +287,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass { public void twoSEIsDontFindInDataProperty() { setUpTwoSEIs(); - DataPropertyStatement dps = new DataPropertyStatementImpl(); - dps.setIndividualURI(SAFE_RESOURCE); - dps.setDatapropURI(SAFE_PREDICATE); - dps.setData("junk"); - whatToAuth = new EditDataPropertyStatement(dps); + whatToAuth = new EditDataPropertyStatement(SAFE_RESOURCE, SAFE_PREDICATE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java index dc0d4fc5e..1d4b61f1c 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java @@ -294,13 +294,8 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass { */ private void assertEditDataPropStmt(String individualURI, String datapropURI, String data, Authorization expectedAuthorization) { - DataPropertyStatement dps = new DataPropertyStatementImpl(); - dps.setIndividualURI(individualURI); - dps.setDatapropURI(datapropURI); - dps.setData(data); - EditDataPropertyStatement whatToAuth = new EditDataPropertyStatement( - dps); + individualURI, datapropURI); PolicyDecision dec = policy.isAuthorized(ids, whatToAuth); log.debug(dec); Assert.assertNotNull(dec); From 7aa3b4f4699d3020357b05cc9aca7583ec1e732c Mon Sep 17 00:00:00 2001 From: j2blake Date: Sun, 1 Apr 2012 15:46:43 +0000 Subject: [PATCH 17/25] NIHVIVO-3404 Require that the statement-based RequestedActions include a reference to an OntModel. So the paradigm changes from "may I do this with this statement?" to "may I do this with this statement and this model?" --- .../webapp/auth/policy/PolicyHelper.java | 45 +++++------ .../AbstractDataPropertyStatementAction.java | 14 ++-- ...AbstractObjectPropertyStatementAction.java | 8 +- .../AbstractPropertyStatementAction.java | 10 +++ .../propstmt/AddDataPropertyStatement.java | 11 ++- .../propstmt/AddObjectPropertyStatement.java | 13 ++-- .../propstmt/DropDataPropertyStatement.java | 12 ++- .../propstmt/DropObjectPropertyStatement.java | 17 ++-- .../propstmt/EditDataPropertyStatement.java | 12 ++- .../propstmt/EditObjectPropertyStatement.java | 16 ++-- .../controller/admin/ShowAuthController.java | 3 +- .../freemarker/ImageUploadController.java | 14 ++-- .../BaseIndividualTemplateModel.java | 6 +- .../DataPropertyStatementTemplateModel.java | 4 +- .../individual/DataPropertyTemplateModel.java | 3 +- .../NameStatementTemplateModel.java | 2 +- .../ObjectPropertyStatementTemplateModel.java | 5 +- .../ObjectPropertyTemplateModel.java | 4 +- .../policy/PolicyHelper_StatementsTest.java | 36 +++++---- .../auth/policy/SelfEditingPolicyTest.java | 78 ++++++++++--------- .../auth/policy/SelfEditingPolicy_2_Test.java | 22 ++++-- 21 files changed, 204 insertions(+), 131 deletions(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java index f9ffbf5aa..5e418ce3a 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java @@ -23,6 +23,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPro import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement; +import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; /** * A collection of static methods to help determine whether requested actions @@ -63,15 +64,15 @@ public class PolicyHelper { * Do the current policies authorize the current user to add all of the * statements in this model? */ - public static boolean isAuthorizedToAdd(HttpServletRequest req, Model model) { - if ((req == null) || (model == null)) { + public static boolean isAuthorizedToAdd(VitroRequest vreq, Model model) { + if ((vreq == null) || (model == null)) { return false; } StmtIterator stmts = model.listStatements(); try { while (stmts.hasNext()) { - if (!isAuthorizedToAdd(req, stmts.next())) { + if (!isAuthorizedToAdd(vreq, stmts.next())) { return false; } } @@ -86,9 +87,8 @@ public class PolicyHelper { * * The statement is expected to be fully-populated, with no null fields. */ - public static boolean isAuthorizedToAdd(HttpServletRequest req, - Statement stmt) { - if ((req == null) || (stmt == null)) { + public static boolean isAuthorizedToAdd(VitroRequest vreq, Statement stmt) { + if ((vreq == null) || (stmt == null)) { return false; } @@ -101,28 +101,29 @@ public class PolicyHelper { RequestedAction action; if (objectNode.isResource()) { - action = new AddObjectPropertyStatement(subject.getURI(), - predicate.getURI(), objectNode.asResource().getURI()); + action = new AddObjectPropertyStatement(vreq.getJenaOntModel(), + subject.getURI(), predicate.getURI(), objectNode + .asResource().getURI()); } else { - action = new AddDataPropertyStatement(subject.getURI(), - predicate.getURI()); + action = new AddDataPropertyStatement(vreq.getJenaOntModel(), + subject.getURI(), predicate.getURI()); } - return isAuthorizedForActions(req, action); + return isAuthorizedForActions(vreq, action); } /** * Do the current policies authorize the current user to drop all of the * statements in this model? */ - public static boolean isAuthorizedToDrop(HttpServletRequest req, Model model) { - if ((req == null) || (model == null)) { + public static boolean isAuthorizedToDrop(VitroRequest vreq, Model model) { + if ((vreq == null) || (model == null)) { return false; } StmtIterator stmts = model.listStatements(); try { while (stmts.hasNext()) { - if (!isAuthorizedToDrop(req, stmts.next())) { + if (!isAuthorizedToDrop(vreq, stmts.next())) { return false; } } @@ -138,9 +139,8 @@ public class PolicyHelper { * * The statement is expected to be fully-populated, with no null fields. */ - public static boolean isAuthorizedToDrop(HttpServletRequest req, - Statement stmt) { - if ((req == null) || (stmt == null)) { + public static boolean isAuthorizedToDrop(VitroRequest vreq, Statement stmt) { + if ((vreq == null) || (stmt == null)) { return false; } @@ -153,13 +153,14 @@ public class PolicyHelper { RequestedAction action; if (objectNode.isResource()) { - action = new DropObjectPropertyStatement(subject.getURI(), - predicate.getURI(), objectNode.asResource().getURI()); + action = new DropObjectPropertyStatement(vreq.getJenaOntModel(), + subject.getURI(), predicate.getURI(), objectNode + .asResource().getURI()); } else { - action = new DropDataPropertyStatement(subject.getURI(), - predicate.getURI()); + action = new DropDataPropertyStatement(vreq.getJenaOntModel(), + subject.getURI(), predicate.getURI()); } - return isAuthorizedForActions(req, action); + return isAuthorizedForActions(vreq, action); } /** diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java index f61d3dd3e..74a94678c 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java @@ -2,7 +2,8 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; +import com.hp.hpl.jena.ontology.OntModel; + import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; /** @@ -10,17 +11,20 @@ import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; * data property statements from a model. */ public abstract class AbstractDataPropertyStatementAction extends - RequestedAction { + AbstractPropertyStatementAction { private final String subjectUri; private final String predicateUri; - public AbstractDataPropertyStatementAction(String subjectUri, - String predicateUri) { + public AbstractDataPropertyStatementAction(OntModel ontModel, + String subjectUri, String predicateUri) { + super(ontModel); this.subjectUri = subjectUri; this.predicateUri = predicateUri; } - public AbstractDataPropertyStatementAction(DataPropertyStatement dps) { + public AbstractDataPropertyStatementAction(OntModel ontModel, + DataPropertyStatement dps) { + super(ontModel); this.subjectUri = (dps.getIndividual() == null) ? dps .getIndividualURI() : dps.getIndividual().getURI(); this.predicateUri = dps.getDatapropURI(); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java index 53ba6d5d4..53d0c9b6d 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java @@ -2,6 +2,8 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; +import com.hp.hpl.jena.ontology.OntModel; + import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement; /** @@ -14,14 +16,16 @@ public abstract class AbstractObjectPropertyStatementAction extends private final String predicateUri; private final String objectUri; - public AbstractObjectPropertyStatementAction(String subjectUri, + public AbstractObjectPropertyStatementAction(OntModel ontModel, String subjectUri, String predicateUri, String objectUri) { + super(ontModel); this.subjectUri = subjectUri; this.predicateUri = predicateUri; this.objectUri = objectUri; } - public AbstractObjectPropertyStatementAction(ObjectPropertyStatement ops) { + public AbstractObjectPropertyStatementAction(OntModel ontModel, ObjectPropertyStatement ops) { + super(ontModel); this.subjectUri = (ops.getSubject() == null) ? ops.getSubjectURI() : ops.getSubject().getURI(); this.predicateUri = (ops.getProperty() == null) ? ops.getPropertyURI() diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java index c0c64589b..1824f51dc 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java @@ -2,6 +2,8 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; +import com.hp.hpl.jena.ontology.OntModel; + import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; /** @@ -9,5 +11,13 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct * statements from a model. */ public abstract class AbstractPropertyStatementAction extends RequestedAction { + private final OntModel ontModel; + public AbstractPropertyStatementAction(OntModel ontModel) { + this.ontModel = ontModel; + } + + public OntModel getOntModel() { + return ontModel; + } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropertyStatement.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropertyStatement.java index 0bf2d9721..5f550d058 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropertyStatement.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddDataPropertyStatement.java @@ -2,6 +2,8 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; +import com.hp.hpl.jena.ontology.OntModel; + import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; /** @@ -10,12 +12,13 @@ import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; public class AddDataPropertyStatement extends AbstractDataPropertyStatementAction { - public AddDataPropertyStatement(String subjectUri, String predicateUri) { - super(subjectUri, predicateUri); + public AddDataPropertyStatement(OntModel ontModel, String subjectUri, + String predicateUri) { + super(ontModel, subjectUri, predicateUri); } - public AddDataPropertyStatement(DataPropertyStatement dps) { - super(dps); + public AddDataPropertyStatement(OntModel ontModel, DataPropertyStatement dps) { + super(ontModel, dps); } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropertyStatement.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropertyStatement.java index f73059ab6..423893328 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropertyStatement.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropertyStatement.java @@ -2,6 +2,8 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; +import com.hp.hpl.jena.ontology.OntModel; + import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement; /** @@ -9,12 +11,13 @@ import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement; */ public class AddObjectPropertyStatement extends AbstractObjectPropertyStatementAction { - public AddObjectPropertyStatement(String uriOfSub, String uriOfPred, - String uriOfObj) { - super(uriOfSub, uriOfPred, uriOfObj); + public AddObjectPropertyStatement(OntModel ontModel, String uriOfSub, + String uriOfPred, String uriOfObj) { + super(ontModel, uriOfSub, uriOfPred, uriOfObj); } - public AddObjectPropertyStatement(ObjectPropertyStatement ops) { - super(ops); + public AddObjectPropertyStatement(OntModel ontModel, + ObjectPropertyStatement ops) { + super(ontModel, ops); } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropertyStatement.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropertyStatement.java index 1d9d3c925..07138aa8f 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropertyStatement.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropDataPropertyStatement.java @@ -2,6 +2,8 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; +import com.hp.hpl.jena.ontology.OntModel; + import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; /** @@ -11,11 +13,13 @@ import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; public class DropDataPropertyStatement extends AbstractDataPropertyStatementAction { - public DropDataPropertyStatement(String subjectUri, String predicateUri) { - super(subjectUri, predicateUri); + public DropDataPropertyStatement(OntModel ontModel, String subjectUri, + String predicateUri) { + super(ontModel, subjectUri, predicateUri); } - public DropDataPropertyStatement(DataPropertyStatement dps) { - super(dps); + public DropDataPropertyStatement(OntModel ontModel, + DataPropertyStatement dps) { + super(ontModel, dps); } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropertyStatement.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropertyStatement.java index 6f4c33b07..c994a39e8 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropertyStatement.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropertyStatement.java @@ -2,18 +2,23 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; +import com.hp.hpl.jena.ontology.OntModel; + import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement; /** * Should we allow the user to delete this ObjectPropertyStatement from this * model? */ -public class DropObjectPropertyStatement extends AbstractObjectPropertyStatementAction { - public DropObjectPropertyStatement(String sub, String pred, String obj) { - super(sub, pred, obj); +public class DropObjectPropertyStatement extends + AbstractObjectPropertyStatementAction { + public DropObjectPropertyStatement(OntModel ontModel, String sub, + String pred, String obj) { + super(ontModel, sub, pred, obj); } - - public DropObjectPropertyStatement(ObjectPropertyStatement ops) { - super(ops); + + public DropObjectPropertyStatement(OntModel ontModel, + ObjectPropertyStatement ops) { + super(ontModel, ops); } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropertyStatement.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropertyStatement.java index e10479c54..5ef3b918f 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropertyStatement.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditDataPropertyStatement.java @@ -2,6 +2,8 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; +import com.hp.hpl.jena.ontology.OntModel; + import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; /** @@ -9,11 +11,13 @@ import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; */ public class EditDataPropertyStatement extends AbstractDataPropertyStatementAction { - public EditDataPropertyStatement(String subjectUri, String predicateUri) { - super(subjectUri, predicateUri); + public EditDataPropertyStatement(OntModel ontModel, String subjectUri, + String predicateUri) { + super(ontModel, subjectUri, predicateUri); } - public EditDataPropertyStatement(DataPropertyStatement dps) { - super(dps); + public EditDataPropertyStatement(OntModel ontModel, + DataPropertyStatement dps) { + super(ontModel, dps); } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjectPropertyStatement.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjectPropertyStatement.java index 359365ac4..732c3fa31 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjectPropertyStatement.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjectPropertyStatement.java @@ -2,18 +2,22 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt; +import com.hp.hpl.jena.ontology.OntModel; + import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement; /** * Should we allow the user to edit this ObjectPropertyStatement in this model? */ -public class EditObjectPropertyStatement extends AbstractObjectPropertyStatementAction { - public EditObjectPropertyStatement(String subjectUri, String keywordPredUri, - String objectUri) { - super(subjectUri, keywordPredUri, objectUri); +public class EditObjectPropertyStatement extends + AbstractObjectPropertyStatementAction { + public EditObjectPropertyStatement(OntModel ontModel, String subjectUri, + String keywordPredUri, String objectUri) { + super(ontModel, subjectUri, keywordPredUri, objectUri); } - public EditObjectPropertyStatement(ObjectPropertyStatement ops) { - super(ops); + public EditObjectPropertyStatement(OntModel ontModel, + ObjectPropertyStatement ops) { + super(ontModel, ops); } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java index d1df3e552..d91301a43 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java @@ -89,7 +89,8 @@ public class ShowAuthController extends FreemarkerHttpServlet { * this individual? */ private boolean mayEditIndividual(VitroRequest vreq, String individualUri) { - RequestedAction action = new EditObjectPropertyStatement(individualUri, + RequestedAction action = new EditObjectPropertyStatement( + vreq.getJenaOntModel(), individualUri, RequestActionConstants.SOME_URI, RequestActionConstants.SOME_URI); return PolicyHelper.isAuthorizedForActions(vreq, action); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java index 9a9b7a7c6..842a6201d 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java @@ -138,14 +138,16 @@ public class ImageUploadController extends FreemarkerHttpServlet { RequestedAction ra; if (ACTION_DELETE.equals(action) || ACTION_DELETE_EDIT.equals(action)) { - ra = new DropObjectPropertyStatement(entity.getURI(), - VitroVocabulary.IND_MAIN_IMAGE, imageUri); + ra = new DropObjectPropertyStatement(vreq.getJenaOntModel(), + entity.getURI(), VitroVocabulary.IND_MAIN_IMAGE, + imageUri); } else if (imageUri != null) { - ra = new EditObjectPropertyStatement(entity.getURI(), - VitroVocabulary.IND_MAIN_IMAGE, imageUri); + ra = new EditObjectPropertyStatement(vreq.getJenaOntModel(), + entity.getURI(), VitroVocabulary.IND_MAIN_IMAGE, + imageUri); } else { - ra = new AddObjectPropertyStatement(entity.getURI(), - VitroVocabulary.IND_MAIN_IMAGE, + ra = new AddObjectPropertyStatement(vreq.getJenaOntModel(), + entity.getURI(), VitroVocabulary.IND_MAIN_IMAGE, RequestActionConstants.SOME_URI); } return new Actions(ra); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java index 0fe1b1f23..0c4b09e72 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java @@ -112,9 +112,11 @@ public abstract class BaseIndividualTemplateModel extends BaseTemplateModel { * an object property to the Individual being shown. */ public boolean isEditable() { - AddDataPropertyStatement adps = new AddDataPropertyStatement(individual.getURI(), + AddDataPropertyStatement adps = new AddDataPropertyStatement( + vreq.getJenaOntModel(), individual.getURI(), RequestActionConstants.SOME_URI); - AddObjectPropertyStatement aops = new AddObjectPropertyStatement(individual.getURI(), + AddObjectPropertyStatement aops = new AddObjectPropertyStatement( + vreq.getJenaOntModel(), individual.getURI(), RequestActionConstants.SOME_URI, RequestActionConstants.SOME_URI); return PolicyHelper.isAuthorizedForActions(vreq, new Actions(adps).or(aops)); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java index 1d2e9a68b..f9fa1bf1a 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java @@ -41,7 +41,7 @@ public class DataPropertyStatementTemplateModel extends PropertyStatementTemplat private String makeDeleteUrl() { // Determine whether the statement can be deleted DataPropertyStatement dps = makeStatement(); - RequestedAction action = new DropDataPropertyStatement(dps); + RequestedAction action = new DropDataPropertyStatement(vreq.getJenaOntModel(), dps); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { return ""; } @@ -66,7 +66,7 @@ public class DataPropertyStatementTemplateModel extends PropertyStatementTemplat // Determine whether the statement can be edited DataPropertyStatement dps = makeStatement(); - RequestedAction action = new EditDataPropertyStatement(dps); + RequestedAction action = new EditDataPropertyStatement(vreq.getJenaOntModel(), dps); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { return ""; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java index da5e5b609..2452851ff 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java @@ -76,7 +76,8 @@ public class DataPropertyTemplateModel extends PropertyTemplateModel { } // Determine whether a new statement can be added - RequestedAction action = new AddDataPropertyStatement(subjectUri, propertyUri); + RequestedAction action = new AddDataPropertyStatement( + vreq.getJenaOntModel(), subjectUri, propertyUri); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { return; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java index 89ecfd31e..982a4561c 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java @@ -62,7 +62,7 @@ public class NameStatementTemplateModel extends PropertyStatementTemplateModel { private String makeEditUrl(Literal literal) { // Determine whether the statement can be edited DataPropertyStatement dps = makeStatement(literal); - RequestedAction action = new EditDataPropertyStatement(dps); + RequestedAction action = new EditDataPropertyStatement(vreq.getJenaOntModel(), dps); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { return ""; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java index dad8da209..28ff330c3 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java @@ -55,7 +55,8 @@ public class ObjectPropertyStatementTemplateModel extends PropertyStatementTempl } // Determine whether the statement can be deleted - RequestedAction action = new DropObjectPropertyStatement(subjectUri, propertyUri, objectUri); + RequestedAction action = new DropObjectPropertyStatement( + vreq.getJenaOntModel(), subjectUri, propertyUri, objectUri); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { return ""; } @@ -96,7 +97,7 @@ public class ObjectPropertyStatementTemplateModel extends PropertyStatementTempl } // Determine whether the statement can be edited - RequestedAction action = new EditObjectPropertyStatement(ops); + RequestedAction action = new EditObjectPropertyStatement(vreq.getJenaOntModel(), ops); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { return ""; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java index c71bc7732..ec0acabf3 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java @@ -108,7 +108,9 @@ public abstract class ObjectPropertyTemplateModel extends PropertyTemplateModel } // Determine whether a new statement can be added - RequestedAction action = new AddObjectPropertyStatement(subjectUri, propertyUri, RequestActionConstants.SOME_URI); + RequestedAction action = new AddObjectPropertyStatement( + vreq.getJenaOntModel(), subjectUri, propertyUri, + RequestActionConstants.SOME_URI); if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) { return; } diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java index e7498e424..515637446 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java @@ -12,6 +12,7 @@ import stubs.javax.servlet.ServletContextStub; import stubs.javax.servlet.http.HttpServletRequestStub; import stubs.javax.servlet.http.HttpSessionStub; +import com.hp.hpl.jena.ontology.OntModelSpec; import com.hp.hpl.jena.rdf.model.Model; import com.hp.hpl.jena.rdf.model.ModelFactory; import com.hp.hpl.jena.rdf.model.Property; @@ -26,6 +27,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyStatementAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction; +import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; /** * Test the function of PolicyHelper in authorizing statements and models. @@ -38,7 +40,7 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { private ServletContextStub ctx; private HttpSessionStub session; - private HttpServletRequestStub req; + private VitroRequest vreq; @Before public void setup() { @@ -47,8 +49,10 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { session = new HttpSessionStub(); session.setServletContext(ctx); - req = new HttpServletRequestStub(); + HttpServletRequestStub req = new HttpServletRequestStub(); req.setSession(session); + vreq = new VitroRequest(req); + vreq.setJenaOntModel(ModelFactory.createOntologyModel(OntModelSpec.OWL_MEM)); setLoggerLevel(ServletPolicyList.class, Level.WARN); ServletPolicyList.addPolicy(ctx, new MySimplePolicy()); @@ -61,7 +65,7 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { @Test public void addNullStatement() { assertEquals("null statement", false, - PolicyHelper.isAuthorizedToAdd(req, (Statement) null)); + PolicyHelper.isAuthorizedToAdd(vreq, (Statement) null)); } @Test @@ -77,7 +81,7 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { Statement stmt = dataStatement(APPROVED_SUBJECT_URI, APPROVED_PREDICATE_URI); assertEquals("authorized", true, - PolicyHelper.isAuthorizedToAdd(req, stmt)); + PolicyHelper.isAuthorizedToAdd(vreq, stmt)); } @Test @@ -85,13 +89,13 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { Statement stmt = dataStatement(APPROVED_SUBJECT_URI, UNAPPROVED_PREDICATE_URI); assertEquals("not authorized", false, - PolicyHelper.isAuthorizedToAdd(req, stmt)); + PolicyHelper.isAuthorizedToAdd(vreq, stmt)); } @Test public void dropNullStatement() { assertEquals("null statement", false, - PolicyHelper.isAuthorizedToDrop(req, (Statement) null)); + PolicyHelper.isAuthorizedToDrop(vreq, (Statement) null)); } @Test @@ -107,7 +111,7 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { Statement stmt = dataStatement(APPROVED_SUBJECT_URI, APPROVED_PREDICATE_URI); assertEquals("authorized", true, - PolicyHelper.isAuthorizedToDrop(req, stmt)); + PolicyHelper.isAuthorizedToDrop(vreq, stmt)); } @Test @@ -115,7 +119,7 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { Statement stmt = dataStatement(APPROVED_SUBJECT_URI, UNAPPROVED_PREDICATE_URI); assertEquals("not authorized", false, - PolicyHelper.isAuthorizedToDrop(req, stmt)); + PolicyHelper.isAuthorizedToDrop(vreq, stmt)); } // ---------------------------------------------------------------------- @@ -125,7 +129,7 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { @Test public void addNullModel() { assertEquals("null statement", false, - PolicyHelper.isAuthorizedToAdd(req, (Model) null)); + PolicyHelper.isAuthorizedToAdd(vreq, (Model) null)); } @Test @@ -137,7 +141,7 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { @Test public void addEmptyModel() { assertEquals("empty model", true, - PolicyHelper.isAuthorizedToAdd(req, model())); + PolicyHelper.isAuthorizedToAdd(vreq, model())); } @Test @@ -147,7 +151,7 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { objectStatement(APPROVED_SUBJECT_URI, APPROVED_PREDICATE_URI, APPROVED_OBJECT_URI)); assertEquals("authorized model", true, - PolicyHelper.isAuthorizedToAdd(req, model)); + PolicyHelper.isAuthorizedToAdd(vreq, model)); } @Test @@ -157,13 +161,13 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { objectStatement(APPROVED_SUBJECT_URI, UNAPPROVED_PREDICATE_URI, APPROVED_OBJECT_URI)); assertEquals("unauthorized model", false, - PolicyHelper.isAuthorizedToAdd(req, model)); + PolicyHelper.isAuthorizedToAdd(vreq, model)); } @Test public void dropNullModel() { assertEquals("null statement", false, - PolicyHelper.isAuthorizedToDrop(req, (Model) null)); + PolicyHelper.isAuthorizedToDrop(vreq, (Model) null)); } @Test @@ -175,7 +179,7 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { @Test public void dropEmptyModel() { assertEquals("empty model", true, - PolicyHelper.isAuthorizedToDrop(req, model())); + PolicyHelper.isAuthorizedToDrop(vreq, model())); } @Test @@ -185,7 +189,7 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { objectStatement(APPROVED_SUBJECT_URI, APPROVED_PREDICATE_URI, APPROVED_OBJECT_URI)); assertEquals("authorized model", true, - PolicyHelper.isAuthorizedToDrop(req, model)); + PolicyHelper.isAuthorizedToDrop(vreq, model)); } @Test @@ -195,7 +199,7 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { objectStatement(APPROVED_SUBJECT_URI, APPROVED_PREDICATE_URI, APPROVED_OBJECT_URI)); assertEquals("unauthorized model", false, - PolicyHelper.isAuthorizedToDrop(req, model)); + PolicyHelper.isAuthorizedToDrop(vreq, model)); } // ---------------------------------------------------------------------- diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java index 7ce14b845..08da1960d 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java @@ -13,6 +13,11 @@ import org.junit.Test; import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelperStub; import stubs.javax.servlet.ServletContextStub; + +import com.hp.hpl.jena.ontology.OntModel; +import com.hp.hpl.jena.ontology.OntModelSpec; +import com.hp.hpl.jena.rdf.model.ModelFactory; + import edu.cornell.mannlib.vitro.testing.AbstractTestClass; import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; @@ -58,6 +63,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass { private SelfEditingPolicy policy; private IdentifierBundle ids; private RequestedAction whatToAuth; + private OntModel ontModel; @Before public void setUp() throws Exception { @@ -73,6 +79,8 @@ public class SelfEditingPolicyTest extends AbstractTestClass { ind.setURI(SELFEDITOR_URI); ids = new ArrayIdentifierBundle(new HasProfile(SELFEDITOR_URI)); + + ontModel = ModelFactory.createOntologyModel(OntModelSpec.OWL_MEM); } @Test @@ -86,72 +94,72 @@ public class SelfEditingPolicyTest extends AbstractTestClass { "http://mannlib.cornell.edu/bad#prp0020" }); PropertyRestrictionPolicyHelper.setBean(ctx, prph); - whatToAuth = new AddObjectPropertyStatement(SELFEDITOR_URI, + whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI, "http://mannlib.cornell.edu/bad#prp234", SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropertyStatement(SAFE_RESOURCE, + whatToAuth = new AddObjectPropertyStatement(ontModel, SAFE_RESOURCE, "http://mannlib.cornell.edu/bad#prp234", SELFEDITOR_URI); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropertyStatement(SELFEDITOR_URI, + whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI, "http://mannlib.cornell.edu/bad#prp999", SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropertyStatement(SAFE_RESOURCE, + whatToAuth = new AddObjectPropertyStatement(ontModel, SAFE_RESOURCE, "http://mannlib.cornell.edu/bad#prp999", SELFEDITOR_URI); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropertyStatement(SAFE_RESOURCE, + whatToAuth = new AddObjectPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropertyStatement(SELFEDITOR_URI, + whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropertyStatement(SELFEDITOR_URI, + whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); // now with dataprop statements - whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI, + whatToAuth = new AddDataPropertyStatement(ontModel, SELFEDITOR_URI, "http://mannlib.cornell.edu/bad#prp234"); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI, + whatToAuth = new AddDataPropertyStatement(ontModel, SELFEDITOR_URI, "http://mannlib.cornell.edu/bad#prp999"); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI, + whatToAuth = new AddDataPropertyStatement(ontModel, SELFEDITOR_URI, SAFE_PREDICATE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI, + whatToAuth = new AddDataPropertyStatement(ontModel, SELFEDITOR_URI, UNSAFE_PREDICATE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } @Test public void testVisitIdentifierBundleAddObjectPropStmt() { - whatToAuth = new AddObjectPropertyStatement(SELFEDITOR_URI, + whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropertyStatement(SAFE_RESOURCE, + whatToAuth = new AddObjectPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); // this is the case where the editor is not part of the stmt - whatToAuth = new AddObjectPropertyStatement(SAFE_RESOURCE, + whatToAuth = new AddObjectPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropertyStatement(SELFEDITOR_URI, + whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropertyStatement(SELFEDITOR_URI, + whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI, SAFE_PREDICATE, UNSAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } @@ -169,24 +177,24 @@ public class SelfEditingPolicyTest extends AbstractTestClass { // @Test public void testVisitIdentifierBundleDropObjectPropStmt() { - whatToAuth = new DropObjectPropertyStatement(SELFEDITOR_URI, + whatToAuth = new DropObjectPropertyStatement(ontModel, SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new DropObjectPropertyStatement(SAFE_RESOURCE, + whatToAuth = new DropObjectPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); // this is the case where the editor is not part of the stmt - whatToAuth = new DropObjectPropertyStatement(SAFE_RESOURCE, + whatToAuth = new DropObjectPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new DropObjectPropertyStatement(SELFEDITOR_URI, + whatToAuth = new DropObjectPropertyStatement(ontModel, SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new DropObjectPropertyStatement(SELFEDITOR_URI, + whatToAuth = new DropObjectPropertyStatement(ontModel, SELFEDITOR_URI, SAFE_PREDICATE, UNSAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } @@ -210,39 +218,39 @@ public class SelfEditingPolicyTest extends AbstractTestClass { // @Test public void testVisitIdentifierBundleEditDataPropStmt() { - whatToAuth = new EditDataPropertyStatement(SELFEDITOR_URI,SAFE_PREDICATE); + whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI,SAFE_PREDICATE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new EditDataPropertyStatement(SELFEDITOR_URI, UNSAFE_PREDICATE); + whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI, UNSAFE_PREDICATE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new EditDataPropertyStatement(UNSAFE_RESOURCE, SAFE_PREDICATE); + whatToAuth = new EditDataPropertyStatement(ontModel, UNSAFE_RESOURCE, SAFE_PREDICATE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new EditDataPropertyStatement(SAFE_RESOURCE, SAFE_PREDICATE); + whatToAuth = new EditDataPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } @Test public void testVisitIdentifierBundleEditObjPropStmt() { - whatToAuth = new EditObjectPropertyStatement(SELFEDITOR_URI, + whatToAuth = new EditObjectPropertyStatement(ontModel, SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new EditObjectPropertyStatement(SAFE_RESOURCE, + whatToAuth = new EditObjectPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); // this is the case where the editor is not part of the stmt - whatToAuth = new EditObjectPropertyStatement(SAFE_RESOURCE, + whatToAuth = new EditObjectPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new EditObjectPropertyStatement(SELFEDITOR_URI, + whatToAuth = new EditObjectPropertyStatement(ontModel, SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new EditObjectPropertyStatement(SELFEDITOR_URI, + whatToAuth = new EditObjectPropertyStatement(ontModel, SELFEDITOR_URI, SAFE_PREDICATE, UNSAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } @@ -254,7 +262,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass { @Test public void twoSEIsFindObjectPropertySubject() { setUpTwoSEIs(); - whatToAuth = new DropObjectPropertyStatement(SELFEDITOR_URI, + whatToAuth = new DropObjectPropertyStatement(ontModel, SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); } @@ -262,7 +270,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass { @Test public void twoSEIsFindObjectPropertyObject() { setUpTwoSEIs(); - whatToAuth = new DropObjectPropertyStatement(SAFE_RESOURCE, + whatToAuth = new DropObjectPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); } @@ -270,7 +278,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass { @Test public void twoSEIsDontFindInObjectProperty() { setUpTwoSEIs(); - whatToAuth = new DropObjectPropertyStatement(SAFE_RESOURCE, + whatToAuth = new DropObjectPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE, SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } @@ -279,7 +287,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass { public void twoSEIsFindDataPropertySubject() { setUpTwoSEIs(); - whatToAuth = new EditDataPropertyStatement(SELFEDITOR_URI, SAFE_PREDICATE); + whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI, SAFE_PREDICATE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); } @@ -287,7 +295,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass { public void twoSEIsDontFindInDataProperty() { setUpTwoSEIs(); - whatToAuth = new EditDataPropertyStatement(SAFE_RESOURCE, SAFE_PREDICATE); + whatToAuth = new EditDataPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java index 1d4b61f1c..0db89065f 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java @@ -15,6 +15,7 @@ import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestricti import stubs.javax.servlet.ServletContextStub; import com.hp.hpl.jena.ontology.OntModel; +import com.hp.hpl.jena.ontology.OntModelSpec; import com.hp.hpl.jena.rdf.model.ModelFactory; import com.hp.hpl.jena.rdf.model.impl.RDFDefaultErrorHandler; @@ -29,8 +30,6 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement; -import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; -import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl; import edu.cornell.mannlib.vitro.webapp.beans.Individual; import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl; import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; @@ -69,6 +68,14 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass { /** A bundle that contains a SelfEditing individual. */ IdentifierBundle ids; + /** + * An empty model that acts as a placeholder in the requested actions. The + * SelfEditingPolicy does not base its decisions on the contents of the + * model. + */ + private OntModel ontModel; + + @Before public void setUp() throws Exception { InputStream is = getClass().getResourceAsStream( @@ -78,6 +85,7 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass { // suppress the warning messages from loading the model. setLoggerLevel(RDFDefaultErrorHandler.class, Level.OFF); + // TODO This doesn't appear to be used for anything. Can it go away, along with the data file? OntModel model = ModelFactory.createOntologyModel(); model.read(is, ""); Assert.assertNotNull(model); @@ -96,6 +104,8 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass { ids = new ArrayIdentifierBundle(new HasProfile(SELFEDITOR_URI)); + ontModel = ModelFactory.createOntologyModel(OntModelSpec.OWL_MEM); + // setLoggerLevel(SelfEditingPolicySetupTest.class, Level.DEBUG); } @@ -113,7 +123,7 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass { @Test public void nullIdentifierBundle() { AddObjectPropertyStatement whatToAuth = new AddObjectPropertyStatement( - SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE); + ontModel, SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE); PolicyDecision dec = policy.isAuthorized(null, whatToAuth); Assert.assertNotNull(dec); Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized()); @@ -267,7 +277,7 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass { private void assertAddObjectPropStmt(String uriOfSub, String uriOfPred, String uriOfObj, Authorization expectedAuthorization) { AddObjectPropertyStatement whatToAuth = new AddObjectPropertyStatement( - uriOfSub, uriOfPred, uriOfObj); + ontModel, uriOfSub, uriOfPred, uriOfObj); PolicyDecision dec = policy.isAuthorized(ids, whatToAuth); log.debug(dec); Assert.assertNotNull(dec); @@ -281,7 +291,7 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass { private void assertEditObjPropStmt(String uriOfSub, String uriOfPred, String uriOfObj, Authorization expectedAuthorization) { EditObjectPropertyStatement whatToAuth = new EditObjectPropertyStatement( - uriOfSub, uriOfPred, uriOfObj); + ontModel, uriOfSub, uriOfPred, uriOfObj); PolicyDecision dec = policy.isAuthorized(ids, whatToAuth); log.debug(dec); Assert.assertNotNull(dec); @@ -295,7 +305,7 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass { private void assertEditDataPropStmt(String individualURI, String datapropURI, String data, Authorization expectedAuthorization) { EditDataPropertyStatement whatToAuth = new EditDataPropertyStatement( - individualURI, datapropURI); + ontModel, individualURI, datapropURI); PolicyDecision dec = policy.isAuthorized(ids, whatToAuth); log.debug(dec); Assert.assertNotNull(dec); From 41166b10fb1faaad4144d97def54e0db48636623 Mon Sep 17 00:00:00 2001 From: stellamit Date: Mon, 2 Apr 2012 20:55:34 +0000 Subject: [PATCH 18/25] NIHVIVO-3603 create application configuration ontology --- .../app/ApplicationConfiguration.owl | 546 ++++++++++++++++++ 1 file changed, 546 insertions(+) create mode 100644 webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl diff --git a/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl b/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl new file mode 100644 index 000000000..3b1abe056 --- /dev/null +++ b/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl @@ -0,0 +1,546 @@ + + + + + + + +]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Domain was Group OR DomainConfig + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Domain is intended to be Group OR PropertyEditConfig. BL and BC did not want to assign a domain. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 59ac4e5b6074ffd0cdaf4076ecb79c3f1b685ac1 Mon Sep 17 00:00:00 2001 From: stellamit Date: Mon, 2 Apr 2012 21:13:05 +0000 Subject: [PATCH 19/25] NIHVIVO-3603 app config ontology --- .../app/ApplicationConfiguration.owl | 546 ------------------ 1 file changed, 546 deletions(-) delete mode 100644 webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl diff --git a/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl b/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl deleted file mode 100644 index 3b1abe056..000000000 --- a/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl +++ /dev/null @@ -1,546 +0,0 @@ - - - - - - - -]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Domain was Group OR DomainConfig - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Domain is intended to be Group OR PropertyEditConfig. BL and BC did not want to assign a domain. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From 8ec670d03a321110f52effe7e313ed7c281244d1 Mon Sep 17 00:00:00 2001 From: stellamit Date: Mon, 2 Apr 2012 21:14:18 +0000 Subject: [PATCH 20/25] NIHVIVO-3603 --- .../app/ApplicationConfiguration.owl | 594 ++++++++++++++++++ 1 file changed, 594 insertions(+) create mode 100644 webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl diff --git a/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl b/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl new file mode 100644 index 000000000..f2fb37a4e --- /dev/null +++ b/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl @@ -0,0 +1,594 @@ + + + + + + + +]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Domain was Group OR DomainConfig + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Domain is intended to be Group OR PropertyEditConfig. BL and BC did not want to assign a domain. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 657e63f58033d6b4f093a73132c5498b42b76cc3 Mon Sep 17 00:00:00 2001 From: j2blake Date: Tue, 3 Apr 2012 16:11:59 +0000 Subject: [PATCH 21/25] NIHVIVO-3404 Provide getResourceUris() and getPredicateUri() methods on AbstractPropertyStatementAction, to permit easier checking by policies. --- .../propstmt/AbstractDataPropertyStatementAction.java | 6 ++++++ .../AbstractObjectPropertyStatementAction.java | 10 ++++++++-- .../propstmt/AbstractPropertyStatementAction.java | 8 ++++++++ 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java index 74a94678c..5ea769755 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java @@ -34,10 +34,16 @@ public abstract class AbstractDataPropertyStatementAction extends return subjectUri; } + @Override public String getPredicateUri() { return predicateUri; } + @Override + public String[] getResourceUris() { + return new String[] {subjectUri}; + } + @Override public String toString() { return getClass().getSimpleName() + ": <" + subjectUri + "> <" diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java index 53d0c9b6d..da380c383 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java @@ -38,12 +38,18 @@ public abstract class AbstractObjectPropertyStatementAction extends return subjectUri; } + public String getObjectUri() { + return objectUri; + } + + @Override public String getPredicateUri() { return predicateUri; } - public String getObjectUri() { - return objectUri; + @Override + public String[] getResourceUris() { + return new String[] {subjectUri, objectUri}; } @Override diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java index 1824f51dc..82434a2bd 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java @@ -20,4 +20,12 @@ public abstract class AbstractPropertyStatementAction extends RequestedAction { public OntModel getOntModel() { return ontModel; } + + /** + * Get the URI of the Resources that are involved in this statement. Those + * are the Subject, and the Object if this is an ObjectProperty request. + */ + public abstract String[] getResourceUris(); + + public abstract String getPredicateUri(); } From d41c67b015c8dc9bd33692a13703d70d816bbe45 Mon Sep 17 00:00:00 2001 From: j2blake Date: Tue, 3 Apr 2012 16:13:41 +0000 Subject: [PATCH 22/25] NIHVIVO-3404 Restructure the SelfEditorRelationshipPolicy to use the model in the RequestedAction, instead of a model assigned at system startup time. Also, break out the logic into separate RelationshipChecker objects, for easier maintenance. --- .../AbstractRelationshipPolicy.java | 150 +-------------- .../RelationshipChecker.java | 172 ++++++++++++++++++ 2 files changed, 173 insertions(+), 149 deletions(-) create mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/RelationshipChecker.java diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/AbstractRelationshipPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/AbstractRelationshipPolicy.java index c238d246c..f04053f71 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/AbstractRelationshipPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/AbstractRelationshipPolicy.java @@ -2,30 +2,17 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships; -import java.util.ArrayList; -import java.util.List; - import javax.servlet.ServletContext; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import com.hp.hpl.jena.ontology.OntModel; -import com.hp.hpl.jena.rdf.model.Property; -import com.hp.hpl.jena.rdf.model.RDFNode; -import com.hp.hpl.jena.rdf.model.Resource; -import com.hp.hpl.jena.rdf.model.Selector; -import com.hp.hpl.jena.rdf.model.SimpleSelector; -import com.hp.hpl.jena.rdf.model.StmtIterator; -import com.hp.hpl.jena.shared.Lock; - import edu.cornell.mannlib.vitro.webapp.auth.policy.BasicPolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; -import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; /** * A collection of building-block methods so we can code a policy based on the @@ -37,11 +24,9 @@ public abstract class AbstractRelationshipPolicy implements PolicyIface { .getLog(AbstractRelationshipPolicy.class); protected final ServletContext ctx; - protected final OntModel model; - public AbstractRelationshipPolicy(ServletContext ctx, OntModel model) { + public AbstractRelationshipPolicy(ServletContext ctx) { this.ctx = ctx; - this.model = model; } protected boolean canModifyResource(String uri) { @@ -54,133 +39,6 @@ public abstract class AbstractRelationshipPolicy implements PolicyIface { uri, RoleLevel.SELF); } - protected boolean isResourceOfType(String resourceUri, String typeUri) { - Selector selector = createSelector(resourceUri, - VitroVocabulary.RDF_TYPE, typeUri); - - StmtIterator stmts = null; - model.enterCriticalSection(Lock.READ); - try { - stmts = model.listStatements(selector); - if (stmts.hasNext()) { - log.debug("resource '" + resourceUri + "' is of type '" - + typeUri + "'"); - return true; - } else { - log.debug("resource '" + resourceUri + "' is not of type '" - + typeUri + "'"); - return false; - } - } finally { - if (stmts != null) { - stmts.close(); - } - model.leaveCriticalSection(); - } - } - - protected List getObjectsOfProperty(String resourceUri, - String propertyUri) { - List list = new ArrayList(); - - Selector selector = createSelector(resourceUri, propertyUri, null); - - StmtIterator stmts = null; - model.enterCriticalSection(Lock.READ); - try { - stmts = model.listStatements(selector); - while (stmts.hasNext()) { - list.add(stmts.next().getObject().toString()); - } - log.debug("Objects of property '" + propertyUri + "' on resource '" - + resourceUri + "': " + list); - return list; - } finally { - if (stmts != null) { - stmts.close(); - } - model.leaveCriticalSection(); - } - } - - protected List getObjectsOfLinkedProperty(String resourceUri, - String linkUri, String propertyUri) { - List list = new ArrayList(); - - Selector selector = createSelector(resourceUri, linkUri, null); - - StmtIterator stmts = null; - - model.enterCriticalSection(Lock.READ); - try { - stmts = model.listStatements(selector); - while (stmts.hasNext()) { - RDFNode objectNode = stmts.next().getObject(); - if (objectNode.isResource()) { - log.debug("found authorship for '" + resourceUri + "': " - + objectNode); - list.addAll(getUrisOfAuthors(objectNode.asResource(), - propertyUri)); - } - } - log.debug("Objects of linked properties '" + linkUri + "' ==> '" - + propertyUri + "' on '" + resourceUri + "': " + list); - return list; - } finally { - if (stmts != null) { - stmts.close(); - } - model.leaveCriticalSection(); - } - } - - /** Note that we must already be in a critical section! */ - private List getUrisOfAuthors(Resource authorship, - String propertyUri) { - List list = new ArrayList(); - - Selector selector = createSelector(authorship, propertyUri, null); - - StmtIterator stmts = null; - try { - stmts = model.listStatements(selector); - while (stmts.hasNext()) { - list.add(stmts.next().getObject().toString()); - } - return list; - } finally { - if (stmts != null) { - stmts.close(); - } - } - } - - protected Selector createSelector(String subjectUri, String predicateUri, - String objectUri) { - Resource subject = (subjectUri == null) ? null : model - .getResource(subjectUri); - return createSelector(subject, predicateUri, objectUri); - } - - protected Selector createSelector(Resource subject, String predicateUri, - String objectUri) { - Property predicate = (predicateUri == null) ? null : model - .getProperty(predicateUri); - RDFNode object = (objectUri == null) ? null : model - .getResource(objectUri); - return new SimpleSelector(subject, predicate, object); - } - - protected boolean anyUrisInCommon(List userUris, - List editorsOrAuthors) { - for (String userUri : userUris) { - if (editorsOrAuthors.contains(userUri)) { - return true; - } - } - return false; - } - protected PolicyDecision cantModifyResource(String uri) { return inconclusiveDecision("No access to admin resources; cannot modify " + uri); @@ -201,10 +59,4 @@ public abstract class AbstractRelationshipPolicy implements PolicyIface { .getSimpleName() + ": " + message); } - /** An AUTHORIZED decision with a message like "PolicyClass: message". */ - protected PolicyDecision authorizedDecision(String message) { - return new BasicPolicyDecision(Authorization.AUTHORIZED, getClass() - .getSimpleName() + ": " + message); - } - } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/RelationshipChecker.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/RelationshipChecker.java new file mode 100644 index 000000000..b06407887 --- /dev/null +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/RelationshipChecker.java @@ -0,0 +1,172 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import com.hp.hpl.jena.ontology.OntModel; +import com.hp.hpl.jena.rdf.model.Property; +import com.hp.hpl.jena.rdf.model.RDFNode; +import com.hp.hpl.jena.rdf.model.Resource; +import com.hp.hpl.jena.rdf.model.Selector; +import com.hp.hpl.jena.rdf.model.SimpleSelector; +import com.hp.hpl.jena.rdf.model.StmtIterator; +import com.hp.hpl.jena.shared.Lock; + +import edu.cornell.mannlib.vitro.webapp.auth.policy.BasicPolicyDecision; +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; +import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; + +/** + * Look for relationships within an OntModel. Types of resources, links between + * resources, and links between resources via a context node. + * + * Also provides some convenience methods for test lists of URIs and for + * creating PolicyDecisions. + */ +public class RelationshipChecker { + private static final Log log = LogFactory.getLog(RelationshipChecker.class); + + private final OntModel ontModel; + + public RelationshipChecker(OntModel ontModel) { + this.ontModel = ontModel; + } + + /** + * Are there any URIs that appear in both of these lists? + */ + public boolean anyUrisInCommon(List list1, List list2) { + List urisInCommon = new ArrayList(list1); + urisInCommon.retainAll(list2); + return !urisInCommon.isEmpty(); + } + + /** + * Is this resource a member of this type? That is, is there an statement of + * the form: rdfs:type + */ + public boolean isResourceOfType(String resourceUri, String typeUri) { + Selector selector = createSelector(resourceUri, + VitroVocabulary.RDF_TYPE, typeUri); + + StmtIterator stmts = null; + ontModel.enterCriticalSection(Lock.READ); + try { + stmts = ontModel.listStatements(selector); + if (stmts.hasNext()) { + log.debug("resource '" + resourceUri + "' is of type '" + + typeUri + "'"); + return true; + } else { + log.debug("resource '" + resourceUri + "' is not of type '" + + typeUri + "'"); + return false; + } + } finally { + if (stmts != null) { + stmts.close(); + } + ontModel.leaveCriticalSection(); + } + } + + /** + * Get a list of the object URIs that satisfy this statement: + * + * + * + * May return an empty list, but never returns null. + */ + public List getObjectsOfProperty(String resourceUri, + String propertyUri) { + List list = new ArrayList(); + + Selector selector = createSelector(resourceUri, propertyUri, null); + + StmtIterator stmts = null; + ontModel.enterCriticalSection(Lock.READ); + try { + stmts = ontModel.listStatements(selector); + while (stmts.hasNext()) { + list.add(stmts.next().getObject().toString()); + } + log.debug("Objects of property '" + propertyUri + "' on resource '" + + resourceUri + "': " + list); + return list; + } finally { + if (stmts != null) { + stmts.close(); + } + ontModel.leaveCriticalSection(); + } + } + + /** + * Get a list of the object URIs that satisfy these statements: + * + * + * + * + * + * May return an empty list, but never returns null. + */ + public List getObjectsOfLinkedProperty(String resourceUri, + String linkUri, String propertyUri) { + List list = new ArrayList(); + + Selector selector = createSelector(resourceUri, linkUri, null); + + StmtIterator stmts = null; + + ontModel.enterCriticalSection(Lock.READ); + try { + stmts = ontModel.listStatements(selector); + while (stmts.hasNext()) { + RDFNode contextNode = stmts.next().getObject(); + if (contextNode.isResource()) { + log.debug("found context node for '" + resourceUri + "': " + + contextNode); + list.addAll(getObjectsOfProperty(contextNode.asResource() + .getURI(), propertyUri)); + } + } + log.debug("Objects of linked properties '" + linkUri + "' ==> '" + + propertyUri + "' on '" + resourceUri + "': " + list); + return list; + } finally { + if (stmts != null) { + stmts.close(); + } + ontModel.leaveCriticalSection(); + } + } + + public Selector createSelector(String subjectUri, String predicateUri, + String objectUri) { + Resource subject = (subjectUri == null) ? null : ontModel + .getResource(subjectUri); + return createSelector(subject, predicateUri, objectUri); + } + + public Selector createSelector(Resource subject, String predicateUri, + String objectUri) { + Property predicate = (predicateUri == null) ? null : ontModel + .getProperty(predicateUri); + RDFNode object = (objectUri == null) ? null : ontModel + .getResource(objectUri); + return new SimpleSelector(subject, predicate, object); + } + + /** An AUTHORIZED decision with a message like "PolicyClass: message". */ + protected PolicyDecision authorizedDecision(String message) { + return new BasicPolicyDecision(Authorization.AUTHORIZED, getClass() + .getSimpleName() + ": " + message); + } + +} From 42d5e9ea5eb28798a83da8085edd3e23a6653e4d Mon Sep 17 00:00:00 2001 From: stellamit Date: Tue, 3 Apr 2012 16:30:31 +0000 Subject: [PATCH 23/25] changing name of one of the individuals in the enumerated class OfferEditOptions --- .../web/WEB-INF/ontologies/app/ApplicationConfiguration.owl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl b/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl index f2fb37a4e..3a21796ea 100644 --- a/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl +++ b/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl @@ -573,9 +573,9 @@ - + - + From 76f02f0d5536d8558ba5f63ced63cb9a68080797 Mon Sep 17 00:00:00 2001 From: stellamit Date: Tue, 3 Apr 2012 18:10:00 +0000 Subject: [PATCH 24/25] NIHVIVO-3603 specifying no range at all for datatype properties that we expect to be a string with optional language tag. --- .../ontologies/app/ApplicationConfiguration.owl | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl b/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl index 3a21796ea..87ef684d3 100644 --- a/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl +++ b/webapp/web/WEB-INF/ontologies/app/ApplicationConfiguration.owl @@ -250,7 +250,8 @@ - Domain was Group OR DomainConfig + range is intended to be plain literal with language tag. + @@ -276,8 +277,8 @@ + range is intended to be plain literal with language tag. - @@ -285,8 +286,9 @@ + 'text/html' for html content + range is intended to be plain literal with a language tag. - @@ -303,9 +305,8 @@ - Domain is intended to be Group OR PropertyEditConfig. BL and BC did not want to assign a domain. + range is intended to be plain literal with language tag. - @@ -313,8 +314,8 @@ + range is intended to be plain literal with language tag. - From b150614e4adc451d0d7bff1c4ca643f1a36893c0 Mon Sep 17 00:00:00 2001 From: j2blake Date: Wed, 4 Apr 2012 20:18:03 +0000 Subject: [PATCH 25/25] NIHVIVO-3404 Add methods to PolicyHelper to do last-minute authorization checks on additions and retractions. Create tests. --- .../webapp/auth/policy/PolicyHelper.java | 213 +++++++--- .../auth/policy/PolicyHelper_ModelsTest.java | 370 ++++++++++++++++++ .../policy/PolicyHelper_StatementsTest.java | 189 ++++----- 3 files changed, 599 insertions(+), 173 deletions(-) create mode 100644 webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_ModelsTest.java diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java index 5e418ce3a..0f432cf0c 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java @@ -7,7 +7,10 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import com.hp.hpl.jena.ontology.OntModel; +import com.hp.hpl.jena.ontology.OntModelSpec; import com.hp.hpl.jena.rdf.model.Model; +import com.hp.hpl.jena.rdf.model.ModelFactory; import com.hp.hpl.jena.rdf.model.Property; import com.hp.hpl.jena.rdf.model.RDFNode; import com.hp.hpl.jena.rdf.model.Resource; @@ -23,7 +26,6 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPro import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement; -import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; /** * A collection of static methods to help determine whether requested actions @@ -61,34 +63,14 @@ public class PolicyHelper { } /** - * Do the current policies authorize the current user to add all of the - * statements in this model? - */ - public static boolean isAuthorizedToAdd(VitroRequest vreq, Model model) { - if ((vreq == null) || (model == null)) { - return false; - } - - StmtIterator stmts = model.listStatements(); - try { - while (stmts.hasNext()) { - if (!isAuthorizedToAdd(vreq, stmts.next())) { - return false; - } - } - return true; - } finally { - stmts.close(); - } - } - - /** - * Do the current policies authorize the current user to add this statement? + * Do the current policies authorize the current user to add this statement + * to this model? * * The statement is expected to be fully-populated, with no null fields. */ - public static boolean isAuthorizedToAdd(VitroRequest vreq, Statement stmt) { - if ((vreq == null) || (stmt == null)) { + public static boolean isAuthorizedToAdd(HttpServletRequest req, + Statement stmt, OntModel modelToBeModified) { + if ((req == null) || (stmt == null) || (modelToBeModified == null)) { return false; } @@ -101,46 +83,25 @@ public class PolicyHelper { RequestedAction action; if (objectNode.isResource()) { - action = new AddObjectPropertyStatement(vreq.getJenaOntModel(), + action = new AddObjectPropertyStatement(modelToBeModified, subject.getURI(), predicate.getURI(), objectNode .asResource().getURI()); } else { - action = new AddDataPropertyStatement(vreq.getJenaOntModel(), + action = new AddDataPropertyStatement(modelToBeModified, subject.getURI(), predicate.getURI()); } - return isAuthorizedForActions(vreq, action); + return isAuthorizedForActions(req, action); } /** - * Do the current policies authorize the current user to drop all of the - * statements in this model? - */ - public static boolean isAuthorizedToDrop(VitroRequest vreq, Model model) { - if ((vreq == null) || (model == null)) { - return false; - } - - StmtIterator stmts = model.listStatements(); - try { - while (stmts.hasNext()) { - if (!isAuthorizedToDrop(vreq, stmts.next())) { - return false; - } - } - return true; - } finally { - stmts.close(); - } - } - - /** - * Do the current policies authorize the current user to drop this - * statement? + * Do the current policies authorize the current user to drop this statement + * from this model? * * The statement is expected to be fully-populated, with no null fields. */ - public static boolean isAuthorizedToDrop(VitroRequest vreq, Statement stmt) { - if ((vreq == null) || (stmt == null)) { + public static boolean isAuthorizedToDrop(HttpServletRequest req, + Statement stmt, OntModel modelToBeModified) { + if ((req == null) || (stmt == null) || (modelToBeModified == null)) { return false; } @@ -153,14 +114,150 @@ public class PolicyHelper { RequestedAction action; if (objectNode.isResource()) { - action = new DropObjectPropertyStatement(vreq.getJenaOntModel(), + action = new DropObjectPropertyStatement(modelToBeModified, subject.getURI(), predicate.getURI(), objectNode .asResource().getURI()); } else { - action = new DropDataPropertyStatement(vreq.getJenaOntModel(), + action = new DropDataPropertyStatement(modelToBeModified, subject.getURI(), predicate.getURI()); } - return isAuthorizedForActions(vreq, action); + return isAuthorizedForActions(req, action); + } + + /** + * Do the current policies authorize the current user to modify this model + * by adding all of the statments in the additions model and dropping all of + * the statements in the retractions model? + * + * This differs from the other calls to "isAuthorized..." because we always + * expect the answer to be true. If the answer is false, it should be logged + * as an error. + * + * Even if a statement fails the test, continue to test the others, so the + * log will contain a full record of all failures. This is no more expensive + * than if all statements succeeded. + */ + public static boolean isAuthorizedAsExpected(HttpServletRequest req, + Model additions, Model retractions, OntModel modelBeingModified) { + if (req == null) { + log.warn("Can't evaluate authorization if req is null"); + return false; + } + if (additions == null) { + log.warn("Can't evaluate authorization if additions model is null"); + return false; + } + if (retractions == null) { + log.warn("Can't evaluate authorization if retractions model is null"); + return false; + } + if (modelBeingModified == null) { + log.warn("Can't evaluate authorization if model being modified is null"); + return false; + } + + /* + * The naive way to test the additions is to test each statement against + * the JenaOntModel. However, some of the statements may not be + * authorized unless others are added first. The client code should not + * need to know which sequence will be successful. The client code only + * cares that such a sequence does exist. + * + * There are 3 obvious ways to test this, ranging from the most rigorous + * (and most costly) to the least costly (and least rigorous). + * + * 1. Try all sequences to find one that works. First, try to add each + * statement to the modelBeingModified. If any statement succeeds, + * construct a temporary model that joins that statement to the + * modelBeingModified. Now try the remaining statements against that + * temporary model, adding the statement each time we are successful. If + * we eventually find all of the statements authorized, declare success. + * This is logically rigorous, but could become geometrically expensive + * as statements are repeatedly tried against incremented models. O(n!). + * + * 2. Try each statement on the assumption that all of the others have + * already been added. So for each statement we create a temporary + * modeol that joins the other additions to the JenaOntModel. If all + * statements pass this test, declare success. This is logically flawed + * since it is possible that two statements would circularly authorize + * each other, but that neither statement could be added first. However, + * that seems like a small risk, and the algorithm is considerably less + * expensive. O(n). + * + * 3. Try each statement on the assumption that all of the statements + * (including itself) have already been added. If all statements pass + * this test, declare success. This has the additional minor flaw of + * allowing a statement to authorize its own addition, but this seems + * very unlikely. This is about as expensive as choice 2., but much + * simpler to code. + * + * For now, I am going with choice 3. + */ + + boolean result = true; + + OntModel modelToTestAgainst = ModelFactory + .createOntologyModel(OntModelSpec.OWL_MEM); + modelToTestAgainst.addSubModel(additions); + modelToTestAgainst.addSubModel(modelBeingModified); + + StmtIterator addStmts = additions.listStatements(); + try { + while (addStmts.hasNext()) { + Statement stmt = addStmts.next(); + if (isAuthorizedToAdd(req, stmt, modelToTestAgainst)) { + if (log.isDebugEnabled()) { + log.debug("Last-chance authorization check: " + + "authorized to add statement: " + + formatStatement(stmt)); + } + } else { + log.warn("Last-chance authorization check reveals not " + + "authorized to add statement: " + + formatStatement(stmt)); + result = false; + } + } + } finally { + addStmts.close(); + } + + /* + * For retractions, there is no such conundrum. Assume that all of the + * additions have been added, and check the authorization of each + * retraction. + */ + + StmtIterator dropStmts = retractions.listStatements(); + try { + while (dropStmts.hasNext()) { + Statement stmt = dropStmts.next(); + if (isAuthorizedToDrop(req, stmt, modelToTestAgainst)) { + if (log.isDebugEnabled()) { + log.debug("Last-chance authorization check: " + + "authorized to drop statement: " + + formatStatement(stmt)); + } + } else { + log.warn("Last-chance authorization check reveals not " + + "authorized to drop statement: " + + formatStatement(stmt)); + result = false; + } + } + } finally { + dropStmts.close(); + } + + return result; + } + + private static String formatStatement(Statement stmt) { + if (stmt == null) { + return "null statement"; + } + return "<" + stmt.getSubject() + "> <" + stmt.getPredicate() + "> <" + + stmt.getObject() + ">"; } /** diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_ModelsTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_ModelsTest.java new file mode 100644 index 000000000..888e488cb --- /dev/null +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_ModelsTest.java @@ -0,0 +1,370 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.auth.policy; + +import static org.junit.Assert.assertEquals; + +import java.lang.reflect.InvocationHandler; +import java.lang.reflect.Method; +import java.lang.reflect.Proxy; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Iterator; +import java.util.List; +import java.util.NoSuchElementException; + +import org.apache.log4j.Level; +import org.junit.Before; +import org.junit.Test; + +import stubs.javax.servlet.ServletContextStub; +import stubs.javax.servlet.http.HttpServletRequestStub; +import stubs.javax.servlet.http.HttpSessionStub; + +import com.hp.hpl.jena.ontology.OntModel; +import com.hp.hpl.jena.ontology.OntModelSpec; +import com.hp.hpl.jena.rdf.model.Model; +import com.hp.hpl.jena.rdf.model.ModelFactory; +import com.hp.hpl.jena.rdf.model.Property; +import com.hp.hpl.jena.rdf.model.Resource; +import com.hp.hpl.jena.rdf.model.Statement; +import com.hp.hpl.jena.rdf.model.StmtIterator; +import com.hp.hpl.jena.util.iterator.NiceIterator; + +import edu.cornell.mannlib.vitro.testing.AbstractTestClass; +import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractPropertyStatementAction; + +/** + * Test the function of PolicyHelper in authorizing models of additions and + * retractions. + * + * It is vital that these methods work even if the statements are presented in + * the "wrong" order: one statement being authorized by a statement that appears + * later in the list. + * + * In order to test that, we need to create a Model that will list the + * statements in an order that we can predict, vis. the order in which they were + * added. + * + * To avoid creating a SortedModel that implements dozens of methods, we instead + * create a Proxy class that keeps the statements in order and lists them on + * demand. + */ +public class PolicyHelper_ModelsTest extends AbstractTestClass { + private static final String PRIMARY_RESOURCE_URI = "http://primaryResource"; + private static final String OTHER_RESOURCE_URI = "http://otherResource"; + private static final String FRIEND_PREDICATE_URI = "http://friend"; + private static final String SOME_PREDICATE_URI = "http://something"; + + private ServletContextStub ctx; + private HttpSessionStub session; + private HttpServletRequestStub req; + private OntModel ontModel = ModelFactory + .createOntologyModel(OntModelSpec.OWL_MEM); + + private Model additions; + private Model retractions; + + @Before + public void setup() { + ctx = new ServletContextStub(); + + session = new HttpSessionStub(); + session.setServletContext(ctx); + + req = new HttpServletRequestStub(); + req.setSession(session); + + setLoggerLevel(ServletPolicyList.class, Level.WARN); + ServletPolicyList.addPolicy(ctx, new MySimplePolicy()); + + setLoggerLevel(PolicyHelper.class, Level.DEBUG); + } + + // ---------------------------------------------------------------------- + // The tests. + // ---------------------------------------------------------------------- + + @Test + public void rejectNullRequest() { + setLoggerLevel(PolicyHelper.class, Level.ERROR); // suppress warning + req = null; + additions = model(); + retractions = model(); + assertAuthorized("reject null request", false); + } + + @Test + public void rejectNullAdditions() { + setLoggerLevel(PolicyHelper.class, Level.ERROR); // suppress warning + additions = null; + retractions = model(); + assertAuthorized("reject null additions", false); + } + + @Test + public void rejectNullRetractions() { + setLoggerLevel(PolicyHelper.class, Level.ERROR); // suppress warning + additions = model(); + retractions = null; + assertAuthorized("reject null retractions", false); + } + + @Test + public void rejectNullOntModel() { + setLoggerLevel(PolicyHelper.class, Level.ERROR); // suppress warning + additions = model(); + retractions = model(); + ontModel = null; + assertAuthorized("reject null OntModel", false); + } + + @Test + public void acceptEmptyChanges() { + additions = model(); + retractions = model(); + assertAuthorized("accept empty changes add", true); + } + + @Test + public void acceptSimpleAdd() { + additions = model(dataStatement(PRIMARY_RESOURCE_URI, + SOME_PREDICATE_URI)); + retractions = model(); + assertAuthorized("accept simple add", true); + } + + @Test + public void acceptSimpleDrop() { + additions = model(); + retractions = model(dataStatement(PRIMARY_RESOURCE_URI, + SOME_PREDICATE_URI)); + assertAuthorized("accept simple add", true); + } + + @Test + public void rejectSimpleAdd() { + setLoggerLevel(PolicyHelper.class, Level.ERROR); // suppress warning + additions = model(dataStatement(OTHER_RESOURCE_URI, SOME_PREDICATE_URI)); + retractions = model(); + assertAuthorized("reject simple add", false); + } + + @Test + public void rejectSimpleDrop() { + setLoggerLevel(PolicyHelper.class, Level.ERROR); // suppress warning + additions = model(); + retractions = model(dataStatement(OTHER_RESOURCE_URI, + SOME_PREDICATE_URI)); + assertAuthorized("reject simple drop", false); + } + + @Test + public void acceptAddBecauseOfExistingStatement() { + ontModel.add(objectStatement(PRIMARY_RESOURCE_URI, + FRIEND_PREDICATE_URI, OTHER_RESOURCE_URI)); + additions = model(dataStatement(OTHER_RESOURCE_URI, SOME_PREDICATE_URI)); + retractions = model(); + assertAuthorized("accept add because of existing statement", true); + } + + @Test + public void acceptDropBecauseOfExistingStatement() { + ontModel.add(objectStatement(PRIMARY_RESOURCE_URI, + FRIEND_PREDICATE_URI, OTHER_RESOURCE_URI)); + additions = model(); + retractions = model(dataStatement(OTHER_RESOURCE_URI, + SOME_PREDICATE_URI)); + assertAuthorized("accept drop because of existing statement", true); + } + + /** + * This test is the whole reason for the funky model that lists statements + * in a known order. We need to know that the DataStatement is authorized + * even though it relies on an ObjectStatement that appears later in the + * list. + */ + @Test + public void acceptAddBecauseOfOtherAdd() { + additions = model( + dataStatement(OTHER_RESOURCE_URI, SOME_PREDICATE_URI), + objectStatement(PRIMARY_RESOURCE_URI, FRIEND_PREDICATE_URI, + OTHER_RESOURCE_URI)); + retractions = model(); + assertAuthorized("accept add because of other add", true); + } + + @Test + public void acceptDropBecauseOfAdd() { + additions = model(objectStatement(PRIMARY_RESOURCE_URI, + FRIEND_PREDICATE_URI, OTHER_RESOURCE_URI)); + retractions = model(dataStatement(OTHER_RESOURCE_URI, + SOME_PREDICATE_URI)); + assertAuthorized("accept drop because of add", true); + } + + // ---------------------------------------------------------------------- + // Helper methods + // ---------------------------------------------------------------------- + + /** Build a data statement. */ + private Statement dataStatement(String subjectUri, String predicateUri) { + Model model = ModelFactory.createDefaultModel(); + Resource subject = model.createResource(subjectUri); + Property predicate = model.createProperty(predicateUri); + return model.createStatement(subject, predicate, "whoCares?"); + } + + /** Build an object statement. */ + private Statement objectStatement(String subjectUri, String predicateUri, + String objectUri) { + Model model = ModelFactory.createDefaultModel(); + Resource subject = model.createResource(subjectUri); + Resource object = model.createResource(objectUri); + Property predicate = model.createProperty(predicateUri); + return model.createStatement(subject, predicate, object); + } + + /** Build a model. */ + private Model model(Statement... stmts) { + Model innerModel = ModelFactory.createDefaultModel(); + Model proxy = (Model) Proxy.newProxyInstance( + OrderedModelInvocationHandler.class.getClassLoader(), + new Class[] { Model.class }, new OrderedModelInvocationHandler( + innerModel)); + proxy.add(stmts); + return proxy; + } + + /** + * Check whether we are authorized to make the additions and retractions to + * the model. + */ + private void assertAuthorized(String message, boolean expected) { + boolean actual = PolicyHelper.isAuthorizedAsExpected(req, additions, + retractions, ontModel); + assertEquals(message, expected, actual); + } + + // ---------------------------------------------------------------------- + // Helper classes + // ---------------------------------------------------------------------- + + /** + * A model Proxy object built around this will list statements in the order + * they were added. + * + * This only works if the statements were added by a call to + * add(Statement[]), and if they are listed by a call to listStatements(). + * If the test used other methods to add statements, or if the PolicyHelper + * used a different method to query the model, we would not be assured of + * the order of the statements from the iterator. + */ + public static class OrderedModelInvocationHandler implements + InvocationHandler { + private final Model proxied; + private final List stmts = new ArrayList(); + + public OrderedModelInvocationHandler(Model proxied) { + this.proxied = proxied; + } + + @Override + public Object invoke(Object proxy, Method method, Object[] args) + throws Throwable { + if (method.getName().equals("add") && (args.length == 1) + && (args[0] instanceof Statement[])) { + stmts.addAll(Arrays.asList((Statement[]) args[0])); + return method.invoke(proxied, args); + } + if (method.getName().equals("listStatements") + && ((args == null) || (args.length == 0))) { + return new StatementListIterator(stmts); + } + + return method.invoke(proxied, args); + } + } + + /** + * A StmtIterator that iterates over a list of statements. + */ + public static class StatementListIterator extends NiceIterator + implements StmtIterator { + private final Iterator innerIterator; + + public StatementListIterator(List stmts) { + this.innerIterator = new ArrayList(stmts).iterator(); + } + + @Override + public Statement nextStatement() throws NoSuchElementException { + return next(); + } + + @Override + public boolean hasNext() { + return innerIterator.hasNext(); + } + + @Override + public Statement next() { + return innerIterator.next(); + } + + } + + /** + * A Policy that authorizes a statement iff (1) The subject is the primary + * resource, or (2) The subject is related to the primary resource by a + * "friend" property statement. + */ + private class MySimplePolicy implements PolicyIface { + @Override + public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, + RequestedAction whatToAuth) { + if (!(whatToAuth instanceof AbstractPropertyStatementAction)) { + return inconclusive(); + } + + AbstractPropertyStatementAction action = (AbstractPropertyStatementAction) whatToAuth; + + String subjectUri = action.getResourceUris()[0]; + if (PRIMARY_RESOURCE_URI.equals(subjectUri)) { + return authorized(); + } + + Statement friendStmt = objectStatement(PRIMARY_RESOURCE_URI, + FRIEND_PREDICATE_URI, subjectUri); + if (statementExists(action.getOntModel(), friendStmt)) { + return authorized(); + } + + return inconclusive(); + } + + private boolean statementExists(OntModel oModel, Statement stmt) { + StmtIterator stmts = oModel.listStatements(stmt.getSubject(), + stmt.getPredicate(), stmt.getObject()); + try { + return stmts.hasNext(); + } finally { + stmts.close(); + } + } + + private PolicyDecision authorized() { + return new BasicPolicyDecision(Authorization.AUTHORIZED, ""); + } + + private PolicyDecision inconclusive() { + return new BasicPolicyDecision(Authorization.INCONCLUSIVE, ""); + } + } + +} diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java index 515637446..946c0eafd 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper_StatementsTest.java @@ -12,8 +12,8 @@ import stubs.javax.servlet.ServletContextStub; import stubs.javax.servlet.http.HttpServletRequestStub; import stubs.javax.servlet.http.HttpSessionStub; +import com.hp.hpl.jena.ontology.OntModel; import com.hp.hpl.jena.ontology.OntModelSpec; -import com.hp.hpl.jena.rdf.model.Model; import com.hp.hpl.jena.rdf.model.ModelFactory; import com.hp.hpl.jena.rdf.model.Property; import com.hp.hpl.jena.rdf.model.Resource; @@ -27,7 +27,6 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyStatementAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction; -import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; /** * Test the function of PolicyHelper in authorizing statements and models. @@ -40,7 +39,8 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { private ServletContextStub ctx; private HttpSessionStub session; - private VitroRequest vreq; + private HttpServletRequestStub req; + private OntModel ontModel; @Before public void setup() { @@ -49,23 +49,23 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { session = new HttpSessionStub(); session.setServletContext(ctx); - HttpServletRequestStub req = new HttpServletRequestStub(); + req = new HttpServletRequestStub(); req.setSession(session); - vreq = new VitroRequest(req); - vreq.setJenaOntModel(ModelFactory.createOntologyModel(OntModelSpec.OWL_MEM)); + + ontModel = ModelFactory.createOntologyModel(OntModelSpec.OWL_MEM); setLoggerLevel(ServletPolicyList.class, Level.WARN); ServletPolicyList.addPolicy(ctx, new MySimplePolicy()); } // ---------------------------------------------------------------------- - // Statement-level tests. + // The tests. // ---------------------------------------------------------------------- @Test public void addNullStatement() { assertEquals("null statement", false, - PolicyHelper.isAuthorizedToAdd(vreq, (Statement) null)); + PolicyHelper.isAuthorizedToAdd(req, null, ontModel)); } @Test @@ -73,29 +73,53 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { Statement stmt = dataStatement(APPROVED_SUBJECT_URI, APPROVED_PREDICATE_URI); assertEquals("null request", false, - PolicyHelper.isAuthorizedToAdd(null, stmt)); + PolicyHelper.isAuthorizedToAdd(null, stmt, ontModel)); } @Test - public void addAuthorizedStatement() { + public void addStatementToNullModel() { + Statement stmt = dataStatement(APPROVED_SUBJECT_URI, + APPROVED_PREDICATE_URI); + assertEquals("authorized", false, + PolicyHelper.isAuthorizedToAdd(req, stmt, null)); + } + + @Test + public void addAuthorizedDataStatement() { Statement stmt = dataStatement(APPROVED_SUBJECT_URI, APPROVED_PREDICATE_URI); assertEquals("authorized", true, - PolicyHelper.isAuthorizedToAdd(vreq, stmt)); + PolicyHelper.isAuthorizedToAdd(req, stmt, ontModel)); } @Test - public void addUnauthorizedStatement() { + public void addAuthorizedObjectStatement() { + Statement stmt = objectStatement(APPROVED_SUBJECT_URI, + APPROVED_PREDICATE_URI, APPROVED_OBJECT_URI); + assertEquals("authorized", true, + PolicyHelper.isAuthorizedToAdd(req, stmt, ontModel)); + } + + @Test + public void addUnauthorizedDataStatement() { Statement stmt = dataStatement(APPROVED_SUBJECT_URI, UNAPPROVED_PREDICATE_URI); assertEquals("not authorized", false, - PolicyHelper.isAuthorizedToAdd(vreq, stmt)); + PolicyHelper.isAuthorizedToAdd(req, stmt, ontModel)); + } + + @Test + public void addUnauthorizedObjectStatement() { + Statement stmt = objectStatement(APPROVED_SUBJECT_URI, + UNAPPROVED_PREDICATE_URI, APPROVED_OBJECT_URI); + assertEquals("not authorized", false, + PolicyHelper.isAuthorizedToAdd(req, stmt, ontModel)); } @Test public void dropNullStatement() { - assertEquals("null statement", false, - PolicyHelper.isAuthorizedToDrop(vreq, (Statement) null)); + assertEquals("null statement", false, PolicyHelper.isAuthorizedToDrop( + req, (Statement) null, ontModel)); } @Test @@ -103,103 +127,47 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { Statement stmt = dataStatement(APPROVED_SUBJECT_URI, APPROVED_PREDICATE_URI); assertEquals("null request", false, - PolicyHelper.isAuthorizedToDrop(null, stmt)); + PolicyHelper.isAuthorizedToDrop(null, stmt, ontModel)); } @Test - public void dropAuthorizedStatement() { + public void dropStatementFromNullModel() { + Statement stmt = dataStatement(APPROVED_SUBJECT_URI, + APPROVED_PREDICATE_URI); + assertEquals("authorized", false, + PolicyHelper.isAuthorizedToDrop(req, stmt, null)); + } + + @Test + public void dropAuthorizedDataStatement() { Statement stmt = dataStatement(APPROVED_SUBJECT_URI, APPROVED_PREDICATE_URI); assertEquals("authorized", true, - PolicyHelper.isAuthorizedToDrop(vreq, stmt)); + PolicyHelper.isAuthorizedToDrop(req, stmt, ontModel)); } @Test - public void dropUnauthorizedStatement() { + public void dropAuthorizedObjectStatement() { + Statement stmt = objectStatement(APPROVED_SUBJECT_URI, + APPROVED_PREDICATE_URI, APPROVED_OBJECT_URI); + assertEquals("authorized", true, + PolicyHelper.isAuthorizedToDrop(req, stmt, ontModel)); + } + + @Test + public void dropUnauthorizedDataStatement() { Statement stmt = dataStatement(APPROVED_SUBJECT_URI, UNAPPROVED_PREDICATE_URI); assertEquals("not authorized", false, - PolicyHelper.isAuthorizedToDrop(vreq, stmt)); - } - - // ---------------------------------------------------------------------- - // Model-level tests - // ---------------------------------------------------------------------- - - @Test - public void addNullModel() { - assertEquals("null statement", false, - PolicyHelper.isAuthorizedToAdd(vreq, (Model) null)); + PolicyHelper.isAuthorizedToDrop(req, stmt, ontModel)); } @Test - public void addModelWithNullRequest() { - assertEquals("empty model", false, - PolicyHelper.isAuthorizedToAdd(null, model())); - } - - @Test - public void addEmptyModel() { - assertEquals("empty model", true, - PolicyHelper.isAuthorizedToAdd(vreq, model())); - } - - @Test - public void addAuthorizedModel() { - Model model = model( - dataStatement(APPROVED_SUBJECT_URI, APPROVED_PREDICATE_URI), - objectStatement(APPROVED_SUBJECT_URI, APPROVED_PREDICATE_URI, - APPROVED_OBJECT_URI)); - assertEquals("authorized model", true, - PolicyHelper.isAuthorizedToAdd(vreq, model)); - } - - @Test - public void addUnauthorizedModel() { - Model model = model( - dataStatement(APPROVED_SUBJECT_URI, APPROVED_PREDICATE_URI), - objectStatement(APPROVED_SUBJECT_URI, UNAPPROVED_PREDICATE_URI, - APPROVED_OBJECT_URI)); - assertEquals("unauthorized model", false, - PolicyHelper.isAuthorizedToAdd(vreq, model)); - } - - @Test - public void dropNullModel() { - assertEquals("null statement", false, - PolicyHelper.isAuthorizedToDrop(vreq, (Model) null)); - } - - @Test - public void dropModelWithNullRequest() { - assertEquals("empty model", false, - PolicyHelper.isAuthorizedToDrop(null, model())); - } - - @Test - public void dropEmptyModel() { - assertEquals("empty model", true, - PolicyHelper.isAuthorizedToDrop(vreq, model())); - } - - @Test - public void dropAuthorizedModel() { - Model model = model( - dataStatement(APPROVED_SUBJECT_URI, APPROVED_PREDICATE_URI), - objectStatement(APPROVED_SUBJECT_URI, APPROVED_PREDICATE_URI, - APPROVED_OBJECT_URI)); - assertEquals("authorized model", true, - PolicyHelper.isAuthorizedToDrop(vreq, model)); - } - - @Test - public void dropUnauthorizedModel() { - Model model = model( - dataStatement(APPROVED_SUBJECT_URI, UNAPPROVED_PREDICATE_URI), - objectStatement(APPROVED_SUBJECT_URI, APPROVED_PREDICATE_URI, - APPROVED_OBJECT_URI)); - assertEquals("unauthorized model", false, - PolicyHelper.isAuthorizedToDrop(vreq, model)); + public void dropUnauthorizedObjectStatement() { + Statement stmt = objectStatement(APPROVED_SUBJECT_URI, + UNAPPROVED_PREDICATE_URI, APPROVED_OBJECT_URI); + assertEquals("not authorized", false, + PolicyHelper.isAuthorizedToDrop(req, stmt, ontModel)); } // ---------------------------------------------------------------------- @@ -208,27 +176,18 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { /** Build a data statement. */ private Statement dataStatement(String subjectUri, String predicateUri) { - Model model = ModelFactory.createDefaultModel(); - Resource subject = model.createResource(subjectUri); - Property predicate = model.createProperty(predicateUri); - return model.createStatement(subject, predicate, "whoCares?"); + Resource subject = ontModel.createResource(subjectUri); + Property predicate = ontModel.createProperty(predicateUri); + return ontModel.createStatement(subject, predicate, "whoCares?"); } /** Build a object statement. */ private Statement objectStatement(String subjectUri, String predicateUri, String objectUri) { - Model model = ModelFactory.createDefaultModel(); - Resource subject = model.createResource(subjectUri); - Resource object = model.createResource(objectUri); - Property predicate = model.createProperty(predicateUri); - return model.createStatement(subject, predicate, object); - } - - /** Build a model. */ - private Model model(Statement... stmts) { - Model model = ModelFactory.createDefaultModel(); - model.add(stmts); - return model; + Resource subject = ontModel.createResource(subjectUri); + Resource object = ontModel.createResource(objectUri); + Property predicate = ontModel.createProperty(predicateUri); + return ontModel.createStatement(subject, predicate, object); } // ---------------------------------------------------------------------- @@ -262,8 +221,8 @@ public class PolicyHelper_StatementsTest extends AbstractTestClass { private PolicyDecision isAuthorized( AbstractObjectPropertyStatementAction whatToAuth) { if ((APPROVED_SUBJECT_URI.equals(whatToAuth.getSubjectUri())) - && (APPROVED_PREDICATE_URI - .equals(whatToAuth.getPredicateUri())) + && (APPROVED_PREDICATE_URI.equals(whatToAuth + .getPredicateUri())) && (APPROVED_OBJECT_URI.equals(whatToAuth.getObjectUri()))) { return authorized(); } else {