From 6d2d41b269f0e3574049d1fa9398945983a12165 Mon Sep 17 00:00:00 2001 From: j2blake Date: Thu, 2 Jun 2011 20:14:39 +0000 Subject: [PATCH] NIHVIVO-2279 replace DbAdminEditingPolicy, CuratoryEditingPolicy and EditorEditingPolicy and helper classes with EditRestrictedDataByRoleLevelPolicy and helper classes. --- .../CuratorEditingIdentifierFactory.java | 45 ----- .../DbAdminEditingIdentifierFactory.java | 49 ----- .../EditorEditingIdentifierFactory.java | 48 ----- .../auth/policy/CuratorEditingPolicy.java | 173 ------------------ .../auth/policy/DbAdminEditingPolicy.java | 173 ------------------ .../auth/policy/EditorEditingPolicy.java | 173 ------------------ .../setup/CuratorEditingPolicySetup.java | 62 ------- .../setup/DbAdminEditingPolicySetup.java | 62 ------- .../setup/EditorEditingPolicySetup.java | 62 ------- 9 files changed, 847 deletions(-) delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/CuratorEditingIdentifierFactory.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/DbAdminEditingIdentifierFactory.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/EditorEditingIdentifierFactory.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/CuratorEditingPolicy.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DbAdminEditingPolicy.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/EditorEditingPolicy.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CuratorEditingPolicySetup.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/DbAdminEditingPolicySetup.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/EditorEditingPolicySetup.java diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/CuratorEditingIdentifierFactory.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/CuratorEditingIdentifierFactory.java deleted file mode 100644 index b59405dfc..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/CuratorEditingIdentifierFactory.java +++ /dev/null @@ -1,45 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.identifier; - -import javax.servlet.ServletContext; -import javax.servlet.ServletRequest; -import javax.servlet.http.HttpSession; - -import edu.cornell.mannlib.vedit.beans.LoginStatusBean; -import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy; -import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy.AuthRole; - -public class CuratorEditingIdentifierFactory implements IdentifierBundleFactory{ - - public IdentifierBundle getIdentifierBundle(ServletRequest request, - HttpSession session, ServletContext context) { - IdentifierBundle ib = new ArrayIdentifierBundle(); - ib.add( RoleBasedPolicy.AuthRole.ANYBODY); - - LoginStatusBean loginBean = LoginStatusBean.getBean(session); - if (loginBean.isLoggedInAtLeast(LoginStatusBean.CURATOR)) { - String loginRole = String.valueOf(loginBean.getSecurityLevel()); - ib.add(new CuratorEditingId(loginRole, loginBean.getUserURI())); - ib.add(AuthRole.CURATOR); - } - - return ib; - } - - public static class CuratorEditingId extends RoleIdentifier { - final String role; - final String uri; - - public CuratorEditingId( String role, String uri) { - this.role = role; - this.uri = uri; - } - - public String getRole() { return role; } - - public String getUri(){ return uri; } - - public String toString(){ return "CuratorEditingId: " + uri; } - } -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/DbAdminEditingIdentifierFactory.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/DbAdminEditingIdentifierFactory.java deleted file mode 100644 index 6be72b250..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/DbAdminEditingIdentifierFactory.java +++ /dev/null @@ -1,49 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.identifier; - -import javax.servlet.ServletContext; -import javax.servlet.ServletRequest; -import javax.servlet.http.HttpSession; - -import edu.cornell.mannlib.vedit.beans.LoginStatusBean; -import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy; -import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy.AuthRole; - -public class DbAdminEditingIdentifierFactory implements IdentifierBundleFactory{ - - public IdentifierBundle getIdentifierBundle(ServletRequest request, - HttpSession session, ServletContext context) { - IdentifierBundle ib = new ArrayIdentifierBundle(); - ib.add( RoleBasedPolicy.AuthRole.ANYBODY); - - LoginStatusBean loginBean = LoginStatusBean.getBean(session); - if (loginBean.isLoggedInAtLeast(LoginStatusBean.DBA)) { - String loginRole = String.valueOf(loginBean.getSecurityLevel()); - ib.add(new DbAdminEditingId(loginRole, loginBean.getUserURI())); - ib.add(AuthRole.DBA); - } - - return ib; - } - - public static class DbAdminEditingId extends RoleIdentifier{ - final String role; - final String uri; - - public DbAdminEditingId( String role, String uri) { - this.role = role; - this.uri = uri; - } - - public String getRole() { - return role; - } - - public String getUri(){ return uri; } - - public String toString(){ - return "DbAdminEditingId: role of " + getRole(); - } - } -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/EditorEditingIdentifierFactory.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/EditorEditingIdentifierFactory.java deleted file mode 100644 index 1efc305b6..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/EditorEditingIdentifierFactory.java +++ /dev/null @@ -1,48 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.identifier; - -import javax.servlet.ServletContext; -import javax.servlet.ServletRequest; -import javax.servlet.http.HttpSession; - -import edu.cornell.mannlib.vedit.beans.LoginStatusBean; -import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy; -import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy.AuthRole; - -public class EditorEditingIdentifierFactory implements IdentifierBundleFactory{ - - public IdentifierBundle getIdentifierBundle(ServletRequest request, - HttpSession session, ServletContext context) { - IdentifierBundle ib = new ArrayIdentifierBundle(); - ib.add( RoleBasedPolicy.AuthRole.ANYBODY); - - LoginStatusBean loginBean = LoginStatusBean.getBean(session); - if (loginBean.isLoggedInAtLeast(LoginStatusBean.EDITOR)) { - String loginRole = String.valueOf(loginBean.getSecurityLevel()); - ib.add(new EditorEditingId(loginRole, loginBean.getUserURI())); - ib.add(AuthRole.EDITOR); - } - - return ib; - } - - public static class EditorEditingId implements Identifier { - final String role; - final String uri; - - public EditorEditingId( String role, String uri) { - this.role = role; - this.uri = uri; - } - public String getUri(){ return uri; } - - public String getRole() { - return role; - } - - public String toString(){ - return "Editor role of " + getRole(); - } - } -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/CuratorEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/CuratorEditingPolicy.java deleted file mode 100644 index 90a93aa8e..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/CuratorEditingPolicy.java +++ /dev/null @@ -1,173 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.policy; - -import javax.servlet.ServletContext; - -import edu.cornell.mannlib.vitro.webapp.auth.identifier.CuratorEditingIdentifierFactory; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; -import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractResourceAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AddResource; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource; -import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; - -/** - * Policy to use for Vivo Curator-Editing for use at Cornell. All methods in - * this class should be thread safe and side effect free. - */ -public class CuratorEditingPolicy implements PolicyIface { - private final ServletContext ctx; - - public CuratorEditingPolicy(ServletContext ctx) { - this.ctx = ctx; - } - - /** - * Indicates which Authorization to use when the user isn't explicitly - * authorized. - */ - private PolicyDecision defaultDecision(String message) { - return new BasicPolicyDecision(Authorization.INCONCLUSIVE, message); - } - - @Override - public PolicyDecision isAuthorized(IdentifierBundle whomToAuth, - RequestedAction whatToAuth) { - if (whomToAuth == null) { - return defaultDecision("whomToAuth was null"); - } - if (whatToAuth == null) { - return defaultDecision("whatToAuth was null"); - } - - if (!isCurator(whomToAuth)) { - return defaultDecision("IdBundle does not include a Curator identifier"); - } - - if (whatToAuth instanceof OntoRequestedAction) { - return defaultDecision("CuratorEditingPolicy doesn't authorize OntoRequestedActions"); - } else if (whatToAuth instanceof AdminRequestedAction) { - return defaultDecision("CuratorEditingPolicy doesn't authorize AdminRequestedActions"); - } - - if (whatToAuth instanceof AddDataPropStmt) { - return isAuthorized((AddDataPropStmt) whatToAuth); - } else if (whatToAuth instanceof DropDataPropStmt) { - return isAuthorized((DropDataPropStmt) whatToAuth); - } else if (whatToAuth instanceof EditDataPropStmt) { - return isAuthorized((EditDataPropStmt) whatToAuth); - } else if (whatToAuth instanceof AddObjectPropStmt) { - return isAuthorized((AddObjectPropStmt) whatToAuth); - } else if (whatToAuth instanceof DropObjectPropStmt) { - return isAuthorized((DropObjectPropStmt) whatToAuth); - } else if (whatToAuth instanceof EditObjPropStmt) { - return isAuthorized((EditObjPropStmt) whatToAuth); - } else if (whatToAuth instanceof AddResource) { - return isAuthorized((AddResource) whatToAuth); - } else if (whatToAuth instanceof DropResource) { - return isAuthorized((DropResource) whatToAuth); - } else { - return defaultDecision("unrecognized requested action: " - + whatToAuth); - } - } - - private boolean isCurator(IdentifierBundle whomToAuth) { - for (Identifier id : whomToAuth) { - if (id instanceof CuratorEditingIdentifierFactory.CuratorEditingId) { - return true; - } - } - return false; - } - - private boolean canModifyResource(String uri) { - return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyResource( - uri, RoleLevel.CURATOR); - } - - private boolean canModifyPredicate(String uri) { - return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyPredicate( - uri, RoleLevel.CURATOR); - } - - /** - * Check authorization for Adding, Editing or Dropping a DataProperty. - */ - private PolicyDecision isAuthorized(AbstractDataPropertyAction action) { - if (!canModifyResource(action.getSubjectUri())) { - return defaultDecision("CuratorEditingPolicy does not grant access to admin resources; " - + "may not modify " + action.getSubjectUri()); - } - - if (!canModifyPredicate(action.getPredicateUri())) { - return defaultDecision("CuratorEditingPolicy does not grant access to admin predicates; " - + "may not modify " + action.getPredicateUri()); - } - - return new BasicPolicyDecision(Authorization.AUTHORIZED, - "CuratorEditingPolicy: user may modify '" - + action.getSubjectUri() + "' ==> '" - + action.getPredicateUri() + "'"); - } - - /** - * Check authorization for Adding, Editing or Dropping an ObjectProperty. - */ - private PolicyDecision isAuthorized(AbstractObjectPropertyAction action) { - if (!canModifyResource(action.uriOfSubject)) { - return defaultDecision("CuratorEditingPolicy does not grant access to admin resources; " - + "may not modify " + action.uriOfSubject); - } - - if (!canModifyPredicate(action.uriOfPredicate)) { - return defaultDecision("CuratorEditingPolicy does not grant access to admin predicates; " - + "may not modify " + action.uriOfPredicate); - } - - if (!canModifyResource(action.uriOfObject)) { - return defaultDecision("CuratorEditingPolicy does not grant access to admin resources; " - + "may not modify " + action.uriOfObject); - } - - return new BasicPolicyDecision(Authorization.AUTHORIZED, - "CuratorEditingPolicy: user may modify '" + action.uriOfSubject - + "' ==> '" + action.uriOfPredicate + "' ==> '" - + action.uriOfObject + "'"); - } - - /** - * Check authorization for Adding or Dropping a Resource. - */ - private PolicyDecision isAuthorized(AbstractResourceAction action) { - if (!canModifyResource(action.getSubjectUri())) { - return defaultDecision("CuratorEditingPolicy does not grant access to admin resources; " - + "may not modify " + action.getSubjectUri()); - } - - return new BasicPolicyDecision(Authorization.AUTHORIZED, - "CuratorEditingPolicy: may add or remove resource: " - + action.getSubjectUri()); - } - - @Override - public String toString() { - return "CuratorEditingPolicy - " + hashCode(); - } -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DbAdminEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DbAdminEditingPolicy.java deleted file mode 100644 index 0bf6236fd..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DbAdminEditingPolicy.java +++ /dev/null @@ -1,173 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.policy; - -import javax.servlet.ServletContext; - -import edu.cornell.mannlib.vitro.webapp.auth.identifier.DbAdminEditingIdentifierFactory; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; -import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractResourceAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AddResource; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource; -import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; - -/** - * Policy to use for Vivo non-privileged but user accouunt-based editing All - * methods in this class should be thread safe and side effect free. - */ -public class DbAdminEditingPolicy implements PolicyIface { - private final ServletContext ctx; - - public DbAdminEditingPolicy(ServletContext ctx) { - this.ctx = ctx; - } - - /** - * Indicates which Authorization to use when the user isn't explicitly - * authorized. - */ - private PolicyDecision defaultDecision(String message) { - return new BasicPolicyDecision(Authorization.INCONCLUSIVE, message); - } - - @Override - public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, - RequestedAction whatToAuth) { - if (whoToAuth == null) { - return defaultDecision("whomToAuth was null"); - } - if (whatToAuth == null) { - return defaultDecision("whatToAuth was null"); - } - - if (!isDba(whoToAuth)) { - return defaultDecision("IdBundle does not include a DbAdmin identifier"); - } - - if (whatToAuth instanceof OntoRequestedAction) { - return defaultDecision("DbAdminEditingPolicy doesn't authorize OntoRequestedActions"); - } else if (whatToAuth instanceof AdminRequestedAction) { - return defaultDecision("DbAdminEditingPolicy doesn't authorize AdminRequestedActions"); - } - - if (whatToAuth instanceof AddDataPropStmt) { - return isAuthorized((AddDataPropStmt) whatToAuth); - } else if (whatToAuth instanceof DropDataPropStmt) { - return isAuthorized((DropDataPropStmt) whatToAuth); - } else if (whatToAuth instanceof EditDataPropStmt) { - return isAuthorized((EditDataPropStmt) whatToAuth); - } else if (whatToAuth instanceof AddObjectPropStmt) { - return isAuthorized((AddObjectPropStmt) whatToAuth); - } else if (whatToAuth instanceof DropObjectPropStmt) { - return isAuthorized((DropObjectPropStmt) whatToAuth); - } else if (whatToAuth instanceof EditObjPropStmt) { - return isAuthorized((EditObjPropStmt) whatToAuth); - } else if (whatToAuth instanceof AddResource) { - return isAuthorized((AddResource) whatToAuth); - } else if (whatToAuth instanceof DropResource) { - return isAuthorized((DropResource) whatToAuth); - } else { - return defaultDecision("unrecognized requested action: " - + whatToAuth); - } - } - - private boolean isDba(IdentifierBundle whomToAuth) { - for (Identifier id : whomToAuth) { - if (id instanceof DbAdminEditingIdentifierFactory.DbAdminEditingId) { - return true; - } - } - return false; - } - - private boolean canModifyResource(String uri) { - return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyResource( - uri, RoleLevel.DB_ADMIN); - } - - private boolean canModifyPredicate(String uri) { - return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyPredicate( - uri, RoleLevel.DB_ADMIN); - } - - /** - * Check authorization for Adding, Editing or Dropping a DataProperty. - */ - private PolicyDecision isAuthorized(AbstractDataPropertyAction action) { - if (!canModifyResource(action.getSubjectUri())) { - return defaultDecision("DbAdminEditingPolicy does not grant access to admin resources; " - + "may not modify " + action.getSubjectUri()); - } - - if (!canModifyPredicate(action.getPredicateUri())) { - return defaultDecision("DbAdminEditingPolicy does not grant access to admin predicates; " - + "may not modify " + action.getPredicateUri()); - } - - return new BasicPolicyDecision(Authorization.AUTHORIZED, - "DbAdminEditingPolicy: user may modify '" - + action.getSubjectUri() + "' ==> '" - + action.getPredicateUri() + "'"); - } - - /** - * Check authorization for Adding, Editing or Dropping an ObjectProperty. - */ - private PolicyDecision isAuthorized(AbstractObjectPropertyAction action) { - if (!canModifyResource(action.uriOfSubject)) { - return defaultDecision("DbAdminEditingPolicy does not grant access to admin resources; " - + "may not modify " + action.uriOfSubject); - } - - if (!canModifyPredicate(action.uriOfPredicate)) { - return defaultDecision("DbAdminEditingPolicy does not grant access to admin predicates; " - + "may not modify " + action.uriOfPredicate); - } - - if (!canModifyResource(action.uriOfObject)) { - return defaultDecision("DbAdminEditingPolicy does not grant access to admin resources; " - + "may not modify " + action.uriOfObject); - } - - return new BasicPolicyDecision(Authorization.AUTHORIZED, - "DbAdminEditingPolicy: user may modify '" + action.uriOfSubject - + "' ==> '" + action.uriOfPredicate + "' ==> '" - + action.uriOfObject + "'"); - } - - /** - * Check authorization for Adding or Dropping a Resource. - */ - private PolicyDecision isAuthorized(AbstractResourceAction action) { - if (!canModifyResource(action.getSubjectUri())) { - return defaultDecision("DbAdminEditingPolicy does not grant access to admin resources; " - + "may not modify " + action.getSubjectUri()); - } - - return new BasicPolicyDecision(Authorization.AUTHORIZED, - "DbAdminEditingPolicy: may add or remove resource: " - + action.getSubjectUri()); - } - - @Override - public String toString() { - return "DbAdminEditingPolicy - " + hashCode(); - } -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/EditorEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/EditorEditingPolicy.java deleted file mode 100644 index 8c00bb665..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/EditorEditingPolicy.java +++ /dev/null @@ -1,173 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.policy; - -import javax.servlet.ServletContext; - -import edu.cornell.mannlib.vitro.webapp.auth.identifier.EditorEditingIdentifierFactory; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; -import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractResourceAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AddResource; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource; -import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; - -/** - * Policy to use for Vivo non-privileged but user accouunt-based editing All - * methods in this class should be thread safe and side effect free. - */ -public class EditorEditingPolicy implements PolicyIface { - - private final ServletContext ctx; - - public EditorEditingPolicy(ServletContext ctx) { - this.ctx = ctx; - } - - /** - * Indicates which Authorization to use when the user isn't explicitly - * authorized. - */ - private PolicyDecision defaultDecision(String message) { - return new BasicPolicyDecision(Authorization.INCONCLUSIVE, message); - } - - @Override - public PolicyDecision isAuthorized(IdentifierBundle whomToAuth, - RequestedAction whatToAuth) { - if (whomToAuth == null) { - return defaultDecision("whomToAuth was null"); - } - if (whatToAuth == null) { - return defaultDecision("whatToAuth was null"); - } - if (!isEditor(whomToAuth)) { - return defaultDecision("IdBundle does not include an Editor identifier"); - } - - if (whatToAuth instanceof OntoRequestedAction) { - return defaultDecision("EditorEditingPolicy doesn't authorize OntoRequestedActions"); - } else if (whatToAuth instanceof AdminRequestedAction) { - return defaultDecision("EditorEditingPolicy doesn't authorize AdminRequestedActions"); - } - - if (whatToAuth instanceof AddDataPropStmt) { - return isAuthorized((AddDataPropStmt) whatToAuth); - } else if (whatToAuth instanceof DropDataPropStmt) { - return isAuthorized((DropDataPropStmt) whatToAuth); - } else if (whatToAuth instanceof EditDataPropStmt) { - return isAuthorized((EditDataPropStmt) whatToAuth); - } else if (whatToAuth instanceof AddObjectPropStmt) { - return isAuthorized((AddObjectPropStmt) whatToAuth); - } else if (whatToAuth instanceof DropObjectPropStmt) { - return isAuthorized((DropObjectPropStmt) whatToAuth); - } else if (whatToAuth instanceof EditObjPropStmt) { - return isAuthorized((EditObjPropStmt) whatToAuth); - } else if (whatToAuth instanceof AddResource) { - return isAuthorized((AddResource) whatToAuth); - } else if (whatToAuth instanceof DropResource) { - return isAuthorized((DropResource) whatToAuth); - } else { - return defaultDecision("unrecognized requested action: " - + whatToAuth); - } - } - - private boolean isEditor(IdentifierBundle whomToAuth) { - for (Identifier id : whomToAuth) { - if (id instanceof EditorEditingIdentifierFactory.EditorEditingId) { - return true; - } - } - return false; - } - - private boolean canModifyResource(String uri) { - return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyResource( - uri, RoleLevel.EDITOR); - } - - private boolean canModifyPredicate(String uri) { - return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyPredicate( - uri, RoleLevel.EDITOR); - } - - /** - * Check authorization for Adding, Editing or Dropping a DataProperty. - */ - private PolicyDecision isAuthorized(AbstractDataPropertyAction action) { - if (!canModifyResource(action.getSubjectUri())) { - return defaultDecision("EditorEditingPolicy does not grant access to admin resources; " - + "may not modify " + action.getSubjectUri()); - } - - if (!canModifyPredicate(action.getPredicateUri())) { - return defaultDecision("EditorEditingPolicy does not grant access to admin predicates; " - + "may not modify " + action.getPredicateUri()); - } - - return new BasicPolicyDecision(Authorization.AUTHORIZED, - "EditorEditingPolicy: user may modify '" - + action.getSubjectUri() + "' ==> '" - + action.getPredicateUri() + "'"); - } - - /** - * Check authorization for Adding, Editing or Dropping an ObjectProperty. - */ - private PolicyDecision isAuthorized(AbstractObjectPropertyAction action) { - if (!canModifyResource(action.uriOfSubject)) { - return defaultDecision("EditorEditingPolicy does not grant access to admin resources; " - + "may not modify " + action.uriOfSubject); - } - - if (!canModifyPredicate(action.uriOfPredicate)) { - return defaultDecision("EditorEditingPolicy does not grant access to admin predicates; " - + "may not modify " + action.uriOfPredicate); - } - - if (!canModifyResource(action.uriOfObject)) { - return defaultDecision("EditorEditingPolicy does not grant access to admin resources; " - + "may not modify " + action.uriOfObject); - } - - return new BasicPolicyDecision(Authorization.AUTHORIZED, - "EditorEditingPolicy: user may modify '" + action.uriOfSubject - + "' ==> '" + action.uriOfPredicate + "' ==> '" - + action.uriOfObject + "'"); - } - - /** - * Check authorization for Adding or Dropping a Resource. - */ - private PolicyDecision isAuthorized(AbstractResourceAction action) { - if (!canModifyResource(action.getSubjectUri())) { - return defaultDecision("EditorEditingPolicy does not grant access to admin resources; " - + "may not modify " + action.getSubjectUri()); - } - - return new BasicPolicyDecision(Authorization.AUTHORIZED, - "EditorEditingPolicy: may add or remove resource: " - + action.getSubjectUri()); - } - - @Override - public String toString() { - return "EditorEditingPolicy - " + hashCode(); - } -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CuratorEditingPolicySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CuratorEditingPolicySetup.java deleted file mode 100644 index 978d70d0b..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CuratorEditingPolicySetup.java +++ /dev/null @@ -1,62 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.policy.setup; - -import javax.servlet.ServletContext; -import javax.servlet.ServletContextEvent; -import javax.servlet.ServletContextListener; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.CuratorEditingIdentifierFactory; -import edu.cornell.mannlib.vitro.webapp.auth.policy.CuratorEditingPolicy; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; -import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup; - -/** - * Sets up RoleBasedPolicy and IdentifierBundleFactory. This will cause the - * vitro native login to add Identifiers that can be used by the Auth system and - * the in-line editing. - * - * To use this add it as a listener to the web.xml. - * - * See RoleBasedPolicy.java - */ -public class CuratorEditingPolicySetup implements ServletContextListener { - private static final Log log = LogFactory - .getLog(CuratorEditingPolicySetup.class.getName()); - - @Override - public void contextInitialized(ServletContextEvent sce) { - ServletContext ctx = sce.getServletContext(); - - if (AbortStartup.isStartupAborted(ctx)) { - return; - } - - try { - log.debug("Setting up CuratorEditingPolicy"); - - // need to make a policy and add it to the ServletContext - CuratorEditingPolicy cep = new CuratorEditingPolicy(ctx); - ServletPolicyList.addPolicy(ctx, cep); - - // need to put an IdentifierFactory for CuratorEditingIds into the - // ServletContext - ActiveIdentifierBundleFactories.addFactory(sce, - new CuratorEditingIdentifierFactory()); - - log.debug("Finished setting up CuratorEditingPolicy: " + cep); - } catch (Exception e) { - log.error("could not run CuratorEditingPolicySetup: " + e); - AbortStartup.abortStartup(ctx); - throw new RuntimeException(e); - } - } - - @Override - public void contextDestroyed(ServletContextEvent sce) { /* nothing */ - } -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/DbAdminEditingPolicySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/DbAdminEditingPolicySetup.java deleted file mode 100644 index cf816cca1..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/DbAdminEditingPolicySetup.java +++ /dev/null @@ -1,62 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.policy.setup; - -import javax.servlet.ServletContext; -import javax.servlet.ServletContextEvent; -import javax.servlet.ServletContextListener; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.DbAdminEditingIdentifierFactory; -import edu.cornell.mannlib.vitro.webapp.auth.policy.DbAdminEditingPolicy; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; -import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup; - -/** - * Sets up RoleBasedPolicy and IdentifierBundleFactory. This will cause the - * vitro native login to add Identifiers that can be used by the Auth system and - * the in-line editing. - * - * To use this add it as a listener to the web.xml. - * - * See RoleBasedPolicy.java - */ -public class DbAdminEditingPolicySetup implements ServletContextListener { - private static final Log log = LogFactory - .getLog(DbAdminEditingPolicySetup.class.getName()); - - @Override - public void contextInitialized(ServletContextEvent sce) { - ServletContext ctx = sce.getServletContext(); - - if (AbortStartup.isStartupAborted(ctx)) { - return; - } - - try { - log.debug("Setting up DbAdminEditingPolicy"); - - // need to make a policy and add it to the ServletContext - DbAdminEditingPolicy dep = new DbAdminEditingPolicy(ctx); - ServletPolicyList.addPolicy(ctx, dep); - - // need to put an IdentifierFactory for DbAdminEditingIds into the - // ServletContext - ActiveIdentifierBundleFactories.addFactory(sce, - new DbAdminEditingIdentifierFactory()); - - log.debug("Finished setting up DbAdminEditingPolicy: " + dep); - } catch (Exception e) { - log.error("could not run DbAdminEditingPolicySetup: " + e); - AbortStartup.abortStartup(ctx); - throw new RuntimeException(e); - } - } - - @Override - public void contextDestroyed(ServletContextEvent sce) { /* nothing */ - } -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/EditorEditingPolicySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/EditorEditingPolicySetup.java deleted file mode 100644 index 9702a5fde..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/EditorEditingPolicySetup.java +++ /dev/null @@ -1,62 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.policy.setup; - -import javax.servlet.ServletContext; -import javax.servlet.ServletContextEvent; -import javax.servlet.ServletContextListener; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.EditorEditingIdentifierFactory; -import edu.cornell.mannlib.vitro.webapp.auth.policy.EditorEditingPolicy; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; -import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup; - -/** - * Sets up RoleBasedPolicy and IdentifierBundleFactory. This will cause the - * vitro native login to add Identifiers that can be used by the Auth system and - * the in-line editing. - * - * To use this add it as a listener to the web.xml. - * - * See RoleBasedPolicy.java - */ -public class EditorEditingPolicySetup implements ServletContextListener { - private static final Log log = LogFactory - .getLog(EditorEditingPolicySetup.class.getName()); - - @Override - public void contextInitialized(ServletContextEvent sce) { - ServletContext ctx = sce.getServletContext(); - - if (AbortStartup.isStartupAborted(ctx)) { - return; - } - - try { - log.debug("Setting up EditorEditingPolicy"); - - // need to make a policy and add it to the ServletContext - EditorEditingPolicy cep = new EditorEditingPolicy(ctx); - ServletPolicyList.addPolicy(ctx, cep); - - // need to put an IdentifierFactory for EditorEditingIds into the - // ServletContext - ActiveIdentifierBundleFactories.addFactory(sce, - new EditorEditingIdentifierFactory()); - - log.debug("Finished setting up EditorEditingPolicy: " + cep); - } catch (Exception e) { - log.error("could not run EditorEditingPolicySetup: " + e); - AbortStartup.abortStartup(ctx); - throw new RuntimeException(e); - } - } - - @Override - public void contextDestroyed(ServletContextEvent sce) { /* nothing */ - } -}