From 7002110c285541ed7566a0aea42658043274860e Mon Sep 17 00:00:00 2001 From: j2blake Date: Wed, 11 May 2011 20:59:30 +0000 Subject: [PATCH] NIHVIVO-2299 Improve the code in the common family of Identifiers. --- .../identifier/AbstractCommonIdentifier.java | 24 ++ .../CommonIdentifierBundleFactory.java | 79 ++++-- .../identifier/HasAssociatedIndividual.java | 186 ++------------ .../webapp/auth/identifier/HasRoleLevel.java | 27 ++- .../webapp/auth/identifier/IsBlacklisted.java | 228 ++++++++++++++++++ .../vitro/webapp/auth/identifier/IsUser.java | 39 +++ ...isplayRestrictedDataByRoleLevelPolicy.java | 16 +- .../DisplayRestrictedDataToSelfPolicy.java | 41 +--- .../UseRestrictedPagesByRoleLevelPolicy.java | 15 +- .../policy/setup/CommonPolicyFamilySetup.java | 2 +- .../AbstractRelationshipPolicy.java | 21 -- .../SelfEditorRelationshipPolicy.java | 5 +- .../SelfEditorRelationshipPolicyTest.java | 2 +- 13 files changed, 397 insertions(+), 288 deletions(-) create mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/AbstractCommonIdentifier.java create mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/IsBlacklisted.java create mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/IsUser.java diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/AbstractCommonIdentifier.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/AbstractCommonIdentifier.java new file mode 100644 index 000000000..1f631dea1 --- /dev/null +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/AbstractCommonIdentifier.java @@ -0,0 +1,24 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.auth.identifier; + +import java.util.Collection; +import java.util.HashSet; +import java.util.Set; + +/** + * A base class for the Identifiers created by the + * CommonIdentifierBundleFactory. + */ +public abstract class AbstractCommonIdentifier { + protected static Collection getIdentifiersForClass( + IdentifierBundle ids, Class clazz) { + Set set = new HashSet(); + for (Identifier id : ids) { + if (clazz.isAssignableFrom(id.getClass())) { + set.add(clazz.cast(id)); + } + } + return set; + } +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/CommonIdentifierBundleFactory.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/CommonIdentifierBundleFactory.java index 7652e6f13..86381ba0c 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/CommonIdentifierBundleFactory.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/CommonIdentifierBundleFactory.java @@ -29,26 +29,46 @@ public class CommonIdentifierBundleFactory implements IdentifierBundleFactory { private static final Log log = LogFactory .getLog(CommonIdentifierBundleFactory.class); + private final ServletContext context; + + public CommonIdentifierBundleFactory(ServletContext context) { + this.context = context; + } + @Override public IdentifierBundle getIdentifierBundle(ServletRequest request, - HttpSession session, ServletContext context) { + HttpSession session, ServletContext unusedContext) { // If this is not an HttpServletRequest, we might as well fail now. HttpServletRequest req = (HttpServletRequest) request; ArrayIdentifierBundle bundle = new ArrayIdentifierBundle(); - bundle.addAll(determineRoleLevelIdentifiers(req)); - bundle.addAll(determineAssociatedIndividualIdentifiers(req)); + bundle.addAll(createUserIdentifiers(req)); + bundle.addAll(createRoleLevelIdentifiers(req)); + bundle.addAll(createBlacklistOrAssociatedIndividualIdentifiers(req)); return bundle; } + /** + * If the user is logged in, create an identifier that shows his URI. + */ + private Collection createUserIdentifiers( + HttpServletRequest req) { + LoginStatusBean bean = LoginStatusBean.getBean(req); + if (bean.isLoggedIn()) { + return Collections.singleton(new IsUser(bean.getUserURI())); + } else { + return Collections.emptySet(); + } + } + /** * Create an identifier that shows the role level of the current user, or * PUBLIC if the user is not logged in. */ - private Collection determineRoleLevelIdentifiers( + private Collection createRoleLevelIdentifiers( HttpServletRequest req) { RoleLevel roleLevel = RoleLevel.getRoleFromLoginStatus(req); return Collections.singleton(new HasRoleLevel(roleLevel)); @@ -56,37 +76,48 @@ public class CommonIdentifierBundleFactory implements IdentifierBundleFactory { /** * Find all of the individuals that are associated with the current user, - * and create an Identifier for each one. + * and create either an IsBlacklisted or HasAssociatedIndividual for each + * one. */ - private Collection determineAssociatedIndividualIdentifiers( + private Collection createBlacklistOrAssociatedIndividualIdentifiers( HttpServletRequest req) { Collection ids = new ArrayList(); + for (Individual ind : getAssociatedIndividuals(req)) { + // If they are blacklisted, this factory will return an identifier + Identifier id = IsBlacklisted.getInstance(ind, context); + if (id != null) { + ids.add(id); + } else { + ids.add(new HasAssociatedIndividual(ind.getURI())); + } + } + + return ids; + } + + private Collection getAssociatedIndividuals( + HttpServletRequest req) { + Collection individuals = new ArrayList(); + LoginStatusBean bean = LoginStatusBean.getBean(req); String username = bean.getUsername(); if (!bean.isLoggedIn()) { - log.debug("No SelfEditing: not logged in."); - return ids; + log.debug("No Associated Individuals: not logged in."); + return individuals; } if (StringUtils.isEmpty(username)) { - log.debug("No SelfEditing: username is empty."); - return ids; + log.debug("No Associated Individuals: username is empty."); + return individuals; } - HttpSession session = req.getSession(false); - if (session == null) { - log.debug("No SelfEditing: session is null."); - return ids; - } - - ServletContext context = session.getServletContext(); WebappDaoFactory wdf = (WebappDaoFactory) context .getAttribute("webappDaoFactory"); if (wdf == null) { log.error("Could not get a WebappDaoFactory from the ServletContext"); - return ids; + return individuals; } IndividualDao indDao = wdf.getIndividualDao(); @@ -96,22 +127,18 @@ public class CommonIdentifierBundleFactory implements IdentifierBundleFactory { if (uri == null) { log.debug("Could not find an Individual with a netId of " + username); - return ids; + return individuals; } Individual ind = indDao.getIndividualByURI(uri); if (ind == null) { log.warn("Found a URI for the netId " + username + " but could not build Individual"); - return ids; + return individuals; } - log.debug("Found an Individual for netId " + username + " URI: " + uri); - // Use the factory method to fill in the Blacklisting reason, if there - // is one. - ids.add(HasAssociatedIndividual.getInstance(ind, context)); - - return ids; + individuals.add(ind); + return individuals; } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/HasAssociatedIndividual.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/HasAssociatedIndividual.java index b012d02f0..f29e1a0e4 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/HasAssociatedIndividual.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/HasAssociatedIndividual.java @@ -2,27 +2,9 @@ package edu.cornell.mannlib.vitro.webapp.auth.identifier; -import java.io.File; -import java.io.FileFilter; -import java.io.FileInputStream; -import java.io.IOException; - -import javax.servlet.ServletContext; - -import org.apache.commons.lang.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import com.hp.hpl.jena.query.Query; -import com.hp.hpl.jena.query.QueryExecution; -import com.hp.hpl.jena.query.QueryExecutionFactory; -import com.hp.hpl.jena.query.QueryFactory; -import com.hp.hpl.jena.query.QuerySolution; -import com.hp.hpl.jena.query.ResultSet; -import com.hp.hpl.jena.rdf.model.Model; -import com.hp.hpl.jena.rdf.model.RDFNode; - -import edu.cornell.mannlib.vitro.webapp.beans.Individual; +import java.util.Collection; +import java.util.HashSet; +import java.util.Set; /** * The current user is associated with this Individual. @@ -30,172 +12,34 @@ import edu.cornell.mannlib.vitro.webapp.beans.Individual; * This includes a thick factory method that will look through a directory of * files to determine whether the associated individual is blacklisted. */ -public class HasAssociatedIndividual implements Identifier { - private static final Log log = LogFactory - .getLog(HasAssociatedIndividual.class); +public class HasAssociatedIndividual extends AbstractCommonIdentifier implements + Identifier { - private final static String BLACKLIST_SPARQL_DIR = "/admin/selfEditBlacklist"; - private static final String NOT_BLACKLISTED = null; - - // ---------------------------------------------------------------------- - // static methods - // ---------------------------------------------------------------------- - - public static HasAssociatedIndividual getInstance(Individual individual, - ServletContext context) { - if (individual == null) { - throw new NullPointerException("individual may not be null."); - } - if (context == null) { - throw new NullPointerException("context may not be null."); - } - - String reasonForBlacklisting = checkForBlacklisted(individual, context); - return new HasAssociatedIndividual(individual.getURI(), - reasonForBlacklisting); + public static Collection getIdentifiers( + IdentifierBundle ids) { + return getIdentifiersForClass(ids, HasAssociatedIndividual.class); } - /** - * Runs through .sparql files in the BLACKLIST_SPARQL_DIR. - * - * The first that returns one or more rows will be cause the user to be - * blacklisted. - * - * The first variable from the first solution set will be returned. - */ - private static String checkForBlacklisted(Individual ind, - ServletContext context) { - String realPath = context.getRealPath(BLACKLIST_SPARQL_DIR); - File blacklistDir = new File(realPath); - if (!blacklistDir.isDirectory() || !blacklistDir.canRead()) { - log.debug("cannot read blacklist directory " + realPath); - return NOT_BLACKLISTED; + public static Collection getIndividualUris(IdentifierBundle ids) { + Set set = new HashSet(); + for (HasAssociatedIndividual id : getIdentifiers(ids)) { + set.add(id.getAssociatedIndividualUri()); } - - log.debug("checking directlry " + realPath - + " for blacklisting sparql query files"); - File[] files = blacklistDir.listFiles(new FileFilter() { - @Override - public boolean accept(File pathname) { - return pathname.getName().endsWith(".sparql"); - } - }); - - String reasonForBlacklist = NOT_BLACKLISTED; - for (File file : files) { - try { - reasonForBlacklist = runSparqlFileForBlacklist(file, ind, - context); - if (reasonForBlacklist != NOT_BLACKLISTED) - break; - } catch (RuntimeException ex) { - log.error( - "Could not run blacklist check query for file " - + file.getAbsolutePath() + File.separatorChar - + file.getName(), ex); - } - } - return reasonForBlacklist; + return set; } - /** - * Runs the SPARQL query in the file with the uri of the individual - * substituted in. - * - * The URI of ind will be substituted into the query where ever the token - * "?individualURI" is found. - * - * If there are any solution sets, then the URI of the variable named - * "cause" will be returned. Make sure that it is a resource with a URI. - * Otherwise null will be returned. - */ - private static String runSparqlFileForBlacklist(File file, Individual ind, - ServletContext context) { - if (!file.canRead()) { - log.debug("cannot read blacklisting SPARQL file " + file.getName()); - return NOT_BLACKLISTED; - } - - String queryString = null; - FileInputStream fis = null; - try { - fis = new FileInputStream(file); - byte b[] = new byte[fis.available()]; - fis.read(b); - queryString = new String(b); - } catch (IOException ioe) { - log.debug(ioe); - return NOT_BLACKLISTED; - } finally { - if (fis != null) { - try { - fis.close(); - } catch (IOException e) { - log.warn("could not close file", e); - } - } - } - - if (StringUtils.isEmpty(queryString)) { - log.debug(file.getName() + " is empty"); - return NOT_BLACKLISTED; - } - - Model model = (Model) context.getAttribute("jenaOntModel"); - - queryString = queryString.replaceAll("\\?individualURI", - "<" + ind.getURI() + ">"); - log.debug(queryString); - - Query query = QueryFactory.create(queryString); - QueryExecution qexec = QueryExecutionFactory.create(query, model); - try { - ResultSet results = qexec.execSelect(); - while (results.hasNext()) { - QuerySolution solution = results.nextSolution(); - if (solution.contains("cause")) { - RDFNode node = solution.get("cause"); - if (node.isResource()) { - return node.asResource().getURI(); - } else if (node.isLiteral()) { - return node.asLiteral().getString(); - } - } else { - log.error("Query solution must contain a variable " - + "\"cause\" of type Resource or Literal."); - return NOT_BLACKLISTED; - } - } - } finally { - qexec.close(); - } - return NOT_BLACKLISTED; - } - - // ---------------------------------------------------------------------- - // the Identifier - // ---------------------------------------------------------------------- - private final String associatedIndividualUri; - private final String reasonForBlacklisting; - public HasAssociatedIndividual(String associatedIndividualUri, - String reasonForBlacklisting) { + public HasAssociatedIndividual(String associatedIndividualUri) { this.associatedIndividualUri = associatedIndividualUri; - this.reasonForBlacklisting = reasonForBlacklisting; } public String getAssociatedIndividualUri() { return associatedIndividualUri; } - public boolean isBlacklisted() { - return reasonForBlacklisting != NOT_BLACKLISTED; - } - @Override public String toString() { - return "HasAssociatedIndividual['" + associatedIndividualUri - + "', blacklist='" + reasonForBlacklisting + "']"; + return "HasAssociatedIndividual['" + associatedIndividualUri + "']"; } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/HasRoleLevel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/HasRoleLevel.java index 29d3759b5..730e3d6a7 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/HasRoleLevel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/HasRoleLevel.java @@ -2,12 +2,37 @@ package edu.cornell.mannlib.vitro.webapp.auth.identifier; +import java.util.Collection; +import java.util.HashSet; +import java.util.Set; + import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; /** * The current user has this RoleLevel. */ -public class HasRoleLevel implements Identifier { +public class HasRoleLevel extends AbstractCommonIdentifier implements Identifier { + public static Collection getIdentifiers(IdentifierBundle ids) { + return getIdentifiersForClass(ids, HasRoleLevel.class); + } + + public static Collection getRoleLevelUris(IdentifierBundle ids) { + Set set = new HashSet(); + for (HasRoleLevel id : getIdentifiers(ids)) { + set.add(id.getRoleLevel().getURI()); + } + return set; + } + + public static RoleLevel getUsersRoleLevel(IdentifierBundle whoToAuth) { + Collection roleIds = getIdentifiers(whoToAuth); + if (roleIds.isEmpty()) { + return RoleLevel.PUBLIC; + } else { + return roleIds.iterator().next().getRoleLevel(); + } + } + private final RoleLevel roleLevel; public HasRoleLevel(RoleLevel roleLevel) { diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/IsBlacklisted.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/IsBlacklisted.java new file mode 100644 index 000000000..74fd6d277 --- /dev/null +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/IsBlacklisted.java @@ -0,0 +1,228 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.auth.identifier; + +import java.io.File; +import java.io.FileFilter; +import java.io.FileInputStream; +import java.io.IOException; +import java.util.Collection; +import java.util.HashSet; +import java.util.Set; + +import javax.servlet.ServletContext; + +import org.apache.commons.lang.StringUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import com.hp.hpl.jena.query.Query; +import com.hp.hpl.jena.query.QueryExecution; +import com.hp.hpl.jena.query.QueryExecutionFactory; +import com.hp.hpl.jena.query.QueryFactory; +import com.hp.hpl.jena.query.QuerySolution; +import com.hp.hpl.jena.query.ResultSet; +import com.hp.hpl.jena.rdf.model.Model; +import com.hp.hpl.jena.rdf.model.RDFNode; + +import edu.cornell.mannlib.vitro.webapp.beans.Individual; + +/** + * The current user is blacklisted for this reason. + */ +public class IsBlacklisted extends AbstractCommonIdentifier implements + Identifier { + private static final Log log = LogFactory.getLog(IsBlacklisted.class); + + private final static String BLACKLIST_SPARQL_DIR = "/admin/selfEditBlacklist"; + private static final String NOT_BLACKLISTED = null; + + // ---------------------------------------------------------------------- + // static methods + // ---------------------------------------------------------------------- + + /** + * If this individual is blacklisted, return an appropriate Identifier. + * Otherwise, return null. + */ + public static IsBlacklisted getInstance(Individual individual, + ServletContext context) { + if (individual == null) { + throw new NullPointerException("individual may not be null."); + } + if (context == null) { + throw new NullPointerException("context may not be null."); + } + + String reasonForBlacklisting = checkForBlacklisted(individual, context); + IsBlacklisted id = new IsBlacklisted(individual.getURI(), + reasonForBlacklisting); + if (id.isBlacklisted()) { + return id; + } else { + return null; + } + } + + /** + * Runs through .sparql files in the BLACKLIST_SPARQL_DIR. + * + * The first that returns one or more rows will be cause the user to be + * blacklisted. + * + * The first variable from the first solution set will be returned. + */ + private static String checkForBlacklisted(Individual ind, + ServletContext context) { + String realPath = context.getRealPath(BLACKLIST_SPARQL_DIR); + File blacklistDir = new File(realPath); + if (!blacklistDir.isDirectory() || !blacklistDir.canRead()) { + log.debug("cannot read blacklist directory " + realPath); + return NOT_BLACKLISTED; + } + + log.debug("checking directlry " + realPath + + " for blacklisting sparql query files"); + File[] files = blacklistDir.listFiles(new FileFilter() { + @Override + public boolean accept(File pathname) { + return pathname.getName().endsWith(".sparql"); + } + }); + + String reasonForBlacklist = NOT_BLACKLISTED; + for (File file : files) { + try { + reasonForBlacklist = runSparqlFileForBlacklist(file, ind, + context); + if (reasonForBlacklist != NOT_BLACKLISTED) + break; + } catch (RuntimeException ex) { + log.error( + "Could not run blacklist check query for file " + + file.getAbsolutePath() + File.separatorChar + + file.getName(), ex); + } + } + return reasonForBlacklist; + } + + /** + * Runs the SPARQL query in the file with the uri of the individual + * substituted in. + * + * The URI of ind will be substituted into the query where ever the token + * "?individualURI" is found. + * + * If there are any solution sets, then the URI of the variable named + * "cause" will be returned. Make sure that it is a resource with a URI. + * Otherwise null will be returned. + */ + private static String runSparqlFileForBlacklist(File file, Individual ind, + ServletContext context) { + if (!file.canRead()) { + log.debug("cannot read blacklisting SPARQL file " + file.getName()); + return NOT_BLACKLISTED; + } + + String queryString = null; + FileInputStream fis = null; + try { + fis = new FileInputStream(file); + byte b[] = new byte[fis.available()]; + fis.read(b); + queryString = new String(b); + } catch (IOException ioe) { + log.debug(ioe); + return NOT_BLACKLISTED; + } finally { + if (fis != null) { + try { + fis.close(); + } catch (IOException e) { + log.warn("could not close file", e); + } + } + } + + if (StringUtils.isEmpty(queryString)) { + log.debug(file.getName() + " is empty"); + return NOT_BLACKLISTED; + } + + Model model = (Model) context.getAttribute("jenaOntModel"); + + queryString = queryString.replaceAll("\\?individualURI", + "<" + ind.getURI() + ">"); + log.debug(queryString); + + Query query = QueryFactory.create(queryString); + QueryExecution qexec = QueryExecutionFactory.create(query, model); + try { + ResultSet results = qexec.execSelect(); + while (results.hasNext()) { + QuerySolution solution = results.nextSolution(); + if (solution.contains("cause")) { + RDFNode node = solution.get("cause"); + if (node.isResource()) { + return node.asResource().getURI(); + } else if (node.isLiteral()) { + return node.asLiteral().getString(); + } + } else { + log.error("Query solution must contain a variable " + + "\"cause\" of type Resource or Literal."); + return NOT_BLACKLISTED; + } + } + } finally { + qexec.close(); + } + return NOT_BLACKLISTED; + } + + public static Collection getIdentifiers(IdentifierBundle ids) { + return getIdentifiersForClass(ids, IsBlacklisted.class); + } + + public static Collection getBlacklistReasons(IdentifierBundle ids) { + Set set = new HashSet(); + for (IsBlacklisted id : getIdentifiers(ids)) { + if (id.isBlacklisted()) { + set.add(id.getReasonForBlacklisting()); + } + } + return set; + } + + // ---------------------------------------------------------------------- + // the Identifier + // ---------------------------------------------------------------------- + + private final String associatedIndividualUri; + private final String reasonForBlacklisting; + + public IsBlacklisted(String associatedIndividualUri, + String reasonForBlacklisting) { + this.associatedIndividualUri = associatedIndividualUri; + this.reasonForBlacklisting = reasonForBlacklisting; + } + + public String getAssociatedIndividualUri() { + return associatedIndividualUri; + } + + public boolean isBlacklisted() { + return reasonForBlacklisting != NOT_BLACKLISTED; + } + + public String getReasonForBlacklisting() { + return reasonForBlacklisting; + } + + @Override + public String toString() { + return "IsBlacklisted['" + reasonForBlacklisting + "']"; + } + +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/IsUser.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/IsUser.java new file mode 100644 index 000000000..def5bdb78 --- /dev/null +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/IsUser.java @@ -0,0 +1,39 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.auth.identifier; + +import java.util.Collection; +import java.util.HashSet; +import java.util.Set; + +/** + * The current user has this URI. + */ +public class IsUser extends AbstractCommonIdentifier implements Identifier { + public static Collection getIdentifiers(IdentifierBundle ids) { + return getIdentifiersForClass(ids, IsUser.class); + } + + public static Collection getUserUris(IdentifierBundle ids) { + Set set = new HashSet(); + for (IsUser id : getIdentifiers(ids)) { + set.add(id.getUri()); + } + return set; + } + + private final String uri; + + public IsUser(String uri) { + this.uri = uri; + } + + public String getUri() { + return uri; + } + + @Override + public String toString() { + return "IsUser[" + uri + "]"; + } +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataByRoleLevelPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataByRoleLevelPolicy.java index 383fecaba..96044995a 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataByRoleLevelPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataByRoleLevelPolicy.java @@ -8,7 +8,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasRoleLevel; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; @@ -51,7 +50,7 @@ public class DisplayRestrictedDataByRoleLevelPolicy implements PolicyIface { return defaultDecision("whatToAuth was null"); } - RoleLevel userRole = getUsersRoleLevel(whoToAuth); + RoleLevel userRole = HasRoleLevel.getUsersRoleLevel(whoToAuth); PolicyDecision result; if (whatToAuth instanceof DisplayDataProperty) { @@ -164,17 +163,4 @@ public class DisplayRestrictedDataByRoleLevelPolicy implements PolicyIface { .canDisplayPredicate(uri, userRole); } - /** - * The user is nobody unless they have a HasRoleLevel identifier. - */ - private RoleLevel getUsersRoleLevel(IdentifierBundle whoToAuth) { - RoleLevel userRole = RoleLevel.PUBLIC; - for (Identifier id : whoToAuth) { - if (id instanceof HasRoleLevel) { - userRole = ((HasRoleLevel) id).getRoleLevel(); - } - } - return userRole; - } - } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataToSelfPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataToSelfPolicy.java index 8911a2fa8..4c21f39fd 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataToSelfPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataToSelfPolicy.java @@ -2,9 +2,7 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy; -import java.util.ArrayList; import java.util.Collection; -import java.util.List; import javax.servlet.ServletContext; @@ -13,7 +11,6 @@ import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasAssociatedIndividual; import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasRoleLevel; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; @@ -24,9 +21,9 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayData import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectProperty; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectPropertyStatement; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; +import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement; -import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; /** * Permit display of various data if it relates to the user's associated @@ -60,12 +57,13 @@ public class DisplayRestrictedDataToSelfPolicy implements PolicyIface { return defaultDecision("whatToAuth was null"); } - RoleLevel userRole = getUsersRoleLevel(whoToAuth); + RoleLevel userRole = HasRoleLevel.getUsersRoleLevel(whoToAuth); if (userRole != RoleLevel.SELF) { return defaultDecision("not a self-editor"); } - Collection associated = getAssociatedIndividualUris(whoToAuth); + Collection associated = HasAssociatedIndividual + .getIndividualUris(whoToAuth); if (associated.isEmpty()) { return defaultDecision("not self-editing for anyone"); } @@ -177,35 +175,4 @@ public class DisplayRestrictedDataToSelfPolicy implements PolicyIface { return false; } - /** - * The user is nobody unless they have a HasRoleLevel identifier. - */ - private RoleLevel getUsersRoleLevel(IdentifierBundle whoToAuth) { - RoleLevel userRole = RoleLevel.PUBLIC; - for (Identifier id : whoToAuth) { - if (id instanceof HasRoleLevel) { - userRole = ((HasRoleLevel) id).getRoleLevel(); - } - } - return userRole; - } - - /** - * Find out who the user has self-editing rights for. We only include the - * ones that are not blacklisted. - */ - private Collection getAssociatedIndividualUris( - IdentifierBundle whoToAuth) { - List list = new ArrayList(); - for (Identifier id : whoToAuth) { - if (id instanceof HasAssociatedIndividual) { - HasAssociatedIndividual haiId = (HasAssociatedIndividual) id; - if (!haiId.isBlacklisted()) { - list.add(haiId.getAssociatedIndividualUri()); - } - } - } - return list; - } - } \ No newline at end of file diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java index 6cdde2ce3..df5d2ffc7 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java @@ -6,7 +6,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasRoleLevel; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; @@ -49,7 +48,7 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface { return defaultDecision("whatToAuth was null"); } - RoleLevel userRole = getUsersRoleLevel(whoToAuth); + RoleLevel userRole = HasRoleLevel.getUsersRoleLevel(whoToAuth); PolicyDecision result; if (whatToAuth instanceof UseAdvancedDataToolsPages) { @@ -141,16 +140,4 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface { return new BasicPolicyDecision(Authorization.INCONCLUSIVE, message); } - /** - * The user is nobody unless they have a HasRoleLevel identifier. - */ - private RoleLevel getUsersRoleLevel(IdentifierBundle whoToAuth) { - RoleLevel userRole = RoleLevel.PUBLIC; - for (Identifier id : whoToAuth) { - if (id instanceof HasRoleLevel) { - userRole = ((HasRoleLevel) id).getRoleLevel(); - } - } - return userRole; - } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java index 94f0623f3..7da3e744a 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java @@ -41,7 +41,7 @@ public class CommonPolicyFamilySetup implements ServletContextListener { new UseRestrictedPagesByRoleLevelPolicy()); // This factory creates Identifiers for all of the above policies. - CommonIdentifierBundleFactory factory = new CommonIdentifierBundleFactory(); + CommonIdentifierBundleFactory factory = new CommonIdentifierBundleFactory(ctx); ActiveIdentifierBundleFactories.addFactory(sce, factory); } catch (Exception e) { diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/AbstractRelationshipPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/AbstractRelationshipPolicy.java index 0fb8e1928..c238d246c 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/AbstractRelationshipPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/AbstractRelationshipPolicy.java @@ -19,9 +19,6 @@ import com.hp.hpl.jena.rdf.model.SimpleSelector; import com.hp.hpl.jena.rdf.model.StmtIterator; import com.hp.hpl.jena.shared.Lock; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasAssociatedIndividual; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.policy.BasicPolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; @@ -47,24 +44,6 @@ public abstract class AbstractRelationshipPolicy implements PolicyIface { this.model = model; } - /** - * Check to see whether we are self-editing, and for which Individuals. - */ - protected List getUrisOfSelfEditor(IdentifierBundle ids) { - List uris = new ArrayList(); - if (ids != null) { - for (Identifier id : ids) { - if (id instanceof HasAssociatedIndividual) { - HasAssociatedIndividual selfEditId = (HasAssociatedIndividual) id; - if (!selfEditId.isBlacklisted()) { - uris.add(selfEditId.getAssociatedIndividualUri()); - } - } - } - } - return uris; - } - protected boolean canModifyResource(String uri) { return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyResource( uri, RoleLevel.SELF); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/SelfEditorRelationshipPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/SelfEditorRelationshipPolicy.java index ba0d984e1..af4d2f5d8 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/SelfEditorRelationshipPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/SelfEditorRelationshipPolicy.java @@ -2,6 +2,7 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships; +import java.util.ArrayList; import java.util.List; import javax.servlet.ServletContext; @@ -13,6 +14,7 @@ import org.apache.commons.logging.LogFactory; import com.hp.hpl.jena.ontology.OntModel; +import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasAssociatedIndividual; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; @@ -128,7 +130,8 @@ public class SelfEditorRelationshipPolicy extends AbstractRelationshipPolicy private PolicyDecision isAuthorized(IdentifierBundle ids, DistilledAction action) { - List userUris = getUrisOfSelfEditor(ids); + List userUris = new ArrayList( + HasAssociatedIndividual.getIndividualUris(ids)); if (userUris.isEmpty()) { return inconclusiveDecision("Not self-editing."); diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/SelfEditorRelationshipPolicyTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/SelfEditorRelationshipPolicyTest.java index 368c25d3f..c21ee81c7 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/SelfEditorRelationshipPolicyTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/SelfEditorRelationshipPolicyTest.java @@ -420,7 +420,7 @@ public class SelfEditorRelationshipPolicyTest extends AbstractTestClass { // ---------------------------------------------------------------------- private HasAssociatedIndividual makeSelfEditingId(String uri) { - return new HasAssociatedIndividual(uri, null); + return new HasAssociatedIndividual(uri); } private void assertDecision(Authorization expected, PolicyDecision decision) {