NIHVIVO-2299 Improve the code in the common family of Identifiers.

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/AbstractCommonIdentifier.java

@@ -0,0 +1,24 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.identifier;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * A base class for the Identifiers created by the
+ * CommonIdentifierBundleFactory.
+ */
+public abstract class AbstractCommonIdentifier {
+	protected static <T> Collection<T> getIdentifiersForClass(
+			IdentifierBundle ids, Class<T> clazz) {
+		Set<T> set = new HashSet<T>();
+		for (Identifier id : ids) {
+			if (clazz.isAssignableFrom(id.getClass())) {
+				set.add(clazz.cast(id));
+			}
+		}
+		return set;
+	}
+}

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/CommonIdentifierBundleFactory.java

@@ -29,26 +29,46 @@ public class CommonIdentifierBundleFactory implements IdentifierBundleFactory {
 	private static final Log log = LogFactory
 			.getLog(CommonIdentifierBundleFactory.class);
 
+	private final ServletContext context;
+
+	public CommonIdentifierBundleFactory(ServletContext context) {
+		this.context = context;
+	}
+
 	@Override
 	public IdentifierBundle getIdentifierBundle(ServletRequest request,
-			HttpSession session, ServletContext context) {
+			HttpSession session, ServletContext unusedContext) {
 
 		// If this is not an HttpServletRequest, we might as well fail now.
 		HttpServletRequest req = (HttpServletRequest) request;
 
 		ArrayIdentifierBundle bundle = new ArrayIdentifierBundle();
 
-		bundle.addAll(determineRoleLevelIdentifiers(req));
+		bundle.addAll(createUserIdentifiers(req));
-		bundle.addAll(determineAssociatedIndividualIdentifiers(req));
+		bundle.addAll(createRoleLevelIdentifiers(req));
+		bundle.addAll(createBlacklistOrAssociatedIndividualIdentifiers(req));
 
 		return bundle;
 	}
 
+	/**
+	 * If the user is logged in, create an identifier that shows his URI.
+	 */
+	private Collection<? extends Identifier> createUserIdentifiers(
+			HttpServletRequest req) {
+		LoginStatusBean bean = LoginStatusBean.getBean(req);
+		if (bean.isLoggedIn()) {
+			return Collections.singleton(new IsUser(bean.getUserURI()));
+		} else {
+			return Collections.emptySet();
+		}
+	}
+
 	/**
 	 * Create an identifier that shows the role level of the current user, or
 	 * PUBLIC if the user is not logged in.
 	 */
-	private Collection<? extends Identifier> determineRoleLevelIdentifiers(
+	private Collection<? extends Identifier> createRoleLevelIdentifiers(
 			HttpServletRequest req) {
 		RoleLevel roleLevel = RoleLevel.getRoleFromLoginStatus(req);
 		return Collections.singleton(new HasRoleLevel(roleLevel));
@@ -56,37 +76,48 @@ public class CommonIdentifierBundleFactory implements IdentifierBundleFactory {
 
 	/**
 	 * Find all of the individuals that are associated with the current user,
-	 * and create an Identifier for each one.
+	 * and create either an IsBlacklisted or HasAssociatedIndividual for each
+	 * one.
 	 */
-	private Collection<? extends Identifier> determineAssociatedIndividualIdentifiers(
+	private Collection<? extends Identifier> createBlacklistOrAssociatedIndividualIdentifiers(
 			HttpServletRequest req) {
 		Collection<Identifier> ids = new ArrayList<Identifier>();
 
+		for (Individual ind : getAssociatedIndividuals(req)) {
+			// If they are blacklisted, this factory will return an identifier
+			Identifier id = IsBlacklisted.getInstance(ind, context);
+			if (id != null) {
+				ids.add(id);
+			} else {
+				ids.add(new HasAssociatedIndividual(ind.getURI()));
+			}
+		}
+
+		return ids;
+	}
+
+	private Collection<Individual> getAssociatedIndividuals(
+			HttpServletRequest req) {
+		Collection<Individual> individuals = new ArrayList<Individual>();
+
 		LoginStatusBean bean = LoginStatusBean.getBean(req);
 		String username = bean.getUsername();
 
 		if (!bean.isLoggedIn()) {
-			log.debug("No SelfEditing: not logged in.");
+			log.debug("No Associated Individuals: not logged in.");
-			return ids;
+			return individuals;
 		}
 
 		if (StringUtils.isEmpty(username)) {
-			log.debug("No SelfEditing: username is empty.");
+			log.debug("No Associated Individuals: username is empty.");
-			return ids;
+			return individuals;
 		}
 
-		HttpSession session = req.getSession(false);
-		if (session == null) {
-			log.debug("No SelfEditing: session is null.");
-			return ids;
-		}
-
-		ServletContext context = session.getServletContext();
 		WebappDaoFactory wdf = (WebappDaoFactory) context
 				.getAttribute("webappDaoFactory");
 		if (wdf == null) {
 			log.error("Could not get a WebappDaoFactory from the ServletContext");
-			return ids;
+			return individuals;
 		}
 
 		IndividualDao indDao = wdf.getIndividualDao();
@@ -96,22 +127,18 @@ public class CommonIdentifierBundleFactory implements IdentifierBundleFactory {
 		if (uri == null) {
 			log.debug("Could not find an Individual with a netId of "
 					+ username);
-			return ids;
+			return individuals;
 		}
 
 		Individual ind = indDao.getIndividualByURI(uri);
 		if (ind == null) {
 			log.warn("Found a URI for the netId " + username
 					+ " but could not build Individual");
-			return ids;
+			return individuals;
 		}
-
 		log.debug("Found an Individual for netId " + username + " URI: " + uri);
 
-		// Use the factory method to fill in the Blacklisting reason, if there
+		individuals.add(ind);
-		// is one.
+		return individuals;
-		ids.add(HasAssociatedIndividual.getInstance(ind, context));
-
-		return ids;
 	}
 }

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/HasAssociatedIndividual.java

@@ -2,27 +2,9 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.identifier;
 
-import java.io.File;
+import java.util.Collection;
-import java.io.FileFilter;
+import java.util.HashSet;
-import java.io.FileInputStream;
+import java.util.Set;
-import java.io.IOException;
-
-import javax.servlet.ServletContext;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import com.hp.hpl.jena.query.Query;
-import com.hp.hpl.jena.query.QueryExecution;
-import com.hp.hpl.jena.query.QueryExecutionFactory;
-import com.hp.hpl.jena.query.QueryFactory;
-import com.hp.hpl.jena.query.QuerySolution;
-import com.hp.hpl.jena.query.ResultSet;
-import com.hp.hpl.jena.rdf.model.Model;
-import com.hp.hpl.jena.rdf.model.RDFNode;
-
-import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 
 /**
  * The current user is associated with this Individual.
@@ -30,172 +12,34 @@ import edu.cornell.mannlib.vitro.webapp.beans.Individual;
  * This includes a thick factory method that will look through a directory of
  * files to determine whether the associated individual is blacklisted.
  */
-public class HasAssociatedIndividual implements Identifier {
+public class HasAssociatedIndividual extends AbstractCommonIdentifier implements
-	private static final Log log = LogFactory
+		Identifier {
-			.getLog(HasAssociatedIndividual.class);
 
-	private final static String BLACKLIST_SPARQL_DIR = "/admin/selfEditBlacklist";
+	public static Collection<HasAssociatedIndividual> getIdentifiers(
-	private static final String NOT_BLACKLISTED = null;
+			IdentifierBundle ids) {
-
+		return getIdentifiersForClass(ids, HasAssociatedIndividual.class);
-	// ----------------------------------------------------------------------
-	// static methods
-	// ----------------------------------------------------------------------
-
-	public static HasAssociatedIndividual getInstance(Individual individual,
-			ServletContext context) {
-		if (individual == null) {
-			throw new NullPointerException("individual may not be null.");
-		}
-		if (context == null) {
-			throw new NullPointerException("context may not be null.");
-		}
-
-		String reasonForBlacklisting = checkForBlacklisted(individual, context);
-		return new HasAssociatedIndividual(individual.getURI(),
-				reasonForBlacklisting);
 	}
 
-	/**
+	public static Collection<String> getIndividualUris(IdentifierBundle ids) {
-	 * Runs through .sparql files in the BLACKLIST_SPARQL_DIR.
+		Set<String> set = new HashSet<String>();
-	 * 
+		for (HasAssociatedIndividual id : getIdentifiers(ids)) {
-	 * The first that returns one or more rows will be cause the user to be
+			set.add(id.getAssociatedIndividualUri());
-	 * blacklisted.
-	 * 
-	 * The first variable from the first solution set will be returned.
-	 */
-	private static String checkForBlacklisted(Individual ind,
-			ServletContext context) {
-		String realPath = context.getRealPath(BLACKLIST_SPARQL_DIR);
-		File blacklistDir = new File(realPath);
-		if (!blacklistDir.isDirectory() || !blacklistDir.canRead()) {
-			log.debug("cannot read blacklist directory " + realPath);
-			return NOT_BLACKLISTED;
 		}
-
+		return set;
-		log.debug("checking directlry " + realPath
-				+ " for blacklisting sparql query files");
-		File[] files = blacklistDir.listFiles(new FileFilter() {
-			@Override
-			public boolean accept(File pathname) {
-				return pathname.getName().endsWith(".sparql");
-			}
-		});
-
-		String reasonForBlacklist = NOT_BLACKLISTED;
-		for (File file : files) {
-			try {
-				reasonForBlacklist = runSparqlFileForBlacklist(file, ind,
-						context);
-				if (reasonForBlacklist != NOT_BLACKLISTED)
-					break;
-			} catch (RuntimeException ex) {
-				log.error(
-						"Could not run blacklist check query for file "
-								+ file.getAbsolutePath() + File.separatorChar
-								+ file.getName(), ex);
-			}
-		}
-		return reasonForBlacklist;
 	}
 
-	/**
-	 * Runs the SPARQL query in the file with the uri of the individual
-	 * substituted in.
-	 * 
-	 * The URI of ind will be substituted into the query where ever the token
-	 * "?individualURI" is found.
-	 * 
-	 * If there are any solution sets, then the URI of the variable named
-	 * "cause" will be returned. Make sure that it is a resource with a URI.
-	 * Otherwise null will be returned.
-	 */
-	private static String runSparqlFileForBlacklist(File file, Individual ind,
-			ServletContext context) {
-		if (!file.canRead()) {
-			log.debug("cannot read blacklisting SPARQL file " + file.getName());
-			return NOT_BLACKLISTED;
-		}
-
-		String queryString = null;
-		FileInputStream fis = null;
-		try {
-			fis = new FileInputStream(file);
-			byte b[] = new byte[fis.available()];
-			fis.read(b);
-			queryString = new String(b);
-		} catch (IOException ioe) {
-			log.debug(ioe);
-			return NOT_BLACKLISTED;
-		} finally {
-			if (fis != null) {
-				try {
-					fis.close();
-				} catch (IOException e) {
-					log.warn("could not close file", e);
-				}
-			}
-		}
-
-		if (StringUtils.isEmpty(queryString)) {
-			log.debug(file.getName() + " is empty");
-			return NOT_BLACKLISTED;
-		}
-
-		Model model = (Model) context.getAttribute("jenaOntModel");
-
-		queryString = queryString.replaceAll("\\?individualURI",
-				"<" + ind.getURI() + ">");
-		log.debug(queryString);
-
-		Query query = QueryFactory.create(queryString);
-		QueryExecution qexec = QueryExecutionFactory.create(query, model);
-		try {
-			ResultSet results = qexec.execSelect();
-			while (results.hasNext()) {
-				QuerySolution solution = results.nextSolution();
-				if (solution.contains("cause")) {
-					RDFNode node = solution.get("cause");
-					if (node.isResource()) {
-						return node.asResource().getURI();
-					} else if (node.isLiteral()) {
-						return node.asLiteral().getString();
-					}
-				} else {
-					log.error("Query solution must contain a variable "
-							+ "\"cause\" of type Resource or Literal.");
-					return NOT_BLACKLISTED;
-				}
-			}
-		} finally {
-			qexec.close();
-		}
-		return NOT_BLACKLISTED;
-	}
-
-	// ----------------------------------------------------------------------
-	// the Identifier
-	// ----------------------------------------------------------------------
-
 	private final String associatedIndividualUri;
-	private final String reasonForBlacklisting;
 
-	public HasAssociatedIndividual(String associatedIndividualUri,
+	public HasAssociatedIndividual(String associatedIndividualUri) {
-			String reasonForBlacklisting) {
 		this.associatedIndividualUri = associatedIndividualUri;
-		this.reasonForBlacklisting = reasonForBlacklisting;
 	}
 
 	public String getAssociatedIndividualUri() {
 		return associatedIndividualUri;
 	}
 
-	public boolean isBlacklisted() {
-		return reasonForBlacklisting != NOT_BLACKLISTED;
-	}
-
 	@Override
 	public String toString() {
-		return "HasAssociatedIndividual['" + associatedIndividualUri
+		return "HasAssociatedIndividual['" + associatedIndividualUri + "']";
-				+ "', blacklist='" + reasonForBlacklisting + "']";
 	}
 }

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/HasRoleLevel.java

@@ -2,12 +2,37 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.identifier;
 
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
 import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 
 /**
  * The current user has this RoleLevel.
  */
-public class HasRoleLevel implements Identifier {
+public class HasRoleLevel extends AbstractCommonIdentifier implements Identifier {
+	public static Collection<HasRoleLevel> getIdentifiers(IdentifierBundle ids) {
+		return getIdentifiersForClass(ids, HasRoleLevel.class);
+	}
+
+	public static Collection<String> getRoleLevelUris(IdentifierBundle ids) {
+		Set<String> set = new HashSet<String>();
+		for (HasRoleLevel id : getIdentifiers(ids)) {
+			set.add(id.getRoleLevel().getURI());
+		}
+		return set;
+	}
+	
+	public static RoleLevel getUsersRoleLevel(IdentifierBundle whoToAuth) {
+		Collection<HasRoleLevel> roleIds = getIdentifiers(whoToAuth);
+		if (roleIds.isEmpty()) {
+			return RoleLevel.PUBLIC;
+		} else {
+			return roleIds.iterator().next().getRoleLevel();
+		}
+	}
+
 	private final RoleLevel roleLevel;
 
 	public HasRoleLevel(RoleLevel roleLevel) {

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/IsBlacklisted.java

@@ -0,0 +1,228 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.identifier;
+
+import java.io.File;
+import java.io.FileFilter;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.servlet.ServletContext;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import com.hp.hpl.jena.query.Query;
+import com.hp.hpl.jena.query.QueryExecution;
+import com.hp.hpl.jena.query.QueryExecutionFactory;
+import com.hp.hpl.jena.query.QueryFactory;
+import com.hp.hpl.jena.query.QuerySolution;
+import com.hp.hpl.jena.query.ResultSet;
+import com.hp.hpl.jena.rdf.model.Model;
+import com.hp.hpl.jena.rdf.model.RDFNode;
+
+import edu.cornell.mannlib.vitro.webapp.beans.Individual;
+
+/**
+ * The current user is blacklisted for this reason.
+ */
+public class IsBlacklisted extends AbstractCommonIdentifier implements
+		Identifier {
+	private static final Log log = LogFactory.getLog(IsBlacklisted.class);
+
+	private final static String BLACKLIST_SPARQL_DIR = "/admin/selfEditBlacklist";
+	private static final String NOT_BLACKLISTED = null;
+
+	// ----------------------------------------------------------------------
+	// static methods
+	// ----------------------------------------------------------------------
+
+	/**
+	 * If this individual is blacklisted, return an appropriate Identifier.
+	 * Otherwise, return null.
+	 */
+	public static IsBlacklisted getInstance(Individual individual,
+			ServletContext context) {
+		if (individual == null) {
+			throw new NullPointerException("individual may not be null.");
+		}
+		if (context == null) {
+			throw new NullPointerException("context may not be null.");
+		}
+
+		String reasonForBlacklisting = checkForBlacklisted(individual, context);
+		IsBlacklisted id = new IsBlacklisted(individual.getURI(),
+				reasonForBlacklisting);
+		if (id.isBlacklisted()) {
+			return id;
+		} else {
+			return null;
+		}
+	}
+
+	/**
+	 * Runs through .sparql files in the BLACKLIST_SPARQL_DIR.
+	 * 
+	 * The first that returns one or more rows will be cause the user to be
+	 * blacklisted.
+	 * 
+	 * The first variable from the first solution set will be returned.
+	 */
+	private static String checkForBlacklisted(Individual ind,
+			ServletContext context) {
+		String realPath = context.getRealPath(BLACKLIST_SPARQL_DIR);
+		File blacklistDir = new File(realPath);
+		if (!blacklistDir.isDirectory() || !blacklistDir.canRead()) {
+			log.debug("cannot read blacklist directory " + realPath);
+			return NOT_BLACKLISTED;
+		}
+
+		log.debug("checking directlry " + realPath
+				+ " for blacklisting sparql query files");
+		File[] files = blacklistDir.listFiles(new FileFilter() {
+			@Override
+			public boolean accept(File pathname) {
+				return pathname.getName().endsWith(".sparql");
+			}
+		});
+
+		String reasonForBlacklist = NOT_BLACKLISTED;
+		for (File file : files) {
+			try {
+				reasonForBlacklist = runSparqlFileForBlacklist(file, ind,
+						context);
+				if (reasonForBlacklist != NOT_BLACKLISTED)
+					break;
+			} catch (RuntimeException ex) {
+				log.error(
+						"Could not run blacklist check query for file "
+								+ file.getAbsolutePath() + File.separatorChar
+								+ file.getName(), ex);
+			}
+		}
+		return reasonForBlacklist;
+	}
+
+	/**
+	 * Runs the SPARQL query in the file with the uri of the individual
+	 * substituted in.
+	 * 
+	 * The URI of ind will be substituted into the query where ever the token
+	 * "?individualURI" is found.
+	 * 
+	 * If there are any solution sets, then the URI of the variable named
+	 * "cause" will be returned. Make sure that it is a resource with a URI.
+	 * Otherwise null will be returned.
+	 */
+	private static String runSparqlFileForBlacklist(File file, Individual ind,
+			ServletContext context) {
+		if (!file.canRead()) {
+			log.debug("cannot read blacklisting SPARQL file " + file.getName());
+			return NOT_BLACKLISTED;
+		}
+
+		String queryString = null;
+		FileInputStream fis = null;
+		try {
+			fis = new FileInputStream(file);
+			byte b[] = new byte[fis.available()];
+			fis.read(b);
+			queryString = new String(b);
+		} catch (IOException ioe) {
+			log.debug(ioe);
+			return NOT_BLACKLISTED;
+		} finally {
+			if (fis != null) {
+				try {
+					fis.close();
+				} catch (IOException e) {
+					log.warn("could not close file", e);
+				}
+			}
+		}
+
+		if (StringUtils.isEmpty(queryString)) {
+			log.debug(file.getName() + " is empty");
+			return NOT_BLACKLISTED;
+		}
+
+		Model model = (Model) context.getAttribute("jenaOntModel");
+
+		queryString = queryString.replaceAll("\\?individualURI",
+				"<" + ind.getURI() + ">");
+		log.debug(queryString);
+
+		Query query = QueryFactory.create(queryString);
+		QueryExecution qexec = QueryExecutionFactory.create(query, model);
+		try {
+			ResultSet results = qexec.execSelect();
+			while (results.hasNext()) {
+				QuerySolution solution = results.nextSolution();
+				if (solution.contains("cause")) {
+					RDFNode node = solution.get("cause");
+					if (node.isResource()) {
+						return node.asResource().getURI();
+					} else if (node.isLiteral()) {
+						return node.asLiteral().getString();
+					}
+				} else {
+					log.error("Query solution must contain a variable "
+							+ "\"cause\" of type Resource or Literal.");
+					return NOT_BLACKLISTED;
+				}
+			}
+		} finally {
+			qexec.close();
+		}
+		return NOT_BLACKLISTED;
+	}
+
+	public static Collection<IsBlacklisted> getIdentifiers(IdentifierBundle ids) {
+		return getIdentifiersForClass(ids, IsBlacklisted.class);
+	}
+
+	public static Collection<String> getBlacklistReasons(IdentifierBundle ids) {
+		Set<String> set = new HashSet<String>();
+		for (IsBlacklisted id : getIdentifiers(ids)) {
+			if (id.isBlacklisted()) {
+				set.add(id.getReasonForBlacklisting());
+			}
+		}
+		return set;
+	}
+
+	// ----------------------------------------------------------------------
+	// the Identifier
+	// ----------------------------------------------------------------------
+
+	private final String associatedIndividualUri;
+	private final String reasonForBlacklisting;
+
+	public IsBlacklisted(String associatedIndividualUri,
+			String reasonForBlacklisting) {
+		this.associatedIndividualUri = associatedIndividualUri;
+		this.reasonForBlacklisting = reasonForBlacklisting;
+	}
+
+	public String getAssociatedIndividualUri() {
+		return associatedIndividualUri;
+	}
+
+	public boolean isBlacklisted() {
+		return reasonForBlacklisting != NOT_BLACKLISTED;
+	}
+
+	public String getReasonForBlacklisting() {
+		return reasonForBlacklisting;
+	}
+
+	@Override
+	public String toString() {
+		return "IsBlacklisted['" + reasonForBlacklisting + "']";
+	}
+
+}

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/IsUser.java

@@ -0,0 +1,39 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.identifier;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * The current user has this URI.
+ */
+public class IsUser extends AbstractCommonIdentifier implements Identifier {
+	public static Collection<IsUser> getIdentifiers(IdentifierBundle ids) {
+		return getIdentifiersForClass(ids, IsUser.class);
+	}
+
+	public static Collection<String> getUserUris(IdentifierBundle ids) {
+		Set<String> set = new HashSet<String>();
+		for (IsUser id : getIdentifiers(ids)) {
+			set.add(id.getUri());
+		}
+		return set;
+	}
+
+	private final String uri;
+
+	public IsUser(String uri) {
+		this.uri = uri;
+	}
+
+	public String getUri() {
+		return uri;
+	}
+
+	@Override
+	public String toString() {
+		return "IsUser[" + uri + "]";
+	}
+}

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataByRoleLevelPolicy.java

@@ -8,7 +8,6 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasRoleLevel;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
@@ -51,7 +50,7 @@ public class DisplayRestrictedDataByRoleLevelPolicy implements PolicyIface {
 			return defaultDecision("whatToAuth was null");
 		}
 
-		RoleLevel userRole = getUsersRoleLevel(whoToAuth);
+		RoleLevel userRole = HasRoleLevel.getUsersRoleLevel(whoToAuth);
 
 		PolicyDecision result;
 		if (whatToAuth instanceof DisplayDataProperty) {
@@ -164,17 +163,4 @@ public class DisplayRestrictedDataByRoleLevelPolicy implements PolicyIface {
 				.canDisplayPredicate(uri, userRole);
 	}
 
-	/**
-	 * The user is nobody unless they have a HasRoleLevel identifier.
-	 */
-	private RoleLevel getUsersRoleLevel(IdentifierBundle whoToAuth) {
-		RoleLevel userRole = RoleLevel.PUBLIC;
-		for (Identifier id : whoToAuth) {
-			if (id instanceof HasRoleLevel) {
-				userRole = ((HasRoleLevel) id).getRoleLevel();
-			}
-		}
-		return userRole;
-	}
-
 }

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataToSelfPolicy.java

@@ -2,9 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy;
 
-import java.util.ArrayList;
 import java.util.Collection;
-import java.util.List;
 
 import javax.servlet.ServletContext;
 
@@ -13,7 +11,6 @@ import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasAssociatedIndividual;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasRoleLevel;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
@@ -24,9 +21,9 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayData
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectProperty;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
+import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
-import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 
 /**
  * Permit display of various data if it relates to the user's associated
@@ -60,12 +57,13 @@ public class DisplayRestrictedDataToSelfPolicy implements PolicyIface {
 			return defaultDecision("whatToAuth was null");
 		}
 
-		RoleLevel userRole = getUsersRoleLevel(whoToAuth);
+		RoleLevel userRole = HasRoleLevel.getUsersRoleLevel(whoToAuth);
 		if (userRole != RoleLevel.SELF) {
 			return defaultDecision("not a self-editor");
 		}
 
-		Collection<String> associated = getAssociatedIndividualUris(whoToAuth);
+		Collection<String> associated = HasAssociatedIndividual
+				.getIndividualUris(whoToAuth);
 		if (associated.isEmpty()) {
 			return defaultDecision("not self-editing for anyone");
 		}
@@ -177,35 +175,4 @@ public class DisplayRestrictedDataToSelfPolicy implements PolicyIface {
 		return false;
 	}
 
-	/**
-	 * The user is nobody unless they have a HasRoleLevel identifier.
-	 */
-	private RoleLevel getUsersRoleLevel(IdentifierBundle whoToAuth) {
-		RoleLevel userRole = RoleLevel.PUBLIC;
-		for (Identifier id : whoToAuth) {
-			if (id instanceof HasRoleLevel) {
-				userRole = ((HasRoleLevel) id).getRoleLevel();
-			}
-		}
-		return userRole;
-	}
-
-	/**
-	 * Find out who the user has self-editing rights for. We only include the
-	 * ones that are not blacklisted.
-	 */
-	private Collection<String> getAssociatedIndividualUris(
-			IdentifierBundle whoToAuth) {
-		List<String> list = new ArrayList<String>();
-		for (Identifier id : whoToAuth) {
-			if (id instanceof HasAssociatedIndividual) {
-				HasAssociatedIndividual haiId = (HasAssociatedIndividual) id;
-				if (!haiId.isBlacklisted()) {
-					list.add(haiId.getAssociatedIndividualUri());
-				}
-			}
-		}
-		return list;
-	}
-
 }

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java

@@ -6,7 +6,6 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasRoleLevel;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
@@ -49,7 +48,7 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
 			return defaultDecision("whatToAuth was null");
 		}
 
-		RoleLevel userRole = getUsersRoleLevel(whoToAuth);
+		RoleLevel userRole = HasRoleLevel.getUsersRoleLevel(whoToAuth);
 
 		PolicyDecision result;
 		if (whatToAuth instanceof UseAdvancedDataToolsPages) {
@@ -141,16 +140,4 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
 		return new BasicPolicyDecision(Authorization.INCONCLUSIVE, message);
 	}
 
-	/**
-	 * The user is nobody unless they have a HasRoleLevel identifier.
-	 */
-	private RoleLevel getUsersRoleLevel(IdentifierBundle whoToAuth) {
-		RoleLevel userRole = RoleLevel.PUBLIC;
-		for (Identifier id : whoToAuth) {
-			if (id instanceof HasRoleLevel) {
-				userRole = ((HasRoleLevel) id).getRoleLevel();
-			}
-		}
-		return userRole;
-	}
 }

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java

@@ -41,7 +41,7 @@ public class CommonPolicyFamilySetup implements ServletContextListener {
 					new UseRestrictedPagesByRoleLevelPolicy());
 
 			// This factory creates Identifiers for all of the above policies.
-			CommonIdentifierBundleFactory factory = new CommonIdentifierBundleFactory();
+			CommonIdentifierBundleFactory factory = new CommonIdentifierBundleFactory(ctx);
 
 			ActiveIdentifierBundleFactories.addFactory(sce, factory);
 		} catch (Exception e) {

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/AbstractRelationshipPolicy.java

@@ -19,9 +19,6 @@ import com.hp.hpl.jena.rdf.model.SimpleSelector;
 import com.hp.hpl.jena.rdf.model.StmtIterator;
 import com.hp.hpl.jena.shared.Lock;
 
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasAssociatedIndividual;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
-import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.BasicPolicyDecision;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
@@ -47,24 +44,6 @@ public abstract class AbstractRelationshipPolicy implements PolicyIface {
 		this.model = model;
 	}
 
-	/**
-	 * Check to see whether we are self-editing, and for which Individuals.
-	 */
-	protected List<String> getUrisOfSelfEditor(IdentifierBundle ids) {
-		List<String> uris = new ArrayList<String>();
-		if (ids != null) {
-			for (Identifier id : ids) {
-				if (id instanceof HasAssociatedIndividual) {
-					HasAssociatedIndividual selfEditId = (HasAssociatedIndividual) id;
-					if (!selfEditId.isBlacklisted()) {
-						uris.add(selfEditId.getAssociatedIndividualUri());
-					}
-				}
-			}
-		}
-		return uris;
-	}
-
 	protected boolean canModifyResource(String uri) {
 		return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyResource(
 				uri, RoleLevel.SELF);

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/SelfEditorRelationshipPolicy.java

@@ -2,6 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships;
 
+import java.util.ArrayList;
 import java.util.List;
 
 import javax.servlet.ServletContext;
@@ -13,6 +14,7 @@ import org.apache.commons.logging.LogFactory;
 
 import com.hp.hpl.jena.ontology.OntModel;
 
+import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasAssociatedIndividual;
 import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
@@ -128,7 +130,8 @@ public class SelfEditorRelationshipPolicy extends AbstractRelationshipPolicy
 
 	private PolicyDecision isAuthorized(IdentifierBundle ids,
 			DistilledAction action) {
-		List<String> userUris = getUrisOfSelfEditor(ids);
+		List<String> userUris = new ArrayList<String>(
+				HasAssociatedIndividual.getIndividualUris(ids));
 
 		if (userUris.isEmpty()) {
 			return inconclusiveDecision("Not self-editing.");

webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/SelfEditorRelationshipPolicyTest.java

@@ -420,7 +420,7 @@ public class SelfEditorRelationshipPolicyTest extends AbstractTestClass {
 	// ----------------------------------------------------------------------
 
 	private HasAssociatedIndividual makeSelfEditingId(String uri) {
-		return new HasAssociatedIndividual(uri, null);
+		return new HasAssociatedIndividual(uri);
 	}
 
 	private void assertDecision(Authorization expected, PolicyDecision decision) {