litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-2299 Improve the code in the common family of Identifiers.

Browse source
This commit is contained in:
j2blake 2011-05-11 20:59:30 +00:00
parent ba94c92458
commit 7002110c28
13 changed files with 397 additions and 288 deletions
Download patch file Download diff file Expand all files Collapse all files

24
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/AbstractCommonIdentifier.java Normal file
View file

@ -0,0 +1,24 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
/**
* A base class for the Identifiers created by the
* CommonIdentifierBundleFactory.
*/
public abstract class AbstractCommonIdentifier {
protected static <T> Collection<T> getIdentifiersForClass(
IdentifierBundle ids, Class<T> clazz) {
Set<T> set = new HashSet<T>();
for (Identifier id : ids) {
if (clazz.isAssignableFrom(id.getClass())) {
set.add(clazz.cast(id));
}
}
return set;
}
}

79
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/CommonIdentifierBundleFactory.java
View file

@ -29,26 +29,46 @@ public class CommonIdentifierBundleFactory implements IdentifierBundleFactory {
private static final Log log = LogFactory
.getLog(CommonIdentifierBundleFactory.class);
private final ServletContext context;
public CommonIdentifierBundleFactory(ServletContext context) {
this.context = context;
}
@Override
public IdentifierBundle getIdentifierBundle(ServletRequest request,
HttpSession session, ServletContext context) {
HttpSession session, ServletContext unusedContext) {
// If this is not an HttpServletRequest, we might as well fail now.
HttpServletRequest req = (HttpServletRequest) request;
ArrayIdentifierBundle bundle = new ArrayIdentifierBundle();
bundle.addAll(determineRoleLevelIdentifiers(req));
bundle.addAll(determineAssociatedIndividualIdentifiers(req));
bundle.addAll(createUserIdentifiers(req));
bundle.addAll(createRoleLevelIdentifiers(req));
bundle.addAll(createBlacklistOrAssociatedIndividualIdentifiers(req));
return bundle;
}
/**
* If the user is logged in, create an identifier that shows his URI.
*/
private Collection<? extends Identifier> createUserIdentifiers(
HttpServletRequest req) {
LoginStatusBean bean = LoginStatusBean.getBean(req);
if (bean.isLoggedIn()) {
return Collections.singleton(new IsUser(bean.getUserURI()));
} else {
return Collections.emptySet();
}
}
/**
* Create an identifier that shows the role level of the current user, or
* PUBLIC if the user is not logged in.
*/
private Collection<? extends Identifier> determineRoleLevelIdentifiers(
private Collection<? extends Identifier> createRoleLevelIdentifiers(
HttpServletRequest req) {
RoleLevel roleLevel = RoleLevel.getRoleFromLoginStatus(req);
return Collections.singleton(new HasRoleLevel(roleLevel));
@ -56,37 +76,48 @@ public class CommonIdentifierBundleFactory implements IdentifierBundleFactory {
/**
* Find all of the individuals that are associated with the current user,
* and create an Identifier for each one.
* and create either an IsBlacklisted or HasAssociatedIndividual for each
* one.
*/
private Collection<? extends Identifier> determineAssociatedIndividualIdentifiers(
private Collection<? extends Identifier> createBlacklistOrAssociatedIndividualIdentifiers(
HttpServletRequest req) {
Collection<Identifier> ids = new ArrayList<Identifier>();
for (Individual ind : getAssociatedIndividuals(req)) {
// If they are blacklisted, this factory will return an identifier
Identifier id = IsBlacklisted.getInstance(ind, context);
if (id != null) {
ids.add(id);
} else {
ids.add(new HasAssociatedIndividual(ind.getURI()));
}
}
return ids;
}
private Collection<Individual> getAssociatedIndividuals(
HttpServletRequest req) {
Collection<Individual> individuals = new ArrayList<Individual>();
LoginStatusBean bean = LoginStatusBean.getBean(req);
String username = bean.getUsername();
if (!bean.isLoggedIn()) {
log.debug("No SelfEditing: not logged in.");
return ids;
log.debug("No Associated Individuals: not logged in.");
return individuals;
}
if (StringUtils.isEmpty(username)) {
log.debug("No SelfEditing: username is empty.");
return ids;
log.debug("No Associated Individuals: username is empty.");
return individuals;
}
HttpSession session = req.getSession(false);
if (session == null) {
log.debug("No SelfEditing: session is null.");
return ids;
}
ServletContext context = session.getServletContext();
WebappDaoFactory wdf = (WebappDaoFactory) context
.getAttribute("webappDaoFactory");
if (wdf == null) {
log.error("Could not get a WebappDaoFactory from the ServletContext");
return ids;
return individuals;
}
IndividualDao indDao = wdf.getIndividualDao();
@ -96,22 +127,18 @@ public class CommonIdentifierBundleFactory implements IdentifierBundleFactory {
if (uri == null) {
log.debug("Could not find an Individual with a netId of "
+ username);
return ids;
return individuals;
}
Individual ind = indDao.getIndividualByURI(uri);
if (ind == null) {
log.warn("Found a URI for the netId " + username
+ " but could not build Individual");
return ids;
return individuals;
}
log.debug("Found an Individual for netId " + username + " URI: " + uri);
// Use the factory method to fill in the Blacklisting reason, if there
// is one.
ids.add(HasAssociatedIndividual.getInstance(ind, context));
return ids;
individuals.add(ind);
return individuals;
}
}

186
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/HasAssociatedIndividual.java
View file

@ -2,27 +2,9 @@
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.IOException;
import javax.servlet.ServletContext;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.query.Query;
import com.hp.hpl.jena.query.QueryExecution;
import com.hp.hpl.jena.query.QueryExecutionFactory;
import com.hp.hpl.jena.query.QueryFactory;
import com.hp.hpl.jena.query.QuerySolution;
import com.hp.hpl.jena.query.ResultSet;
import com.hp.hpl.jena.rdf.model.Model;
import com.hp.hpl.jena.rdf.model.RDFNode;
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
/**
* The current user is associated with this Individual.
@ -30,172 +12,34 @@ import edu.cornell.mannlib.vitro.webapp.beans.Individual;
* This includes a thick factory method that will look through a directory of
* files to determine whether the associated individual is blacklisted.
*/
public class HasAssociatedIndividual implements Identifier {
private static final Log log = LogFactory
.getLog(HasAssociatedIndividual.class);
public class HasAssociatedIndividual extends AbstractCommonIdentifier implements
Identifier {
private final static String BLACKLIST_SPARQL_DIR = "/admin/selfEditBlacklist";
private static final String NOT_BLACKLISTED = null;
// ----------------------------------------------------------------------
// static methods
// ----------------------------------------------------------------------
public static HasAssociatedIndividual getInstance(Individual individual,
ServletContext context) {
if (individual == null) {
throw new NullPointerException("individual may not be null.");
}
if (context == null) {
throw new NullPointerException("context may not be null.");
public static Collection<HasAssociatedIndividual> getIdentifiers(
IdentifierBundle ids) {
return getIdentifiersForClass(ids, HasAssociatedIndividual.class);
}
String reasonForBlacklisting = checkForBlacklisted(individual, context);
return new HasAssociatedIndividual(individual.getURI(),
reasonForBlacklisting);
public static Collection<String> getIndividualUris(IdentifierBundle ids) {
Set<String> set = new HashSet<String>();
for (HasAssociatedIndividual id : getIdentifiers(ids)) {
set.add(id.getAssociatedIndividualUri());
}
/**
* Runs through .sparql files in the BLACKLIST_SPARQL_DIR.
*
* The first that returns one or more rows will be cause the user to be
* blacklisted.
*
* The first variable from the first solution set will be returned.
*/
private static String checkForBlacklisted(Individual ind,
ServletContext context) {
String realPath = context.getRealPath(BLACKLIST_SPARQL_DIR);
File blacklistDir = new File(realPath);
if (!blacklistDir.isDirectory() || !blacklistDir.canRead()) {
log.debug("cannot read blacklist directory " + realPath);
return NOT_BLACKLISTED;
return set;
}
log.debug("checking directlry " + realPath
+ " for blacklisting sparql query files");
File[] files = blacklistDir.listFiles(new FileFilter() {
@Override
public boolean accept(File pathname) {
return pathname.getName().endsWith(".sparql");
}
});
String reasonForBlacklist = NOT_BLACKLISTED;
for (File file : files) {
try {
reasonForBlacklist = runSparqlFileForBlacklist(file, ind,
context);
if (reasonForBlacklist != NOT_BLACKLISTED)
break;
} catch (RuntimeException ex) {
log.error(
"Could not run blacklist check query for file "
+ file.getAbsolutePath() + File.separatorChar
+ file.getName(), ex);
}
}
return reasonForBlacklist;
}
/**
* Runs the SPARQL query in the file with the uri of the individual
* substituted in.
*
* The URI of ind will be substituted into the query where ever the token
* "?individualURI" is found.
*
* If there are any solution sets, then the URI of the variable named
* "cause" will be returned. Make sure that it is a resource with a URI.
* Otherwise null will be returned.
*/
private static String runSparqlFileForBlacklist(File file, Individual ind,
ServletContext context) {
if (!file.canRead()) {
log.debug("cannot read blacklisting SPARQL file " + file.getName());
return NOT_BLACKLISTED;
}
String queryString = null;
FileInputStream fis = null;
try {
fis = new FileInputStream(file);
byte b[] = new byte[fis.available()];
fis.read(b);
queryString = new String(b);
} catch (IOException ioe) {
log.debug(ioe);
return NOT_BLACKLISTED;
} finally {
if (fis != null) {
try {
fis.close();
} catch (IOException e) {
log.warn("could not close file", e);
}
}
}
if (StringUtils.isEmpty(queryString)) {
log.debug(file.getName() + " is empty");
return NOT_BLACKLISTED;
}
Model model = (Model) context.getAttribute("jenaOntModel");
queryString = queryString.replaceAll("\\?individualURI",
"<" + ind.getURI() + ">");
log.debug(queryString);
Query query = QueryFactory.create(queryString);
QueryExecution qexec = QueryExecutionFactory.create(query, model);
try {
ResultSet results = qexec.execSelect();
while (results.hasNext()) {
QuerySolution solution = results.nextSolution();
if (solution.contains("cause")) {
RDFNode node = solution.get("cause");
if (node.isResource()) {
return node.asResource().getURI();
} else if (node.isLiteral()) {
return node.asLiteral().getString();
}
} else {
log.error("Query solution must contain a variable "
+ "\"cause\" of type Resource or Literal.");
return NOT_BLACKLISTED;
}
}
} finally {
qexec.close();
}
return NOT_BLACKLISTED;
}
// ----------------------------------------------------------------------
// the Identifier
// ----------------------------------------------------------------------
private final String associatedIndividualUri;
private final String reasonForBlacklisting;
public HasAssociatedIndividual(String associatedIndividualUri,
String reasonForBlacklisting) {
public HasAssociatedIndividual(String associatedIndividualUri) {
this.associatedIndividualUri = associatedIndividualUri;
this.reasonForBlacklisting = reasonForBlacklisting;
}
public String getAssociatedIndividualUri() {
return associatedIndividualUri;
}
public boolean isBlacklisted() {
return reasonForBlacklisting != NOT_BLACKLISTED;
}
@Override
public String toString() {
return "HasAssociatedIndividual['" + associatedIndividualUri
+ "', blacklist='" + reasonForBlacklisting + "']";
return "HasAssociatedIndividual['" + associatedIndividualUri + "']";
}
}

27
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/HasRoleLevel.java
View file

@ -2,12 +2,37 @@
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
/**
* The current user has this RoleLevel.
*/
public class HasRoleLevel implements Identifier {
public class HasRoleLevel extends AbstractCommonIdentifier implements Identifier {
public static Collection<HasRoleLevel> getIdentifiers(IdentifierBundle ids) {
return getIdentifiersForClass(ids, HasRoleLevel.class);
}
public static Collection<String> getRoleLevelUris(IdentifierBundle ids) {
Set<String> set = new HashSet<String>();
for (HasRoleLevel id : getIdentifiers(ids)) {
set.add(id.getRoleLevel().getURI());
}
return set;
}
public static RoleLevel getUsersRoleLevel(IdentifierBundle whoToAuth) {
Collection<HasRoleLevel> roleIds = getIdentifiers(whoToAuth);
if (roleIds.isEmpty()) {
return RoleLevel.PUBLIC;
} else {
return roleIds.iterator().next().getRoleLevel();
}
}
private final RoleLevel roleLevel;
public HasRoleLevel(RoleLevel roleLevel) {

228
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/IsBlacklisted.java Normal file
View file

@ -0,0 +1,228 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.ServletContext;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.query.Query;
import com.hp.hpl.jena.query.QueryExecution;
import com.hp.hpl.jena.query.QueryExecutionFactory;
import com.hp.hpl.jena.query.QueryFactory;
import com.hp.hpl.jena.query.QuerySolution;
import com.hp.hpl.jena.query.ResultSet;
import com.hp.hpl.jena.rdf.model.Model;
import com.hp.hpl.jena.rdf.model.RDFNode;
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
/**
* The current user is blacklisted for this reason.
*/
public class IsBlacklisted extends AbstractCommonIdentifier implements
Identifier {
private static final Log log = LogFactory.getLog(IsBlacklisted.class);
private final static String BLACKLIST_SPARQL_DIR = "/admin/selfEditBlacklist";
private static final String NOT_BLACKLISTED = null;
// ----------------------------------------------------------------------
// static methods
// ----------------------------------------------------------------------
/**
* If this individual is blacklisted, return an appropriate Identifier.
* Otherwise, return null.
*/
public static IsBlacklisted getInstance(Individual individual,
ServletContext context) {
if (individual == null) {
throw new NullPointerException("individual may not be null.");
}
if (context == null) {
throw new NullPointerException("context may not be null.");
}
String reasonForBlacklisting = checkForBlacklisted(individual, context);
IsBlacklisted id = new IsBlacklisted(individual.getURI(),
reasonForBlacklisting);
if (id.isBlacklisted()) {
return id;
} else {
return null;
}
}
/**
* Runs through .sparql files in the BLACKLIST_SPARQL_DIR.
*
* The first that returns one or more rows will be cause the user to be
* blacklisted.
*
* The first variable from the first solution set will be returned.
*/
private static String checkForBlacklisted(Individual ind,
ServletContext context) {
String realPath = context.getRealPath(BLACKLIST_SPARQL_DIR);
File blacklistDir = new File(realPath);
if (!blacklistDir.isDirectory() || !blacklistDir.canRead()) {
log.debug("cannot read blacklist directory " + realPath);
return NOT_BLACKLISTED;
}
log.debug("checking directlry " + realPath
+ " for blacklisting sparql query files");
File[] files = blacklistDir.listFiles(new FileFilter() {
@Override
public boolean accept(File pathname) {
return pathname.getName().endsWith(".sparql");
}
});
String reasonForBlacklist = NOT_BLACKLISTED;
for (File file : files) {
try {
reasonForBlacklist = runSparqlFileForBlacklist(file, ind,
context);
if (reasonForBlacklist != NOT_BLACKLISTED)
break;
} catch (RuntimeException ex) {
log.error(
"Could not run blacklist check query for file "
+ file.getAbsolutePath() + File.separatorChar
+ file.getName(), ex);
}
}
return reasonForBlacklist;
}
/**
* Runs the SPARQL query in the file with the uri of the individual
* substituted in.
*
* The URI of ind will be substituted into the query where ever the token
* "?individualURI" is found.
*
* If there are any solution sets, then the URI of the variable named
* "cause" will be returned. Make sure that it is a resource with a URI.
* Otherwise null will be returned.
*/
private static String runSparqlFileForBlacklist(File file, Individual ind,
ServletContext context) {
if (!file.canRead()) {
log.debug("cannot read blacklisting SPARQL file " + file.getName());
return NOT_BLACKLISTED;
}
String queryString = null;
FileInputStream fis = null;
try {
fis = new FileInputStream(file);
byte b[] = new byte[fis.available()];
fis.read(b);
queryString = new String(b);
} catch (IOException ioe) {
log.debug(ioe);
return NOT_BLACKLISTED;
} finally {
if (fis != null) {
try {
fis.close();
} catch (IOException e) {
log.warn("could not close file", e);
}
}
}
if (StringUtils.isEmpty(queryString)) {
log.debug(file.getName() + " is empty");
return NOT_BLACKLISTED;
}
Model model = (Model) context.getAttribute("jenaOntModel");
queryString = queryString.replaceAll("\\?individualURI",
"<" + ind.getURI() + ">");
log.debug(queryString);
Query query = QueryFactory.create(queryString);
QueryExecution qexec = QueryExecutionFactory.create(query, model);
try {
ResultSet results = qexec.execSelect();
while (results.hasNext()) {
QuerySolution solution = results.nextSolution();
if (solution.contains("cause")) {
RDFNode node = solution.get("cause");
if (node.isResource()) {
return node.asResource().getURI();
} else if (node.isLiteral()) {
return node.asLiteral().getString();
}
} else {
log.error("Query solution must contain a variable "
+ "\"cause\" of type Resource or Literal.");
return NOT_BLACKLISTED;
}
}
} finally {
qexec.close();
}
return NOT_BLACKLISTED;
}
public static Collection<IsBlacklisted> getIdentifiers(IdentifierBundle ids) {
return getIdentifiersForClass(ids, IsBlacklisted.class);
}
public static Collection<String> getBlacklistReasons(IdentifierBundle ids) {
Set<String> set = new HashSet<String>();
for (IsBlacklisted id : getIdentifiers(ids)) {
if (id.isBlacklisted()) {
set.add(id.getReasonForBlacklisting());
}
}
return set;
}
// ----------------------------------------------------------------------
// the Identifier
// ----------------------------------------------------------------------
private final String associatedIndividualUri;
private final String reasonForBlacklisting;
public IsBlacklisted(String associatedIndividualUri,
String reasonForBlacklisting) {
this.associatedIndividualUri = associatedIndividualUri;
this.reasonForBlacklisting = reasonForBlacklisting;
}
public String getAssociatedIndividualUri() {
return associatedIndividualUri;
}
public boolean isBlacklisted() {
return reasonForBlacklisting != NOT_BLACKLISTED;
}
public String getReasonForBlacklisting() {
return reasonForBlacklisting;
}
@Override
public String toString() {
return "IsBlacklisted['" + reasonForBlacklisting + "']";
}
}

39
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/identifier/IsUser.java Normal file
View file

@ -0,0 +1,39 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.identifier;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
/**
* The current user has this URI.
*/
public class IsUser extends AbstractCommonIdentifier implements Identifier {
public static Collection<IsUser> getIdentifiers(IdentifierBundle ids) {
return getIdentifiersForClass(ids, IsUser.class);
}
public static Collection<String> getUserUris(IdentifierBundle ids) {
Set<String> set = new HashSet<String>();
for (IsUser id : getIdentifiers(ids)) {
set.add(id.getUri());
}
return set;
}
private final String uri;
public IsUser(String uri) {
this.uri = uri;
}
public String getUri() {
return uri;
}
@Override
public String toString() {
return "IsUser[" + uri + "]";
}
}

16
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataByRoleLevelPolicy.java
View file

@ -8,7 +8,6 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasRoleLevel;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
@ -51,7 +50,7 @@ public class DisplayRestrictedDataByRoleLevelPolicy implements PolicyIface {
return defaultDecision("whatToAuth was null");
}
RoleLevel userRole = getUsersRoleLevel(whoToAuth);
RoleLevel userRole = HasRoleLevel.getUsersRoleLevel(whoToAuth);
PolicyDecision result;
if (whatToAuth instanceof DisplayDataProperty) {
@ -164,17 +163,4 @@ public class DisplayRestrictedDataByRoleLevelPolicy implements PolicyIface {
.canDisplayPredicate(uri, userRole);
}
/**
* The user is nobody unless they have a HasRoleLevel identifier.
*/
private RoleLevel getUsersRoleLevel(IdentifierBundle whoToAuth) {
RoleLevel userRole = RoleLevel.PUBLIC;
for (Identifier id : whoToAuth) {
if (id instanceof HasRoleLevel) {
userRole = ((HasRoleLevel) id).getRoleLevel();
}
}
return userRole;
}
}

41
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataToSelfPolicy.java
View file

@ -2,9 +2,7 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.servlet.ServletContext;
@ -13,7 +11,6 @@ import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasAssociatedIndividual;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasRoleLevel;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
@ -24,9 +21,9 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayData
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
/**
* Permit display of various data if it relates to the user's associated
@ -60,12 +57,13 @@ public class DisplayRestrictedDataToSelfPolicy implements PolicyIface {
return defaultDecision("whatToAuth was null");
}
RoleLevel userRole = getUsersRoleLevel(whoToAuth);
RoleLevel userRole = HasRoleLevel.getUsersRoleLevel(whoToAuth);
if (userRole != RoleLevel.SELF) {
return defaultDecision("not a self-editor");
}
Collection<String> associated = getAssociatedIndividualUris(whoToAuth);
Collection<String> associated = HasAssociatedIndividual
.getIndividualUris(whoToAuth);
if (associated.isEmpty()) {
return defaultDecision("not self-editing for anyone");
}
@ -177,35 +175,4 @@ public class DisplayRestrictedDataToSelfPolicy implements PolicyIface {
return false;
}
/**
* The user is nobody unless they have a HasRoleLevel identifier.
*/
private RoleLevel getUsersRoleLevel(IdentifierBundle whoToAuth) {
RoleLevel userRole = RoleLevel.PUBLIC;
for (Identifier id : whoToAuth) {
if (id instanceof HasRoleLevel) {
userRole = ((HasRoleLevel) id).getRoleLevel();
}
}
return userRole;
}
/**
* Find out who the user has self-editing rights for. We only include the
* ones that are not blacklisted.
*/
private Collection<String> getAssociatedIndividualUris(
IdentifierBundle whoToAuth) {
List<String> list = new ArrayList<String>();
for (Identifier id : whoToAuth) {
if (id instanceof HasAssociatedIndividual) {
HasAssociatedIndividual haiId = (HasAssociatedIndividual) id;
if (!haiId.isBlacklisted()) {
list.add(haiId.getAssociatedIndividualUri());
}
}
}
return list;
}
}

15
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java
View file

@ -6,7 +6,6 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasRoleLevel;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
@ -49,7 +48,7 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
return defaultDecision("whatToAuth was null");
}
RoleLevel userRole = getUsersRoleLevel(whoToAuth);
RoleLevel userRole = HasRoleLevel.getUsersRoleLevel(whoToAuth);
PolicyDecision result;
if (whatToAuth instanceof UseAdvancedDataToolsPages) {
@ -141,16 +140,4 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
return new BasicPolicyDecision(Authorization.INCONCLUSIVE, message);
}
/**
* The user is nobody unless they have a HasRoleLevel identifier.
*/
private RoleLevel getUsersRoleLevel(IdentifierBundle whoToAuth) {
RoleLevel userRole = RoleLevel.PUBLIC;
for (Identifier id : whoToAuth) {
if (id instanceof HasRoleLevel) {
userRole = ((HasRoleLevel) id).getRoleLevel();
}
}
return userRole;
}
}

2
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java
View file

@ -41,7 +41,7 @@ public class CommonPolicyFamilySetup implements ServletContextListener {
new UseRestrictedPagesByRoleLevelPolicy());
// This factory creates Identifiers for all of the above policies.
CommonIdentifierBundleFactory factory = new CommonIdentifierBundleFactory();
CommonIdentifierBundleFactory factory = new CommonIdentifierBundleFactory(ctx);
ActiveIdentifierBundleFactories.addFactory(sce, factory);
} catch (Exception e) {

21
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/AbstractRelationshipPolicy.java
View file

@ -19,9 +19,6 @@ import com.hp.hpl.jena.rdf.model.SimpleSelector;
import com.hp.hpl.jena.rdf.model.StmtIterator;
import com.hp.hpl.jena.shared.Lock;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasAssociatedIndividual;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.BasicPolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
@ -47,24 +44,6 @@ public abstract class AbstractRelationshipPolicy implements PolicyIface {
this.model = model;
}
/**
* Check to see whether we are self-editing, and for which Individuals.
*/
protected List<String> getUrisOfSelfEditor(IdentifierBundle ids) {
List<String> uris = new ArrayList<String>();
if (ids != null) {
for (Identifier id : ids) {
if (id instanceof HasAssociatedIndividual) {
HasAssociatedIndividual selfEditId = (HasAssociatedIndividual) id;
if (!selfEditId.isBlacklisted()) {
uris.add(selfEditId.getAssociatedIndividualUri());
}
}
}
}
return uris;
}
protected boolean canModifyResource(String uri) {
return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyResource(
uri, RoleLevel.SELF);

5
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/SelfEditorRelationshipPolicy.java
View file

@ -2,6 +2,7 @@
package edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.ServletContext;
@ -13,6 +14,7 @@ import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.ontology.OntModel;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.HasAssociatedIndividual;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
@ -128,7 +130,8 @@ public class SelfEditorRelationshipPolicy extends AbstractRelationshipPolicy
private PolicyDecision isAuthorized(IdentifierBundle ids,
DistilledAction action) {
List<String> userUris = getUrisOfSelfEditor(ids);
List<String> userUris = new ArrayList<String>(
HasAssociatedIndividual.getIndividualUris(ids));
if (userUris.isEmpty()) {
return inconclusiveDecision("Not self-editing.");

2
webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/SelfEditorRelationshipPolicyTest.java
View file

@ -420,7 +420,7 @@ public class SelfEditorRelationshipPolicyTest extends AbstractTestClass {
// ----------------------------------------------------------------------
private HasAssociatedIndividual makeSelfEditingId(String uri) {
return new HasAssociatedIndividual(uri, null);
return new HasAssociatedIndividual(uri);
}
private void assertDecision(Authorization expected, PolicyDecision decision) {