litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

authorization update for self editors (#106)

Browse source 
* authorization update for self editors

* updating with Brian Lowe's suggestions

* removing extra import per Benjamin Gross's suggestion

* updating indentations

* hoping indentation fixed

* updating code after merging in from master
This commit is contained in:
hudajkhan 2020-02-20 20:07:08 -05:00 committed by GitHub
parent 6d64d27fe4
commit 7420957c65
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 37 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java
View file

@ -13,11 +13,18 @@ import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jena.ontology.OntModel;
import org.apache.jena.vocabulary.RDFS;
import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction;
import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
@ -35,9 +42,11 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTw
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditSubmissionUtils;
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.MultiValueEditSubmission;
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.generators.EditConfigurationGenerator;
import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
import edu.cornell.mannlib.vitro.webapp.web.templatemodels.edit.EditConfigurationTemplateModel;
import edu.cornell.mannlib.vitro.webapp.web.templatemodels.edit.MultiValueEditSubmissionTemplateModel;
/**
* This servlet is intended to handle all requests to create a form for use
* by the N3 editing system. It will examine the request parameters, determine
@ -61,7 +70,32 @@ public class EditRequestDispatchController extends FreemarkerHttpServlet {
@Override
protected AuthorizationRequest requiredActions(VitroRequest vreq) {
return SimplePermission.DO_FRONT_END_EDITING.ACTION;
//Check if this statement can be edited here and return unauthorized if not
String subjectUri = EditConfigurationUtils.getSubjectUri(vreq);
String predicateUri = EditConfigurationUtils.getPredicateUri(vreq);
String objectUri = EditConfigurationUtils.getObjectUri(vreq);
String domainUri = EditConfigurationUtils.getDomainUri(vreq);
String rangeUri = EditConfigurationUtils.getRangeUri(vreq);
Property predicateProp = new Property();
predicateProp.setURI(predicateUri);
predicateProp.setDomainVClassURI(domainUri);
predicateProp.setRangeVClassURI(rangeUri);
OntModel ontModel = ModelAccess.on(vreq).getOntModel();
AbstractObjectPropertyStatementAction objectPropertyAction;
if (objectUri == null) {
objectPropertyAction = new AddObjectPropertyStatement(ontModel, subjectUri, predicateProp, RequestedAction.SOME_URI);
} else {
if (isDeleteForm(vreq)) {
objectPropertyAction = new DropObjectPropertyStatement(ontModel, subjectUri, predicateProp, objectUri);
} else {
objectPropertyAction = new EditObjectPropertyStatement(ontModel, subjectUri, predicateProp, objectUri);
}
}
boolean isAuthorized = PolicyHelper.isAuthorizedForActions(vreq,
new EditDataPropertyStatement(ontModel, subjectUri, predicateUri, objectUri).
or(objectPropertyAction));
return isAuthorized? SimplePermission.DO_FRONT_END_EDITING.ACTION: AuthorizationRequest.UNAUTHORIZED;
}
@Override