From 8ba596bfae4f39f418e51f0152a6f75f31370a0c Mon Sep 17 00:00:00 2001 From: j2blake Date: Wed, 21 Dec 2011 22:08:33 +0000 Subject: [PATCH] NIHVIVO-3523 Convert all simple SELF_EDITOR-or-above requested actions to SimplePermissions. --- .../auth/permissions/SimplePermission.java | 12 +++++++ .../UseRestrictedPagesByRoleLevelPolicy.java | 28 ++-------------- .../querymodel/QueryUserAccountsModel.java | 10 ------ .../usepages/DoFrontEndEditing.java | 11 ------- .../usepages/EditOwnAccount.java | 11 ------- .../usepages/ManageOwnProxies.java | 11 ------- .../usepages/UseBasicAjaxControllers.java | 11 ------- .../usepages/UseMiscellaneousPages.java | 14 -------- .../ajax/ManageProxiesAjaxController.java | 4 +-- .../user/UserAccountsMyAccountPage.java | 6 ++-- .../user/UserAccountsUserController.java | 4 +-- .../ajax/SparqlQueryAjaxController.java | 4 +-- .../controller/edit/PrimitiveDelete.java | 4 +-- .../controller/edit/PrimitiveRdfEdit.java | 7 ++-- .../controller/edit/ReorderController.java | 12 +++---- .../freemarker/FreemarkerHttpServlet.java | 3 +- .../EditRequestDispatchController.java | 7 ++-- .../controller/PostEditCleanupController.java | 4 +-- .../controller/ProcessRdfFormController.java | 4 +-- .../controller/AutocompleteController.java | 4 +-- .../vitro/webapp/sparql/GetAllClasses.java | 6 ++-- .../vitro/webapp/sparql/GetAllPrefix.java | 6 ++-- .../webapp/sparql/GetClazzAllProperties.java | 6 ++-- .../webapp/sparql/GetClazzDataProperties.java | 6 ++-- .../sparql/GetClazzObjectProperties.java | 6 ++-- .../vitro/webapp/sparql/GetObjectClasses.java | 6 ++-- .../WEB-INF/resources/permission_config.n3 | 32 +++++++++++++++++++ 27 files changed, 91 insertions(+), 148 deletions(-) delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/querymodel/QueryUserAccountsModel.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/DoFrontEndEditing.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/EditOwnAccount.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/ManageOwnProxies.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseBasicAjaxControllers.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseMiscellaneousPages.java diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java index 814887a10..10e9e5e8b 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java @@ -30,12 +30,18 @@ public class SimplePermission implements Permission { "AccessSpecialDataModels"); public static final SimplePermission DO_BACK_END_EDITING = new SimplePermission( "DoBackEndEditing"); + public static final SimplePermission DO_FRONT_END_EDITING = new SimplePermission( + "DoFrontEndEditing"); public static final SimplePermission EDIT_ONTOLOGY = new SimplePermission( "EditOntology"); + public static final SimplePermission EDIT_OWN_ACCOUNT = new SimplePermission( + "EditOwnAccount"); public static final SimplePermission EDIT_SITE_INFORMATION = new SimplePermission( "EditSiteInformation"); public static final SimplePermission MANAGE_MENUS = new SimplePermission( "ManageMenus"); + public static final SimplePermission MANAGE_OWN_PROXIES = new SimplePermission( + "ManageOwnProxies"); public static final SimplePermission MANAGE_PORTALS = new SimplePermission( "ManagePortals"); public static final SimplePermission MANAGE_PROXIES = new SimplePermission( @@ -46,6 +52,8 @@ public class SimplePermission implements Permission { "ManageTabs"); public static final SimplePermission MANAGE_USER_ACCOUNTS = new SimplePermission( "ManageUserAccounts"); + public static final SimplePermission QUERY_USER_ACCOUNTS_MODEL = new SimplePermission( + "QueryUserAccountsModel"); public static final SimplePermission REBUILD_VCLASS_GROUP_CACHE = new SimplePermission( "RebuildVClassGroupCache"); public static final SimplePermission REFRESH_VISUALIZATION_CACHE = new SimplePermission( @@ -62,12 +70,16 @@ public class SimplePermission implements Permission { "SeeVerbosePropertyInformation"); public static final SimplePermission USE_ADVANCED_DATA_TOOLS_PAGES = new SimplePermission( "UseAdvancedDataToolsPages"); + public static final SimplePermission USE_BASIC_AJAX_CONTROLLERS = new SimplePermission( + "UseBasicAjaxControllers"); public static final SimplePermission USE_MISCELLANEOUS_ADMIN_PAGES = new SimplePermission( "UseMiscellaneousAdminPages"); public static final SimplePermission USE_MISCELLANEOUS_CURATOR_PAGES = new SimplePermission( "UseMiscellaneousCuratorPages"); public static final SimplePermission USE_MISCELLANEOUS_EDITOR_PAGES = new SimplePermission( "UseMiscellaneousEditorPages"); + public static final SimplePermission USE_MISCELLANEOUS_PAGES = new SimplePermission( + "UseMiscellaneousPages"); public static List getAllInstances() { return new ArrayList(allInstances.values()); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java index 0ba49e6f5..3ee7efb12 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java @@ -12,12 +12,6 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.querymodel.QueryFullModel; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.querymodel.QueryUserAccountsModel; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.DoFrontEndEditing; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.EditOwnAccount; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.ManageOwnProxies; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousPages; import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; /** @@ -41,27 +35,9 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface { RoleLevel userRole = HasRoleLevel.getUsersRoleLevel(whoToAuth); PolicyDecision result; - if (whatToAuth instanceof UseBasicAjaxControllers) { - result = isAuthorized(whatToAuth, RoleLevel.SELF, userRole); - - } else if (whatToAuth instanceof UseMiscellaneousPages) { - result = isAuthorized(whatToAuth, RoleLevel.SELF, userRole); - - } else if (whatToAuth instanceof EditOwnAccount) { - result = isAuthorized(whatToAuth, RoleLevel.SELF, userRole); - - } else if (whatToAuth instanceof ManageOwnProxies) { - result = isAuthorized(whatToAuth, RoleLevel.SELF, userRole); - - } else if (whatToAuth instanceof QueryUserAccountsModel) { - result = isAuthorized(whatToAuth, RoleLevel.SELF, userRole); - - } else if (whatToAuth instanceof DoFrontEndEditing) { - result = isAuthorized(whatToAuth, RoleLevel.SELF, userRole); - - } else if (whatToAuth instanceof QueryFullModel) { + if (whatToAuth instanceof QueryFullModel) { result = isAuthorized(whatToAuth, RoleLevel.PUBLIC, userRole); - + } else { result = defaultDecision("Unrecognized action"); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/querymodel/QueryUserAccountsModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/querymodel/QueryUserAccountsModel.java deleted file mode 100644 index 15f4b5990..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/querymodel/QueryUserAccountsModel.java +++ /dev/null @@ -1,10 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.querymodel; - -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; - -/** Should we allow the user to query the User Accounts model? */ -public class QueryUserAccountsModel extends RequestedAction { - // no fields -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/DoFrontEndEditing.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/DoFrontEndEditing.java deleted file mode 100644 index 5fc5d88c6..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/DoFrontEndEditing.java +++ /dev/null @@ -1,11 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages; - -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; - -/** Should we allow the user to use font-end editing pages (n3 editing) ? */ -public class DoFrontEndEditing extends RequestedAction implements - UsePagesRequestedAction { - // no fields -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/EditOwnAccount.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/EditOwnAccount.java deleted file mode 100644 index 3dc6b73b5..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/EditOwnAccount.java +++ /dev/null @@ -1,11 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages; - -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; - -/** Should we allow the user to edit his own account (name, email, etc)? */ -public class EditOwnAccount extends RequestedAction implements - UsePagesRequestedAction { - // no fields -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/ManageOwnProxies.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/ManageOwnProxies.java deleted file mode 100644 index f468b4ea0..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/ManageOwnProxies.java +++ /dev/null @@ -1,11 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages; - -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; - -/** Should we allow the user to manage the proxy editors for his own profile? */ -public class ManageOwnProxies extends RequestedAction implements - UsePagesRequestedAction { - // no fields -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseBasicAjaxControllers.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseBasicAjaxControllers.java deleted file mode 100644 index 9e1070146..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseBasicAjaxControllers.java +++ /dev/null @@ -1,11 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages; - -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; - -/** Should we allow the user to use the basic Ajax controllers? */ -public class UseBasicAjaxControllers extends RequestedAction implements - UsePagesRequestedAction { - // no fields -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseMiscellaneousPages.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseMiscellaneousPages.java deleted file mode 100644 index ed48b69d9..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseMiscellaneousPages.java +++ /dev/null @@ -1,14 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages; - -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; - -/** - * Should we allow the user to use the odd-lots pages that were designed for - * anyone who is logged in? - */ -public class UseMiscellaneousPages extends RequestedAction implements - UsePagesRequestedAction { - // no fields -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/ManageProxiesAjaxController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/ManageProxiesAjaxController.java index 3e7ba265b..7fbfd3e1d 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/ManageProxiesAjaxController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/manageproxies/ajax/ManageProxiesAjaxController.java @@ -12,7 +12,6 @@ import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.ManageOwnProxies; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController; @@ -27,7 +26,8 @@ public class ManageProxiesAjaxController extends VitroAjaxController { @Override protected Actions requiredActions(VitroRequest vreq) { - return new Actions(new ManageOwnProxies()).or(SimplePermission.MANAGE_PROXIES.ACTION); + return SimplePermission.MANAGE_OWN_PROXIES.ACTIONS + .or(SimplePermission.MANAGE_PROXIES.ACTION); } @Override diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsMyAccountPage.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsMyAccountPage.java index 7dde0303f..19feb2bc4 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsMyAccountPage.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsMyAccountPage.java @@ -13,8 +13,8 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vedit.beans.LoginStatusBean; +import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.ManageOwnProxies; import edu.cornell.mannlib.vitro.webapp.beans.Individual; import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration; import edu.cornell.mannlib.vitro.webapp.beans.UserAccount; @@ -201,8 +201,8 @@ public class UserAccountsMyAccountPage extends UserAccountsPage { } boolean isProxyPanelAuthorized() { - return PolicyHelper - .isAuthorizedForActions(vreq, new ManageOwnProxies()) + return PolicyHelper.isAuthorizedForActions(vreq, + SimplePermission.MANAGE_OWN_PROXIES.ACTIONS) && (getProfilePage(userAccount) != null); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsUserController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsUserController.java index c15933cdc..ac1a73519 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsUserController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsUserController.java @@ -7,8 +7,8 @@ import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSour import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.EditOwnAccount; import edu.cornell.mannlib.vitro.webapp.beans.DisplayMessage; import edu.cornell.mannlib.vitro.webapp.beans.UserAccount; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; @@ -37,7 +37,7 @@ public class UserAccountsUserController extends FreemarkerHttpServlet { String action = vreq.getPathInfo(); if (ACTION_MY_ACCOUNT.equals(action)) { - return new Actions(new EditOwnAccount()); + return SimplePermission.EDIT_OWN_ACCOUNT.ACTIONS; } else { return Actions.AUTHORIZED; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/ajax/SparqlQueryAjaxController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/ajax/SparqlQueryAjaxController.java index 5801a8409..de461c8cb 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/ajax/SparqlQueryAjaxController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/ajax/SparqlQueryAjaxController.java @@ -26,9 +26,9 @@ import com.hp.hpl.jena.query.ResultSetFormatter; import com.hp.hpl.jena.query.Syntax; import com.hp.hpl.jena.rdf.model.Model; +import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.querymodel.QueryFullModel; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.querymodel.QueryUserAccountsModel; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.dao.jena.OntModelSelector; @@ -53,7 +53,7 @@ public class SparqlQueryAjaxController extends VitroAjaxController { protected Actions requiredActions(VitroRequest vreq) { String modelParam = getModelParam(vreq); if (OPTION_MODEL_USER_ACCOUNTS.equals(modelParam)) { - return new Actions(new QueryUserAccountsModel()); + return SimplePermission.QUERY_USER_ACCOUNTS_MODEL.ACTIONS; } else { return new Actions(new QueryFullModel()); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveDelete.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveDelete.java index 3072ea026..f5dfe6836 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveDelete.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveDelete.java @@ -9,8 +9,8 @@ import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController; import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao; @@ -24,7 +24,7 @@ public class PrimitiveDelete extends VitroAjaxController { @Override protected Actions requiredActions(VitroRequest vreq) { - return new Actions(new UseBasicAjaxControllers()); + return SimplePermission.USE_BASIC_AJAX_CONTROLLERS.ACTIONS; } @Override diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveRdfEdit.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveRdfEdit.java index 8976e369d..d78b04a87 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveRdfEdit.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveRdfEdit.java @@ -9,9 +9,7 @@ import java.util.HashSet; import java.util.Set; import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import org.apache.commons.httpclient.HttpStatus; import org.apache.commons.logging.Log; @@ -21,9 +19,8 @@ import com.hp.hpl.jena.ontology.OntModel; import com.hp.hpl.jena.rdf.model.Model; import com.hp.hpl.jena.shared.Lock; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; +import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController; import edu.cornell.mannlib.vitro.webapp.dao.jena.DependentResourceDeleteJena; @@ -38,7 +35,7 @@ public class PrimitiveRdfEdit extends VitroAjaxController { //Using the same setsup as primitive delete @Override protected Actions requiredActions(VitroRequest vreq) { - return new Actions(new UseBasicAjaxControllers()); + return SimplePermission.USE_BASIC_AJAX_CONTROLLERS.ACTIONS; } @Override diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/ReorderController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/ReorderController.java index e6b30c48c..8aeb939b1 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/ReorderController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/ReorderController.java @@ -10,20 +10,18 @@ import org.apache.commons.logging.LogFactory; import com.hp.hpl.jena.datatypes.TypeMapper; import com.hp.hpl.jena.ontology.OntModel; +import com.hp.hpl.jena.rdf.model.Literal; import com.hp.hpl.jena.rdf.model.Model; import com.hp.hpl.jena.rdf.model.ModelFactory; -import com.hp.hpl.jena.rdf.model.Resource; -import com.hp.hpl.jena.rdf.model.ResourceFactory; import com.hp.hpl.jena.rdf.model.Property; import com.hp.hpl.jena.rdf.model.RDFNode; -import com.hp.hpl.jena.rdf.model.Literal; +import com.hp.hpl.jena.rdf.model.Resource; +import com.hp.hpl.jena.rdf.model.ResourceFactory; import com.hp.hpl.jena.shared.Lock; - +import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers; import edu.cornell.mannlib.vitro.webapp.beans.DataProperty; -import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController; import edu.cornell.mannlib.vitro.webapp.dao.DataPropertyStatementDao; @@ -48,7 +46,7 @@ public class ReorderController extends VitroAjaxController { @Override protected Actions requiredActions(VitroRequest vreq) { - return new Actions(new UseBasicAjaxControllers()); + return SimplePermission.USE_BASIC_AJAX_CONTROLLERS.ACTIONS; } @Override diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java index 360137d4f..7928493e1 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java @@ -23,7 +23,6 @@ import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.EditOwnAccount; import edu.cornell.mannlib.vitro.webapp.beans.ApplicationBean; import edu.cornell.mannlib.vitro.webapp.beans.DisplayMessage; import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet; @@ -363,7 +362,7 @@ public class FreemarkerHttpServlet extends VitroHttpServlet { urls.put("currentPage", getCurrentPageUrl(vreq)); urls.put("referringPage", getReferringPageUrl(vreq)); - if (PolicyHelper.isAuthorizedForActions(vreq, new EditOwnAccount())) { + if (PolicyHelper.isAuthorizedForActions(vreq, SimplePermission.EDIT_OWN_ACCOUNT.ACTIONS)) { urls.put("myAccount", UrlBuilder.getUrl("/accounts/myAccount")); } else { urls.remove("myAccount"); // clear value from a previous request diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java index 29edd5493..3172e8bdd 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java @@ -13,8 +13,8 @@ import javax.servlet.http.HttpSession; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.DoFrontEndEditing; import edu.cornell.mannlib.vitro.webapp.beans.DataProperty; import edu.cornell.mannlib.vitro.webapp.beans.Individual; import edu.cornell.mannlib.vitro.webapp.beans.Property; @@ -23,7 +23,6 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.ParamMap; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.DirectRedirectResponseValues; -import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.RedirectResponseValues; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues; import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; @@ -33,8 +32,6 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTw import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditSubmissionUtils; import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.MultiValueEditSubmission; import edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.generators.EditConfigurationGenerator; -import edu.cornell.mannlib.vitro.webapp.web.URLEncoder; -import edu.cornell.mannlib.vitro.webapp.web.beanswrappers.ReadOnlyBeansWrapper; import edu.cornell.mannlib.vitro.webapp.web.templatemodels.edit.EditConfigurationTemplateModel; import edu.cornell.mannlib.vitro.webapp.web.templatemodels.edit.MultiValueEditSubmissionTemplateModel; /** @@ -59,7 +56,7 @@ public class EditRequestDispatchController extends FreemarkerHttpServlet { @Override protected Actions requiredActions(VitroRequest vreq) { - return new Actions(new DoFrontEndEditing()); + return SimplePermission.DO_FRONT_END_EDITING.ACTIONS; } @Override diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/PostEditCleanupController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/PostEditCleanupController.java index be9a3d2dc..10c12642f 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/PostEditCleanupController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/PostEditCleanupController.java @@ -8,8 +8,8 @@ import javax.servlet.http.HttpSession; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.DoFrontEndEditing; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder; @@ -31,7 +31,7 @@ public class PostEditCleanupController extends FreemarkerHttpServlet{ @Override protected Actions requiredActions(VitroRequest vreq) { - return new Actions(new DoFrontEndEditing()); + return SimplePermission.DO_FRONT_END_EDITING.ACTIONS; } @Override diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/ProcessRdfFormController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/ProcessRdfFormController.java index 30b4da44a..51c23e6c2 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/ProcessRdfFormController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/ProcessRdfFormController.java @@ -18,8 +18,8 @@ import com.hp.hpl.jena.rdf.model.Model; import com.hp.hpl.jena.rdf.model.Property; import com.hp.hpl.jena.rdf.model.ResourceFactory; +import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.DoFrontEndEditing; import edu.cornell.mannlib.vitro.webapp.beans.DataProperty; import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; @@ -52,7 +52,7 @@ public class ProcessRdfFormController extends FreemarkerHttpServlet{ @Override protected Actions requiredActions(VitroRequest vreq) { - return new Actions(new DoFrontEndEditing()); + return SimplePermission.DO_FRONT_END_EDITING.ACTIONS; } @Override diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/AutocompleteController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/AutocompleteController.java index afdb7755e..359a53529 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/AutocompleteController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/AutocompleteController.java @@ -24,8 +24,8 @@ import org.apache.solr.common.SolrDocumentList; import org.json.JSONArray; import org.json.JSONObject; +import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController; import edu.cornell.mannlib.vitro.webapp.search.VitroSearchTermNames; @@ -55,7 +55,7 @@ public class AutocompleteController extends VitroAjaxController { @Override protected Actions requiredActions(VitroRequest vreq) { - return new Actions(new UseBasicAjaxControllers()); + return SimplePermission.USE_BASIC_AJAX_CONTROLLERS.ACTIONS; } @Override diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetAllClasses.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetAllClasses.java index 903b750b2..89a794f37 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetAllClasses.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetAllClasses.java @@ -14,8 +14,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousPages; +import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.beans.VClass; import edu.cornell.mannlib.vitro.webapp.beans.VClassGroup; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; @@ -46,7 +45,8 @@ public class GetAllClasses extends BaseEditController { */ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseMiscellaneousPages()))) { + if (!isAuthorizedToDisplayPage(request, response, + SimplePermission.USE_MISCELLANEOUS_PAGES.ACTIONS)) { return; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetAllPrefix.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetAllPrefix.java index da7b505c5..ab098bb55 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetAllPrefix.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetAllPrefix.java @@ -23,8 +23,7 @@ import com.hp.hpl.jena.vocabulary.RDFS; import com.hp.hpl.jena.vocabulary.XSD; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousPages; +import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean; import edu.cornell.mannlib.vitro.webapp.beans.Ontology; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; @@ -58,7 +57,8 @@ public class GetAllPrefix extends BaseEditController { */ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseMiscellaneousPages()))) { + if (!isAuthorizedToDisplayPage(request, response, + SimplePermission.USE_MISCELLANEOUS_PAGES.ACTIONS)) { return; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetClazzAllProperties.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetClazzAllProperties.java index 11cef69ae..795c1e70d 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetClazzAllProperties.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetClazzAllProperties.java @@ -21,8 +21,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousPages; +import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.beans.DataProperty; import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty; import edu.cornell.mannlib.vitro.webapp.beans.PropertyInstance; @@ -45,7 +44,8 @@ public class GetClazzAllProperties extends BaseEditController { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseMiscellaneousPages()))) { + if (!isAuthorizedToDisplayPage(request, response, + SimplePermission.USE_MISCELLANEOUS_PAGES.ACTIONS)) { return; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetClazzDataProperties.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetClazzDataProperties.java index 48c9582ec..d46bcc0a2 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetClazzDataProperties.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetClazzDataProperties.java @@ -15,8 +15,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousPages; +import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.beans.DataProperty; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDao; @@ -34,7 +33,8 @@ public class GetClazzDataProperties extends BaseEditController { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseMiscellaneousPages()))) { + if (!isAuthorizedToDisplayPage(request, response, + SimplePermission.USE_MISCELLANEOUS_PAGES.ACTIONS)) { return; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetClazzObjectProperties.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetClazzObjectProperties.java index 58e0cac57..2dd3c9c56 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetClazzObjectProperties.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetClazzObjectProperties.java @@ -20,8 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousPages; +import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty; import edu.cornell.mannlib.vitro.webapp.beans.PropertyInstance; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; @@ -41,7 +40,8 @@ public class GetClazzObjectProperties extends BaseEditController { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseMiscellaneousPages()))) { + if (!isAuthorizedToDisplayPage(request, response, + SimplePermission.USE_MISCELLANEOUS_PAGES.ACTIONS)) { return; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetObjectClasses.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetObjectClasses.java index 52d0c0e79..47a72435a 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetObjectClasses.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/sparql/GetObjectClasses.java @@ -14,8 +14,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousPages; +import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty; import edu.cornell.mannlib.vitro.webapp.beans.VClass; import edu.cornell.mannlib.vitro.webapp.beans.VClassGroup; @@ -50,7 +49,8 @@ public class GetObjectClasses extends BaseEditController { */ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseMiscellaneousPages()))) { + if (!isAuthorizedToDisplayPage(request, response, + SimplePermission.USE_MISCELLANEOUS_PAGES.ACTIONS)) { return; } diff --git a/webapp/web/WEB-INF/resources/permission_config.n3 b/webapp/web/WEB-INF/resources/permission_config.n3 index 13c30d8fa..eca3dde66 100644 --- a/webapp/web/WEB-INF/resources/permission_config.n3 +++ b/webapp/web/WEB-INF/resources/permission_config.n3 @@ -34,6 +34,14 @@ auth:ADMIN auth:hasPermission simplePermission:SeeRevisionInfo ; auth:hasPermission simplePermission:SeeSiteAdminPage ; auth:hasPermission simplePermission:UseMiscellaneousEditorPages ; + + # permissions for ANY logged-in user. + auth:hasPermission simplePermission:DoFrontEndEditing ; + auth:hasPermission simplePermission:EditOwnAccount ; + auth:hasPermission simplePermission:ManageOwnProxies ; + auth:hasPermission simplePermission:QueryUserAccountsModel ; + auth:hasPermission simplePermission:UseBasicAjaxControllers ; + auth:hasPermission simplePermission:UseMiscellaneousPages ; . auth:CURATOR @@ -54,6 +62,14 @@ auth:CURATOR auth:hasPermission simplePermission:SeeRevisionInfo ; auth:hasPermission simplePermission:SeeSiteAdminPage ; auth:hasPermission simplePermission:UseMiscellaneousEditorPages ; + + # permissions for ANY logged-in user. + auth:hasPermission simplePermission:DoFrontEndEditing ; + auth:hasPermission simplePermission:EditOwnAccount ; + auth:hasPermission simplePermission:ManageOwnProxies ; + auth:hasPermission simplePermission:QueryUserAccountsModel ; + auth:hasPermission simplePermission:UseBasicAjaxControllers ; + auth:hasPermission simplePermission:UseMiscellaneousPages ; . auth:EDITOR @@ -66,10 +82,26 @@ auth:EDITOR auth:hasPermission simplePermission:SeeRevisionInfo ; auth:hasPermission simplePermission:SeeSiteAdminPage ; auth:hasPermission simplePermission:UseMiscellaneousEditorPages ; + + # permissions for ANY logged-in user. + auth:hasPermission simplePermission:DoFrontEndEditing ; + auth:hasPermission simplePermission:EditOwnAccount ; + auth:hasPermission simplePermission:ManageOwnProxies ; + auth:hasPermission simplePermission:QueryUserAccountsModel ; + auth:hasPermission simplePermission:UseBasicAjaxControllers ; + auth:hasPermission simplePermission:UseMiscellaneousPages ; . auth:SELF_EDITOR a auth:PermissionSet ; a auth:DefaultPermissionSetForNewUsers ; rdfs:label "Self Editor" ; + + # permissions for ANY logged-in user. + auth:hasPermission simplePermission:DoFrontEndEditing ; + auth:hasPermission simplePermission:EditOwnAccount ; + auth:hasPermission simplePermission:ManageOwnProxies ; + auth:hasPermission simplePermission:QueryUserAccountsModel ; + auth:hasPermission simplePermission:UseBasicAjaxControllers ; + auth:hasPermission simplePermission:UseMiscellaneousPages ; .