litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'maint-rel-1.6' into develop

Browse source
This commit is contained in:
j2blake 2014-03-13 12:17:30 -04:00
commit 912c9e964a
1 changed files with 48 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyGroupTemplateModel.java
View file

@ -12,7 +12,9 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayDataProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayDataPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectProperty;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.display.DisplayObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
@ -44,16 +46,11 @@ public class PropertyGroupTemplateModel extends BaseTemplateModel {
List<Property> propertyList = group.getPropertyList();
properties = new ArrayList<PropertyTemplateModel>(propertyList.size());
for (Property p : propertyList) {
if (p instanceof ObjectProperty) {
ObjectProperty op = (ObjectProperty) p;
ObjectPropertyStatement ops = new ObjectPropertyStatementImpl(subject.getURI(), op.getURI(), SOME_URI);
RequestedAction dops = new DisplayObjectPropertyStatement(ops);
/*
* We can't test the ObjectProperty itself for authorization;
* the self-editor policies need to know who the subject is.
*/
if (!PolicyHelper.isAuthorizedForActions(vreq, dops)) {
if (!allowedToDisplay(vreq, op, subject)) {
continue;
}
ObjectPropertyTemplateModel tm = ObjectPropertyTemplateModel.getObjectPropertyTemplateModel(
@ -64,13 +61,7 @@ public class PropertyGroupTemplateModel extends BaseTemplateModel {
} else if (p instanceof DataProperty){
DataProperty dp = (DataProperty) p;
DataPropertyStatementImpl dps = new DataPropertyStatementImpl(subject.getURI(), dp.getURI(), SOME_LITERAL);
RequestedAction dops = new DisplayDataPropertyStatement(dps);
/*
* We can't test the DataProperty itself for authorization; the
* self-editor policies need to know who the subject is.
*/
if (!PolicyHelper.isAuthorizedForActions(vreq, dops)) {
if (!allowedToDisplay(vreq, dp, subject)) {
continue;
}
properties.add(new DataPropertyTemplateModel(dp, subject, vreq, editing, populatedDataPropertyList));
@ -80,6 +71,48 @@ public class PropertyGroupTemplateModel extends BaseTemplateModel {
}
}
/**
* See if the property is permitted in its own right. If not, the property
* statement might still be permitted to a self-editor.
*/
private boolean allowedToDisplay(VitroRequest vreq, ObjectProperty op,
Individual subject) {
RequestedAction dop = new DisplayObjectProperty(op);
if (PolicyHelper.isAuthorizedForActions(vreq, dop)) {
return true;
}
ObjectPropertyStatement ops = new ObjectPropertyStatementImpl(
subject.getURI(), op.getURI(), SOME_URI);
RequestedAction dops = new DisplayObjectPropertyStatement(ops);
if (PolicyHelper.isAuthorizedForActions(vreq, dops)) {
return true;
}
return false;
}
/**
* See if the property is permitted in its own right. If not, the property
* statement might still be permitted to a self-editor.
*/
private boolean allowedToDisplay(VitroRequest vreq, DataProperty dp,
Individual subject) {
RequestedAction dop = new DisplayDataProperty(dp);
if (PolicyHelper.isAuthorizedForActions(vreq, dop)) {
return true;
}
DataPropertyStatementImpl dps = new DataPropertyStatementImpl(
subject.getURI(), dp.getURI(), SOME_LITERAL);
RequestedAction dops = new DisplayDataPropertyStatement(dps);
if (PolicyHelper.isAuthorizedForActions(vreq, dops)) {
return true;
}
return false;
}
protected boolean isEmpty() {
return properties.isEmpty();
}