From a5495f36b448b7751087f5ed37f510e70e35c670 Mon Sep 17 00:00:00 2001 From: j2blake Date: Tue, 20 Dec 2011 22:13:58 +0000 Subject: [PATCH] NIHVIVO-3523 Create the PermissionsPolicy. --- .../webapp/auth/policy/PermissionsPolicy.java | 37 +++++++++++++++++++ .../policy/setup/CommonPolicyFamilySetup.java | 3 ++ 2 files changed, 40 insertions(+) create mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PermissionsPolicy.java diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PermissionsPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PermissionsPolicy.java new file mode 100644 index 000000000..b6be06774 --- /dev/null +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PermissionsPolicy.java @@ -0,0 +1,37 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.auth.policy; + +import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; +import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasPermission; +import edu.cornell.mannlib.vitro.webapp.auth.permissions.Permission; +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; + +/** + * The user is authorized to perform the RequestedAction if one of his + * Permissions will authorize it. + */ +public class PermissionsPolicy implements PolicyIface { + + @Override + public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, + RequestedAction whatToAuth) { + for (Permission p : HasPermission.getPermissions(whoToAuth)) { + if (p.isAuthorized(whatToAuth)) { + return new BasicPolicyDecision(Authorization.AUTHORIZED, + "PermissionsPolicy: approved by " + p); + } + } + return new BasicPolicyDecision(Authorization.INCONCLUSIVE, + "no permission will approve " + whatToAuth); + } + + @Override + public String toString() { + return "PermissionsPolicy - " + hashCode(); + } + +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java index 8f21eb5ef..2a9d02a27 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CommonPolicyFamilySetup.java @@ -11,6 +11,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.CommonIdentifierB import edu.cornell.mannlib.vitro.webapp.auth.policy.DisplayRestrictedDataByRoleLevelPolicy; import edu.cornell.mannlib.vitro.webapp.auth.policy.DisplayRestrictedDataToSelfPolicy; import edu.cornell.mannlib.vitro.webapp.auth.policy.EditRestrictedDataByRoleLevelPolicy; +import edu.cornell.mannlib.vitro.webapp.auth.policy.PermissionsPolicy; import edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy; import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; import edu.cornell.mannlib.vitro.webapp.auth.policy.UseRestrictedPagesByRoleLevelPolicy; @@ -27,6 +28,8 @@ public class CommonPolicyFamilySetup implements ServletContextListener { StartupStatus ss = StartupStatus.getBean(ctx); try { + ServletPolicyList.addPolicy(ctx, new PermissionsPolicy()); + ServletPolicyList.addPolicy(ctx, new DisplayRestrictedDataByRoleLevelPolicy(ctx)); ServletPolicyList.addPolicy(ctx,