NIHVIVO-3523 Create the PermissionsPolicy.
This commit is contained in:
j2blake
parent
df0da56e7b
commit
a5495f36b4
2 changed files with 40 additions and 0 deletions
|
|
@ -0,0 +1,37 @@
|
||||||
|
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
|
||||||
|
|
||||||
|
package edu.cornell.mannlib.vitro.webapp.auth.policy;
|
||||||
|
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasPermission;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.permissions.Permission;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The user is authorized to perform the RequestedAction if one of his
|
||||||
|
* Permissions will authorize it.
|
||||||
|
*/
|
||||||
|
public class PermissionsPolicy implements PolicyIface {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
|
||||||
|
RequestedAction whatToAuth) {
|
||||||
|
for (Permission p : HasPermission.getPermissions(whoToAuth)) {
|
||||||
|
if (p.isAuthorized(whatToAuth)) {
|
||||||
|
return new BasicPolicyDecision(Authorization.AUTHORIZED,
|
||||||
|
"PermissionsPolicy: approved by " + p);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
|
||||||
|
"no permission will approve " + whatToAuth);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toString() {
|
||||||
|
return "PermissionsPolicy - " + hashCode();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -11,6 +11,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.CommonIdentifierB
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.DisplayRestrictedDataByRoleLevelPolicy;
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.DisplayRestrictedDataByRoleLevelPolicy;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.DisplayRestrictedDataToSelfPolicy;
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.DisplayRestrictedDataToSelfPolicy;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.EditRestrictedDataByRoleLevelPolicy;
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.EditRestrictedDataByRoleLevelPolicy;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.PermissionsPolicy;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy;
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.UseRestrictedPagesByRoleLevelPolicy;
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.UseRestrictedPagesByRoleLevelPolicy;
|
||||||
|
|
@ -27,6 +28,8 @@ public class CommonPolicyFamilySetup implements ServletContextListener {
|
||||||
StartupStatus ss = StartupStatus.getBean(ctx);
|
StartupStatus ss = StartupStatus.getBean(ctx);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
ServletPolicyList.addPolicy(ctx, new PermissionsPolicy());
|
||||||
|
|
||||||
ServletPolicyList.addPolicy(ctx,
|
ServletPolicyList.addPolicy(ctx,
|
||||||
new DisplayRestrictedDataByRoleLevelPolicy(ctx));
|
new DisplayRestrictedDataByRoleLevelPolicy(ctx));
|
||||||
ServletPolicyList.addPolicy(ctx,
|
ServletPolicyList.addPolicy(ctx,
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue