NIHVIVO-3404 Improve the hierarchy of statement-based RequestedActions. Add constructors that accept either individual URIs or PropertyStatements. Don't ask for or hold the value of a DataProperty, because it is never used by a policy or permission (at least so far).
This commit is contained in:
j2blake
parent
e8fafcc10c
commit
b0c7241ede
13 changed files with 112 additions and 105 deletions
|
|
@ -105,7 +105,7 @@ public class PolicyHelper {
|
||||||
predicate.getURI(), objectNode.asResource().getURI());
|
predicate.getURI(), objectNode.asResource().getURI());
|
||||||
} else {
|
} else {
|
||||||
action = new AddDataPropertyStatement(subject.getURI(),
|
action = new AddDataPropertyStatement(subject.getURI(),
|
||||||
predicate.getURI(), objectNode.asLiteral());
|
predicate.getURI());
|
||||||
}
|
}
|
||||||
return isAuthorizedForActions(req, action);
|
return isAuthorizedForActions(req, action);
|
||||||
}
|
}
|
||||||
|
|
@ -157,7 +157,7 @@ public class PolicyHelper {
|
||||||
predicate.getURI(), objectNode.asResource().getURI());
|
predicate.getURI(), objectNode.asResource().getURI());
|
||||||
} else {
|
} else {
|
||||||
action = new DropDataPropertyStatement(subject.getURI(),
|
action = new DropDataPropertyStatement(subject.getURI(),
|
||||||
predicate.getURI(), objectNode.asLiteral());
|
predicate.getURI());
|
||||||
}
|
}
|
||||||
return isAuthorizedForActions(req, action);
|
return isAuthorizedForActions(req, action);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -3,19 +3,29 @@
|
||||||
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
|
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
|
||||||
|
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A base class for requestion actions that relate to data properties.
|
* A base class for requested actions that involve adding, editing, or dropping
|
||||||
|
* data property statements from a model.
|
||||||
*/
|
*/
|
||||||
public abstract class AbstractDataPropertyStatementAction extends RequestedAction {
|
public abstract class AbstractDataPropertyStatementAction extends
|
||||||
|
RequestedAction {
|
||||||
private final String subjectUri;
|
private final String subjectUri;
|
||||||
private final String predicateUri;
|
private final String predicateUri;
|
||||||
|
|
||||||
public AbstractDataPropertyStatementAction(String subjectUri, String predicateUri) {
|
public AbstractDataPropertyStatementAction(String subjectUri,
|
||||||
|
String predicateUri) {
|
||||||
this.subjectUri = subjectUri;
|
this.subjectUri = subjectUri;
|
||||||
this.predicateUri = predicateUri;
|
this.predicateUri = predicateUri;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public AbstractDataPropertyStatementAction(DataPropertyStatement dps) {
|
||||||
|
this.subjectUri = (dps.getIndividual() == null) ? dps
|
||||||
|
.getIndividualURI() : dps.getIndividual().getURI();
|
||||||
|
this.predicateUri = dps.getDatapropURI();
|
||||||
|
}
|
||||||
|
|
||||||
public String getSubjectUri() {
|
public String getSubjectUri() {
|
||||||
return subjectUri;
|
return subjectUri;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,24 +2,34 @@
|
||||||
|
|
||||||
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
|
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
|
||||||
|
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A base class for requested actions that involve manipulating an object
|
* A base class for requested actions that involve adding, editing, or deleting
|
||||||
* property.
|
* object property statements from a model.
|
||||||
*/
|
*/
|
||||||
public abstract class AbstractObjectPropertyStatementAction extends RequestedAction {
|
public abstract class AbstractObjectPropertyStatementAction extends
|
||||||
|
AbstractPropertyStatementAction {
|
||||||
private final String subjectUri;
|
private final String subjectUri;
|
||||||
private final String predicateUri;
|
private final String predicateUri;
|
||||||
private final String objectUri;
|
private final String objectUri;
|
||||||
|
|
||||||
public AbstractObjectPropertyStatementAction(String subjectUri, String predicateUri,
|
public AbstractObjectPropertyStatementAction(String subjectUri,
|
||||||
String objectUri) {
|
String predicateUri, String objectUri) {
|
||||||
this.subjectUri = subjectUri;
|
this.subjectUri = subjectUri;
|
||||||
this.predicateUri = predicateUri;
|
this.predicateUri = predicateUri;
|
||||||
this.objectUri = objectUri;
|
this.objectUri = objectUri;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public AbstractObjectPropertyStatementAction(ObjectPropertyStatement ops) {
|
||||||
|
this.subjectUri = (ops.getSubject() == null) ? ops.getSubjectURI()
|
||||||
|
: ops.getSubject().getURI();
|
||||||
|
this.predicateUri = (ops.getProperty() == null) ? ops.getPropertyURI()
|
||||||
|
: ops.getProperty().getURI();
|
||||||
|
this.objectUri = (ops.getObject() == null) ? ops.getObjectURI() : ops
|
||||||
|
.getObject().getURI();
|
||||||
|
}
|
||||||
|
|
||||||
public String getSubjectUri() {
|
public String getSubjectUri() {
|
||||||
return subjectUri;
|
return subjectUri;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,13 @@
|
||||||
|
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
|
||||||
|
|
||||||
|
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
|
||||||
|
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A base class for requested actions that involve adding, editing, or deleting
|
||||||
|
* statements from a model.
|
||||||
|
*/
|
||||||
|
public abstract class AbstractPropertyStatementAction extends RequestedAction {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -2,37 +2,20 @@
|
||||||
|
|
||||||
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
|
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
|
||||||
|
|
||||||
import com.hp.hpl.jena.rdf.model.Literal;
|
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
|
||||||
|
|
||||||
/** Should we allow the user to add this DataPropertyStatement? */
|
/**
|
||||||
public class AddDataPropertyStatement extends AbstractDataPropertyStatementAction {
|
* Should we allow the user to add this DataPropertyStatement to this model?
|
||||||
protected String data;
|
*/
|
||||||
protected String dataType;
|
public class AddDataPropertyStatement extends
|
||||||
protected String lang;
|
AbstractDataPropertyStatementAction {
|
||||||
|
|
||||||
public AddDataPropertyStatement(String subjectUri, String predicateUri, String value, String dataType, String lang) {
|
public AddDataPropertyStatement(String subjectUri, String predicateUri) {
|
||||||
super(subjectUri, predicateUri);
|
super(subjectUri, predicateUri);
|
||||||
this.data= value;
|
|
||||||
this.dataType = dataType;
|
|
||||||
this.lang = lang;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public AddDataPropertyStatement(String subjectUri, String predicateUri, Literal literal) {
|
public AddDataPropertyStatement(DataPropertyStatement dps) {
|
||||||
super(subjectUri, predicateUri);
|
super(dps);
|
||||||
this.data= literal.getValue().toString();
|
|
||||||
this.dataType = literal.getDatatypeURI();
|
|
||||||
this.lang = literal.getLanguage();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getData() {
|
|
||||||
return data;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getDataType() {
|
|
||||||
return dataType;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getLang() {
|
|
||||||
return lang;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,10 +2,19 @@
|
||||||
|
|
||||||
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
|
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
|
||||||
|
|
||||||
/** Should we allow the user to add this ObjectPropertyStatement? */
|
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
|
||||||
public class AddObjectPropertyStatement extends AbstractObjectPropertyStatementAction {
|
|
||||||
|
|
||||||
public AddObjectPropertyStatement(String uriOfSub, String uriOfPred, String uriOfObj) {
|
/**
|
||||||
|
* Should we allow the user to add this ObjectPropertyStatement to this model?
|
||||||
|
*/
|
||||||
|
public class AddObjectPropertyStatement extends
|
||||||
|
AbstractObjectPropertyStatementAction {
|
||||||
|
public AddObjectPropertyStatement(String uriOfSub, String uriOfPred,
|
||||||
|
String uriOfObj) {
|
||||||
super(uriOfSub, uriOfPred, uriOfObj);
|
super(uriOfSub, uriOfPred, uriOfObj);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public AddObjectPropertyStatement(ObjectPropertyStatement ops) {
|
||||||
|
super(ops);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,40 +2,20 @@
|
||||||
|
|
||||||
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
|
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
|
||||||
|
|
||||||
import com.hp.hpl.jena.rdf.model.Literal;
|
|
||||||
|
|
||||||
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
|
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
|
||||||
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl;
|
|
||||||
|
|
||||||
/** Should we allow the user to delete this DataPropertyStatement? */
|
/**
|
||||||
public class DropDataPropertyStatement extends AbstractDataPropertyStatementAction {
|
* Should we allow the user to delete this DataPropertyStatement from this
|
||||||
|
* model?
|
||||||
|
*/
|
||||||
|
public class DropDataPropertyStatement extends
|
||||||
|
AbstractDataPropertyStatementAction {
|
||||||
|
|
||||||
private final DataPropertyStatement dataPropStmt;
|
public DropDataPropertyStatement(String subjectUri, String predicateUri) {
|
||||||
|
|
||||||
public DropDataPropertyStatement(DataPropertyStatement dps){
|
|
||||||
super(dps.getIndividualURI(),dps.getDatapropURI() );
|
|
||||||
this.dataPropStmt = dps;
|
|
||||||
}
|
|
||||||
|
|
||||||
public DropDataPropertyStatement(String subjectUri, String predicateUri, String data) {
|
|
||||||
super(subjectUri, predicateUri);
|
super(subjectUri, predicateUri);
|
||||||
dataPropStmt = new DataPropertyStatementImpl();
|
|
||||||
dataPropStmt.setIndividualURI(subjectUri);
|
|
||||||
dataPropStmt.setDatapropURI(predicateUri);
|
|
||||||
dataPropStmt.setData(data);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public DropDataPropertyStatement(String subjectUri, String predicateUri, Literal data) {
|
public DropDataPropertyStatement(DataPropertyStatement dps) {
|
||||||
super(subjectUri, predicateUri);
|
super(dps);
|
||||||
dataPropStmt = new DataPropertyStatementImpl();
|
|
||||||
dataPropStmt.setIndividualURI(subjectUri);
|
|
||||||
dataPropStmt.setDatapropURI(predicateUri);
|
|
||||||
dataPropStmt.setData(data.getValue().toString());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public String data(){ return dataPropStmt.getData(); }
|
|
||||||
public String lang(){ return dataPropStmt.getLanguage(); }
|
|
||||||
public String datatype(){return dataPropStmt.getDatatypeURI(); }
|
|
||||||
|
|
||||||
// TODO: needs to be fixed to work with lang/datatype literals
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,10 +2,18 @@
|
||||||
|
|
||||||
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
|
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
|
||||||
|
|
||||||
/** Should we allow the user to delete this ObjectPropertyStatement? */
|
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
|
||||||
public class DropObjectPropertyStatement extends AbstractObjectPropertyStatementAction {
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Should we allow the user to delete this ObjectPropertyStatement from this
|
||||||
|
* model?
|
||||||
|
*/
|
||||||
|
public class DropObjectPropertyStatement extends AbstractObjectPropertyStatementAction {
|
||||||
public DropObjectPropertyStatement(String sub, String pred, String obj) {
|
public DropObjectPropertyStatement(String sub, String pred, String obj) {
|
||||||
super(sub, pred, obj);
|
super(sub, pred, obj);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public DropObjectPropertyStatement(ObjectPropertyStatement ops) {
|
||||||
|
super(ops);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,18 +4,16 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
|
||||||
|
|
||||||
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
|
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
|
||||||
|
|
||||||
/** Should we allow the user to edit this DataPropertyStatement? */
|
/**
|
||||||
public class EditDataPropertyStatement extends AbstractDataPropertyStatementAction {
|
* Should we allow the user to edit this DataPropertyStatement in this model?
|
||||||
|
*/
|
||||||
private final DataPropertyStatement dataPropStmt;
|
public class EditDataPropertyStatement extends
|
||||||
|
AbstractDataPropertyStatementAction {
|
||||||
public EditDataPropertyStatement(DataPropertyStatement dps){
|
public EditDataPropertyStatement(String subjectUri, String predicateUri) {
|
||||||
super(dps.getIndividualURI(), dps.getDatapropURI());
|
super(subjectUri, predicateUri);
|
||||||
this.dataPropStmt = dps;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public String data(){ return dataPropStmt.getData(); }
|
public EditDataPropertyStatement(DataPropertyStatement dps) {
|
||||||
public String lang(){ return dataPropStmt.getLanguage(); }
|
super(dps);
|
||||||
public String datatype(){return dataPropStmt.getDatatypeURI(); }
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,16 +4,16 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
|
||||||
|
|
||||||
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
|
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
|
||||||
|
|
||||||
/** Should we allow the user to edit this ObjectPropertyStatement? */
|
/**
|
||||||
|
* Should we allow the user to edit this ObjectPropertyStatement in this model?
|
||||||
|
*/
|
||||||
public class EditObjectPropertyStatement extends AbstractObjectPropertyStatementAction {
|
public class EditObjectPropertyStatement extends AbstractObjectPropertyStatementAction {
|
||||||
|
|
||||||
public EditObjectPropertyStatement(ObjectPropertyStatement ops) {
|
|
||||||
super(ops.getSubjectURI(), ops.getPropertyURI(), ops.getObjectURI());
|
|
||||||
}
|
|
||||||
|
|
||||||
public EditObjectPropertyStatement(String subjectUri, String keywordPredUri,
|
public EditObjectPropertyStatement(String subjectUri, String keywordPredUri,
|
||||||
String objectUri) {
|
String objectUri) {
|
||||||
super(subjectUri, keywordPredUri, objectUri);
|
super(subjectUri, keywordPredUri, objectUri);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public EditObjectPropertyStatement(ObjectPropertyStatement ops) {
|
||||||
|
super(ops);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -113,8 +113,7 @@ public abstract class BaseIndividualTemplateModel extends BaseTemplateModel {
|
||||||
*/
|
*/
|
||||||
public boolean isEditable() {
|
public boolean isEditable() {
|
||||||
AddDataPropertyStatement adps = new AddDataPropertyStatement(individual.getURI(),
|
AddDataPropertyStatement adps = new AddDataPropertyStatement(individual.getURI(),
|
||||||
RequestActionConstants.SOME_URI,
|
RequestActionConstants.SOME_URI);
|
||||||
RequestActionConstants.SOME_LITERAL, null, null);
|
|
||||||
AddObjectPropertyStatement aops = new AddObjectPropertyStatement(individual.getURI(),
|
AddObjectPropertyStatement aops = new AddObjectPropertyStatement(individual.getURI(),
|
||||||
RequestActionConstants.SOME_URI,
|
RequestActionConstants.SOME_URI,
|
||||||
RequestActionConstants.SOME_URI);
|
RequestActionConstants.SOME_URI);
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,6 @@ import org.apache.commons.logging.LogFactory;
|
||||||
import com.hp.hpl.jena.rdf.model.Literal;
|
import com.hp.hpl.jena.rdf.model.Literal;
|
||||||
|
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
|
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropertyStatement;
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropertyStatement;
|
||||||
import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
|
import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
|
||||||
|
|
@ -77,7 +76,7 @@ public class DataPropertyTemplateModel extends PropertyTemplateModel {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Determine whether a new statement can be added
|
// Determine whether a new statement can be added
|
||||||
RequestedAction action = new AddDataPropertyStatement(subjectUri, propertyUri, RequestActionConstants.SOME_LITERAL, null, null);
|
RequestedAction action = new AddDataPropertyStatement(subjectUri, propertyUri);
|
||||||
if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) {
|
if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -118,21 +118,19 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
|
||||||
|
|
||||||
// now with dataprop statements
|
// now with dataprop statements
|
||||||
whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI,
|
whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI,
|
||||||
"http://mannlib.cornell.edu/bad#prp234", "someString", null,
|
"http://mannlib.cornell.edu/bad#prp234");
|
||||||
null);
|
|
||||||
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
|
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
|
||||||
|
|
||||||
whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI,
|
whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI,
|
||||||
"http://mannlib.cornell.edu/bad#prp999", "someString", null,
|
"http://mannlib.cornell.edu/bad#prp999");
|
||||||
null);
|
|
||||||
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
|
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
|
||||||
|
|
||||||
whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI,
|
whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI,
|
||||||
SAFE_PREDICATE, "someString", null, null);
|
SAFE_PREDICATE);
|
||||||
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
|
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
|
||||||
|
|
||||||
whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI,
|
whatToAuth = new AddDataPropertyStatement(SELFEDITOR_URI,
|
||||||
UNSAFE_PREDICATE, "someString", null, null);
|
UNSAFE_PREDICATE);
|
||||||
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
|
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue