From b0db5dd1226ac7af949f29da1cb7d2c7911664e1 Mon Sep 17 00:00:00 2001 From: j2blake Date: Wed, 6 Apr 2011 19:11:14 +0000 Subject: [PATCH] NIHVIVO-2254 Rewrite the role-based policies to use the PropertyRestrictionPolicyHelper. --- webapp/config/web.xml | 5 + .../policy/AdministrativeUriRestrictor.java | 152 ----- .../auth/policy/BaseSelfEditingPolicy.java | 21 + .../auth/policy/CuratorEditingPolicy.java | 556 +++++------------ .../auth/policy/DbAdminEditingPolicy.java | 569 +++++------------- .../auth/policy/EditorEditingPolicy.java | 556 +++++------------ .../InformationResourceEditingPolicy.java | 49 +- .../webapp/auth/policy/SelfEditingPolicy.java | 35 +- .../bean/PropertyRestrictionListener.java | 12 +- .../bean/PropertyRestrictionPolicyHelper.java | 125 ++-- .../setup/CuratorEditingPolicySetup.java | 112 ++-- .../setup/DbAdminEditingPolicySetup.java | 110 ++-- .../setup/EditorEditingPolicySetup.java | 110 ++-- ...InformationResourceEditingPolicySetup.java | 74 +-- .../policy/setup/SelfEditingPolicySetup.java | 123 ++-- .../edit/DatapropRetryController.java | 74 ++- .../edit/PropertyRetryController.java | 79 ++- .../impl/EditProhibitionListener.java | 133 ---- .../AdministrativeUriRestrictorTest.java | 45 -- .../InformationResourceEditingPolicyTest.java | 13 +- .../auth/policy/SelfEditingPolicyTest.java | 472 +++++++-------- .../setup/SelfEditingPolicySetupTest.java | 15 +- .../PropertyRestrictionPolicyHelperStub.java | 63 ++ 23 files changed, 1139 insertions(+), 2364 deletions(-) delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/AdministrativeUriRestrictor.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/edit/listener/impl/EditProhibitionListener.java delete mode 100644 webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/AdministrativeUriRestrictorTest.java create mode 100644 webapp/test/stubs/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelperStub.java diff --git a/webapp/config/web.xml b/webapp/config/web.xml index 1b963f506..3ac845523 100644 --- a/webapp/config/web.xml +++ b/webapp/config/web.xml @@ -164,6 +164,11 @@ + + edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper$Setup + + + edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerSetup diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/AdministrativeUriRestrictor.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/AdministrativeUriRestrictor.java deleted file mode 100644 index b1a06a7ea..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/AdministrativeUriRestrictor.java +++ /dev/null @@ -1,152 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.policy; - -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import com.hp.hpl.jena.rdf.model.impl.Util; - -import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; - -/** - * Used by several policies to disallow the modification of Vitro-reserved - * resources and/or properties. - */ -public class AdministrativeUriRestrictor { - private static final Log log = LogFactory - .getLog(AdministrativeUriRestrictor.class); - - private static final String[] DEFAULT_PROHIBITED_PROPERTIES = {}; - - private static final String[] DEFAULT_PROHIBITED_RESOURCES = {}; - - private static final String[] DEFAULT_PROHIBITED_NAMESPACES = { - VitroVocabulary.vitroURI, - VitroVocabulary.OWL, - "" }; - - private static final String[] DEFAULT_EDITABLE_VITRO_URIS = { - VitroVocabulary.MONIKER, - VitroVocabulary.BLURB, - VitroVocabulary.DESCRIPTION, - VitroVocabulary.MODTIME, - VitroVocabulary.TIMEKEY, - - VitroVocabulary.CITATION, - VitroVocabulary.IND_MAIN_IMAGE, - - VitroVocabulary.LINK, - VitroVocabulary.PRIMARY_LINK, - VitroVocabulary.ADDITIONAL_LINK, - VitroVocabulary.LINK_ANCHOR, - VitroVocabulary.LINK_URL, - - VitroVocabulary.KEYWORD_INDIVIDUALRELATION, - VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESKEYWORD, - VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESINDIVIDUAL, - VitroVocabulary.KEYWORD_INDIVIDUALRELATION_MODE }; - - /** - * Namespaces from which Self Editors should not be able to use resources. - */ - private final Set prohibitedNamespaces; - - /** - * URIs of properties that SelfEditors should not be able to use in - * statements - */ - protected final Set prohibitedProperties; - - /** - * URIs of resources that SelfEditors should not be able to use in - * statements - */ - protected final Set prohibitedResources; - - /** - * URIs of properties from prohibited namespaces that Self Editors need to - * be able to edit - */ - protected final Set editableVitroUris; - - public AdministrativeUriRestrictor(Set prohibitedProperties, - Set prohibitedResources, Set prohibitedNamespaces, - Set editableVitroUris) { - this.prohibitedProperties = useDefaultIfNull(prohibitedProperties, - DEFAULT_PROHIBITED_PROPERTIES); - this.prohibitedResources = useDefaultIfNull(prohibitedResources, - DEFAULT_PROHIBITED_RESOURCES); - this.prohibitedNamespaces = useDefaultIfNull(prohibitedNamespaces, - DEFAULT_PROHIBITED_NAMESPACES); - this.editableVitroUris = useDefaultIfNull(editableVitroUris, - DEFAULT_EDITABLE_VITRO_URIS); - } - - private Set useDefaultIfNull(Set valueSet, - String[] defaultArray) { - Collection strings = (valueSet == null) ? Arrays - .asList(defaultArray) : valueSet; - return Collections.unmodifiableSet(new HashSet(strings)); - } - - public boolean canModifyResource(String uri) { - if (uri == null || uri.length() == 0) { - log.debug("Resource URI is empty: " + uri); - return false; - } - - if (editableVitroUris.contains(uri)) { - log.debug("Resource matches an editable URI: " + uri); - return true; - } - - String namespace = uri.substring(0, Util.splitNamespace(uri)); - if (prohibitedNamespaces.contains(namespace)) { - log.debug("Resource matches a prohibited namespace: " + uri); - return false; - } - - log.debug("Resource is not prohibited: " + uri); - return true; - } - - public boolean canModifyPredicate(String uri) { - if (uri == null || uri.length() == 0) { - log.debug("Predicate URI is empty: " + uri); - return false; - } - - if (prohibitedProperties.contains(uri)) { - log.debug("Predicate matches a prohibited predicate: " + uri); - return false; - } - - if (editableVitroUris.contains(uri)) { - return true; - } - - String namespace = uri.substring(0, Util.splitNamespace(uri)); - if (prohibitedNamespaces.contains(namespace)) { - log.debug("Predicate matches a prohibited namespace: " + uri); - return false; - } - return true; - } - - @Override - public String toString() { - return "AdministrativeUriRestrictor[prohibitedNamespaces=" - + prohibitedNamespaces + ", prohibitedProperties=" - + prohibitedProperties + ", prohibitedResources=" - + prohibitedResources + ", editableVitroUris=" - + editableVitroUris + "]"; - } - -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/BaseSelfEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/BaseSelfEditingPolicy.java index 516a6951a..3c96fc9ee 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/BaseSelfEditingPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/BaseSelfEditingPolicy.java @@ -5,16 +5,37 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy; import java.util.ArrayList; import java.util.List; +import javax.servlet.ServletContext; + import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing; +import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; +import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; /** * A base class with utility methods for policies involving self-editing. */ public abstract class BaseSelfEditingPolicy { + protected final ServletContext ctx; + protected final RoleLevel roleLevel; + + public BaseSelfEditingPolicy(ServletContext ctx, RoleLevel roleLevel) { + this.ctx = ctx; + this.roleLevel = roleLevel; + } + + protected boolean canModifyResource(String uri) { + return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyResource( + uri, roleLevel); + } + + protected boolean canModifyPredicate(String uri) { + return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyPredicate( + uri, roleLevel); + } protected List getUrisOfSelfEditor(IdentifierBundle ids) { List uris = new ArrayList(); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/CuratorEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/CuratorEditingPolicy.java index 02eef5931..90a93aa8e 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/CuratorEditingPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/CuratorEditingPolicy.java @@ -2,432 +2,172 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; +import javax.servlet.ServletContext; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import com.hp.hpl.jena.rdf.model.impl.Util; - -import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vitro.webapp.auth.identifier.CuratorEditingIdentifierFactory; import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; +import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile; +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractResourceAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AddResource; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource; -import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; +import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; /** - * Policy to use for Vivo Curator-Editing for use at Cornell. - * All methods in this class should be thread safe - * and side effect free. + * Policy to use for Vivo Curator-Editing for use at Cornell. All methods in + * this class should be thread safe and side effect free. */ -public class CuratorEditingPolicy implements VisitingPolicyIface { - protected static Log log = LogFactory.getLog( CuratorEditingPolicy.class ); - - /** regex for extracting a namespace from a URI */ - // Do not use this; use Jena's splitNamespace() util instead. - //private Pattern ns = Pattern.compile("([^#]*#)[^#]*"); - - /** - * Namespaces from which Curator Editors should not be able to use resources. - */ - private Set prohibitedNs; - - /** URIs of properties that CuratorEditors should not be able to use in statements*/ - protected SetprohibitedProperties; - - /** URIs of resources that CuratorEditors should not be able to use in statements*/ - protected SetprohibitedResources; - - /** Indicates which Authorization to use when the user isn't explicitly authorized. */ - protected Authorization defaultFailure = Authorization.INCONCLUSIVE; - - /** URIs of properties from prohibited namespaces that Curator Editors need to be - * able to edit */ - protected Set editableVitroUris; - - public CuratorEditingPolicy( - SetprohibitedProperties, - SetprohibitedResources, - SetprohibitedNamespaces, - SeteditableVitroUris ){ - - if( prohibitedProperties != null ) - this.prohibitedProperties = prohibitedProperties; - else - this.prohibitedProperties = Collections.EMPTY_SET; - - if( prohibitedResources != null ) - this.prohibitedResources = prohibitedResources; - else - this.prohibitedResources = Collections.EMPTY_SET; - - if( prohibitedNamespaces != null ) - this.prohibitedNs = prohibitedNamespaces; - else{ - prohibitedNs = new HashSet(); - prohibitedNs.add( VitroVocabulary.vitroURI); - prohibitedNs.add( VitroVocabulary.OWL ); - prohibitedNs.add(""); - } - - if( editableVitroUris != null ) - this.editableVitroUris = editableVitroUris; - else{ - this.editableVitroUris = new HashSet(); - this.editableVitroUris.add(VitroVocabulary.MONIKER); - this.editableVitroUris.add(VitroVocabulary.BLURB); - this.editableVitroUris.add(VitroVocabulary.DESCRIPTION); - this.editableVitroUris.add(VitroVocabulary.MODTIME); - this.editableVitroUris.add(VitroVocabulary.TIMEKEY); - - this.editableVitroUris.add(VitroVocabulary.CITATION); - this.editableVitroUris.add(VitroVocabulary.IND_MAIN_IMAGE); - - this.editableVitroUris.add(VitroVocabulary.LINK); - this.editableVitroUris.add(VitroVocabulary.PRIMARY_LINK); - this.editableVitroUris.add(VitroVocabulary.ADDITIONAL_LINK); - this.editableVitroUris.add(VitroVocabulary.LINK_ANCHOR); - this.editableVitroUris.add(VitroVocabulary.LINK_URL); - - this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION); - this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESKEYWORD); - this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESINDIVIDUAL); - this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_MODE); - } - } - - public PolicyDecision isAuthorized(IdentifierBundle whomToAuth, RequestedAction whatToAuth) { - BasicPolicyDecision pd = new BasicPolicyDecision(this.defaultFailure,"not yet set"); - if( whomToAuth == null ) - return pd.setMessage("whomToAuth was null"); - if(whatToAuth == null) - return pd.setMessage("whatToAuth was null"); - - String roleStr = getRoleOf(whomToAuth); - if (roleStr == null) - return pd.setMessage("Unable to get a role for the curator from IdBundle"); - - try{ - if( Integer.parseInt( roleStr ) /*<*/ != LoginStatusBean.CURATOR) - return pd.setMessage("CuratorEditingPolicy found role of "+roleStr+" but only authorizes for users logged in as CURATOR or higher"); - }catch(NumberFormatException nef){} - - if (whatToAuth instanceof OntoRequestedAction) - return pd.setMessage("CuratorEditingPolicy doesn't authorize OntoRequestedActions"); - if (whatToAuth instanceof AdminRequestedAction) - return pd.setMessage("CuratorEditingPolicy doesn't authorize AdminRequestedActions"); - - //kick off the visitor pattern - return whatToAuth.accept(this, whomToAuth); - } - - - protected String getRoleOf( IdentifierBundle whomToAuth) { - if( whomToAuth == null ) return null; - - for(Identifier id : whomToAuth){ - if (id instanceof CuratorEditingIdentifierFactory.CuratorEditingId) { - return ((CuratorEditingIdentifierFactory.CuratorEditingId)id).getRole(); - } - } - return null; - } - - protected boolean canModifyResource(String uri){ - if( uri == null || uri.length() == 0 ) - return false; - - if( editableVitroUris.contains( uri ) ) - return true; - - String namespace = uri.substring(0, Util.splitNamespace(uri)); - //Matcher match = ns.matcher(uri); - //if( match.matches() && match.groupCount() > 0){ - // String namespace = match.group(1); - if( prohibitedNs.contains( namespace ) ) { - log.debug("The uri "+uri+" represents a resource that cannot be modified because it matches a prohibited namespace"); - return false; - } - //} - return true; - } - - - protected boolean canModifyPredicate(String uri){ - if( uri == null || uri.length() == 0 ) - return false; - - if( editableVitroUris.contains( uri ) ) - return true; - - if( prohibitedProperties.contains(uri)) { - log.debug("The uri "+uri+" represents a predicate that cannot be modified because it is on a list of properties prohibited from curator editing"); - return false; - } - - String namespace = uri.substring(0, Util.splitNamespace(uri)); - //Matcher match = ns.matcher(uri); - //if( match.matches() && match.groupCount() > 0){ - // String namespace = match.group(1); - if( prohibitedNs.contains( namespace ) ) { - log.debug("The uri "+uri+" represents a predicate that cannot be modified because it matches a prohibited namespace"); - return false; - } - //} - return true; - } - - public PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids"); - - //cannot edit resources related to system - if( !canModifyResource( action.uriOfObject ) ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfObject); - - if( !canModifyResource( action.uriOfSubject ) ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfSubject); - - if( !canModifyPredicate( action.uriOfPredicate ) ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin predicates; " + - "cannot modify " + action.uriOfPredicate); - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user can edit allowed properties of anybody"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - - public PolicyDecision visit(IdentifierBundle ids, DropResource action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids"); - - if( prohibitedNs.contains( action.getSubjectUri() ) ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not removal of admin resources"); - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: may remove resource"); - } - - public PolicyDecision visit(IdentifierBundle ids, AddResource action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids"); - - if( prohibitedNs.contains( action.getSubjectUri() ) ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not allow creation of admin resources"); - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: may add resource"); - } - - public PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) { - if( ids == null || action == null ) { - log.debug("CuratorEditingPolicy for DropDataPropStmt is inconclusive because the test has null action or ids"); - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids"); - } - //cannot edit resources related to system - if( prohibitedNs.contains( action.getSubjectUri() ) ) { // jc55 was getResourceURI() - log.debug("CuratorEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin resources"); - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources"); - } - - //many predicates are prohibited by namespace but there are many ones that curator editors need to work with - if( prohibitedNs.contains(action.getPredicateUri() ) && ! editableVitroUris.contains( action.getPredicateUri() ) ) { - log.debug("CuratorEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin controls"); - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin controls"); - } - - //cannot edit resources related to system - if( !canModifyResource( action.getSubjectUri() ) ) { - log.debug("CuratorEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.getSubjectUri()); - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.getSubjectUri()); - } - if( !canModifyPredicate( action.getPredicateUri() ) ) { - log.debug("CuratorEditingPolicy for EditDatapropStmt is inconclusive because it does not grant access to admin predicates; cannot modify " + action.getPredicateUri()); - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin predicates; " + - "cannot modify " + action.getPredicateUri()); - } - log.debug("CuratorEditingPolicy for DropDatapropStmt returns authorization because the user is a curator"); - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user is may drop data property statement"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - - public PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids"); - - //cannot edit resources related to system - if( !canModifyResource( action.uriOfObject ) ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfObject); - - if( !canModifyResource( action.uriOfSubject ) ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfSubject); - - if( !canModifyPredicate( action.uriOfPredicate ) ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin predicates; " + - "cannot modify " + action.uriOfPredicate); - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user can edit any individual"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - public PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids"); - - //cannot edit resources related to system - if( prohibitedNs.contains( action.getSubjectUri() ) ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources"); - - //many predicates are prohibited by namespace but there are many ones that curator editors need to work with - if( prohibitedNs.contains(action.getPredicateUri() ) && ! editableVitroUris.contains( action.getPredicateUri() ) ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin controls"); - - if( !canModifyPredicate( action.getPredicateUri() ) ) { - log.debug("CuratorEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getPredicateUri()); - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: " + - "cannot modify " + action.getPredicateUri()); - } - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user may add this data property statement"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - - public PolicyDecision visit(IdentifierBundle ids, EditDataPropStmt action) { - - if( ids == null || action == null ) { - log.debug("CuratorEditingPolicy for EditDataPropStmt is inconclusive because the test has null action or ids"); - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids"); - } - - //cannot edit resources related to system - if( !canModifyResource( action.getSubjectUri() ) ) { - log.debug("CuratorEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.getSubjectUri()); - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.getSubjectUri()); - } - if( !canModifyPredicate( action.getPredicateUri() ) ) { - log.debug("CuratorEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getPredicateUri()); - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: " + - "cannot modify " + action.getPredicateUri()); - } - - log.debug("CuratorEditingPolicy for EditDatapropStmt returns authorization because the user is a curator"); - return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user may edit data property statement"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - - public PolicyDecision visit(IdentifierBundle ids, EditObjPropStmt action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy, null action or ids"); - - //cannot edit resources related to system - if( !canModifyResource( action.uriOfObject ) ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfObject); - - if( !canModifyResource( action.uriOfSubject ) ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfSubject); - - if( !canModifyPredicate( action.uriOfPredicate ) ) - return new BasicPolicyDecision(this.defaultFailure,"CuratorEditingPolicy does not grant access to admin predicates; " + - "cannot modify " + action.uriOfPredicate); - return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: user may edit any individual"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - - public PolicyDecision visit(IdentifierBundle ids, UploadFile action) { - return new BasicPolicyDecision(Authorization.AUTHORIZED,"CuratorEditingPolicy: may upload files"); - } - - - // *** the following actions are generally not part of curator editing *** // - - public PolicyDecision visit(IdentifierBundle ids, AddNewUser action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, RemoveUser action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, LoadOntology action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, RebuildTextIndex action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, UpdateTextIndex action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, ServerStatus action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, CreateOwlClass action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, RemoveOwlClass action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, DefineDataProperty action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, DefineObjectProperty action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"CuratorEditingPolicy does not authorize administrative modifications"); - } - - public String toString(){ - return "CuratorEditingPolicy " + hashCode() - + " nspaces: " + prohibitedNs.size() + " prohibited Props: " - + prohibitedProperties.size() + " prohibited resources: " - + prohibitedResources.size(); - } +public class CuratorEditingPolicy implements PolicyIface { + private final ServletContext ctx; + + public CuratorEditingPolicy(ServletContext ctx) { + this.ctx = ctx; + } + + /** + * Indicates which Authorization to use when the user isn't explicitly + * authorized. + */ + private PolicyDecision defaultDecision(String message) { + return new BasicPolicyDecision(Authorization.INCONCLUSIVE, message); + } + + @Override + public PolicyDecision isAuthorized(IdentifierBundle whomToAuth, + RequestedAction whatToAuth) { + if (whomToAuth == null) { + return defaultDecision("whomToAuth was null"); + } + if (whatToAuth == null) { + return defaultDecision("whatToAuth was null"); + } + + if (!isCurator(whomToAuth)) { + return defaultDecision("IdBundle does not include a Curator identifier"); + } + + if (whatToAuth instanceof OntoRequestedAction) { + return defaultDecision("CuratorEditingPolicy doesn't authorize OntoRequestedActions"); + } else if (whatToAuth instanceof AdminRequestedAction) { + return defaultDecision("CuratorEditingPolicy doesn't authorize AdminRequestedActions"); + } + + if (whatToAuth instanceof AddDataPropStmt) { + return isAuthorized((AddDataPropStmt) whatToAuth); + } else if (whatToAuth instanceof DropDataPropStmt) { + return isAuthorized((DropDataPropStmt) whatToAuth); + } else if (whatToAuth instanceof EditDataPropStmt) { + return isAuthorized((EditDataPropStmt) whatToAuth); + } else if (whatToAuth instanceof AddObjectPropStmt) { + return isAuthorized((AddObjectPropStmt) whatToAuth); + } else if (whatToAuth instanceof DropObjectPropStmt) { + return isAuthorized((DropObjectPropStmt) whatToAuth); + } else if (whatToAuth instanceof EditObjPropStmt) { + return isAuthorized((EditObjPropStmt) whatToAuth); + } else if (whatToAuth instanceof AddResource) { + return isAuthorized((AddResource) whatToAuth); + } else if (whatToAuth instanceof DropResource) { + return isAuthorized((DropResource) whatToAuth); + } else { + return defaultDecision("unrecognized requested action: " + + whatToAuth); + } + } + + private boolean isCurator(IdentifierBundle whomToAuth) { + for (Identifier id : whomToAuth) { + if (id instanceof CuratorEditingIdentifierFactory.CuratorEditingId) { + return true; + } + } + return false; + } + + private boolean canModifyResource(String uri) { + return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyResource( + uri, RoleLevel.CURATOR); + } + + private boolean canModifyPredicate(String uri) { + return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyPredicate( + uri, RoleLevel.CURATOR); + } + + /** + * Check authorization for Adding, Editing or Dropping a DataProperty. + */ + private PolicyDecision isAuthorized(AbstractDataPropertyAction action) { + if (!canModifyResource(action.getSubjectUri())) { + return defaultDecision("CuratorEditingPolicy does not grant access to admin resources; " + + "may not modify " + action.getSubjectUri()); + } + + if (!canModifyPredicate(action.getPredicateUri())) { + return defaultDecision("CuratorEditingPolicy does not grant access to admin predicates; " + + "may not modify " + action.getPredicateUri()); + } + + return new BasicPolicyDecision(Authorization.AUTHORIZED, + "CuratorEditingPolicy: user may modify '" + + action.getSubjectUri() + "' ==> '" + + action.getPredicateUri() + "'"); + } + + /** + * Check authorization for Adding, Editing or Dropping an ObjectProperty. + */ + private PolicyDecision isAuthorized(AbstractObjectPropertyAction action) { + if (!canModifyResource(action.uriOfSubject)) { + return defaultDecision("CuratorEditingPolicy does not grant access to admin resources; " + + "may not modify " + action.uriOfSubject); + } + + if (!canModifyPredicate(action.uriOfPredicate)) { + return defaultDecision("CuratorEditingPolicy does not grant access to admin predicates; " + + "may not modify " + action.uriOfPredicate); + } + + if (!canModifyResource(action.uriOfObject)) { + return defaultDecision("CuratorEditingPolicy does not grant access to admin resources; " + + "may not modify " + action.uriOfObject); + } + + return new BasicPolicyDecision(Authorization.AUTHORIZED, + "CuratorEditingPolicy: user may modify '" + action.uriOfSubject + + "' ==> '" + action.uriOfPredicate + "' ==> '" + + action.uriOfObject + "'"); + } + + /** + * Check authorization for Adding or Dropping a Resource. + */ + private PolicyDecision isAuthorized(AbstractResourceAction action) { + if (!canModifyResource(action.getSubjectUri())) { + return defaultDecision("CuratorEditingPolicy does not grant access to admin resources; " + + "may not modify " + action.getSubjectUri()); + } + + return new BasicPolicyDecision(Authorization.AUTHORIZED, + "CuratorEditingPolicy: may add or remove resource: " + + action.getSubjectUri()); + } + + @Override + public String toString() { + return "CuratorEditingPolicy - " + hashCode(); + } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DbAdminEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DbAdminEditingPolicy.java index 98fee89a1..0bf6236fd 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DbAdminEditingPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DbAdminEditingPolicy.java @@ -2,445 +2,172 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; +import javax.servlet.ServletContext; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import com.hp.hpl.jena.rdf.model.impl.Util; - -import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vitro.webapp.auth.identifier.DbAdminEditingIdentifierFactory; import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing; +import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile; +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractResourceAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AddResource; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource; -import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; +import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; /** - * Policy to use for Vivo non-privileged but user accouunt-based editing - * All methods in this class should be thread safe - * and side effect free. + * Policy to use for Vivo non-privileged but user accouunt-based editing All + * methods in this class should be thread safe and side effect free. */ -public class DbAdminEditingPolicy implements VisitingPolicyIface { - protected static Log log = LogFactory.getLog( DbAdminEditingPolicy.class ); - - /** regex for extracting a namespace from a URI */ - // Do not use this; use Jena's splitNamespace() util instead. - //private Pattern ns = Pattern.compile("([^#]*#)[^#]*"); - - /** - * Namespaces from which DbAdmins should not be able to use resources. - */ - private Set prohibitedNs; - - /** URIs of properties that DbAdmins should not be able to use in statements*/ - protected SetprohibitedProperties; - - /** URIs of resources that DbAdmins should not be able to use in statements*/ - protected SetprohibitedResources; - - /** Indicates which Authorization to use when the user isn't explicitly authorized. */ - protected Authorization defaultFailure = Authorization.INCONCLUSIVE; - - /** URIs of properties from prohibited namespaces that DbAdmins need to be - * able to edit */ - protected Set editableVitroUris; - - public DbAdminEditingPolicy( - SetprohibitedProperties, - SetprohibitedResources, - SetprohibitedNamespaces, - SeteditableVitroUris ){ - - if( prohibitedProperties != null ) - this.prohibitedProperties = prohibitedProperties; - else - this.prohibitedProperties = Collections.EMPTY_SET; - - if( prohibitedResources != null ) - this.prohibitedResources = prohibitedResources; - else - this.prohibitedResources = Collections.EMPTY_SET; - - if( prohibitedNamespaces != null ) - this.prohibitedNs = prohibitedNamespaces; - else{ - prohibitedNs = new HashSet(); - prohibitedNs.add( VitroVocabulary.vitroURI); - prohibitedNs.add( VitroVocabulary.OWL ); - prohibitedNs.add(""); - } - - if( editableVitroUris != null ) - this.editableVitroUris = editableVitroUris; - else{ - this.editableVitroUris = new HashSet(); - this.editableVitroUris.add(VitroVocabulary.MONIKER); - this.editableVitroUris.add(VitroVocabulary.BLURB); - this.editableVitroUris.add(VitroVocabulary.DESCRIPTION); - this.editableVitroUris.add(VitroVocabulary.MODTIME); - this.editableVitroUris.add(VitroVocabulary.TIMEKEY); - - this.editableVitroUris.add(VitroVocabulary.CITATION); - this.editableVitroUris.add(VitroVocabulary.IND_MAIN_IMAGE); - - this.editableVitroUris.add(VitroVocabulary.LINK); - this.editableVitroUris.add(VitroVocabulary.PRIMARY_LINK); - this.editableVitroUris.add(VitroVocabulary.ADDITIONAL_LINK); - this.editableVitroUris.add(VitroVocabulary.LINK_ANCHOR); - this.editableVitroUris.add(VitroVocabulary.LINK_URL); - - this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION); - this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESKEYWORD); - this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESINDIVIDUAL); - this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_MODE); - } - } - - public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, RequestedAction whatToAuth) { - BasicPolicyDecision pd = new BasicPolicyDecision(this.defaultFailure,"not yet set"); - if( whoToAuth == null ) - return pd.setMessage("whomToAuth was null"); - if(whatToAuth == null) - return pd.setMessage("whatToAuth was null"); - - String roleStr = getRoleOf(whoToAuth); - if (roleStr == null) - return pd.setMessage("Unable to get a role for the dbAdmin from IdBundle"); - - try{ - if( Integer.parseInt( roleStr ) /*<*/ != LoginStatusBean.DBA) { - return pd.setMessage("DbAdminEditingPolicy found role of "+roleStr+" and only authorizes for users logged in as DB_ADMIN"); - } - } catch(NumberFormatException nef){ - log.debug(nef,nef); - } - - try{ - SelfEditing sei = SelfEditingIdentifierFactory.getSelfEditingIdentifier(whoToAuth); - if( sei != null && sei.isFake() ){ - return pd.setMessage("DbAdminEditingPolicy will not authorize actions for a fake self editor"); - } - }catch( Exception e ){ - log.debug(e,e); - } - - if (whatToAuth instanceof OntoRequestedAction) - return pd.setMessage("DbAdminEditingPolicy doesn't authorize OntoRequestedActions"); - if (whatToAuth instanceof AdminRequestedAction) - return pd.setMessage("DbAdminEditingPolicy doesn't authorize AdminRequestedActions"); - - //kick off the visitor pattern - return whatToAuth.accept(this, whoToAuth); - } - - - protected String getRoleOf( IdentifierBundle whomToAuth) { - if( whomToAuth == null ) return null; - - for(Identifier id : whomToAuth){ - if (id instanceof DbAdminEditingIdentifierFactory.DbAdminEditingId) { - return ((DbAdminEditingIdentifierFactory.DbAdminEditingId)id).getRole(); - } - } - return null; - } - - protected boolean canModifyResource(String uri){ - if( uri == null || uri.length() == 0 ) - return false; - - if( editableVitroUris.contains( uri ) ) - return true; - - String namespace = uri.substring(0, Util.splitNamespace(uri)); - //Matcher match = ns.matcher(uri); - //if( match.matches() && match.groupCount() > 0){ - // String namespace = match.group(1); - if( prohibitedNs.contains( namespace ) ) { - log.debug("The uri "+uri+" represents a resource that cannot be modified because it matches a prohibited namespace"); - return false; - } - //} - return true; - } - - - protected boolean canModifyPredicate(String uri){ - if( uri == null || uri.length() == 0 ) - return false; - - if( editableVitroUris.contains( uri ) ) // properties like moniker that are never (currently) set non-editable - return true; - - if( prohibitedProperties.contains(uri)) { - log.debug("The uri "+uri+" represents a predicate that cannot be modified because it is on a list of properties prohibited from dbAdmin editing"); - return false; - } - - String namespace = uri.substring(0, Util.splitNamespace(uri)); - //Matcher match = ns.matcher(uri); - //if( match.matches() && match.groupCount() > 0){ - // String namespace = match.group(1); - if( prohibitedNs.contains( namespace ) ) { - log.debug("The uri "+uri+" represents a predicate that cannot be modified because it matches a prohibited namespace"); - return false; - } - //} - return true; - } - - public PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids"); - - //cannot edit resources related to system - if( !canModifyResource( action.uriOfObject ) ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfObject); - - if( !canModifyResource( action.uriOfSubject ) ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfSubject); - - if( !canModifyPredicate( action.uriOfPredicate ) ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to prohibited predicates or certain namespaces: " + - "cannot modify " + action.uriOfPredicate); - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user can edit allowed properties of anybody"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - - public PolicyDecision visit(IdentifierBundle ids, DropResource action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids"); - - if( prohibitedNs.contains( action.getSubjectUri() ) ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not removal of admin resources"); - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: may remove resource"); - } - - public PolicyDecision visit(IdentifierBundle ids, AddResource action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids"); - - if( prohibitedNs.contains( action.getSubjectUri() ) ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not allow creation of admin resources"); - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: may add resource"); - } - - public PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) { - if( ids == null || action == null ) { - log.debug("DbAdminEditingPolicy for DropDataPropStmt is inconclusive because the test has null action or ids"); - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids"); - } - //cannot edit resources related to system - if( prohibitedNs.contains( action.getSubjectUri() ) ) { // jc55 was getResourceURI() - log.debug("DbAdminEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin resources"); - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources"); - } - - //many predicates are prohibited by namespace but there are many ones that dbAdmin editors need to work with - if( prohibitedNs.contains(action.getPredicateUri() ) && ! editableVitroUris.contains( action.getPredicateUri() ) ) { - log.debug("DbAdminEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin controls"); - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin controls"); - } - - //cannot edit resources related to system - if( !canModifyResource( action.getSubjectUri() ) ) { - log.debug("DbAdminEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.getSubjectUri()); - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.getSubjectUri()); - } - if( !canModifyPredicate( action.getPredicateUri() ) ) { - log.debug("DbAdminEditingPolicy does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getPredicateUri()); - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to prohibited predicates or certain namespaces: " + - "cannot modify " + action.getPredicateUri()); - } - log.debug("DbAdminEditingPolicy for DropDatapropStmt returns authorization because the user is a dbAdmin"); - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user is may drop data property statement"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - - public PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids"); - - //cannot edit resources related to system - if( !canModifyResource( action.uriOfObject ) ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfObject); - - if( !canModifyResource( action.uriOfSubject ) ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfSubject); - - if( !canModifyPredicate( action.uriOfPredicate ) ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to prohibited predicates or certain namespaces: " + - "cannot modify " + action.uriOfPredicate); - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user can edit any individual"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - public PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy has null action or ids"); - - //cannot edit resources related to system - if( prohibitedNs.contains( action.getSubjectUri() ) ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources from prohibited namespaces"); - - //many predicates are prohibited by namespace but there are many ones that dbAdmin editors need to work with - if( prohibitedNs.contains(action.getPredicateUri() ) && ! editableVitroUris.contains( action.getPredicateUri() ) ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin controls"); - - if( !canModifyPredicate( action.getPredicateUri() ) ) { - log.debug("DbAdminEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getPredicateUri()); - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: " + - "cannot modify " + action.getPredicateUri()); - } - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user may add this data property statement"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - - public PolicyDecision visit(IdentifierBundle ids, EditDataPropStmt action) { - - if( ids == null || action == null ) { - log.debug("DbAdminEditingPolicy for EditDataPropStmt is inconclusive because the test has null action or ids"); - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids"); - } - - //cannot edit resources related to system - if( !canModifyResource( action.getSubjectUri() ) ) { - log.debug("DbAdminEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.getSubjectUri()); - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.getSubjectUri()); - } - if( !canModifyPredicate( action.getPredicateUri() ) ) { - log.debug("DbAdminEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getPredicateUri()); - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: " + - "cannot modify " + action.getPredicateUri()); - } - - log.debug("DbAdminEditingPolicy for EditDatapropStmt returns authorization because the user is a dbAdmin"); - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user may edit data property statement"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - public PolicyDecision visit(IdentifierBundle ids, EditObjPropStmt action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy, null action or ids"); - - //cannot edit resources related to system - if( !canModifyResource( action.uriOfObject ) ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfObject); - - if( !canModifyResource( action.uriOfSubject ) ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfSubject); - - if( !canModifyPredicate( action.uriOfPredicate ) ) - return new BasicPolicyDecision(this.defaultFailure,"DbAdminEditingPolicy for EditObjPropStmt does not grant access to prohibited predicates or certain namespaces: " + - "cannot modify " + action.uriOfPredicate); - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: user may edit any individual"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - - public PolicyDecision visit(IdentifierBundle ids, UploadFile action) { - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy: may upload files"); - } - - - // *** the following actions are generally not part of dbAdmin editing *** // - - public PolicyDecision visit(IdentifierBundle ids, AddNewUser action) { - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, RemoveUser action) { - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, LoadOntology action) { - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, RebuildTextIndex action) { - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, UpdateTextIndex action) { - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, ServerStatus action) { - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, CreateOwlClass action) { - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, RemoveOwlClass action) { - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, DefineDataProperty action) { - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, DefineObjectProperty action) { - return new BasicPolicyDecision(Authorization.AUTHORIZED,"DbAdminEditingPolicy does authorize administrative modifications"); - } - - public String toString(){ - return "DbAdminEditingPolicy " + hashCode() - + " nspaces: " + prohibitedNs.size() + " prohibited Props: " - + prohibitedProperties.size() + " prohibited resources: " - + prohibitedResources.size(); - } +public class DbAdminEditingPolicy implements PolicyIface { + private final ServletContext ctx; + + public DbAdminEditingPolicy(ServletContext ctx) { + this.ctx = ctx; + } + + /** + * Indicates which Authorization to use when the user isn't explicitly + * authorized. + */ + private PolicyDecision defaultDecision(String message) { + return new BasicPolicyDecision(Authorization.INCONCLUSIVE, message); + } + + @Override + public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, + RequestedAction whatToAuth) { + if (whoToAuth == null) { + return defaultDecision("whomToAuth was null"); + } + if (whatToAuth == null) { + return defaultDecision("whatToAuth was null"); + } + + if (!isDba(whoToAuth)) { + return defaultDecision("IdBundle does not include a DbAdmin identifier"); + } + + if (whatToAuth instanceof OntoRequestedAction) { + return defaultDecision("DbAdminEditingPolicy doesn't authorize OntoRequestedActions"); + } else if (whatToAuth instanceof AdminRequestedAction) { + return defaultDecision("DbAdminEditingPolicy doesn't authorize AdminRequestedActions"); + } + + if (whatToAuth instanceof AddDataPropStmt) { + return isAuthorized((AddDataPropStmt) whatToAuth); + } else if (whatToAuth instanceof DropDataPropStmt) { + return isAuthorized((DropDataPropStmt) whatToAuth); + } else if (whatToAuth instanceof EditDataPropStmt) { + return isAuthorized((EditDataPropStmt) whatToAuth); + } else if (whatToAuth instanceof AddObjectPropStmt) { + return isAuthorized((AddObjectPropStmt) whatToAuth); + } else if (whatToAuth instanceof DropObjectPropStmt) { + return isAuthorized((DropObjectPropStmt) whatToAuth); + } else if (whatToAuth instanceof EditObjPropStmt) { + return isAuthorized((EditObjPropStmt) whatToAuth); + } else if (whatToAuth instanceof AddResource) { + return isAuthorized((AddResource) whatToAuth); + } else if (whatToAuth instanceof DropResource) { + return isAuthorized((DropResource) whatToAuth); + } else { + return defaultDecision("unrecognized requested action: " + + whatToAuth); + } + } + + private boolean isDba(IdentifierBundle whomToAuth) { + for (Identifier id : whomToAuth) { + if (id instanceof DbAdminEditingIdentifierFactory.DbAdminEditingId) { + return true; + } + } + return false; + } + + private boolean canModifyResource(String uri) { + return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyResource( + uri, RoleLevel.DB_ADMIN); + } + + private boolean canModifyPredicate(String uri) { + return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyPredicate( + uri, RoleLevel.DB_ADMIN); + } + + /** + * Check authorization for Adding, Editing or Dropping a DataProperty. + */ + private PolicyDecision isAuthorized(AbstractDataPropertyAction action) { + if (!canModifyResource(action.getSubjectUri())) { + return defaultDecision("DbAdminEditingPolicy does not grant access to admin resources; " + + "may not modify " + action.getSubjectUri()); + } + + if (!canModifyPredicate(action.getPredicateUri())) { + return defaultDecision("DbAdminEditingPolicy does not grant access to admin predicates; " + + "may not modify " + action.getPredicateUri()); + } + + return new BasicPolicyDecision(Authorization.AUTHORIZED, + "DbAdminEditingPolicy: user may modify '" + + action.getSubjectUri() + "' ==> '" + + action.getPredicateUri() + "'"); + } + + /** + * Check authorization for Adding, Editing or Dropping an ObjectProperty. + */ + private PolicyDecision isAuthorized(AbstractObjectPropertyAction action) { + if (!canModifyResource(action.uriOfSubject)) { + return defaultDecision("DbAdminEditingPolicy does not grant access to admin resources; " + + "may not modify " + action.uriOfSubject); + } + + if (!canModifyPredicate(action.uriOfPredicate)) { + return defaultDecision("DbAdminEditingPolicy does not grant access to admin predicates; " + + "may not modify " + action.uriOfPredicate); + } + + if (!canModifyResource(action.uriOfObject)) { + return defaultDecision("DbAdminEditingPolicy does not grant access to admin resources; " + + "may not modify " + action.uriOfObject); + } + + return new BasicPolicyDecision(Authorization.AUTHORIZED, + "DbAdminEditingPolicy: user may modify '" + action.uriOfSubject + + "' ==> '" + action.uriOfPredicate + "' ==> '" + + action.uriOfObject + "'"); + } + + /** + * Check authorization for Adding or Dropping a Resource. + */ + private PolicyDecision isAuthorized(AbstractResourceAction action) { + if (!canModifyResource(action.getSubjectUri())) { + return defaultDecision("DbAdminEditingPolicy does not grant access to admin resources; " + + "may not modify " + action.getSubjectUri()); + } + + return new BasicPolicyDecision(Authorization.AUTHORIZED, + "DbAdminEditingPolicy: may add or remove resource: " + + action.getSubjectUri()); + } + + @Override + public String toString() { + return "DbAdminEditingPolicy - " + hashCode(); + } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/EditorEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/EditorEditingPolicy.java index faeeec4ed..8c00bb665 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/EditorEditingPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/EditorEditingPolicy.java @@ -2,432 +2,172 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; +import javax.servlet.ServletContext; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import com.hp.hpl.jena.rdf.model.impl.Util; - -import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vitro.webapp.auth.identifier.EditorEditingIdentifierFactory; import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; +import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile; +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractResourceAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AddResource; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource; -import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; +import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; /** - * Policy to use for Vivo non-privileged but user accouunt-based editing - * All methods in this class should be thread safe - * and side effect free. + * Policy to use for Vivo non-privileged but user accouunt-based editing All + * methods in this class should be thread safe and side effect free. */ -public class EditorEditingPolicy implements VisitingPolicyIface{ - protected static Log log = LogFactory.getLog( EditorEditingPolicy.class ); - - /** regex for extracting a namespace from a URI */ - // Do not use this; use Jena's splitNamespace() util instead. - //private Pattern ns = Pattern.compile("([^#]*#)[^#]*"); - - /** - * Namespaces from which Editors should not be able to use resources. - */ - private Set prohibitedNs; - - /** URIs of properties that Editors should not be able to use in statements*/ - protected SetprohibitedProperties; - - /** URIs of resources that Editors should not be able to use in statements*/ - protected SetprohibitedResources; - - /** Indicates which Authorization to use when the user isn't explicitly authorized. */ - protected Authorization defaultFailure = Authorization.INCONCLUSIVE; - - /** URIs of properties from prohibited namespaces that Editors need to be - * able to edit */ - protected Set editableVitroUris; - - public EditorEditingPolicy( - SetprohibitedProperties, - SetprohibitedResources, - SetprohibitedNamespaces, - SeteditableVitroUris ){ - - if( prohibitedProperties != null ) - this.prohibitedProperties = prohibitedProperties; - else - this.prohibitedProperties = Collections.EMPTY_SET; - - if( prohibitedResources != null ) - this.prohibitedResources = prohibitedResources; - else - this.prohibitedResources = Collections.EMPTY_SET; - - if( prohibitedNamespaces != null ) - this.prohibitedNs = prohibitedNamespaces; - else{ - prohibitedNs = new HashSet(); - prohibitedNs.add( VitroVocabulary.vitroURI); - prohibitedNs.add( VitroVocabulary.OWL ); - prohibitedNs.add(""); - } - - if( editableVitroUris != null ) - this.editableVitroUris = editableVitroUris; - else{ - this.editableVitroUris = new HashSet(); - this.editableVitroUris.add(VitroVocabulary.MONIKER); - this.editableVitroUris.add(VitroVocabulary.BLURB); - this.editableVitroUris.add(VitroVocabulary.DESCRIPTION); - this.editableVitroUris.add(VitroVocabulary.MODTIME); - this.editableVitroUris.add(VitroVocabulary.TIMEKEY); - - this.editableVitroUris.add(VitroVocabulary.CITATION); - this.editableVitroUris.add(VitroVocabulary.IND_MAIN_IMAGE); - - this.editableVitroUris.add(VitroVocabulary.LINK); - this.editableVitroUris.add(VitroVocabulary.PRIMARY_LINK); - this.editableVitroUris.add(VitroVocabulary.ADDITIONAL_LINK); - this.editableVitroUris.add(VitroVocabulary.LINK_ANCHOR); - this.editableVitroUris.add(VitroVocabulary.LINK_URL); - - this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION); - this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESKEYWORD); - this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESINDIVIDUAL); - this.editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_MODE); - } - } - - public PolicyDecision isAuthorized(IdentifierBundle whomToAuth, RequestedAction whatToAuth) { - BasicPolicyDecision pd = new BasicPolicyDecision(this.defaultFailure,"not yet set"); - if( whomToAuth == null ) - return pd.setMessage("whomToAuth was null"); - if(whatToAuth == null) - return pd.setMessage("whatToAuth was null"); - - String roleStr = getRoleOf(whomToAuth); - if (roleStr == null) - return pd.setMessage("Unable to get a role for the editor from IdBundle"); - - try{ - if( Integer.parseInt( roleStr ) /*<*/ != LoginStatusBean.EDITOR) - return pd.setMessage("EditorEditingPolicy found role of "+roleStr+" but only authorizes for users logged in as EDITOR or higher"); - }catch(NumberFormatException nef){} - - if (whatToAuth instanceof OntoRequestedAction) - return pd.setMessage("EditorEditingPolicy doesn't authorize OntoRequestedActions"); - if (whatToAuth instanceof AdminRequestedAction) - return pd.setMessage("EditorEditingPolicy doesn't authorize AdminRequestedActions"); - - //kick off the visitor pattern - return whatToAuth.accept(this, whomToAuth); - } - - - protected String getRoleOf( IdentifierBundle whomToAuth) { - if( whomToAuth == null ) return null; - - for(Identifier id : whomToAuth){ - if (id instanceof EditorEditingIdentifierFactory.EditorEditingId) { - return ((EditorEditingIdentifierFactory.EditorEditingId)id).getRole(); - } - } - return null; - } - - protected boolean canModifyResource(String uri){ - if( uri == null || uri.length() == 0 ) - return false; - - if( editableVitroUris.contains( uri ) ) - return true; - - String namespace = uri.substring(0, Util.splitNamespace(uri)); - //Matcher match = ns.matcher(uri); - //if( match.matches() && match.groupCount() > 0){ - // String namespace = match.group(1); - if( prohibitedNs.contains( namespace ) ) { - log.debug("The uri "+uri+" represents a resource that cannot be modified because it matches a prohibited namespace"); - return false; - } - //} - return true; - } - - - protected boolean canModifyPredicate(String uri){ - if( uri == null || uri.length() == 0 ) - return false; - - if( editableVitroUris.contains( uri ) ) - return true; - - if( prohibitedProperties.contains(uri)) { - log.debug("The uri "+uri+" represents a predicate that cannot be modified because it is on a list of properties prohibited from editor editing"); - return false; - } - - String namespace = uri.substring(0, Util.splitNamespace(uri)); - //Matcher match = ns.matcher(uri); - //if( match.matches() && match.groupCount() > 0){ - // String namespace = match.group(1); - if( prohibitedNs.contains( namespace ) ) { - log.debug("The uri "+uri+" represents a predicate that cannot be modified because it matches a prohibited namespace"); - return false; - } - //} - return true; - } - - public PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids"); - - //cannot edit resources related to system - if( !canModifyResource( action.uriOfObject ) ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfObject); - - if( !canModifyResource( action.uriOfSubject ) ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfSubject); - - if( !canModifyPredicate( action.uriOfPredicate ) ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin predicates; " + - "cannot modify " + action.uriOfPredicate); - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user can edit allowed properties of anybody"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - - public PolicyDecision visit(IdentifierBundle ids, DropResource action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids"); - - if( prohibitedNs.contains( action.getSubjectUri() ) ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not removal of admin resources"); - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: may remove resource"); - } - - public PolicyDecision visit(IdentifierBundle ids, AddResource action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids"); - - if( prohibitedNs.contains( action.getSubjectUri() ) ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not allow creation of admin resources"); - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: may add resource"); - } - - public PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) { - if( ids == null || action == null ) { - log.debug("EditorEditingPolicy for DropDataPropStmt is inconclusive because the test has null action or ids"); - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids"); - } - //cannot edit resources related to system - if( prohibitedNs.contains( action.getSubjectUri() ) ) { // jc55 was getResourceURI() - log.debug("EditorEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin resources"); - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources"); - } - - //many predicates are prohibited by namespace but there are many ones that editor editors need to work with - if( prohibitedNs.contains(action.getPredicateUri() ) && ! editableVitroUris.contains( action.getPredicateUri() ) ) { - log.debug("EditorEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin controls"); - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin controls"); - } - - //cannot edit resources related to system - if( !canModifyResource( action.getSubjectUri() ) ) { - log.debug("EditorEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.getSubjectUri()); - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.getSubjectUri()); - } - if( !canModifyPredicate( action.getPredicateUri() ) ) { - log.debug("EditorEditingPolicy for EditDatapropStmt is inconclusive because it does not grant access to admin predicates; cannot modify " + action.getPredicateUri()); - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin predicates; " + - "cannot modify " + action.getPredicateUri()); - } - log.debug("EditorEditingPolicy for DropDatapropStmt returns authorization because the user is a editor"); - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user is may drop data property statement"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - - public PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids"); - - //cannot edit resources related to system - if( !canModifyResource( action.uriOfObject ) ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfObject); - - if( !canModifyResource( action.uriOfSubject ) ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfSubject); - - if( !canModifyPredicate( action.uriOfPredicate ) ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin predicates; " + - "cannot modify " + action.uriOfPredicate); - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user can edit any individual"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - public PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids"); - - //cannot edit resources related to system - if( prohibitedNs.contains( action.getSubjectUri() ) ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources"); - - //many predicates are prohibited by namespace but there are many ones that editor editors need to work with - if( prohibitedNs.contains(action.getPredicateUri() ) && ! editableVitroUris.contains( action.getPredicateUri() ) ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin controls"); - - if( !canModifyPredicate( action.getPredicateUri() ) ) { - log.debug("EditorEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getPredicateUri()); - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy for AddDataPropStmt does not grant access to prohibited predicates or certain namespaces: " + - "cannot modify " + action.getPredicateUri()); - } - - return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user may add this data property statement"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - - public PolicyDecision visit(IdentifierBundle ids, EditDataPropStmt action) { - - if( ids == null || action == null ) { - log.debug("EditorEditingPolicy for EditDataPropStmt is inconclusive because the test has null action or ids"); - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids"); - } - - //cannot edit resources related to system - if( !canModifyResource( action.getSubjectUri() ) ) { - log.debug("EditorEditingPolicy for EditDatapropStmt action is inconclusive because it does not grant access to admin resources; cannot modify " + action.getSubjectUri()); - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.getSubjectUri()); - } - if( !canModifyPredicate( action.getPredicateUri() ) ) { - log.debug("EditorEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: cannot modify " + action.getPredicateUri()); - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy for EditDataPropStmt does not grant access to prohibited predicates or certain namespaces: " + - "cannot modify " + action.getPredicateUri()); - } - - log.debug("EditorEditingPolicy for EditDatapropStmt returns authorization because the user is a editor"); - return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user may edit data property statement"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - - public PolicyDecision visit(IdentifierBundle ids, EditObjPropStmt action) { - if( ids == null || action == null ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy, null action or ids"); - - //cannot edit resources related to system - if( !canModifyResource( action.uriOfObject ) ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfObject); - - if( !canModifyResource( action.uriOfSubject ) ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin resources; " + - "cannot modify " + action.uriOfSubject); - - if( !canModifyPredicate( action.uriOfPredicate ) ) - return new BasicPolicyDecision(this.defaultFailure,"EditorEditingPolicy does not grant access to admin predicates; " + - "cannot modify " + action.uriOfPredicate); - return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: user may edit any individual"); - - /* see SelfEditingPolicy for examples of any individual-based policy decisions */ - } - - - public PolicyDecision visit(IdentifierBundle ids, UploadFile action) { - return new BasicPolicyDecision(Authorization.AUTHORIZED,"EditorEditingPolicy: may upload files"); - } - - - // *** the following actions are generally not part of editor editing *** // - - public PolicyDecision visit(IdentifierBundle ids, AddNewUser action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, RemoveUser action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, LoadOntology action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, RebuildTextIndex action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, UpdateTextIndex action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, ServerStatus action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, CreateOwlClass action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, RemoveOwlClass action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, DefineDataProperty action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications"); - } - - public PolicyDecision visit(IdentifierBundle ids, DefineObjectProperty action) { - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"EditorEditingPolicy does not authorize administrative modifications"); - } - - public String toString(){ - return "EditorEditingPolicy " + hashCode() - + " nspaces: " + prohibitedNs.size() + " prohibited Props: " - + prohibitedProperties.size() + " prohibited resources: " - + prohibitedResources.size(); - } +public class EditorEditingPolicy implements PolicyIface { + + private final ServletContext ctx; + + public EditorEditingPolicy(ServletContext ctx) { + this.ctx = ctx; + } + + /** + * Indicates which Authorization to use when the user isn't explicitly + * authorized. + */ + private PolicyDecision defaultDecision(String message) { + return new BasicPolicyDecision(Authorization.INCONCLUSIVE, message); + } + + @Override + public PolicyDecision isAuthorized(IdentifierBundle whomToAuth, + RequestedAction whatToAuth) { + if (whomToAuth == null) { + return defaultDecision("whomToAuth was null"); + } + if (whatToAuth == null) { + return defaultDecision("whatToAuth was null"); + } + if (!isEditor(whomToAuth)) { + return defaultDecision("IdBundle does not include an Editor identifier"); + } + + if (whatToAuth instanceof OntoRequestedAction) { + return defaultDecision("EditorEditingPolicy doesn't authorize OntoRequestedActions"); + } else if (whatToAuth instanceof AdminRequestedAction) { + return defaultDecision("EditorEditingPolicy doesn't authorize AdminRequestedActions"); + } + + if (whatToAuth instanceof AddDataPropStmt) { + return isAuthorized((AddDataPropStmt) whatToAuth); + } else if (whatToAuth instanceof DropDataPropStmt) { + return isAuthorized((DropDataPropStmt) whatToAuth); + } else if (whatToAuth instanceof EditDataPropStmt) { + return isAuthorized((EditDataPropStmt) whatToAuth); + } else if (whatToAuth instanceof AddObjectPropStmt) { + return isAuthorized((AddObjectPropStmt) whatToAuth); + } else if (whatToAuth instanceof DropObjectPropStmt) { + return isAuthorized((DropObjectPropStmt) whatToAuth); + } else if (whatToAuth instanceof EditObjPropStmt) { + return isAuthorized((EditObjPropStmt) whatToAuth); + } else if (whatToAuth instanceof AddResource) { + return isAuthorized((AddResource) whatToAuth); + } else if (whatToAuth instanceof DropResource) { + return isAuthorized((DropResource) whatToAuth); + } else { + return defaultDecision("unrecognized requested action: " + + whatToAuth); + } + } + + private boolean isEditor(IdentifierBundle whomToAuth) { + for (Identifier id : whomToAuth) { + if (id instanceof EditorEditingIdentifierFactory.EditorEditingId) { + return true; + } + } + return false; + } + + private boolean canModifyResource(String uri) { + return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyResource( + uri, RoleLevel.EDITOR); + } + + private boolean canModifyPredicate(String uri) { + return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyPredicate( + uri, RoleLevel.EDITOR); + } + + /** + * Check authorization for Adding, Editing or Dropping a DataProperty. + */ + private PolicyDecision isAuthorized(AbstractDataPropertyAction action) { + if (!canModifyResource(action.getSubjectUri())) { + return defaultDecision("EditorEditingPolicy does not grant access to admin resources; " + + "may not modify " + action.getSubjectUri()); + } + + if (!canModifyPredicate(action.getPredicateUri())) { + return defaultDecision("EditorEditingPolicy does not grant access to admin predicates; " + + "may not modify " + action.getPredicateUri()); + } + + return new BasicPolicyDecision(Authorization.AUTHORIZED, + "EditorEditingPolicy: user may modify '" + + action.getSubjectUri() + "' ==> '" + + action.getPredicateUri() + "'"); + } + + /** + * Check authorization for Adding, Editing or Dropping an ObjectProperty. + */ + private PolicyDecision isAuthorized(AbstractObjectPropertyAction action) { + if (!canModifyResource(action.uriOfSubject)) { + return defaultDecision("EditorEditingPolicy does not grant access to admin resources; " + + "may not modify " + action.uriOfSubject); + } + + if (!canModifyPredicate(action.uriOfPredicate)) { + return defaultDecision("EditorEditingPolicy does not grant access to admin predicates; " + + "may not modify " + action.uriOfPredicate); + } + + if (!canModifyResource(action.uriOfObject)) { + return defaultDecision("EditorEditingPolicy does not grant access to admin resources; " + + "may not modify " + action.uriOfObject); + } + + return new BasicPolicyDecision(Authorization.AUTHORIZED, + "EditorEditingPolicy: user may modify '" + action.uriOfSubject + + "' ==> '" + action.uriOfPredicate + "' ==> '" + + action.uriOfObject + "'"); + } + + /** + * Check authorization for Adding or Dropping a Resource. + */ + private PolicyDecision isAuthorized(AbstractResourceAction action) { + if (!canModifyResource(action.getSubjectUri())) { + return defaultDecision("EditorEditingPolicy does not grant access to admin resources; " + + "may not modify " + action.getSubjectUri()); + } + + return new BasicPolicyDecision(Authorization.AUTHORIZED, + "EditorEditingPolicy: may add or remove resource: " + + action.getSubjectUri()); + } + + @Override + public String toString() { + return "EditorEditingPolicy - " + hashCode(); + } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicy.java index 696cd34ed..034baced5 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicy.java @@ -5,6 +5,8 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy; import java.util.ArrayList; import java.util.List; +import javax.servlet.ServletContext; + import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -23,6 +25,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction; +import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; /** @@ -44,12 +47,10 @@ public class InformationResourceEditingPolicy extends BaseSelfEditingPolicy + "linkedAuthor"; private final OntModel model; - private final AdministrativeUriRestrictor restrictor; - public InformationResourceEditingPolicy(OntModel model, - AdministrativeUriRestrictor restrictor) { + public InformationResourceEditingPolicy(ServletContext ctx, OntModel model) { + super(ctx, RoleLevel.SELF); this.model = model; - this.restrictor = restrictor; } @Override @@ -91,10 +92,10 @@ public class InformationResourceEditingPolicy extends BaseSelfEditingPolicy String subject = action.getSubjectUri(); String predicate = action.getPredicateUri(); - if (!restrictor.canModifyResource(subject)) { + if (!canModifyResource(subject)) { return cantModifyResource(subject); } - if (!restrictor.canModifyPredicate(predicate)) { + if (!canModifyPredicate(predicate)) { return cantModifyPredicate(predicate); } @@ -120,13 +121,13 @@ public class InformationResourceEditingPolicy extends BaseSelfEditingPolicy String predicate = action.getUriOfPredicate(); String object = action.getUriOfObject(); - if (!restrictor.canModifyResource(subject)) { + if (!canModifyResource(subject)) { return cantModifyResource(subject); } - if (!restrictor.canModifyPredicate(predicate)) { + if (!canModifyPredicate(predicate)) { return cantModifyPredicate(predicate); } - if (!restrictor.canModifyResource(object)) { + if (!canModifyResource(object)) { return cantModifyResource(object); } @@ -286,34 +287,4 @@ public class InformationResourceEditingPolicy extends BaseSelfEditingPolicy private PolicyDecision authorizedObjectAuthor() { return authorizedDecision("User is author of the object of the statement"); } - - /** - * TODO - * - * 
-	 * We don't need to do resource operations.
-	 * 
-	 * We can do data or object property operations 
-	 *    if not restricted
-	 *    if the subject or object is an information resource
-	 *    if that information resource has an author or editor who is an active self-editor.
-	 *
- */ - - /** - * TODO - * - * 
-	 * If the request is an object property operation
-	 * 
-	 * Check restrictions. If restricted, we are done.
-	 * Get the URIs of self-editors identifiers. If none, we are done.
-	 * Get the list of editors and authors for this document. Is 
-	 * Get the list of information resources that these self-editors author or edit.
-	 * If subject or object is in that set, approve.
-	 * 
-	 * If the request is a data property operations, same except there is no object.
-	 *
- */ - } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java index c80c2ea53..5c2023598 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java @@ -3,12 +3,8 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy; import java.util.List; -import java.util.Set; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import com.hp.hpl.jena.ontology.OntModel; +import javax.servlet.ServletContext; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; @@ -17,6 +13,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractResourceAction; +import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; /** * Policy to use for Vivo Self-Editing based on NetId for use at Cornell. All @@ -24,19 +21,11 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractRe */ public class SelfEditingPolicy extends BaseSelfEditingPolicy implements PolicyIface { - protected static Log log = LogFactory.getLog(SelfEditingPolicy.class); - - protected final OntModel model; - private final AdministrativeUriRestrictor restrictor; - - public SelfEditingPolicy(Set prohibitedProperties, - Set prohibitedResources, Set prohibitedNamespaces, - Set editableVitroUris, OntModel model) { - this.model = model; - this.restrictor = new AdministrativeUriRestrictor(prohibitedProperties, - prohibitedResources, prohibitedNamespaces, editableVitroUris); + public SelfEditingPolicy(ServletContext ctx) { + super(ctx, RoleLevel.SELF); } + @Override public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, RequestedAction whatToAuth) { if (whoToAuth == null) { @@ -80,13 +69,13 @@ public class SelfEditingPolicy extends BaseSelfEditingPolicy implements String predicate = action.getUriOfPredicate(); String object = action.getUriOfObject(); - if (!restrictor.canModifyResource(subject)) { + if (!canModifyResource(subject)) { return cantModifyResource(subject); } - if (!restrictor.canModifyPredicate(predicate)) { + if (!canModifyPredicate(predicate)) { return cantModifyPredicate(predicate); } - if (!restrictor.canModifyResource(object)) { + if (!canModifyResource(object)) { return cantModifyResource(object); } @@ -106,10 +95,10 @@ public class SelfEditingPolicy extends BaseSelfEditingPolicy implements String subject = action.getSubjectUri(); String predicate = action.getPredicateUri(); - if (!restrictor.canModifyResource(subject)) { + if (!canModifyResource(subject)) { return cantModifyResource(subject); } - if (!restrictor.canModifyPredicate(predicate)) { + if (!canModifyPredicate(predicate)) { return cantModifyPredicate(predicate); } @@ -126,7 +115,7 @@ public class SelfEditingPolicy extends BaseSelfEditingPolicy implements private PolicyDecision isAuthorizedForResourceAction( AbstractResourceAction action) { String uri = action.getSubjectUri(); - if (!restrictor.canModifyResource(uri)) { + if (!canModifyResource(uri)) { return cantModifyResource(uri); } else { return authorizedDecision("May add/remove resource."); @@ -162,7 +151,7 @@ public class SelfEditingPolicy extends BaseSelfEditingPolicy implements @Override public String toString() { - return "SelfEditingPolicy " + hashCode() + "[" + restrictor + "]"; + return "SelfEditingPolicy - " + hashCode(); } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionListener.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionListener.java index fb5972346..6afeb27b0 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionListener.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionListener.java @@ -11,8 +11,8 @@ import com.hp.hpl.jena.ontology.OntModel; import edu.cornell.mannlib.vedit.beans.EditProcessObject; import edu.cornell.mannlib.vedit.listener.ChangeListener; -import edu.cornell.mannlib.vitro.webapp.beans.Property; import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; +import edu.cornell.mannlib.vitro.webapp.beans.Property; /** * Add this ChangeListener to your EditProcessObject when modifying the @@ -37,7 +37,7 @@ public class PropertyRestrictionListener implements ChangeListener { Property p = (Property) oldObj; if (eitherRoleChanged(p.getHiddenFromDisplayBelowRoleLevel(), p.getProhibitedFromUpdateBelowRoleLevel(), null, null)) { - log.debug("replacing all prohibition policies after deletion"); + log.debug("rebuilding the PropertyRestrictionPolicyHelper after deletion"); createAndSetBean(); } } @@ -51,7 +51,7 @@ public class PropertyRestrictionListener implements ChangeListener { if (eitherRoleChanged(null, null, p.getHiddenFromDisplayBelowRoleLevel(), p.getProhibitedFromUpdateBelowRoleLevel())) { - log.debug("replacing all prohibition policies after insertion"); + log.debug("rebuilding the PropertyRestrictionPolicyHelper after insertion"); createAndSetBean(); } } @@ -67,7 +67,7 @@ public class PropertyRestrictionListener implements ChangeListener { oldP.getProhibitedFromUpdateBelowRoleLevel(), newP.getHiddenFromDisplayBelowRoleLevel(), newP.getProhibitedFromUpdateBelowRoleLevel())) { - log.debug("replacing all prohibition policies after update"); + log.debug("rebuilding the PropertyRestrictionPolicyHelper after update"); createAndSetBean(); } } @@ -91,6 +91,8 @@ public class PropertyRestrictionListener implements ChangeListener { private void createAndSetBean() { OntModel model = (OntModel) ctx.getAttribute("jenaOntModel"); - PropertyRestrictionPolicyHelper.createAndSetBean(ctx, model); + PropertyRestrictionPolicyHelper bean = PropertyRestrictionPolicyHelper + .createBean(model); + PropertyRestrictionPolicyHelper.setBean(ctx, bean); } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelper.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelper.java index d08ec142b..4d1a8b6cf 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelper.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelper.java @@ -2,12 +2,12 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy.bean; +import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.Map; -import java.util.Set; import javax.servlet.ServletContext; import javax.servlet.ServletContextEvent; @@ -27,57 +27,49 @@ import com.hp.hpl.jena.shared.Lock; import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; +import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup; /** * Assists the role-based policies in determining whether a property or resource * may be displayed or modified. + * + * There is a bean in the context that holds the current threshold role levels + * for displaying and modifying restricted properties. + * + * Create this bean after the Jena model is in place in the context. + * + * Add PropertyRestrictionListener to your EditProcessObject if you are editing + * a property, to ensure that the bean stays current. */ public class PropertyRestrictionPolicyHelper { private static final Log log = LogFactory .getLog(PropertyRestrictionPolicyHelper.class); - private static final Collection PROHIBITED_NAMESPACES = setProhibitedNamespaces(); - private static final Collection PERMITTED_EXCEPTIONS = setPermittedExceptions(); + private static final Collection PROHIBITED_NAMESPACES = Arrays + .asList(new String[] { VitroVocabulary.vitroURI, + VitroVocabulary.OWL, "" }); - private static Collection setProhibitedNamespaces() { - Set prohibitedNs = new HashSet(); - prohibitedNs.add(VitroVocabulary.vitroURI); - prohibitedNs.add(VitroVocabulary.OWL); - prohibitedNs.add(""); - return Collections.unmodifiableSet(prohibitedNs); - } + private static final Collection PERMITTED_EXCEPTIONS = Arrays + .asList(new String[] { + VitroVocabulary.MONIKER, + VitroVocabulary.BLURB, + VitroVocabulary.DESCRIPTION, + VitroVocabulary.MODTIME, + VitroVocabulary.TIMEKEY, - private static Collection setPermittedExceptions() { - Set editableVitroUris = new HashSet(); + VitroVocabulary.CITATION, + VitroVocabulary.IND_MAIN_IMAGE, - editableVitroUris.add(VitroVocabulary.MONIKER); - editableVitroUris.add(VitroVocabulary.BLURB); - editableVitroUris.add(VitroVocabulary.DESCRIPTION); - editableVitroUris.add(VitroVocabulary.MODTIME); - editableVitroUris.add(VitroVocabulary.TIMEKEY); + VitroVocabulary.LINK, + VitroVocabulary.PRIMARY_LINK, + VitroVocabulary.ADDITIONAL_LINK, + VitroVocabulary.LINK_ANCHOR, + VitroVocabulary.LINK_URL, - editableVitroUris.add(VitroVocabulary.CITATION); - editableVitroUris.add(VitroVocabulary.IND_MAIN_IMAGE); - - editableVitroUris.add(VitroVocabulary.LINK); - editableVitroUris.add(VitroVocabulary.PRIMARY_LINK); - editableVitroUris.add(VitroVocabulary.ADDITIONAL_LINK); - editableVitroUris.add(VitroVocabulary.LINK_ANCHOR); - editableVitroUris.add(VitroVocabulary.LINK_URL); - - editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION); - editableVitroUris - .add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESKEYWORD); - editableVitroUris - .add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESINDIVIDUAL); - editableVitroUris.add(VitroVocabulary.KEYWORD_INDIVIDUALRELATION_MODE); - - return Collections.unmodifiableSet(editableVitroUris); - } - - // ---------------------------------------------------------------------- - // static methods - // ---------------------------------------------------------------------- + VitroVocabulary.KEYWORD_INDIVIDUALRELATION, + VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESKEYWORD, + VitroVocabulary.KEYWORD_INDIVIDUALRELATION_INVOLVESINDIVIDUAL, + VitroVocabulary.KEYWORD_INDIVIDUALRELATION_MODE }); /** * The bean is attached to the ServletContext using this attribute name. @@ -85,6 +77,10 @@ public class PropertyRestrictionPolicyHelper { private static final String ATTRIBUTE_NAME = PropertyRestrictionPolicyHelper.class .getName(); + // ---------------------------------------------------------------------- + // static methods + // ---------------------------------------------------------------------- + public static PropertyRestrictionPolicyHelper getBean(ServletContext ctx) { Object attribute = ctx.getAttribute(ATTRIBUTE_NAME); if (!(attribute instanceof PropertyRestrictionPolicyHelper)) { @@ -98,11 +94,19 @@ public class PropertyRestrictionPolicyHelper { ctx.removeAttribute(ATTRIBUTE_NAME); } + public static void setBean(ServletContext ctx, + PropertyRestrictionPolicyHelper bean) { + if (bean == null) { + throw new NullPointerException("bean may not be null."); + } + ctx.setAttribute(ATTRIBUTE_NAME, bean); + } + /** * Initialize the bean with the standard prohibitions and exceptions, and * with the thresholds obtained from the model. */ - public static void createAndSetBean(ServletContext ctx, OntModel model) { + public static PropertyRestrictionPolicyHelper createBean(OntModel model) { Map displayThresholdMap = new HashMap(); Map modifyThresholdMap = new HashMap(); @@ -119,12 +123,12 @@ public class PropertyRestrictionPolicyHelper { PROHIBITED_NAMESPACES, PERMITTED_EXCEPTIONS, displayThresholdMap, modifyThresholdMap); - ctx.setAttribute(ATTRIBUTE_NAME, bean); + return bean; } /** * Find all the resources that possess this property, and map the resource - * URI to the require RoleLevel. + * URI to the required RoleLevel. */ private static void populateThresholdMap(OntModel model, Map map, String propertyUri) { @@ -167,22 +171,22 @@ public class PropertyRestrictionPolicyHelper { private final Collection modifyExceptionsAllowedUris; /** - * URIs in here can be displayed only if the user's role is at least as high + * These URIs can be displayed only if the user's role is at least as high * as the threshold role. */ private final Map displayThresholdMap; /** - * URIs in here can be modified only if the user's role is at least as high - * as the threshold role. + * These URIs can be modified only if the user's role is at least as high as + * the threshold role. */ private final Map modifyThresholdMap; /** * Store unmodifiable versions of the inputs. * - * Protected access: should only be created by the static methods, or by - * unit tests. + * Protected access: the bean should only be created by the static methods, + * or by unit tests. */ protected PropertyRestrictionPolicyHelper( Collection modifyProhibitedNamespaces, @@ -193,9 +197,9 @@ public class PropertyRestrictionPolicyHelper { this.modifyExceptionsAllowedUris = unmodifiable(modifyExceptionsAllowedUris); this.displayThresholdMap = unmodifiable(displayThresholdMap); this.modifyThresholdMap = unmodifiable(modifyThresholdMap); - + if (log.isDebugEnabled()) { - log.debug("prohibited namespaces: " + this.modifyProhibitedNamespaces); + log.debug("prohibited: " + this.modifyProhibitedNamespaces); log.debug("exceptions: " + this.modifyExceptionsAllowedUris); log.debug("display thresholds: " + this.displayThresholdMap); log.debug("modify thresholds: " + this.modifyThresholdMap); @@ -347,8 +351,27 @@ public class PropertyRestrictionPolicyHelper { @Override public void contextInitialized(ServletContextEvent sce) { ServletContext ctx = sce.getServletContext(); - OntModel model = (OntModel) ctx.getAttribute("jenaOntModel"); - createAndSetBean(ctx, model); + + if (AbortStartup.isStartupAborted(ctx)) { + return; + } + + try { + OntModel model = (OntModel) ctx.getAttribute("jenaOntModel"); + if (model == null) { + throw new NullPointerException( + "jenaOntModel has not been initialized."); + } + + PropertyRestrictionPolicyHelper bean = PropertyRestrictionPolicyHelper + .createBean(model); + PropertyRestrictionPolicyHelper.setBean(ctx, bean); + } catch (Exception e) { + log.error("could not run PropertyRestrictionPolicyHelper$Setup: " + + e); + AbortStartup.abortStartup(ctx); + throw new RuntimeException(e); + } } @Override diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CuratorEditingPolicySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CuratorEditingPolicySetup.java index 8685ecabe..978d70d0b 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CuratorEditingPolicySetup.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/CuratorEditingPolicySetup.java @@ -2,10 +2,6 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy.setup; -import java.util.EnumSet; -import java.util.HashSet; -import java.util.Set; - import javax.servlet.ServletContext; import javax.servlet.ServletContextEvent; import javax.servlet.ServletContextListener; @@ -13,82 +9,54 @@ import javax.servlet.ServletContextListener; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import com.hp.hpl.jena.ontology.OntModel; -import com.hp.hpl.jena.rdf.model.Model; -import com.hp.hpl.jena.rdf.model.ResIterator; -import com.hp.hpl.jena.rdf.model.Resource; -import com.hp.hpl.jena.rdf.model.ResourceFactory; - import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories; import edu.cornell.mannlib.vitro.webapp.auth.identifier.CuratorEditingIdentifierFactory; import edu.cornell.mannlib.vitro.webapp.auth.policy.CuratorEditingPolicy; import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; -import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean; -import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; +import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup; /** - * Sets up RoleBasedPolicy and IdentifierBundleFactory. - * This will cause the vitro native login to add Identifiers that can - * be used by the Auth system and the in-line editing. + * Sets up RoleBasedPolicy and IdentifierBundleFactory. This will cause the + * vitro native login to add Identifiers that can be used by the Auth system and + * the in-line editing. * - * To use this add it as a listener to the web.xml. + * To use this add it as a listener to the web.xml. * * See RoleBasedPolicy.java - * - * @author bdc34 - * */ -public class CuratorEditingPolicySetup implements ServletContextListener { - private static final Log log = LogFactory.getLog(CuratorEditingPolicySetup.class.getName()); - - @Override +public class CuratorEditingPolicySetup implements ServletContextListener { + private static final Log log = LogFactory + .getLog(CuratorEditingPolicySetup.class.getName()); + + @Override public void contextInitialized(ServletContextEvent sce) { - try{ - log.debug("Setting up CuratorEditingPolicy"); - - //need to make a policy and add it to the ServeltContext - OntModel model = (OntModel)sce.getServletContext().getAttribute("jenaOntModel"); - CuratorEditingPolicy cep = makeCuratorEditPolicyFromModel(model); - ServletPolicyList.addPolicy(sce.getServletContext(), cep); - - //need to put an IdentifierFactory for CuratorEditingIds into the ServletContext - ActiveIdentifierBundleFactories.addFactory(sce, new CuratorEditingIdentifierFactory()); - - log.debug( "Finished setting up CuratorEditingPolicy: " + cep ); - }catch(Exception e){ - log.error("could not run CuratorEditingPolicySetup: " + e); - e.printStackTrace(); - } - } - - @Override - public void contextDestroyed(ServletContextEvent sce) { /*nothing*/ } - - public static CuratorEditingPolicy makeCuratorEditPolicyFromModel( Model model ){ - CuratorEditingPolicy pol = null; - if( model == null ) - pol = new CuratorEditingPolicy(null,null,null,null); - else{ - Set prohibitedProps = new HashSet(); - //ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROPERTY_CURATOREDITPROHIBITEDANNOT ) ); - // need to iterate through one level higher than CURATOR (the higher of current 2 targeted levels) plus all higher levels - for (BaseResourceBean.RoleLevel e : EnumSet.range(BaseResourceBean.RoleLevel.DB_ADMIN,BaseResourceBean.RoleLevel.NOBODY)) { - ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT),ResourceFactory.createResource(e.getURI())); - while( it.hasNext() ){ - Resource resource = it.nextResource(); - if( resource != null && resource.getURI() != null ) { - log.debug("adding \""+resource.getURI()+"\" to properties prohibited from inline curator editing ("+e.getLabel()+")"); - prohibitedProps.add( resource.getURI() ); - } - } - } - pol = new CuratorEditingPolicy(prohibitedProps,null,null,null); - } - return pol; - } - - - public static void replaceCuratorEditing( ServletContext sc, Model model ){ - ServletPolicyList.replacePolicy(sc, makeCuratorEditPolicyFromModel(model)); - } -} \ No newline at end of file + ServletContext ctx = sce.getServletContext(); + + if (AbortStartup.isStartupAborted(ctx)) { + return; + } + + try { + log.debug("Setting up CuratorEditingPolicy"); + + // need to make a policy and add it to the ServletContext + CuratorEditingPolicy cep = new CuratorEditingPolicy(ctx); + ServletPolicyList.addPolicy(ctx, cep); + + // need to put an IdentifierFactory for CuratorEditingIds into the + // ServletContext + ActiveIdentifierBundleFactories.addFactory(sce, + new CuratorEditingIdentifierFactory()); + + log.debug("Finished setting up CuratorEditingPolicy: " + cep); + } catch (Exception e) { + log.error("could not run CuratorEditingPolicySetup: " + e); + AbortStartup.abortStartup(ctx); + throw new RuntimeException(e); + } + } + + @Override + public void contextDestroyed(ServletContextEvent sce) { /* nothing */ + } +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/DbAdminEditingPolicySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/DbAdminEditingPolicySetup.java index 951a8a134..cf816cca1 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/DbAdminEditingPolicySetup.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/DbAdminEditingPolicySetup.java @@ -2,9 +2,6 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy.setup; -import java.util.HashSet; -import java.util.Set; - import javax.servlet.ServletContext; import javax.servlet.ServletContextEvent; import javax.servlet.ServletContextListener; @@ -12,81 +9,54 @@ import javax.servlet.ServletContextListener; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import com.hp.hpl.jena.ontology.OntModel; -import com.hp.hpl.jena.rdf.model.Model; -import com.hp.hpl.jena.rdf.model.ResIterator; -import com.hp.hpl.jena.rdf.model.Resource; -import com.hp.hpl.jena.rdf.model.ResourceFactory; - import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories; import edu.cornell.mannlib.vitro.webapp.auth.identifier.DbAdminEditingIdentifierFactory; import edu.cornell.mannlib.vitro.webapp.auth.policy.DbAdminEditingPolicy; import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; -import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean; -import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; +import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup; /** - * Sets up RoleBasedPolicy and IdentifierBundleFactory. - * This will cause the vitro native login to add Identifiers that can - * be used by the Auth system and the in-line editing. + * Sets up RoleBasedPolicy and IdentifierBundleFactory. This will cause the + * vitro native login to add Identifiers that can be used by the Auth system and + * the in-line editing. * - * To use this add it as a listener to the web.xml. + * To use this add it as a listener to the web.xml. * * See RoleBasedPolicy.java - * - * @author bdc34 - * */ -public class DbAdminEditingPolicySetup implements ServletContextListener { - private static final Log log = LogFactory.getLog(DbAdminEditingPolicySetup.class.getName()); - - @Override +public class DbAdminEditingPolicySetup implements ServletContextListener { + private static final Log log = LogFactory + .getLog(DbAdminEditingPolicySetup.class.getName()); + + @Override public void contextInitialized(ServletContextEvent sce) { - try{ - log.debug("Setting up DbAdminEditingPolicy"); - - //need to make a policy and add it to the ServeltContext - OntModel model = (OntModel)sce.getServletContext().getAttribute("jenaOntModel"); - DbAdminEditingPolicy cep = makeDbAdminEditPolicyFromModel(model); - ServletPolicyList.addPolicy(sce.getServletContext(), cep); - - //need to put an IdentifierFactory for DbAdminEditingIds into the ServletContext - ActiveIdentifierBundleFactories.addFactory(sce, new DbAdminEditingIdentifierFactory()); - - log.debug( "Finished setting up DbAdminEditingPolicy: " + cep ); - }catch(Exception e){ - log.error("could not run DbAdminEditingPolicySetup: " + e); - e.printStackTrace(); - } - } - - @Override - public void contextDestroyed(ServletContextEvent sce) { /*nothing*/ } - - public static DbAdminEditingPolicy makeDbAdminEditPolicyFromModel( Model model ){ - DbAdminEditingPolicy pol = null; - if( model == null ) - pol = new DbAdminEditingPolicy(null,null,null,null); - else{ - Set prohibitedProps = new HashSet(); - // no need to iterate through any level higher than DB_ADMIN - //for (BaseResourceBean.RoleLevel e : EnumSet.range(BaseResourceBean.RoleLevel.NOBODY,BaseResourceBean.RoleLevel.NOBODY)) { - BaseResourceBean.RoleLevel e = BaseResourceBean.RoleLevel.NOBODY; - ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT),ResourceFactory.createResource(e.getURI())); - while( it.hasNext() ){ - Resource resource = it.nextResource(); - if( resource != null && resource.getURI() != null ) { - log.debug("adding \""+resource.getURI()+"\" to properties prohibited from dbAdmin editing ("+e.getLabel()+")"); - prohibitedProps.add( resource.getURI() ); - } - } - //} - pol = new DbAdminEditingPolicy(prohibitedProps,null,null,null); - } - return pol; - } - - public static void replaceDbAdminEditing( ServletContext sc, Model model ){ - ServletPolicyList.replacePolicy(sc, makeDbAdminEditPolicyFromModel(model)); - } -} \ No newline at end of file + ServletContext ctx = sce.getServletContext(); + + if (AbortStartup.isStartupAborted(ctx)) { + return; + } + + try { + log.debug("Setting up DbAdminEditingPolicy"); + + // need to make a policy and add it to the ServletContext + DbAdminEditingPolicy dep = new DbAdminEditingPolicy(ctx); + ServletPolicyList.addPolicy(ctx, dep); + + // need to put an IdentifierFactory for DbAdminEditingIds into the + // ServletContext + ActiveIdentifierBundleFactories.addFactory(sce, + new DbAdminEditingIdentifierFactory()); + + log.debug("Finished setting up DbAdminEditingPolicy: " + dep); + } catch (Exception e) { + log.error("could not run DbAdminEditingPolicySetup: " + e); + AbortStartup.abortStartup(ctx); + throw new RuntimeException(e); + } + } + + @Override + public void contextDestroyed(ServletContextEvent sce) { /* nothing */ + } +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/EditorEditingPolicySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/EditorEditingPolicySetup.java index 30101f26f..9702a5fde 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/EditorEditingPolicySetup.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/EditorEditingPolicySetup.java @@ -2,10 +2,6 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy.setup; -import java.util.EnumSet; -import java.util.HashSet; -import java.util.Set; - import javax.servlet.ServletContext; import javax.servlet.ServletContextEvent; import javax.servlet.ServletContextListener; @@ -13,80 +9,54 @@ import javax.servlet.ServletContextListener; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import com.hp.hpl.jena.ontology.OntModel; -import com.hp.hpl.jena.rdf.model.Model; -import com.hp.hpl.jena.rdf.model.ResIterator; -import com.hp.hpl.jena.rdf.model.Resource; -import com.hp.hpl.jena.rdf.model.ResourceFactory; - import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories; import edu.cornell.mannlib.vitro.webapp.auth.identifier.EditorEditingIdentifierFactory; import edu.cornell.mannlib.vitro.webapp.auth.policy.EditorEditingPolicy; import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; -import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean; -import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; +import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup; /** - * Sets up RoleBasedPolicy and IdentifierBundleFactory. - * This will cause the vitro native login to add Identifiers that can - * be used by the Auth system and the in-line editing. + * Sets up RoleBasedPolicy and IdentifierBundleFactory. This will cause the + * vitro native login to add Identifiers that can be used by the Auth system and + * the in-line editing. * - * To use this add it as a listener to the web.xml. + * To use this add it as a listener to the web.xml. * * See RoleBasedPolicy.java - * - * @author bdc34 - * */ -public class EditorEditingPolicySetup implements ServletContextListener { - private static final Log log = LogFactory.getLog(EditorEditingPolicySetup.class.getName()); - - @Override +public class EditorEditingPolicySetup implements ServletContextListener { + private static final Log log = LogFactory + .getLog(EditorEditingPolicySetup.class.getName()); + + @Override public void contextInitialized(ServletContextEvent sce) { - try{ - log.debug("Setting up EditorEditingPolicy"); - - //need to make a policy and add it to the ServeltContext - OntModel model = (OntModel)sce.getServletContext().getAttribute("jenaOntModel"); - EditorEditingPolicy cep = makeEditorEditPolicyFromModel(model); - ServletPolicyList.addPolicy(sce.getServletContext(), cep); - - //need to put an IdentifierFactory for EditorEditingIds into the ServletContext - ActiveIdentifierBundleFactories.addFactory(sce, new EditorEditingIdentifierFactory()); - - log.debug( "Finished setting up EditorEditingPolicy: " + cep ); - }catch(Exception e){ - log.error("could not run EditorEditingPolicySetup: " + e); - e.printStackTrace(); - } - } - - @Override - public void contextDestroyed(ServletContextEvent sce) { /*nothing*/ } - - public static EditorEditingPolicy makeEditorEditPolicyFromModel( Model model ){ - EditorEditingPolicy pol = null; - if( model == null ) - pol = new EditorEditingPolicy(null,null,null,null); - else{ - Set prohibitedProps = new HashSet(); - // need to iterate through one level higher than EDITOR (the higher of current 2 targeted levels) plus all higher levels - for (BaseResourceBean.RoleLevel e : EnumSet.range(BaseResourceBean.RoleLevel.CURATOR,BaseResourceBean.RoleLevel.NOBODY)) { - ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT),ResourceFactory.createResource(e.getURI())); - while( it.hasNext() ){ - Resource resource = it.nextResource(); - if( resource != null && resource.getURI() != null ) { - log.debug("adding \""+resource.getURI()+"\" to properties prohibited from inline editor editing ("+e.getLabel()+")"); - prohibitedProps.add( resource.getURI() ); - } - } - } - pol = new EditorEditingPolicy(prohibitedProps,null,null,null); - } - return pol; - } - - public static void replaceEditorEditing( ServletContext sc, Model model ){ - ServletPolicyList.replacePolicy(sc, makeEditorEditPolicyFromModel(model)); - } -} \ No newline at end of file + ServletContext ctx = sce.getServletContext(); + + if (AbortStartup.isStartupAborted(ctx)) { + return; + } + + try { + log.debug("Setting up EditorEditingPolicy"); + + // need to make a policy and add it to the ServletContext + EditorEditingPolicy cep = new EditorEditingPolicy(ctx); + ServletPolicyList.addPolicy(ctx, cep); + + // need to put an IdentifierFactory for EditorEditingIds into the + // ServletContext + ActiveIdentifierBundleFactories.addFactory(sce, + new EditorEditingIdentifierFactory()); + + log.debug("Finished setting up EditorEditingPolicy: " + cep); + } catch (Exception e) { + log.error("could not run EditorEditingPolicySetup: " + e); + AbortStartup.abortStartup(ctx); + throw new RuntimeException(e); + } + } + + @Override + public void contextDestroyed(ServletContextEvent sce) { /* nothing */ + } +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/InformationResourceEditingPolicySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/InformationResourceEditingPolicySetup.java index a857d9bdd..85548e7a9 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/InformationResourceEditingPolicySetup.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/InformationResourceEditingPolicySetup.java @@ -2,10 +2,6 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy.setup; -import java.util.EnumSet; -import java.util.HashSet; -import java.util.Set; - import javax.servlet.ServletContext; import javax.servlet.ServletContextEvent; import javax.servlet.ServletContextListener; @@ -14,15 +10,10 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import com.hp.hpl.jena.ontology.OntModel; -import com.hp.hpl.jena.rdf.model.ResIterator; -import com.hp.hpl.jena.rdf.model.Resource; -import com.hp.hpl.jena.rdf.model.ResourceFactory; -import edu.cornell.mannlib.vitro.webapp.auth.policy.AdministrativeUriRestrictor; import edu.cornell.mannlib.vitro.webapp.auth.policy.InformationResourceEditingPolicy; import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; -import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean; -import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; +import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup; /** * Set up the InformationResourceEditingPolicy. This is tied to the SelfEditor @@ -35,62 +26,37 @@ public class InformationResourceEditingPolicySetup implements @Override public void contextInitialized(ServletContextEvent sce) { + ServletContext ctx = sce.getServletContext(); + + if (AbortStartup.isStartupAborted(ctx)) { + return; + } + try { log.debug("Setting up InformationResourceEditingPolicy"); + // need to make a policy and add it to the ServletContext OntModel model = (OntModel) sce.getServletContext().getAttribute( "jenaOntModel"); - replacePolicy(sce.getServletContext(), model); + InformationResourceEditingPolicy irep = new InformationResourceEditingPolicy( + ctx, model); + ServletPolicyList.addPolicy(ctx, irep); - log.debug("InformationResourceEditingPolicy has been setup. "); + // don't need an IdentifierFactory if the SelfEditingPolicy is + // providing it. + + log.debug("Finished setting up InformationResourceEditingPolicy: " + + irep); } catch (Exception e) { - log.error("could not run SelfEditingPolicySetup: " + e); - e.printStackTrace(); + log.error("could not run InformationResourceEditingPolicySetup: " + + e); + AbortStartup.abortStartup(ctx); + throw new RuntimeException(e); } } - public static InformationResourceEditingPolicy makePolicyFromModel( - OntModel model) { - InformationResourceEditingPolicy policy = null; - if (model == null) - policy = new InformationResourceEditingPolicy(null, - new AdministrativeUriRestrictor(null, null, null, null)); - else { - Set prohibitedProps = new HashSet(); - - // need to iterate through one level higher than SELF (the lowest - // level where restrictions make sense) plus all higher levels - for (BaseResourceBean.RoleLevel e : EnumSet.range( - BaseResourceBean.RoleLevel.EDITOR, - BaseResourceBean.RoleLevel.NOBODY)) { - ResIterator it = model - .listSubjectsWithProperty( - model.createProperty(VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT), - ResourceFactory.createResource(e.getURI())); - while (it.hasNext()) { - Resource resource = it.nextResource(); - if (resource != null && resource.getURI() != null) { - log.debug("adding '" - + resource.getURI() - + "' to properties prohibited from information resource editing (" - + e.getLabel() + ")"); - prohibitedProps.add(resource.getURI()); - } - } - } - policy = new InformationResourceEditingPolicy(model, - new AdministrativeUriRestrictor(prohibitedProps, null, null, null)); - } - return policy; - } - - public static void replacePolicy(ServletContext sc, OntModel model) { - ServletPolicyList.replacePolicy(sc, makePolicyFromModel(model)); - } - @Override public void contextDestroyed(ServletContextEvent sce) { // Nothing to do. } - } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetup.java index a1271ee60..897cc4055 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetup.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetup.java @@ -2,10 +2,6 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy.setup; -import java.util.EnumSet; -import java.util.HashSet; -import java.util.Set; - import javax.servlet.ServletContext; import javax.servlet.ServletContextEvent; import javax.servlet.ServletContextListener; @@ -13,88 +9,57 @@ import javax.servlet.ServletContextListener; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import com.hp.hpl.jena.ontology.OntModel; -import com.hp.hpl.jena.rdf.model.ResIterator; -import com.hp.hpl.jena.rdf.model.Resource; -import com.hp.hpl.jena.rdf.model.ResourceFactory; - import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories; import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory; import edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy; import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; -import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean; -import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; +import edu.cornell.mannlib.vitro.webapp.servlet.setup.AbortStartup; /** - * Policy for SelfEditors. This will set up the self-editing policy which - * will will look for SelfEditing identifier in the IdentifierBundle. If - * the user is associated with a URI in the system then they will be allowed - * to edit resources related to that URI. - * - * To use this add it as a listener to the web.xml. - * - * The SelfEditing policy may return - * Authorization.UNAUTHORIZED so it should be at the start of the - * ServletPolicyList if you want it to override other Policies. - * For example, this Listener should be before the curator listener so - * that if a curator is faking selfEditing the capabilities they have - * as curator will not override the results of the SelfEditing policy. + * Policy for SelfEditors. This will set up the self-editing policy which will + * will look for SelfEditing identifier in the IdentifierBundle. If the user is + * associated with a URI in the system then they will be allowed to edit + * resources related to that URI. * - * @author bdc34 - * + * To use this add it as a listener to the web.xml. */ -public class SelfEditingPolicySetup implements ServletContextListener { - private static final Log log = LogFactory.getLog(SelfEditingPolicySetup.class.getName()); - public static final String SELF_EDITING_POLICY_WAS_SETUP= "selfEditingPolicyWasSetup"; - - @Override - public void contextInitialized(ServletContextEvent sce) { - try{ - log.debug("Setting up SelfEditingPolicy"); - - OntModel model = (OntModel)sce.getServletContext().getAttribute("jenaOntModel"); - replaceSelfEditing(sce.getServletContext(), model); +public class SelfEditingPolicySetup implements ServletContextListener { + private static final Log log = LogFactory + .getLog(SelfEditingPolicySetup.class.getName()); + public static final String SELF_EDITING_POLICY_WAS_SETUP = "selfEditingPolicyWasSetup"; - ActiveIdentifierBundleFactories.addFactory(sce, new SelfEditingIdentifierFactory()); - - sce.getServletContext().setAttribute(SELF_EDITING_POLICY_WAS_SETUP, Boolean.TRUE); - - log.debug( "SelfEditingPolicy has been setup. " ); - }catch(Exception e){ - log.error("could not run SelfEditingPolicySetup: " + e); - e.printStackTrace(); - } - } - - @Override - public void contextDestroyed(ServletContextEvent sce) { /*nothing*/ } - - public static SelfEditingPolicy makeSelfEditPolicyFromModel( OntModel model ){ - SelfEditingPolicy pol = null; - if( model == null ) - pol = new SelfEditingPolicy(null,null,null,null, null); - else{ - Set prohibitedProps = new HashSet(); - //ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROPERTY_SELFEDITPROHIBITEDANNOT ) ); - - // need to iterate through one level higher than SELF (the lowest level where restrictions make sense) plus all higher levels - for (BaseResourceBean.RoleLevel e : EnumSet.range(BaseResourceBean.RoleLevel.EDITOR,BaseResourceBean.RoleLevel.NOBODY)) { - ResIterator it = model.listSubjectsWithProperty( model.createProperty( VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT),ResourceFactory.createResource(e.getURI())); - while( it.hasNext() ){ - Resource resource = it.nextResource(); - if( resource != null && resource.getURI() != null ) { - log.debug("adding \""+resource.getURI()+"\" to properties prohibited from self-editing ("+e.getLabel()+")"); - prohibitedProps.add( resource.getURI() ); - } - } - } - pol = new SelfEditingPolicy(prohibitedProps,null,null,null,model); - } - return pol; - } - - - public static void replaceSelfEditing( ServletContext sc, OntModel model ){ - ServletPolicyList.replacePolicy(sc, makeSelfEditPolicyFromModel(model)); - } + @Override + public void contextInitialized(ServletContextEvent sce) { + ServletContext ctx = sce.getServletContext(); + + if (AbortStartup.isStartupAborted(ctx)) { + return; + } + + try { + log.debug("Setting up SelfEditingPolicy"); + + // need to make a policy and add it to the ServletContext + SelfEditingPolicy cep = new SelfEditingPolicy(ctx); + ServletPolicyList.addPolicy(ctx, cep); + + // need to put an IdentifierFactory for CuratorEditingIds into the + // ServletContext + ActiveIdentifierBundleFactories.addFactory(sce, + new SelfEditingIdentifierFactory()); + + sce.getServletContext().setAttribute(SELF_EDITING_POLICY_WAS_SETUP, + Boolean.TRUE); + + log.debug("Finished setting up SelfEditingPolicy: " + cep); + } catch (Exception e) { + log.error("could not run SelfEditingPolicySetup: " + e); + AbortStartup.abortStartup(ctx); + throw new RuntimeException(e); + } + } + + @Override + public void contextDestroyed(ServletContextEvent sce) { /* nothing */ + } } \ No newline at end of file diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropRetryController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropRetryController.java index e86f18ac7..35501d8b5 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropRetryController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/DatapropRetryController.java @@ -2,49 +2,47 @@ package edu.cornell.mannlib.vitro.webapp.controller.edit; -import java.io.IOException; -import java.net.URLEncoder; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.LinkedList; -import java.util.List; - -import javax.servlet.RequestDispatcher; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import edu.cornell.mannlib.vedit.beans.EditProcessObject; -import edu.cornell.mannlib.vedit.beans.FormObject; -import edu.cornell.mannlib.vedit.beans.Option; -import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vedit.forwarder.PageForwarder; -import edu.cornell.mannlib.vedit.forwarder.impl.UrlForwarder; -import edu.cornell.mannlib.vedit.util.FormUtils; -import edu.cornell.mannlib.vedit.validator.impl.EnumValuesValidator; -import edu.cornell.mannlib.vedit.validator.impl.IntValidator; -import edu.cornell.mannlib.vedit.validator.impl.XMLNameValidator; -import edu.cornell.mannlib.vitro.webapp.beans.DataProperty; -import edu.cornell.mannlib.vitro.webapp.beans.Ontology; -import edu.cornell.mannlib.vitro.webapp.beans.Portal; -import edu.cornell.mannlib.vitro.webapp.beans.VClass; -import edu.cornell.mannlib.vitro.webapp.controller.Controllers; -import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; -import edu.cornell.mannlib.vitro.webapp.controller.edit.utils.RoleLevelOptionsSetup; -import edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDao; -import edu.cornell.mannlib.vitro.webapp.dao.DatatypeDao; -import edu.cornell.mannlib.vitro.webapp.dao.OntologyDao; -import edu.cornell.mannlib.vitro.webapp.dao.VClassDao; -import edu.cornell.mannlib.vitro.webapp.edit.listener.impl.EditProhibitionListener; +import java.io.IOException; +import java.net.URLEncoder; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; + +import javax.servlet.RequestDispatcher; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import edu.cornell.mannlib.vedit.beans.EditProcessObject; +import edu.cornell.mannlib.vedit.beans.FormObject; +import edu.cornell.mannlib.vedit.beans.Option; +import edu.cornell.mannlib.vedit.controller.BaseEditController; +import edu.cornell.mannlib.vedit.forwarder.PageForwarder; +import edu.cornell.mannlib.vedit.forwarder.impl.UrlForwarder; +import edu.cornell.mannlib.vedit.util.FormUtils; +import edu.cornell.mannlib.vedit.validator.impl.IntValidator; +import edu.cornell.mannlib.vedit.validator.impl.XMLNameValidator; +import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionListener; +import edu.cornell.mannlib.vitro.webapp.beans.DataProperty; +import edu.cornell.mannlib.vitro.webapp.beans.Portal; +import edu.cornell.mannlib.vitro.webapp.controller.Controllers; +import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; +import edu.cornell.mannlib.vitro.webapp.controller.edit.utils.RoleLevelOptionsSetup; +import edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDao; +import edu.cornell.mannlib.vitro.webapp.dao.DatatypeDao; +import edu.cornell.mannlib.vitro.webapp.dao.OntologyDao; +import edu.cornell.mannlib.vitro.webapp.dao.VClassDao; public class DatapropRetryController extends BaseEditController { private static final Log log = LogFactory.getLog(DatapropRetryController.class.getName()); - public void doPost (HttpServletRequest request, HttpServletResponse response) { + @Override + public void doPost (HttpServletRequest request, HttpServletResponse response) { if (!checkLoginStatus(request,response)) return; @@ -134,7 +132,7 @@ public class DatapropRetryController extends BaseEditController { //set up any listeners List changeListenerList = new ArrayList(); - changeListenerList.add(new EditProhibitionListener(getServletContext())); + changeListenerList.add(new PropertyRestrictionListener(getServletContext())); epo.setChangeListenerList(changeListenerList); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyRetryController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyRetryController.java index 70737fe25..823c34f5e 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyRetryController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PropertyRetryController.java @@ -2,54 +2,51 @@ package edu.cornell.mannlib.vitro.webapp.controller.edit; -import java.io.IOException; -import java.net.URLEncoder; +import java.io.IOException; +import java.net.URLEncoder; import java.text.Collator; -import java.util.ArrayList; -import java.util.Collections; +import java.util.ArrayList; +import java.util.Collections; import java.util.Comparator; -import java.util.HashMap; +import java.util.HashMap; import java.util.Iterator; -import java.util.LinkedList; -import java.util.List; +import java.util.List; import java.util.ListIterator; - -import javax.servlet.RequestDispatcher; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import edu.cornell.mannlib.vedit.beans.EditProcessObject; -import edu.cornell.mannlib.vedit.beans.FormObject; -import edu.cornell.mannlib.vedit.beans.Option; -import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vedit.forwarder.PageForwarder; -import edu.cornell.mannlib.vedit.forwarder.impl.UrlForwarder; -import edu.cornell.mannlib.vedit.util.FormUtils; -import edu.cornell.mannlib.vedit.validator.ValidationObject; -import edu.cornell.mannlib.vedit.validator.Validator; -import edu.cornell.mannlib.vedit.validator.impl.EnumValuesValidator; -import edu.cornell.mannlib.vedit.validator.impl.XMLNameValidator; -import edu.cornell.mannlib.vitro.webapp.beans.DataProperty; -import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty; -import edu.cornell.mannlib.vitro.webapp.beans.Portal; -import edu.cornell.mannlib.vitro.webapp.beans.VClass; -import edu.cornell.mannlib.vitro.webapp.controller.Controllers; -import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; -import edu.cornell.mannlib.vitro.webapp.controller.edit.utils.RoleLevelOptionsSetup; -import edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDao; -import edu.cornell.mannlib.vitro.webapp.dao.ObjectPropertyDao; -import edu.cornell.mannlib.vitro.webapp.dao.OntologyDao; -import edu.cornell.mannlib.vitro.webapp.dao.VClassDao; -import edu.cornell.mannlib.vitro.webapp.edit.listener.impl.EditProhibitionListener; + +import javax.servlet.RequestDispatcher; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import edu.cornell.mannlib.vedit.beans.EditProcessObject; +import edu.cornell.mannlib.vedit.beans.FormObject; +import edu.cornell.mannlib.vedit.beans.Option; +import edu.cornell.mannlib.vedit.controller.BaseEditController; +import edu.cornell.mannlib.vedit.forwarder.PageForwarder; +import edu.cornell.mannlib.vedit.forwarder.impl.UrlForwarder; +import edu.cornell.mannlib.vedit.util.FormUtils; +import edu.cornell.mannlib.vedit.validator.impl.XMLNameValidator; +import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionListener; +import edu.cornell.mannlib.vitro.webapp.beans.DataProperty; +import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty; +import edu.cornell.mannlib.vitro.webapp.beans.Portal; +import edu.cornell.mannlib.vitro.webapp.beans.VClass; +import edu.cornell.mannlib.vitro.webapp.controller.Controllers; +import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; +import edu.cornell.mannlib.vitro.webapp.controller.edit.utils.RoleLevelOptionsSetup; +import edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDao; +import edu.cornell.mannlib.vitro.webapp.dao.ObjectPropertyDao; +import edu.cornell.mannlib.vitro.webapp.dao.OntologyDao; +import edu.cornell.mannlib.vitro.webapp.dao.VClassDao; public class PropertyRetryController extends BaseEditController { private static final Log log = LogFactory.getLog(PropertyRetryController.class.getName()); - public void doPost (HttpServletRequest req, HttpServletResponse response) { + @Override + public void doPost (HttpServletRequest req, HttpServletResponse response) { VitroRequest request = new VitroRequest(req); if (!checkLoginStatus(request,response)) return; @@ -87,7 +84,7 @@ public class PropertyRetryController extends BaseEditController { String uri = request.getParameter("uri"); if (uri != null) { try { - propertyForEditing = (ObjectProperty)propDao.getObjectPropertyByURI(uri); + propertyForEditing = propDao.getObjectPropertyByURI(uri); action = "update"; epo.setAction("update"); } catch (NullPointerException e) { @@ -125,7 +122,7 @@ public class PropertyRetryController extends BaseEditController { //set up any listeners List changeListenerList = new ArrayList(); //changeListenerList.add(new HiddenFromDisplayListener(getServletContext())); - changeListenerList.add(new EditProhibitionListener(getServletContext())); + changeListenerList.add(new PropertyRestrictionListener(getServletContext())); epo.setChangeListenerList(changeListenerList); //set portal flag to current portal diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/listener/impl/EditProhibitionListener.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/listener/impl/EditProhibitionListener.java deleted file mode 100644 index 37c4eecfe..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/edit/listener/impl/EditProhibitionListener.java +++ /dev/null @@ -1,133 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.edit.listener.impl; - -import javax.servlet.ServletContext; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import com.hp.hpl.jena.ontology.OntModel; - -import edu.cornell.mannlib.vedit.beans.EditProcessObject; -import edu.cornell.mannlib.vedit.listener.ChangeListener; -import edu.cornell.mannlib.vitro.webapp.auth.policy.setup.CuratorEditingPolicySetup; -import edu.cornell.mannlib.vitro.webapp.auth.policy.setup.DbAdminEditingPolicySetup; -import edu.cornell.mannlib.vitro.webapp.auth.policy.setup.EditorEditingPolicySetup; -import edu.cornell.mannlib.vitro.webapp.auth.policy.setup.InformationResourceEditingPolicySetup; -import edu.cornell.mannlib.vitro.webapp.auth.policy.setup.SelfEditingPolicySetup; -import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean; -import edu.cornell.mannlib.vitro.webapp.beans.Property; - -public class EditProhibitionListener implements ChangeListener { - private static final Log log = LogFactory.getLog(EditProhibitionListener.class.getName()); - private ServletContext context = null; - - public EditProhibitionListener(ServletContext context) { - this.context = context; - } - - public void doDeleted(Object oldObj, EditProcessObject epo) { - Property p = (Property) oldObj; - OntModel model = (OntModel) context.getAttribute("jenaOntModel"); - BaseResourceBean.RoleLevel oldRoleLevel = p.getProhibitedFromUpdateBelowRoleLevel(); - if (oldRoleLevel != null) { - log.debug("replacing all edit prohibition policies after deletion"); - // do you want to do something more selective, such as seeing whether only certain policies are affected? - // But, some (lower) will be affected if higher levels change (or will they if the object has been deleted?) - SelfEditingPolicySetup.replaceSelfEditing(context,model); - InformationResourceEditingPolicySetup.replacePolicy(context,model); - EditorEditingPolicySetup.replaceEditorEditing(context,model); - CuratorEditingPolicySetup.replaceCuratorEditing(context,model); - DbAdminEditingPolicySetup.replaceDbAdminEditing(context,model); - /* - if (oldRoleLevel.compareTo(BaseResourceBean.RoleLevel.PUBLIC)==0) { - SelfEditingPolicySetup.replaceSelfEditing(context,model); - } else if (oldRoleLevel.compareTo(BaseResourceBean.RoleLevel.SELF)==0) { - SelfEditingPolicySetup.replaceSelfEditing(context,model); - } else if (oldRoleLevel.compareTo(BaseResourceBean.RoleLevel.EDITOR)==0) { - CuratorEditingPolicySetup.replaceCuratorEditing(context,model); - } else if (oldRoleLevel.compareTo(BaseResourceBean.RoleLevel.CURATOR)==0) { - CuratorEditingPolicySetup.replaceCuratorEditing(context,model); - } else if (oldRoleLevel.compareTo(BaseResourceBean.RoleLevel.DB_ADMIN)==0) { - CuratorEditingPolicySetup.replaceCuratorEditing(context,model); - } else if (oldRoleLevel.compareTo(BaseResourceBean.RoleLevel.NOBODY)==0) { - CuratorEditingPolicySetup.replaceCuratorEditing(context,model); - } */ - } - } - - public void doInserted(Object newObj, EditProcessObject epo) { - Property p = (Property) newObj; - OntModel model = (OntModel) context.getAttribute("jenaOntModel"); - BaseResourceBean.RoleLevel newRoleLevel = p.getProhibitedFromUpdateBelowRoleLevel(); - if (newRoleLevel != null) { // note have to replace even at same level since may have been unspecified - if (newRoleLevel.compareTo(BaseResourceBean.RoleLevel.SELF)==0) { - log.debug("replacing self editing editing policies after insertion of \"self\" update level"); - SelfEditingPolicySetup.replaceSelfEditing(context,model); - InformationResourceEditingPolicySetup.replacePolicy(context,model); - } else if (newRoleLevel.compareTo(BaseResourceBean.RoleLevel.EDITOR)==0) { - log.debug("replacing editor and lower editing policies after insertion of new \"editor\" update level"); - SelfEditingPolicySetup.replaceSelfEditing(context,model); - InformationResourceEditingPolicySetup.replacePolicy(context,model); - EditorEditingPolicySetup.replaceEditorEditing(context,model); - } else if (newRoleLevel.compareTo(BaseResourceBean.RoleLevel.CURATOR)==0) { - log.debug("replacing curator and lower editing policies after insertion of new \"curator\" update level"); - SelfEditingPolicySetup.replaceSelfEditing(context,model); - InformationResourceEditingPolicySetup.replacePolicy(context,model); - EditorEditingPolicySetup.replaceEditorEditing(context,model); - CuratorEditingPolicySetup.replaceCuratorEditing(context,model); - } else if (newRoleLevel.compareTo(BaseResourceBean.RoleLevel.DB_ADMIN)==0) { - log.debug("replacing db_admin and lower editing policies after insertion of new \"db_admin\" update level"); - SelfEditingPolicySetup.replaceSelfEditing(context,model); - InformationResourceEditingPolicySetup.replacePolicy(context,model); - EditorEditingPolicySetup.replaceEditorEditing(context,model); - CuratorEditingPolicySetup.replaceCuratorEditing(context,model); - DbAdminEditingPolicySetup.replaceDbAdminEditing(context,model); - } else if (newRoleLevel.compareTo(BaseResourceBean.RoleLevel.NOBODY)==0) { - log.debug("replacing db_admin and lower editing policies after insertion of new \"nobody\" update level"); - SelfEditingPolicySetup.replaceSelfEditing(context,model); - InformationResourceEditingPolicySetup.replacePolicy(context,model); - EditorEditingPolicySetup.replaceEditorEditing(context,model); - CuratorEditingPolicySetup.replaceCuratorEditing(context,model); - DbAdminEditingPolicySetup.replaceDbAdminEditing(context,model); - } - } - } - - public void doUpdated(Object oldObj, Object newObj, EditProcessObject epo) { - Property oldP = (Property) oldObj; - Property newP = (Property) newObj; - OntModel model = (OntModel) context.getAttribute("jenaOntModel"); - BaseResourceBean.RoleLevel oldRoleLevel = oldP.getProhibitedFromUpdateBelowRoleLevel(); - BaseResourceBean.RoleLevel newRoleLevel = newP.getProhibitedFromUpdateBelowRoleLevel(); - if (newRoleLevel != null) { // will always be true since select box has no non-empty choices - if (oldRoleLevel != null) { - if (newRoleLevel.compareTo(oldRoleLevel)!=0) { - log.debug("replacing all editing policies after update when new level different from old"); - SelfEditingPolicySetup.replaceSelfEditing(context,model); - InformationResourceEditingPolicySetup.replacePolicy(context,model); - EditorEditingPolicySetup.replaceEditorEditing(context,model); - CuratorEditingPolicySetup.replaceCuratorEditing(context,model); - DbAdminEditingPolicySetup.replaceDbAdminEditing(context,model); - } else { - log.debug("update did not change role level"); - } - } else { - log.debug("replacing all editing policies after update when a role level introduced"); - SelfEditingPolicySetup.replaceSelfEditing(context,model); - InformationResourceEditingPolicySetup.replacePolicy(context,model); - EditorEditingPolicySetup.replaceEditorEditing(context,model); - CuratorEditingPolicySetup.replaceCuratorEditing(context,model); - DbAdminEditingPolicySetup.replaceDbAdminEditing(context,model); - } - } else if (oldRoleLevel != null) { // with fixed selections, not likely to happen - log.debug("replacing all editing policies after update when old role level removed"); - SelfEditingPolicySetup.replaceSelfEditing(context,model); - InformationResourceEditingPolicySetup.replacePolicy(context,model); - EditorEditingPolicySetup.replaceEditorEditing(context,model); - CuratorEditingPolicySetup.replaceCuratorEditing(context,model); - DbAdminEditingPolicySetup.replaceDbAdminEditing(context,model); - } - } -} diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/AdministrativeUriRestrictorTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/AdministrativeUriRestrictorTest.java deleted file mode 100644 index 9c9214514..000000000 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/AdministrativeUriRestrictorTest.java +++ /dev/null @@ -1,45 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.policy; - -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; - -import edu.cornell.mannlib.vitro.testing.AbstractTestClass; -import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; - -/** - * TODO - */ -public class AdministrativeUriRestrictorTest extends AbstractTestClass { - private static final String SAFE_NS = "http://test.mannlib.cornell.edu/ns/01#"; - private static final String UNSAFE_NS = VitroVocabulary.vitroURI; - - private static final String SAFE_RESOURCE = SAFE_NS + "otherIndividual77777"; - private static final String UNSAFE_RESOURCE = UNSAFE_NS + "otherIndividual99999"; - - private static final String SAFE_PREDICATE = SAFE_NS + "hasHairStyle"; - private static final String UNSAFE_PREDICATE = UNSAFE_NS + "hasSuperPowers"; - - private AdministrativeUriRestrictor restrictor; - @Before - public void setup() { - restrictor = new AdministrativeUriRestrictor(null, null, null, null); - } - @Test - public void testCanModifiyNs(){ - Assert.assertTrue( restrictor.canModifyResource("http://bobs.com#hats") ); - Assert.assertTrue( restrictor.canModifyResource("ftp://bobs.com#hats")); - Assert.assertTrue( restrictor.canModifyResource( SAFE_RESOURCE )); - Assert.assertTrue( restrictor.canModifyPredicate( SAFE_PREDICATE )); - Assert.assertTrue( restrictor.canModifyResource("http://bobs.com/hats")); - - Assert.assertTrue( ! restrictor.canModifyResource("")); - Assert.assertTrue( ! restrictor.canModifyResource(VitroVocabulary.vitroURI + "something")); - Assert.assertTrue( ! restrictor.canModifyResource(VitroVocabulary.OWL + "Ontology")); - Assert.assertTrue( ! restrictor.canModifyPredicate( UNSAFE_PREDICATE )); - Assert.assertTrue( ! restrictor.canModifyResource( UNSAFE_RESOURCE )); - Assert.assertTrue( ! restrictor.canModifyResource( UNSAFE_NS )); - } -} diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicyTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicyTest.java index c7a8c0368..94a1534f5 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicyTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/InformationResourceEditingPolicyTest.java @@ -16,6 +16,9 @@ import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; +import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelperStub; +import stubs.javax.servlet.ServletContextStub; + import com.hp.hpl.jena.ontology.OntModel; import com.hp.hpl.jena.ontology.OntModelSpec; import com.hp.hpl.jena.rdf.model.Model; @@ -28,6 +31,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory; import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing; +import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus; @@ -105,9 +109,12 @@ public class InformationResourceEditingPolicyTest extends AbstractTestClass { @Before public void setupPolicy() { - AdministrativeUriRestrictor restrictor = new AdministrativeUriRestrictor( - null, null, null, null); - policy = new InformationResourceEditingPolicy(ontModel, restrictor); + ServletContextStub ctx = new ServletContextStub(); + PropertyRestrictionPolicyHelper prph = PropertyRestrictionPolicyHelperStub + .getInstance(new String[] { NS_RESTRICTED }); + PropertyRestrictionPolicyHelper.setBean(ctx, prph); + + policy = new InformationResourceEditingPolicy(ctx, ontModel); } private IdentifierBundle idNobody; diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java index 28e6c7531..852d7d8d6 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java @@ -8,16 +8,16 @@ import static junit.framework.Assert.assertEquals; import static junit.framework.Assert.assertNotNull; import static junit.framework.Assert.assertNull; -import java.util.HashSet; -import java.util.Set; - import org.junit.Before; import org.junit.Test; +import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelperStub; +import stubs.javax.servlet.ServletContextStub; import edu.cornell.mannlib.vitro.testing.AbstractTestClass; import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory; +import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser; @@ -47,295 +47,265 @@ public class SelfEditingPolicyTest extends AbstractTestClass { private static final String UNSAFE_NS = VitroVocabulary.vitroURI; private static final String SELFEDITOR_URI = SAFE_NS + "individual244"; - private static final String SAFE_RESOURCE = SAFE_NS + "otherIndividual77777"; + private static final String SAFE_RESOURCE = SAFE_NS + "otherIndividual77777"; private static final String UNSAFE_RESOURCE = UNSAFE_NS + "otherIndividual99999"; private static final String SAFE_PREDICATE = SAFE_NS + "hasHairStyle"; private static final String UNSAFE_PREDICATE = UNSAFE_NS + "hasSuperPowers"; + private ServletContextStub ctx; + private SelfEditingPolicy policy; private IdentifierBundle ids; private RequestedAction whatToAuth; - - @Before - public void setUp() throws Exception { - policy = new SelfEditingPolicy(null,null,null,null,null); - - ids = new ArrayIdentifierBundle(); - ids.add( new SelfEditingIdentifierFactory.NetId("test223") ); - - IndividualImpl ind = new IndividualImpl(); - ind.setURI( SELFEDITOR_URI ); - ids.add( new SelfEditingIdentifierFactory.SelfEditing( ind, SelfEditingIdentifierFactory.NOT_BLACKLISTED ) ); - - } - + + @Before + public void setUp() throws Exception { + ctx = new ServletContextStub(); + + PropertyRestrictionPolicyHelper prph = PropertyRestrictionPolicyHelperStub + .getInstance(new String[] { UNSAFE_NS }); + PropertyRestrictionPolicyHelper.setBean(ctx, prph); + + policy = new SelfEditingPolicy(ctx); + + ids = new ArrayIdentifierBundle(); + ids.add(new SelfEditingIdentifierFactory.NetId("test223")); + + IndividualImpl ind = new IndividualImpl(); + ind.setURI(SELFEDITOR_URI); + ids.add(new SelfEditingIdentifierFactory.SelfEditing(ind, + SelfEditingIdentifierFactory.NOT_BLACKLISTED)); + + } + @Test public void testProhibitedProperties() { - Set badProps = new HashSet(); - badProps.add("http://mannlib.cornell.edu/bad#prp234"); - badProps.add("http://mannlib.cornell.edu/bad#prp999"); - badProps.add("http://mannlib.cornell.edu/bad#prp333"); - badProps.add("http://mannlib.cornell.edu/bad#prp777"); - badProps.add("http://mannlib.cornell.edu/bad#prp0020"); - SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps, null, null, null, null); + PropertyRestrictionPolicyHelper prph = PropertyRestrictionPolicyHelperStub + .getInstance(new String[] { UNSAFE_NS }, new String[] { + "http://mannlib.cornell.edu/bad#prp234", + "http://mannlib.cornell.edu/bad#prp999", + "http://mannlib.cornell.edu/bad#prp333", + "http://mannlib.cornell.edu/bad#prp777", + "http://mannlib.cornell.edu/bad#prp0020" }); + PropertyRestrictionPolicyHelper.setBean(ctx, prph); whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, "http://mannlib.cornell.edu/bad#prp234", SAFE_RESOURCE); - assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth)); + assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, "http://mannlib.cornell.edu/bad#prp234", SELFEDITOR_URI); - assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth)); + assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, "http://mannlib.cornell.edu/bad#prp999", SAFE_RESOURCE); - assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth)); - - whatToAuth = new AddObjectPropStmt( - SAFE_RESOURCE ,"http://mannlib.cornell.edu/bad#prp999", SELFEDITOR_URI); - assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth)); - - whatToAuth = new AddObjectPropStmt( - SAFE_RESOURCE ,SAFE_PREDICATE, SELFEDITOR_URI); - assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - - whatToAuth = new AddObjectPropStmt( - SELFEDITOR_URI,SAFE_PREDICATE,SAFE_RESOURCE); - assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - - whatToAuth = new AddObjectPropStmt( - SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE); - assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - - //now with dataprop statements - whatToAuth = new AddDataPropStmt( - SELFEDITOR_URI,"http://mannlib.cornell.edu/bad#prp234" ,SAFE_RESOURCE, null, null); - assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth)); - - whatToAuth = new AddDataPropStmt( - SAFE_RESOURCE ,"http://mannlib.cornell.edu/bad#prp234", SELFEDITOR_URI, null, null); - assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth)); - - whatToAuth = new AddDataPropStmt( - SELFEDITOR_URI,"http://mannlib.cornell.edu/bad#prp999" ,SAFE_RESOURCE, null, null); - assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth)); - - whatToAuth = new AddDataPropStmt( - SAFE_RESOURCE ,"http://mannlib.cornell.edu/bad#prp999", SELFEDITOR_URI, null, null); - assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth)); - - whatToAuth = new AddDataPropStmt( - SAFE_RESOURCE ,SAFE_PREDICATE, SELFEDITOR_URI, null, null); - assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - - whatToAuth = new AddDataPropStmt( - SELFEDITOR_URI,SAFE_PREDICATE,SAFE_RESOURCE, null, null); - assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - - whatToAuth = new AddDataPropStmt( - SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE, null, null); - assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - } - - @Test - public void testForbiddenMoniker(){ - Set badProps = new HashSet(); - badProps.add(VitroVocabulary.MONIKER); - SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps,null,null,null,null); - - whatToAuth = new AddDataPropStmt( - SELFEDITOR_URI, VitroVocabulary.MONIKER ,"someValue", null, null); - assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth)); - - whatToAuth = new AddDataPropStmt( - SAFE_RESOURCE ,VitroVocabulary.MONIKER , "somevalue", null, null); - assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth)); - - DataPropertyStatement dps = new DataPropertyStatementImpl(); - dps.setIndividualURI(SELFEDITOR_URI); - dps.setDatapropURI(VitroVocabulary.MONIKER); - dps.setData("some moniker"); - whatToAuth = new EditDataPropStmt(dps); - assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth)); - - - //try where moniker is permitted - badProps = new HashSet(); - badPropPolicy = new SelfEditingPolicy(badProps,null,null,null,null); - - whatToAuth = new AddDataPropStmt( - SELFEDITOR_URI, VitroVocabulary.MONIKER ,"somevalue", null, null); - assertDecision(AUTHORIZED, badPropPolicy.isAuthorized(ids, whatToAuth)); - - whatToAuth = new AddDataPropStmt( - UNSAFE_RESOURCE ,VitroVocabulary.MONIKER , "somevalue", null, null); - assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth)); - - dps = new DataPropertyStatementImpl(); - dps.setIndividualURI(SAFE_RESOURCE); - dps.setDatapropURI(VitroVocabulary.MONIKER); - dps.setData("some moniker"); - whatToAuth = new EditDataPropStmt(dps); - assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth)); - } - - @Test - public void testVisitIdentifierBundleAddObjectPropStmt() { - whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE); + assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); + + whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, + "http://mannlib.cornell.edu/bad#prp999", SELFEDITOR_URI); + assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); + + whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, + SELFEDITOR_URI); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI); + whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, + SAFE_RESOURCE); + assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); + + whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE, + SAFE_RESOURCE); + assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); + + // now with dataprop statements + whatToAuth = new AddDataPropStmt(SELFEDITOR_URI, + "http://mannlib.cornell.edu/bad#prp234", "someString", null, + null); + assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); + + whatToAuth = new AddDataPropStmt(SELFEDITOR_URI, + "http://mannlib.cornell.edu/bad#prp999", "someString", null, + null); + assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); + + whatToAuth = new AddDataPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, + "someString", null, null); + assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); + + whatToAuth = new AddDataPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE, + "someString", null, null); + assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); + } + + @Test + public void testVisitIdentifierBundleAddObjectPropStmt() { + whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, + SAFE_RESOURCE); + assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); + + whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, + SELFEDITOR_URI); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); // this is the case where the editor is not part of the stmt - whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SAFE_RESOURCE); + whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, + SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE); + whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE, + SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, UNSAFE_RESOURCE); + whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, + UNSAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } // -// @Test -// public void testVisitIdentifierBundleDropResource() { -// fail("Not yet implemented"); -// } -// -// @Test -// public void testVisitIdentifierBundleDropDataPropStmt() { -// fail("Not yet implemented"); -// } -// - @Test - public void testVisitIdentifierBundleDropObjectPropStmt() { - whatToAuth = new DropObjectPropStmt( - SELFEDITOR_URI,SAFE_PREDICATE,SAFE_RESOURCE); - assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - - whatToAuth = new DropObjectPropStmt( - SAFE_RESOURCE ,SAFE_PREDICATE, SELFEDITOR_URI); - assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - -// this is the case where the editor is not part of the stmt - whatToAuth = new DropObjectPropStmt( - SAFE_RESOURCE, SAFE_PREDICATE, SAFE_RESOURCE); - assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - - whatToAuth = new DropObjectPropStmt( - SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE); - assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - - whatToAuth = new DropObjectPropStmt( - SELFEDITOR_URI, SAFE_PREDICATE, UNSAFE_RESOURCE); - assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - } -// -// @Test -// public void testVisitIdentifierBundleAddResource() { -// fail("Not yet implemented"); -// } -// -// @Test -// public void testVisitIdentifierBundleAddDataPropStmt() { -// fail("Not yet implemented"); -// } -// -// @Test -// public void testVisitIdentifierBundleUploadFile() { -// fail("Not yet implemented"); -// } -// -// - @Test - public void testVisitIdentifierBundleEditDataPropStmt() { - - DataPropertyStatement dps = new DataPropertyStatementImpl(); - dps.setIndividualURI(SELFEDITOR_URI); - dps.setDatapropURI(SAFE_PREDICATE); - dps.setData("junk"); - whatToAuth = new EditDataPropStmt(dps); - assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - - dps = new DataPropertyStatementImpl(); - dps.setIndividualURI(SELFEDITOR_URI); - dps.setDatapropURI(UNSAFE_PREDICATE); - dps.setData("junk"); - whatToAuth = new EditDataPropStmt(dps); - assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - - dps = new DataPropertyStatementImpl(); - dps.setIndividualURI(UNSAFE_RESOURCE); - dps.setDatapropURI(SAFE_PREDICATE); - whatToAuth = new EditDataPropStmt(dps); - assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - - dps = new DataPropertyStatementImpl(); - dps.setIndividualURI(SAFE_RESOURCE); - dps.setDatapropURI(SAFE_PREDICATE); - whatToAuth = new EditDataPropStmt(dps); - assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - } - + // @Test + // public void testVisitIdentifierBundleDropResource() { + // fail("Not yet implemented"); + // } + // + // @Test + // public void testVisitIdentifierBundleDropDataPropStmt() { + // fail("Not yet implemented"); + // } + // @Test - public void testVisitIdentifierBundleEditObjPropStmt() { - EditObjPropStmt whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE); + public void testVisitIdentifierBundleDropObjectPropStmt() { + whatToAuth = new DropObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, + SAFE_RESOURCE); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new EditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI); + whatToAuth = new DropObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, + SELFEDITOR_URI); assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); // this is the case where the editor is not part of the stmt - whatToAuth = new EditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SAFE_RESOURCE); + whatToAuth = new DropObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, + SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE); + whatToAuth = new DropObjectPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE, + SAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); - whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, UNSAFE_RESOURCE); + whatToAuth = new DropObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, + UNSAFE_RESOURCE); assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } + + // + // @Test + // public void testVisitIdentifierBundleAddResource() { + // fail("Not yet implemented"); + // } + // + // @Test + // public void testVisitIdentifierBundleAddDataPropStmt() { + // fail("Not yet implemented"); + // } + // + // @Test + // public void testVisitIdentifierBundleUploadFile() { + // fail("Not yet implemented"); + // } + // + // + @Test + public void testVisitIdentifierBundleEditDataPropStmt() { + + DataPropertyStatement dps = new DataPropertyStatementImpl(); + dps.setIndividualURI(SELFEDITOR_URI); + dps.setDatapropURI(SAFE_PREDICATE); + dps.setData("junk"); + whatToAuth = new EditDataPropStmt(dps); + assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); + + dps = new DataPropertyStatementImpl(); + dps.setIndividualURI(SELFEDITOR_URI); + dps.setDatapropURI(UNSAFE_PREDICATE); + dps.setData("junk"); + whatToAuth = new EditDataPropStmt(dps); + assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); + + dps = new DataPropertyStatementImpl(); + dps.setIndividualURI(UNSAFE_RESOURCE); + dps.setDatapropURI(SAFE_PREDICATE); + whatToAuth = new EditDataPropStmt(dps); + assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); + + dps = new DataPropertyStatementImpl(); + dps.setIndividualURI(SAFE_RESOURCE); + dps.setDatapropURI(SAFE_PREDICATE); + whatToAuth = new EditDataPropStmt(dps); + assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); + } + + @Test + public void testVisitIdentifierBundleEditObjPropStmt() { + whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, + SAFE_RESOURCE); + assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); + + whatToAuth = new EditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, + SELFEDITOR_URI); + assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); + + // this is the case where the editor is not part of the stmt + whatToAuth = new EditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, + SAFE_RESOURCE); + assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); + + whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE, + SAFE_RESOURCE); + assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); + + whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, + UNSAFE_RESOURCE); + assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); + } + // ---------------------------------------------------------------------- // What if there are two SelfEditor Identifiers? // ---------------------------------------------------------------------- - + @Test public void twoSEIsFindObjectPropertySubject() { setUpTwoSEIs(); - whatToAuth = new DropObjectPropStmt( - SELFEDITOR_URI,SAFE_PREDICATE,SAFE_RESOURCE); - assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); + whatToAuth = new DropObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, + SAFE_RESOURCE); + assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); } @Test public void twoSEIsFindObjectPropertyObject() { setUpTwoSEIs(); - whatToAuth = new DropObjectPropStmt( - SAFE_RESOURCE ,SAFE_PREDICATE, SELFEDITOR_URI); - assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); + whatToAuth = new DropObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, + SELFEDITOR_URI); + assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); } @Test public void twoSEIsDontFindInObjectProperty() { setUpTwoSEIs(); - whatToAuth = new DropObjectPropStmt( - SAFE_RESOURCE ,SAFE_PREDICATE, SAFE_RESOURCE); - assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); + whatToAuth = new DropObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, + SAFE_RESOURCE); + assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } - + @Test public void twoSEIsFindDataPropertySubject() { setUpTwoSEIs(); DataPropertyStatement dps = new DataPropertyStatementImpl(); - dps.setIndividualURI(SELFEDITOR_URI); - dps.setDatapropURI(SAFE_PREDICATE); - dps.setData("junk"); - whatToAuth = new EditDataPropStmt(dps); - assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); + dps.setIndividualURI(SELFEDITOR_URI); + dps.setDatapropURI(SAFE_PREDICATE); + dps.setData("junk"); + whatToAuth = new EditDataPropStmt(dps); + assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth)); } @Test @@ -343,36 +313,39 @@ public class SelfEditingPolicyTest extends AbstractTestClass { setUpTwoSEIs(); DataPropertyStatement dps = new DataPropertyStatementImpl(); - dps.setIndividualURI(SAFE_RESOURCE); - dps.setDatapropURI(SAFE_PREDICATE); - dps.setData("junk"); - whatToAuth = new EditDataPropStmt(dps); - assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); + dps.setIndividualURI(SAFE_RESOURCE); + dps.setDatapropURI(SAFE_PREDICATE); + dps.setData("junk"); + whatToAuth = new EditDataPropStmt(dps); + assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth)); } private void setUpTwoSEIs() { - ids = new ArrayIdentifierBundle(); - - ids.add( new SelfEditingIdentifierFactory.NetId("bozoUser") ); - - IndividualImpl ind1 = new IndividualImpl(); - ind1.setURI( SAFE_NS + "bozoUri" ); - ids.add( new SelfEditingIdentifierFactory.SelfEditing( ind1, SelfEditingIdentifierFactory.NOT_BLACKLISTED ) ); + ids = new ArrayIdentifierBundle(); - ids.add( new SelfEditingIdentifierFactory.NetId("test223") ); - - IndividualImpl ind2 = new IndividualImpl(); - ind2.setURI( SELFEDITOR_URI ); - ids.add( new SelfEditingIdentifierFactory.SelfEditing( ind2, SelfEditingIdentifierFactory.NOT_BLACKLISTED ) ); + ids.add(new SelfEditingIdentifierFactory.NetId("bozoUser")); + + IndividualImpl ind1 = new IndividualImpl(); + ind1.setURI(SAFE_NS + "bozoUri"); + ids.add(new SelfEditingIdentifierFactory.SelfEditing(ind1, + SelfEditingIdentifierFactory.NOT_BLACKLISTED)); + + ids.add(new SelfEditingIdentifierFactory.NetId("test223")); + + IndividualImpl ind2 = new IndividualImpl(); + ind2.setURI(SELFEDITOR_URI); + ids.add(new SelfEditingIdentifierFactory.SelfEditing(ind2, + SelfEditingIdentifierFactory.NOT_BLACKLISTED)); } // ---------------------------------------------------------------------- // Ignore administrative requests. // ---------------------------------------------------------------------- - + @Test public void testServerStatus() { - assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, new ServerStatus())); + assertDecision(INCONCLUSIVE, + policy.isAuthorized(ids, new ServerStatus())); } @Test @@ -415,17 +388,20 @@ public class SelfEditingPolicyTest extends AbstractTestClass { @Test public void testLoadOntology() { - assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, new LoadOntology())); + assertDecision(INCONCLUSIVE, + policy.isAuthorized(ids, new LoadOntology())); } @Test public void testRebuildTextIndex() { - assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, new RebuildTextIndex())); + assertDecision(INCONCLUSIVE, + policy.isAuthorized(ids, new RebuildTextIndex())); } @Test public void testVisitIdentifierBundleUpdateTextIndex() { - assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, new UpdateTextIndex())); + assertDecision(INCONCLUSIVE, + policy.isAuthorized(ids, new UpdateTextIndex())); } // ---------------------------------------------------------------------- diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetupTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetupTest.java index c3eff632a..4b833c6b0 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetupTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/SelfEditingPolicySetupTest.java @@ -11,6 +11,9 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Test; +import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelperStub; +import stubs.javax.servlet.ServletContextStub; + import com.hp.hpl.jena.ontology.OntModel; import com.hp.hpl.jena.rdf.model.ModelFactory; import com.hp.hpl.jena.rdf.model.impl.RDFDefaultErrorHandler; @@ -21,6 +24,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory; import edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy; +import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; @@ -80,7 +84,12 @@ public class SelfEditingPolicySetupTest extends AbstractTestClass { Assert.assertNotNull(model); Assert.assertTrue(model.size() > 0); - policy = SelfEditingPolicySetup.makeSelfEditPolicyFromModel(model); + ServletContextStub ctx = new ServletContextStub(); + PropertyRestrictionPolicyHelper.setBean(ctx, + PropertyRestrictionPolicyHelperStub + .getInstance(new String[] { ADMIN_NS })); + + policy = new SelfEditingPolicy(ctx); Assert.assertNotNull(policy); seIndividual = new IndividualImpl(); @@ -116,8 +125,7 @@ public class SelfEditingPolicySetupTest extends AbstractTestClass { @Test public void noSelfEditorIdentifier() { ids.clear(); - ids.add(new Identifier() { - }); + ids.add(new Identifier() { /* empty identifier */ }); assertAddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE, Authorization.INCONCLUSIVE); } @@ -308,5 +316,4 @@ public class SelfEditingPolicySetupTest extends AbstractTestClass { Assert.assertNotNull(dec); Assert.assertEquals(expectedAuthorization, dec.getAuthorized()); } - } diff --git a/webapp/test/stubs/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelperStub.java b/webapp/test/stubs/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelperStub.java new file mode 100644 index 000000000..ec4a66961 --- /dev/null +++ b/webapp/test/stubs/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelperStub.java @@ -0,0 +1,63 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper; +import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; + +/** + * Allow the unit test to specify a variety of restrictions + */ +public class PropertyRestrictionPolicyHelperStub extends + PropertyRestrictionPolicyHelper { + + /** Don't prohibit or restrict anything. */ + public static PropertyRestrictionPolicyHelper getInstance() { + return getInstance(null, null); + } + + + /** Prohibit some namespaces. */ + public static PropertyRestrictionPolicyHelperStub getInstance( + String[] restrictedNamespaces) { + return getInstance(restrictedNamespaces, null); + } + + /** + * Prohibit some namespaces and restrict some properties from modification + * by anybody. + */ + public static PropertyRestrictionPolicyHelperStub getInstance( + String[] restrictedNamespaces, String[] restrictedProperties) { + Set namespaceSet = new HashSet(); + if (restrictedNamespaces != null) { + namespaceSet.addAll(Arrays.asList(restrictedNamespaces)); + } + + Map thresholdMap = new HashMap(); + if (restrictedProperties != null) { + for (String prop : restrictedProperties) { + thresholdMap.put(prop, RoleLevel.NOBODY); + } + } + + return new PropertyRestrictionPolicyHelperStub(namespaceSet, null, + null, thresholdMap); + } + + private PropertyRestrictionPolicyHelperStub( + Set modifyRestrictedNamespaces, + Set modifyPermittedExceptions, + Map displayThresholds, + Map modifyThresholds) { + super(modifyRestrictedNamespaces, modifyPermittedExceptions, + displayThresholds, modifyThresholds); + } + +}