NIHVIVO-2254 Rewrite the role-based policies to use the PropertyRestrictionPolicyHelper.

This commit is contained in:
j2blake 2011-04-06 19:11:14 +00:00
parent 835ffa3481
commit b0db5dd122
23 changed files with 1139 additions and 2364 deletions

View file

@ -1,45 +0,0 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.policy;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
/**
* TODO
*/
public class AdministrativeUriRestrictorTest extends AbstractTestClass {
private static final String SAFE_NS = "http://test.mannlib.cornell.edu/ns/01#";
private static final String UNSAFE_NS = VitroVocabulary.vitroURI;
private static final String SAFE_RESOURCE = SAFE_NS + "otherIndividual77777";
private static final String UNSAFE_RESOURCE = UNSAFE_NS + "otherIndividual99999";
private static final String SAFE_PREDICATE = SAFE_NS + "hasHairStyle";
private static final String UNSAFE_PREDICATE = UNSAFE_NS + "hasSuperPowers";
private AdministrativeUriRestrictor restrictor;
@Before
public void setup() {
restrictor = new AdministrativeUriRestrictor(null, null, null, null);
}
@Test
public void testCanModifiyNs(){
Assert.assertTrue( restrictor.canModifyResource("http://bobs.com#hats") );
Assert.assertTrue( restrictor.canModifyResource("ftp://bobs.com#hats"));
Assert.assertTrue( restrictor.canModifyResource( SAFE_RESOURCE ));
Assert.assertTrue( restrictor.canModifyPredicate( SAFE_PREDICATE ));
Assert.assertTrue( restrictor.canModifyResource("http://bobs.com/hats"));
Assert.assertTrue( ! restrictor.canModifyResource(""));
Assert.assertTrue( ! restrictor.canModifyResource(VitroVocabulary.vitroURI + "something"));
Assert.assertTrue( ! restrictor.canModifyResource(VitroVocabulary.OWL + "Ontology"));
Assert.assertTrue( ! restrictor.canModifyPredicate( UNSAFE_PREDICATE ));
Assert.assertTrue( ! restrictor.canModifyResource( UNSAFE_RESOURCE ));
Assert.assertTrue( ! restrictor.canModifyResource( UNSAFE_NS ));
}
}

View file

@ -16,6 +16,9 @@ import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelperStub;
import stubs.javax.servlet.ServletContextStub;
import com.hp.hpl.jena.ontology.OntModel;
import com.hp.hpl.jena.ontology.OntModelSpec;
import com.hp.hpl.jena.rdf.model.Model;
@ -28,6 +31,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing;
import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
@ -105,9 +109,12 @@ public class InformationResourceEditingPolicyTest extends AbstractTestClass {
@Before
public void setupPolicy() {
AdministrativeUriRestrictor restrictor = new AdministrativeUriRestrictor(
null, null, null, null);
policy = new InformationResourceEditingPolicy(ontModel, restrictor);
ServletContextStub ctx = new ServletContextStub();
PropertyRestrictionPolicyHelper prph = PropertyRestrictionPolicyHelperStub
.getInstance(new String[] { NS_RESTRICTED });
PropertyRestrictionPolicyHelper.setBean(ctx, prph);
policy = new InformationResourceEditingPolicy(ctx, ontModel);
}
private IdentifierBundle idNobody;

View file

@ -8,16 +8,16 @@ import static junit.framework.Assert.assertEquals;
import static junit.framework.Assert.assertNotNull;
import static junit.framework.Assert.assertNull;
import java.util.HashSet;
import java.util.Set;
import org.junit.Before;
import org.junit.Test;
import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelperStub;
import stubs.javax.servlet.ServletContextStub;
import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
@ -47,295 +47,265 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
private static final String UNSAFE_NS = VitroVocabulary.vitroURI;
private static final String SELFEDITOR_URI = SAFE_NS + "individual244";
private static final String SAFE_RESOURCE = SAFE_NS + "otherIndividual77777";
private static final String SAFE_RESOURCE = SAFE_NS + "otherIndividual77777";
private static final String UNSAFE_RESOURCE = UNSAFE_NS + "otherIndividual99999";
private static final String SAFE_PREDICATE = SAFE_NS + "hasHairStyle";
private static final String UNSAFE_PREDICATE = UNSAFE_NS + "hasSuperPowers";
private ServletContextStub ctx;
private SelfEditingPolicy policy;
private IdentifierBundle ids;
private RequestedAction whatToAuth;
@Before
public void setUp() throws Exception {
policy = new SelfEditingPolicy(null,null,null,null,null);
ids = new ArrayIdentifierBundle();
ids.add( new SelfEditingIdentifierFactory.NetId("test223") );
IndividualImpl ind = new IndividualImpl();
ind.setURI( SELFEDITOR_URI );
ids.add( new SelfEditingIdentifierFactory.SelfEditing( ind, SelfEditingIdentifierFactory.NOT_BLACKLISTED ) );
}
@Before
public void setUp() throws Exception {
ctx = new ServletContextStub();
PropertyRestrictionPolicyHelper prph = PropertyRestrictionPolicyHelperStub
.getInstance(new String[] { UNSAFE_NS });
PropertyRestrictionPolicyHelper.setBean(ctx, prph);
policy = new SelfEditingPolicy(ctx);
ids = new ArrayIdentifierBundle();
ids.add(new SelfEditingIdentifierFactory.NetId("test223"));
IndividualImpl ind = new IndividualImpl();
ind.setURI(SELFEDITOR_URI);
ids.add(new SelfEditingIdentifierFactory.SelfEditing(ind,
SelfEditingIdentifierFactory.NOT_BLACKLISTED));
}
@Test
public void testProhibitedProperties() {
Set<String> badProps = new HashSet<String>();
badProps.add("http://mannlib.cornell.edu/bad#prp234");
badProps.add("http://mannlib.cornell.edu/bad#prp999");
badProps.add("http://mannlib.cornell.edu/bad#prp333");
badProps.add("http://mannlib.cornell.edu/bad#prp777");
badProps.add("http://mannlib.cornell.edu/bad#prp0020");
SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps, null, null, null, null);
PropertyRestrictionPolicyHelper prph = PropertyRestrictionPolicyHelperStub
.getInstance(new String[] { UNSAFE_NS }, new String[] {
"http://mannlib.cornell.edu/bad#prp234",
"http://mannlib.cornell.edu/bad#prp999",
"http://mannlib.cornell.edu/bad#prp333",
"http://mannlib.cornell.edu/bad#prp777",
"http://mannlib.cornell.edu/bad#prp0020" });
PropertyRestrictionPolicyHelper.setBean(ctx, prph);
whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI,
"http://mannlib.cornell.edu/bad#prp234", SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE,
"http://mannlib.cornell.edu/bad#prp234", SELFEDITOR_URI);
assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI,
"http://mannlib.cornell.edu/bad#prp999", SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropStmt(
SAFE_RESOURCE ,"http://mannlib.cornell.edu/bad#prp999", SELFEDITOR_URI);
assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropStmt(
SAFE_RESOURCE ,SAFE_PREDICATE, SELFEDITOR_URI);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropStmt(
SELFEDITOR_URI,SAFE_PREDICATE,SAFE_RESOURCE);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropStmt(
SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
//now with dataprop statements
whatToAuth = new AddDataPropStmt(
SELFEDITOR_URI,"http://mannlib.cornell.edu/bad#prp234" ,SAFE_RESOURCE, null, null);
assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddDataPropStmt(
SAFE_RESOURCE ,"http://mannlib.cornell.edu/bad#prp234", SELFEDITOR_URI, null, null);
assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddDataPropStmt(
SELFEDITOR_URI,"http://mannlib.cornell.edu/bad#prp999" ,SAFE_RESOURCE, null, null);
assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddDataPropStmt(
SAFE_RESOURCE ,"http://mannlib.cornell.edu/bad#prp999", SELFEDITOR_URI, null, null);
assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddDataPropStmt(
SAFE_RESOURCE ,SAFE_PREDICATE, SELFEDITOR_URI, null, null);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddDataPropStmt(
SELFEDITOR_URI,SAFE_PREDICATE,SAFE_RESOURCE, null, null);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddDataPropStmt(
SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE, null, null);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
}
@Test
public void testForbiddenMoniker(){
Set<String> badProps = new HashSet<String>();
badProps.add(VitroVocabulary.MONIKER);
SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps,null,null,null,null);
whatToAuth = new AddDataPropStmt(
SELFEDITOR_URI, VitroVocabulary.MONIKER ,"someValue", null, null);
assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddDataPropStmt(
SAFE_RESOURCE ,VitroVocabulary.MONIKER , "somevalue", null, null);
assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
DataPropertyStatement dps = new DataPropertyStatementImpl();
dps.setIndividualURI(SELFEDITOR_URI);
dps.setDatapropURI(VitroVocabulary.MONIKER);
dps.setData("some moniker");
whatToAuth = new EditDataPropStmt(dps);
assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
//try where moniker is permitted
badProps = new HashSet<String>();
badPropPolicy = new SelfEditingPolicy(badProps,null,null,null,null);
whatToAuth = new AddDataPropStmt(
SELFEDITOR_URI, VitroVocabulary.MONIKER ,"somevalue", null, null);
assertDecision(AUTHORIZED, badPropPolicy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddDataPropStmt(
UNSAFE_RESOURCE ,VitroVocabulary.MONIKER , "somevalue", null, null);
assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
dps = new DataPropertyStatementImpl();
dps.setIndividualURI(SAFE_RESOURCE);
dps.setDatapropURI(VitroVocabulary.MONIKER);
dps.setData("some moniker");
whatToAuth = new EditDataPropStmt(dps);
assertDecision(INCONCLUSIVE, badPropPolicy.isAuthorized(ids, whatToAuth));
}
@Test
public void testVisitIdentifierBundleAddObjectPropStmt() {
whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE,
"http://mannlib.cornell.edu/bad#prp999", SELFEDITOR_URI);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
SELFEDITOR_URI);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI);
whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
SAFE_RESOURCE);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE,
SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
// now with dataprop statements
whatToAuth = new AddDataPropStmt(SELFEDITOR_URI,
"http://mannlib.cornell.edu/bad#prp234", "someString", null,
null);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddDataPropStmt(SELFEDITOR_URI,
"http://mannlib.cornell.edu/bad#prp999", "someString", null,
null);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddDataPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
"someString", null, null);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddDataPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE,
"someString", null, null);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
}
@Test
public void testVisitIdentifierBundleAddObjectPropStmt() {
whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
SAFE_RESOURCE);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
SELFEDITOR_URI);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
// this is the case where the editor is not part of the stmt
whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SAFE_RESOURCE);
whatToAuth = new AddObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE);
whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE,
SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, UNSAFE_RESOURCE);
whatToAuth = new AddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
UNSAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
}
//
// @Test
// public void testVisitIdentifierBundleDropResource() {
// fail("Not yet implemented");
// }
//
// @Test
// public void testVisitIdentifierBundleDropDataPropStmt() {
// fail("Not yet implemented");
// }
//
@Test
public void testVisitIdentifierBundleDropObjectPropStmt() {
whatToAuth = new DropObjectPropStmt(
SELFEDITOR_URI,SAFE_PREDICATE,SAFE_RESOURCE);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new DropObjectPropStmt(
SAFE_RESOURCE ,SAFE_PREDICATE, SELFEDITOR_URI);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
// this is the case where the editor is not part of the stmt
whatToAuth = new DropObjectPropStmt(
SAFE_RESOURCE, SAFE_PREDICATE, SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new DropObjectPropStmt(
SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new DropObjectPropStmt(
SELFEDITOR_URI, SAFE_PREDICATE, UNSAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
}
//
// @Test
// public void testVisitIdentifierBundleAddResource() {
// fail("Not yet implemented");
// }
//
// @Test
// public void testVisitIdentifierBundleAddDataPropStmt() {
// fail("Not yet implemented");
// }
//
// @Test
// public void testVisitIdentifierBundleUploadFile() {
// fail("Not yet implemented");
// }
//
//
@Test
public void testVisitIdentifierBundleEditDataPropStmt() {
DataPropertyStatement dps = new DataPropertyStatementImpl();
dps.setIndividualURI(SELFEDITOR_URI);
dps.setDatapropURI(SAFE_PREDICATE);
dps.setData("junk");
whatToAuth = new EditDataPropStmt(dps);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
dps = new DataPropertyStatementImpl();
dps.setIndividualURI(SELFEDITOR_URI);
dps.setDatapropURI(UNSAFE_PREDICATE);
dps.setData("junk");
whatToAuth = new EditDataPropStmt(dps);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
dps = new DataPropertyStatementImpl();
dps.setIndividualURI(UNSAFE_RESOURCE);
dps.setDatapropURI(SAFE_PREDICATE);
whatToAuth = new EditDataPropStmt(dps);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
dps = new DataPropertyStatementImpl();
dps.setIndividualURI(SAFE_RESOURCE);
dps.setDatapropURI(SAFE_PREDICATE);
whatToAuth = new EditDataPropStmt(dps);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
}
// @Test
// public void testVisitIdentifierBundleDropResource() {
// fail("Not yet implemented");
// }
//
// @Test
// public void testVisitIdentifierBundleDropDataPropStmt() {
// fail("Not yet implemented");
// }
//
@Test
public void testVisitIdentifierBundleEditObjPropStmt() {
EditObjPropStmt whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE);
public void testVisitIdentifierBundleDropObjectPropStmt() {
whatToAuth = new DropObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
SAFE_RESOURCE);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new EditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SELFEDITOR_URI);
whatToAuth = new DropObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
SELFEDITOR_URI);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
// this is the case where the editor is not part of the stmt
whatToAuth = new EditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE, SAFE_RESOURCE);
whatToAuth = new DropObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE, SAFE_RESOURCE);
whatToAuth = new DropObjectPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE,
SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, UNSAFE_RESOURCE);
whatToAuth = new DropObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
UNSAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
}
//
// @Test
// public void testVisitIdentifierBundleAddResource() {
// fail("Not yet implemented");
// }
//
// @Test
// public void testVisitIdentifierBundleAddDataPropStmt() {
// fail("Not yet implemented");
// }
//
// @Test
// public void testVisitIdentifierBundleUploadFile() {
// fail("Not yet implemented");
// }
//
//
@Test
public void testVisitIdentifierBundleEditDataPropStmt() {
DataPropertyStatement dps = new DataPropertyStatementImpl();
dps.setIndividualURI(SELFEDITOR_URI);
dps.setDatapropURI(SAFE_PREDICATE);
dps.setData("junk");
whatToAuth = new EditDataPropStmt(dps);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
dps = new DataPropertyStatementImpl();
dps.setIndividualURI(SELFEDITOR_URI);
dps.setDatapropURI(UNSAFE_PREDICATE);
dps.setData("junk");
whatToAuth = new EditDataPropStmt(dps);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
dps = new DataPropertyStatementImpl();
dps.setIndividualURI(UNSAFE_RESOURCE);
dps.setDatapropURI(SAFE_PREDICATE);
whatToAuth = new EditDataPropStmt(dps);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
dps = new DataPropertyStatementImpl();
dps.setIndividualURI(SAFE_RESOURCE);
dps.setDatapropURI(SAFE_PREDICATE);
whatToAuth = new EditDataPropStmt(dps);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
}
@Test
public void testVisitIdentifierBundleEditObjPropStmt() {
whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
SAFE_RESOURCE);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new EditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
SELFEDITOR_URI);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
// this is the case where the editor is not part of the stmt
whatToAuth = new EditObjPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, UNSAFE_PREDICATE,
SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new EditObjPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
UNSAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
}
// ----------------------------------------------------------------------
// What if there are two SelfEditor Identifiers?
// ----------------------------------------------------------------------
@Test
public void twoSEIsFindObjectPropertySubject() {
setUpTwoSEIs();
whatToAuth = new DropObjectPropStmt(
SELFEDITOR_URI,SAFE_PREDICATE,SAFE_RESOURCE);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new DropObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE,
SAFE_RESOURCE);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
}
@Test
public void twoSEIsFindObjectPropertyObject() {
setUpTwoSEIs();
whatToAuth = new DropObjectPropStmt(
SAFE_RESOURCE ,SAFE_PREDICATE, SELFEDITOR_URI);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new DropObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
SELFEDITOR_URI);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
}
@Test
public void twoSEIsDontFindInObjectProperty() {
setUpTwoSEIs();
whatToAuth = new DropObjectPropStmt(
SAFE_RESOURCE ,SAFE_PREDICATE, SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new DropObjectPropStmt(SAFE_RESOURCE, SAFE_PREDICATE,
SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
}
@Test
public void twoSEIsFindDataPropertySubject() {
setUpTwoSEIs();
DataPropertyStatement dps = new DataPropertyStatementImpl();
dps.setIndividualURI(SELFEDITOR_URI);
dps.setDatapropURI(SAFE_PREDICATE);
dps.setData("junk");
whatToAuth = new EditDataPropStmt(dps);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
dps.setIndividualURI(SELFEDITOR_URI);
dps.setDatapropURI(SAFE_PREDICATE);
dps.setData("junk");
whatToAuth = new EditDataPropStmt(dps);
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
}
@Test
@ -343,36 +313,39 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
setUpTwoSEIs();
DataPropertyStatement dps = new DataPropertyStatementImpl();
dps.setIndividualURI(SAFE_RESOURCE);
dps.setDatapropURI(SAFE_PREDICATE);
dps.setData("junk");
whatToAuth = new EditDataPropStmt(dps);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
dps.setIndividualURI(SAFE_RESOURCE);
dps.setDatapropURI(SAFE_PREDICATE);
dps.setData("junk");
whatToAuth = new EditDataPropStmt(dps);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
}
private void setUpTwoSEIs() {
ids = new ArrayIdentifierBundle();
ids.add( new SelfEditingIdentifierFactory.NetId("bozoUser") );
IndividualImpl ind1 = new IndividualImpl();
ind1.setURI( SAFE_NS + "bozoUri" );
ids.add( new SelfEditingIdentifierFactory.SelfEditing( ind1, SelfEditingIdentifierFactory.NOT_BLACKLISTED ) );
ids = new ArrayIdentifierBundle();
ids.add( new SelfEditingIdentifierFactory.NetId("test223") );
IndividualImpl ind2 = new IndividualImpl();
ind2.setURI( SELFEDITOR_URI );
ids.add( new SelfEditingIdentifierFactory.SelfEditing( ind2, SelfEditingIdentifierFactory.NOT_BLACKLISTED ) );
ids.add(new SelfEditingIdentifierFactory.NetId("bozoUser"));
IndividualImpl ind1 = new IndividualImpl();
ind1.setURI(SAFE_NS + "bozoUri");
ids.add(new SelfEditingIdentifierFactory.SelfEditing(ind1,
SelfEditingIdentifierFactory.NOT_BLACKLISTED));
ids.add(new SelfEditingIdentifierFactory.NetId("test223"));
IndividualImpl ind2 = new IndividualImpl();
ind2.setURI(SELFEDITOR_URI);
ids.add(new SelfEditingIdentifierFactory.SelfEditing(ind2,
SelfEditingIdentifierFactory.NOT_BLACKLISTED));
}
// ----------------------------------------------------------------------
// Ignore administrative requests.
// ----------------------------------------------------------------------
@Test
public void testServerStatus() {
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, new ServerStatus()));
assertDecision(INCONCLUSIVE,
policy.isAuthorized(ids, new ServerStatus()));
}
@Test
@ -415,17 +388,20 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
@Test
public void testLoadOntology() {
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, new LoadOntology()));
assertDecision(INCONCLUSIVE,
policy.isAuthorized(ids, new LoadOntology()));
}
@Test
public void testRebuildTextIndex() {
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, new RebuildTextIndex()));
assertDecision(INCONCLUSIVE,
policy.isAuthorized(ids, new RebuildTextIndex()));
}
@Test
public void testVisitIdentifierBundleUpdateTextIndex() {
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, new UpdateTextIndex()));
assertDecision(INCONCLUSIVE,
policy.isAuthorized(ids, new UpdateTextIndex()));
}
// ----------------------------------------------------------------------

View file

@ -11,6 +11,9 @@ import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelperStub;
import stubs.javax.servlet.ServletContextStub;
import com.hp.hpl.jena.ontology.OntModel;
import com.hp.hpl.jena.rdf.model.ModelFactory;
import com.hp.hpl.jena.rdf.model.impl.RDFDefaultErrorHandler;
@ -21,6 +24,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.SelfEditingPolicy;
import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt;
@ -80,7 +84,12 @@ public class SelfEditingPolicySetupTest extends AbstractTestClass {
Assert.assertNotNull(model);
Assert.assertTrue(model.size() > 0);
policy = SelfEditingPolicySetup.makeSelfEditPolicyFromModel(model);
ServletContextStub ctx = new ServletContextStub();
PropertyRestrictionPolicyHelper.setBean(ctx,
PropertyRestrictionPolicyHelperStub
.getInstance(new String[] { ADMIN_NS }));
policy = new SelfEditingPolicy(ctx);
Assert.assertNotNull(policy);
seIndividual = new IndividualImpl();
@ -116,8 +125,7 @@ public class SelfEditingPolicySetupTest extends AbstractTestClass {
@Test
public void noSelfEditorIdentifier() {
ids.clear();
ids.add(new Identifier() {
});
ids.add(new Identifier() { /* empty identifier */ });
assertAddObjectPropStmt(SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE,
Authorization.INCONCLUSIVE);
}
@ -308,5 +316,4 @@ public class SelfEditingPolicySetupTest extends AbstractTestClass {
Assert.assertNotNull(dec);
Assert.assertEquals(expectedAuthorization, dec.getAuthorized());
}
}

View file

@ -0,0 +1,63 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package stubs.edu.cornell.mannlib.vitro.webapp.auth.policy.bean;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
/**
* Allow the unit test to specify a variety of restrictions
*/
public class PropertyRestrictionPolicyHelperStub extends
PropertyRestrictionPolicyHelper {
/** Don't prohibit or restrict anything. */
public static PropertyRestrictionPolicyHelper getInstance() {
return getInstance(null, null);
}
/** Prohibit some namespaces. */
public static PropertyRestrictionPolicyHelperStub getInstance(
String[] restrictedNamespaces) {
return getInstance(restrictedNamespaces, null);
}
/**
* Prohibit some namespaces and restrict some properties from modification
* by anybody.
*/
public static PropertyRestrictionPolicyHelperStub getInstance(
String[] restrictedNamespaces, String[] restrictedProperties) {
Set<String> namespaceSet = new HashSet<String>();
if (restrictedNamespaces != null) {
namespaceSet.addAll(Arrays.asList(restrictedNamespaces));
}
Map<String, RoleLevel> thresholdMap = new HashMap<String, RoleLevel>();
if (restrictedProperties != null) {
for (String prop : restrictedProperties) {
thresholdMap.put(prop, RoleLevel.NOBODY);
}
}
return new PropertyRestrictionPolicyHelperStub(namespaceSet, null,
null, thresholdMap);
}
private PropertyRestrictionPolicyHelperStub(
Set<String> modifyRestrictedNamespaces,
Set<String> modifyPermittedExceptions,
Map<String, RoleLevel> displayThresholds,
Map<String, RoleLevel> modifyThresholds) {
super(modifyRestrictedNamespaces, modifyPermittedExceptions,
displayThresholds, modifyThresholds);
}
}