litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

support for edit permissions for qualified properties (almost finished)

Browse source
This commit is contained in:
brianjlowe 2013-08-30 17:04:12 -04:00
parent b1d549f01f
commit ca32a51740
37 changed files with 469 additions and 310 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/DisplayByRolePermission.java
View file

@ -16,6 +16,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
/**
* Is the user authorized to display properties that are marked as restricted to
@ -82,7 +83,7 @@ public class DisplayByRolePermission extends Permission {
*/
private boolean isAuthorized(DisplayDataProperty action) {
String predicateUri = action.getDataProperty().getURI();
return canDisplayPredicate(predicateUri);
return canDisplayPredicate(new Property(predicateUri));
}
/**
@ -90,8 +91,7 @@ public class DisplayByRolePermission extends Permission {
* predicate.
*/
private boolean isAuthorized(DisplayObjectProperty action) {
String predicateUri = action.getObjectProperty().getURI();
return canDisplayPredicate(predicateUri);
return canDisplayPredicate(action.getObjectProperty());
}
/**
@ -103,7 +103,7 @@ public class DisplayByRolePermission extends Permission {
String subjectUri = stmt.getIndividualURI();
String predicateUri = stmt.getDatapropURI();
return canDisplayResource(subjectUri)
&& canDisplayPredicate(predicateUri);
&& canDisplayPredicate(new Property(predicateUri));
}
/**
@ -113,12 +113,10 @@ public class DisplayByRolePermission extends Permission {
private boolean isAuthorized(DisplayObjectPropertyStatement action) {
ObjectPropertyStatement stmt = action.getObjectPropertyStatement();
String subjectUri = stmt.getSubjectURI();
String predicateUri = stmt.getPropertyURI();
String rangeUri = (stmt.getProperty() == null) ? null
: stmt.getProperty().getRangeVClassURI();
Property predicate = stmt.getProperty();
String objectUri = stmt.getObjectURI();
return canDisplayResource(subjectUri)
&& canDisplayPredicate(predicateUri, rangeUri)
&& canDisplayPredicate(predicate)
&& canDisplayResource(objectUri);
}
@ -126,14 +124,10 @@ public class DisplayByRolePermission extends Permission {
return PropertyRestrictionPolicyHelper.getBean(ctx).canDisplayResource(
resourceUri, this.roleLevel);
}
private boolean canDisplayPredicate(String predicateUri) {
return canDisplayPredicate(predicateUri, null);
}
private boolean canDisplayPredicate(String predicateUri, String rangeUri) {
private boolean canDisplayPredicate(Property predicate) {
return PropertyRestrictionPolicyHelper.getBean(ctx)
.canDisplayPredicate(predicateUri, rangeUri, this.roleLevel);
.canDisplayPredicate(predicate, this.roleLevel);
}
@Override

13
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/EditByRolePermission.java
View file

@ -12,6 +12,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyStatementAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
/**
* Is the user authorized to edit properties that are marked as restricted to a
@ -78,9 +79,9 @@ public class EditByRolePermission extends Permission {
*/
private boolean isAuthorized(AbstractDataPropertyStatementAction action) {
String subjectUri = action.getSubjectUri();
String predicateUri = action.getPredicateUri();
Property predicate = action.getPredicate();
return canModifyResource(subjectUri)
&& canModifyPredicate(predicateUri);
&& canModifyPredicate(predicate);
}
/**
@ -89,10 +90,10 @@ public class EditByRolePermission extends Permission {
*/
private boolean isAuthorized(AbstractObjectPropertyStatementAction action) {
String subjectUri = action.getSubjectUri();
String predicateUri = action.getPredicateUri();
Property predicate = action.getPredicate();
String objectUri = action.getObjectUri();
return canModifyResource(subjectUri)
&& canModifyPredicate(predicateUri)
&& canModifyPredicate(predicate)
&& canModifyResource(objectUri);
}
@ -101,9 +102,9 @@ public class EditByRolePermission extends Permission {
resourceUri, roleLevel);
}
private boolean canModifyPredicate(String predicateUri) {
private boolean canModifyPredicate(Property predicate) {
return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyPredicate(
predicateUri, roleLevel);
predicate, roleLevel);
}
@Override

9
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/BaseSelfEditingPolicy.java
View file

@ -8,6 +8,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPoli
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
/**
* A base class with utility methods for policies involving self-editing.
@ -26,9 +27,9 @@ public abstract class BaseSelfEditingPolicy {
uri, roleLevel);
}
protected boolean canModifyPredicate(String uri) {
protected boolean canModifyPredicate(Property predicate) {
return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyPredicate(
uri, roleLevel);
predicate, roleLevel);
}
protected PolicyDecision cantModifyResource(String uri) {
@ -36,9 +37,9 @@ public abstract class BaseSelfEditingPolicy {
+ uri);
}
protected PolicyDecision cantModifyPredicate(String uri) {
protected PolicyDecision cantModifyPredicate(Property predicate) {
return inconclusiveDecision("No access to admin predicates; cannot modify "
+ uri);
+ predicate.getURI());
}
protected PolicyDecision userNotAuthorizedToStatement() {

16
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/DisplayRestrictedDataToSelfPolicy.java
View file

@ -23,6 +23,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
/**
* Permit display of various data if it relates to the user's associated
@ -92,14 +93,14 @@ public class DisplayRestrictedDataToSelfPolicy implements PolicyIface {
Collection<String> individuals) {
DataPropertyStatement stmt = action.getDataPropertyStatement();
String subjectUri = stmt.getIndividualURI();
String predicateUri = stmt.getDatapropURI();
if (canDisplayResource(subjectUri) && canDisplayPredicate(predicateUri)
Property predicate = new Property(stmt.getDatapropURI());
if (canDisplayResource(subjectUri) && canDisplayPredicate(predicate)
&& isAboutAssociatedIndividual(individuals, stmt)) {
return authorized("user may view DataPropertyStatement "
+ subjectUri + " ==> " + predicateUri);
+ subjectUri + " ==> " + predicate.getURI());
} else {
return defaultDecision("user may not view DataPropertyStatement "
+ subjectUri + " ==> " + predicateUri);
+ subjectUri + " ==> " + predicate.getURI());
}
}
@ -115,7 +116,8 @@ public class DisplayRestrictedDataToSelfPolicy implements PolicyIface {
String subjectUri = stmt.getSubjectURI();
String predicateUri = stmt.getPropertyURI();
String objectUri = stmt.getObjectURI();
if (canDisplayResource(subjectUri) && canDisplayPredicate(predicateUri)
if (canDisplayResource(subjectUri) && canDisplayPredicate(new Property
(predicateUri))
&& canDisplayResource(objectUri)
&& isAboutAssociatedIndividual(individuals, stmt)) {
return authorized("user may view ObjectPropertyStatement "
@ -143,9 +145,9 @@ public class DisplayRestrictedDataToSelfPolicy implements PolicyIface {
uri, RoleLevel.SELF);
}
private boolean canDisplayPredicate(String uri) {
private boolean canDisplayPredicate(Property predicate) {
return PropertyRestrictionPolicyHelper.getBean(ctx)
.canDisplayPredicate(uri, RoleLevel.SELF);
.canDisplayPredicate(predicate, RoleLevel.SELF);
}
private boolean isAboutAssociatedIndividual(Collection<String> selves,

2
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PermissionsPolicy.java
View file

@ -35,6 +35,8 @@ public class PermissionsPolicy implements PolicyIface {
log.debug("Permission " + p + " approves request " + whatToAuth);
return new BasicPolicyDecision(Authorization.AUTHORIZED,
"PermissionsPolicy: approved by " + p);
} else {
log.trace("Permission " + p + " denies request " + whatToAuth);
}
}
log.debug("No permission will approve " + whatToAuth);

11
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
View file

@ -75,7 +75,8 @@ public class PolicyHelper {
}
Resource subject = stmt.getSubject();
Property predicate = stmt.getPredicate();
edu.cornell.mannlib.vitro.webapp.beans.Property predicate =
new edu.cornell.mannlib.vitro.webapp.beans.Property(stmt.getPredicate().getURI());
RDFNode objectNode = stmt.getObject();
if ((subject == null) || (predicate == null) || (objectNode == null)) {
return false;
@ -84,7 +85,7 @@ public class PolicyHelper {
RequestedAction action;
if (objectNode.isResource()) {
action = new AddObjectPropertyStatement(modelToBeModified,
subject.getURI(), predicate.getURI(), objectNode
subject.getURI(), predicate, objectNode
.asResource().getURI());
} else {
action = new AddDataPropertyStatement(modelToBeModified,
@ -106,7 +107,9 @@ public class PolicyHelper {
}
Resource subject = stmt.getSubject();
Property predicate = stmt.getPredicate();
edu.cornell.mannlib.vitro.webapp.beans.Property predicate =
new edu.cornell.mannlib.vitro.webapp.beans.Property();
predicate.setURI(stmt.getPredicate().getURI());
RDFNode objectNode = stmt.getObject();
if ((subject == null) || (predicate == null) || (objectNode == null)) {
return false;
@ -115,7 +118,7 @@ public class PolicyHelper {
RequestedAction action;
if (objectNode.isResource()) {
action = new DropObjectPropertyStatement(modelToBeModified,
subject.getURI(), predicate.getURI(), objectNode
subject.getURI(), predicate, objectNode
.asResource().getURI());
} else {
action = new DropDataPropertyStatement(modelToBeModified,

5
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java
View file

@ -16,6 +16,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDa
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractResourceAction;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
/**
* Policy to use for Vivo Self-Editing based on NetId for use at Cornell. All
@ -69,7 +70,7 @@ public class SelfEditingPolicy extends BaseSelfEditingPolicy implements
private PolicyDecision isAuthorizedForObjectPropertyAction(
List<String> userUris, AbstractObjectPropertyStatementAction action) {
String subject = action.getSubjectUri();
String predicate = action.getPredicateUri();
Property predicate = action.getPredicate();
String object = action.getObjectUri();
if (!canModifyResource(subject)) {
@ -96,7 +97,7 @@ public class SelfEditingPolicy extends BaseSelfEditingPolicy implements
private PolicyDecision isAuthorizedForDataPropertyAction(
List<String> userUris, AbstractDataPropertyStatementAction action) {
String subject = action.getSubjectUri();
String predicate = action.getPredicateUri();
Property predicate = action.getPredicate();
if (!canModifyResource(subject)) {
return cantModifyResource(subject);

202
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelper.java
View file

@ -7,6 +7,7 @@ import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletContext;
@ -17,6 +18,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.ontology.OntModel;
import com.hp.hpl.jena.ontology.OntModelSpec;
import com.hp.hpl.jena.query.Query;
import com.hp.hpl.jena.query.QueryExecution;
import com.hp.hpl.jena.query.QueryExecutionFactory;
@ -24,18 +26,23 @@ import com.hp.hpl.jena.query.QueryFactory;
import com.hp.hpl.jena.query.QuerySolution;
import com.hp.hpl.jena.query.ResultSet;
import com.hp.hpl.jena.rdf.model.Model;
import com.hp.hpl.jena.rdf.model.Property;
import com.hp.hpl.jena.rdf.model.ModelFactory;
import com.hp.hpl.jena.rdf.model.RDFNode;
import com.hp.hpl.jena.rdf.model.Resource;
import com.hp.hpl.jena.rdf.model.Statement;
import com.hp.hpl.jena.rdf.model.StmtIterator;
import com.hp.hpl.jena.rdf.model.impl.Util;
import com.hp.hpl.jena.sdb.util.Pair;
import com.hp.hpl.jena.shared.Lock;
import com.hp.hpl.jena.vocabulary.OWL;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
import edu.cornell.mannlib.vitro.webapp.dao.ModelAccess;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
import edu.cornell.mannlib.vitro.webapp.startup.StartupStatus;
import edu.cornell.mannlib.vitro.webapp.utils.ApplicationConfigurationOntologyUtils;
/**
* Assists the role-based policies in determining whether a property or resource
@ -108,17 +115,22 @@ public class PropertyRestrictionPolicyHelper {
Model displayModel) {
Map<String, RoleLevel> displayThresholdMap = new HashMap<String, RoleLevel>();
Map<String, RoleLevel> modifyThresholdMap = new HashMap<String, RoleLevel>();
Map<Pair<String, Pair<String,String>>, RoleLevel> displayThresholdMap =
new HashMap<Pair<String, Pair<String,String>>, RoleLevel>();
Map<Pair<String, Pair<String,String>>, RoleLevel> modifyThresholdMap =
new HashMap<Pair<String, Pair<String,String>>, RoleLevel>();
OntModel union = ModelFactory.createOntologyModel(OntModelSpec.OWL_MEM,
ModelFactory.createUnion(displayModel, model));
populateThresholdMap(union, displayThresholdMap,
VitroVocabulary.HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT);
populateThresholdMap(
union,
modifyThresholdMap,
VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT);
if (model != null) {
populateThresholdMap(model, displayThresholdMap,
VitroVocabulary.HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT);
populateThresholdMap(
model,
modifyThresholdMap,
VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT);
}
PropertyRestrictionPolicyHelper bean = new PropertyRestrictionPolicyHelper(
PROHIBITED_NAMESPACES, PERMITTED_EXCEPTIONS,
@ -127,15 +139,49 @@ public class PropertyRestrictionPolicyHelper {
return bean;
}
private RoleLevel getModifyThreshold(Property property) {
return getThreshold(property, modifyThresholdMap);
}
private RoleLevel getThreshold(Property property,
Map<Pair<String, Pair<String,String>>, RoleLevel>
thresholdMap) {
if (property.getURI() == null) {
return RoleLevel.NOBODY;
}
String domainURI = (false && property.getDomainVClassURI() == null)
? OWL.Thing.getURI() : property.getDomainVClassURI();
String rangeURI = (false && property.getRangeVClassURI() == null)
? OWL.Thing.getURI() : property.getRangeVClassURI();
RoleLevel roleLevel = getRoleLevelFromMap(
domainURI, property.getURI(), rangeURI, thresholdMap);
if (roleLevel == null) {
roleLevel = getRoleLevelFromMap(
OWL.Thing.getURI(), property.getURI(), OWL.Thing.getURI(),
thresholdMap);
}
return roleLevel;
}
private RoleLevel getRoleLevelFromMap(String domainURI,
String predicateURI,
String rangeURI,
Map<Pair<String, Pair<String,String>>, RoleLevel> map) {
return map.get(
new Pair<String, Pair<String,String>>(
domainURI, new Pair<String,String>(
predicateURI, rangeURI)));
}
/**
* Find all the resources that possess this property, and map the resource
* URI to the required RoleLevel.
*/
private static void populateThresholdMap(OntModel model,
Map<String, RoleLevel> map, String propertyUri) {
Map<Pair<String,Pair<String,String>>, RoleLevel> map, String propertyUri) {
model.enterCriticalSection(Lock.READ);
try {
Property property = model.getProperty(propertyUri);
com.hp.hpl.jena.rdf.model.Property property = model.getProperty(propertyUri);
StmtIterator stmts = model.listStatements((Resource) null,
property, (Resource) null);
while (stmts.hasNext()) {
@ -147,7 +193,29 @@ public class PropertyRestrictionPolicyHelper {
}
Resource object = (Resource) objectNode;
RoleLevel role = RoleLevel.getRoleByUri(object.getURI());
map.put(subject.getURI(), role);
map.put(new Pair<String,Pair<String,String>>(
OWL.Thing.getURI(), new Pair<String,String>(
subject.getURI(), OWL.Thing.getURI())), role);
ObjectProperty op = new ObjectProperty();
op.setURI(subject.getURI());
List<ObjectProperty> fauxOps = ApplicationConfigurationOntologyUtils
.getAdditionalFauxSubproperties(op, null, model, model);
for (ObjectProperty faux : fauxOps) {
role = null;
if(VitroVocabulary.PROHIBITED_FROM_UPDATE_BELOW_ROLE_LEVEL_ANNOT
.equals(propertyUri)) {
role = faux.getProhibitedFromUpdateBelowRoleLevel();
} else if (VitroVocabulary.HIDDEN_FROM_DISPLAY_BELOW_ROLE_LEVEL_ANNOT
.equals(propertyUri)) {
role = faux.getHiddenFromDisplayBelowRoleLevel();
}
if (role != null) {
log.info("Putting D:" + faux.getDomainVClassURI() + " P:" + subject.getURI() + " R:" + faux.getRangeVClassURI() + " ==> L:" + role);
map.put(new Pair<String,Pair<String,String>>(
faux.getDomainVClassURI(), new Pair<String,String>(
subject.getURI(), faux.getRangeVClassURI())), role);
}
}
}
stmts.close();
} finally {
@ -175,15 +243,14 @@ public class PropertyRestrictionPolicyHelper {
* These URIs can be displayed only if the user's role is at least as high
* as the threshold role.
*/
private final Map<String, RoleLevel> displayThresholdMap;
private final Map<Pair<String, Pair<String,String>>, RoleLevel> displayThresholdMap;
/**
* These URIs can be modified only if the user's role is at least as high as
* the threshold role.
*/
private final Map<String, RoleLevel> modifyThresholdMap;
private final Map<Pair<String, Pair<String,String>>, RoleLevel> modifyThresholdMap;
private final Model displayModel;
/**
* Store unmodifiable versions of the inputs.
@ -194,14 +261,15 @@ public class PropertyRestrictionPolicyHelper {
protected PropertyRestrictionPolicyHelper(
Collection<String> modifyProhibitedNamespaces,
Collection<String> modifyExceptionsAllowedUris,
Map<String, RoleLevel> displayThresholdMap,
Map<String, RoleLevel> modifyThresholdMap,
Map<Pair<String, Pair<String,String>>, RoleLevel> displayThresholdMap,
Map<Pair<String, Pair<String,String>>, RoleLevel> modifyThresholdMap,
Model displayModel) {
this.modifyProhibitedNamespaces = unmodifiable(modifyProhibitedNamespaces);
this.modifyExceptionsAllowedUris = unmodifiable(modifyExceptionsAllowedUris);
this.displayThresholdMap = unmodifiable(displayThresholdMap);
this.modifyThresholdMap = unmodifiable(modifyThresholdMap);
this.displayModel = displayModel;
this.displayThresholdMap = displayThresholdMap;
this.modifyThresholdMap = modifyThresholdMap;
// this.displayThresholdMap = unmodifiable(displayThresholdMap);
// this.modifyThresholdMap = unmodifiable(modifyThresholdMap);
if (log.isDebugEnabled()) {
log.debug("prohibited: " + this.modifyProhibitedNamespaces);
@ -219,6 +287,7 @@ public class PropertyRestrictionPolicyHelper {
}
}
@SuppressWarnings("unused")
private Map<String, RoleLevel> unmodifiable(Map<String, RoleLevel> raw) {
if (raw == null) {
return Collections.emptyMap();
@ -271,32 +340,21 @@ public class PropertyRestrictionPolicyHelper {
log.debug("can modify resource '" + resourceUri + "'");
return true;
}
public boolean canDisplayPredicate(String predicateUri, RoleLevel userRole) {
return canDisplayPredicate(predicateUri, null, userRole);
}
/**
* If display of a predicate is restricted, the user's role must be at least
* as high as the restriction level.
*/
public boolean canDisplayPredicate(String predicateUri, String rangeUri, RoleLevel userRole) {
public boolean canDisplayPredicate(Property predicate, RoleLevel userRole) {
//TODO change
String predicateUri = predicate.getURI();
if (predicateUri == null) {
log.debug("can't display predicate: predicateUri was null");
return false;
}
RoleLevel displayThreshold = RoleLevel.NOBODY;
if (rangeUri == null) {
displayThreshold = displayThresholdMap.get(predicateUri);
} else {
log.debug("Getting display threshold for " + predicateUri + " " + rangeUri);
displayThreshold = getDisplayThreshold(predicateUri, rangeUri);
if (displayThreshold == null) {
displayThreshold = displayThresholdMap.get(predicateUri);
}
log.debug(displayThreshold);
}
RoleLevel displayThreshold = getThreshold(predicate, displayThresholdMap);
if (isAuthorized(userRole, displayThreshold)) {
log.debug("can display predicate: '" + predicateUri
@ -310,44 +368,6 @@ public class PropertyRestrictionPolicyHelper {
return false;
}
/**
* Gets the role level threshold for displaying a predicate with a particular
* object class
* @param predicateUri
* @param rangeUri
* @return RoleLevel threshold
*/
private RoleLevel getDisplayThreshold(String predicateUri, String rangeUri) {
String query = "PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#> \n" +
"PREFIX config: <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#> \n" +
"PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n" +
"SELECT ?level WHERE { \n" +
// " ?p rdfs:subPropertyOf ?property . \n" +
" ?context config:configContextFor ?p . \n" +
" ?context config:qualifiedBy ?range . \n" +
" ?context config:hasConfiguration ?configuration . \n" +
" ?configuration vitro:hiddenFromDisplayBelowRoleLevelAnnot ?level \n" +
"}";
Query q = QueryFactory.create(query);
QueryExecution qe = QueryExecutionFactory.create(q, displayModel);
try {
ResultSet rs = qe.execSelect();
if (!rs.hasNext()) {
return null;
}
while(rs.hasNext()) {
QuerySolution qsoln = rs.nextSolution();
Resource levelRes = qsoln.getResource("level");
if (levelRes != null) {
return RoleLevel.getRoleByUri(levelRes.getURI());
}
}
} finally {
qe.close();
}
return null;
}
/**
* A predicate cannot be modified if its namespace is in the prohibited list
* (some exceptions are allowed).
@ -355,32 +375,36 @@ public class PropertyRestrictionPolicyHelper {
* If modification of a predicate is restricted, the user's role must be at
* least as high as the restriction level.
*/
public boolean canModifyPredicate(String predicateUri, RoleLevel userRole) {
if (predicateUri == null) {
log.debug("can't modify predicate: predicateUri was null");
public boolean canModifyPredicate(Property predicate, RoleLevel userRole) {
if (predicate == null || predicate.getURI() == null) {
log.debug("can't modify predicate: predicate was null");
return false;
}
if (modifyProhibitedNamespaces.contains(namespace(predicateUri))) {
if (modifyExceptionsAllowedUris.contains(predicateUri)) {
log.debug("'" + predicateUri + "' is a permitted exception");
if (modifyProhibitedNamespaces.contains(namespace(predicate.getURI()))) {
if (modifyExceptionsAllowedUris.contains(predicate.getURI())) {
log.debug("'" + predicate.getURI() + "' is a permitted exception");
} else {
log.debug("can't modify resource '" + predicateUri
log.debug("can't modify resource '" + predicate.getURI()
+ "': prohibited namespace: '"
+ namespace(predicateUri) + "'");
+ namespace(predicate.getURI()) + "'");
return false;
}
}
RoleLevel modifyThreshold = modifyThresholdMap.get(predicateUri);
RoleLevel modifyThreshold = getModifyThreshold(predicate);
if (isAuthorized(userRole, modifyThreshold)) {
log.debug("can modify predicate: '" + predicateUri + "', userRole="
log.debug("can modify predicate: '" + predicate.getURI() + "', domain="
+ predicate.getDomainVClassURI() + ", range="
+ predicate.getRangeVClassURI() + ", userRole="
+ userRole + ", thresholdRole=" + modifyThreshold);
return true;
}
log.debug("can't modify predicate: '" + predicateUri + "', userRole="
+ userRole + ", thresholdRole=" + modifyThreshold);
log.debug("can't modify predicate: '" + predicate.getURI() + "', domain="
+ predicate.getDomainVClassURI() + ", range="
+ predicate.getRangeVClassURI() + ", userRole="
+ userRole + ", thresholdRole=" + modifyThreshold);
return false;
}
@ -422,7 +446,7 @@ public class PropertyRestrictionPolicyHelper {
throw new NullPointerException(
"display model has not been initialized.");
}
PropertyRestrictionPolicyHelper bean = PropertyRestrictionPolicyHelper
.createBean(model, displayModel);
PropertyRestrictionPolicyHelper.setBean(ctx, bean);

5
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/specialrelationships/AbstractRelationshipPolicy.java
View file

@ -13,6 +13,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
/**
* A collection of building-block methods so we can code a policy based on the
@ -34,9 +35,9 @@ public abstract class AbstractRelationshipPolicy implements PolicyIface {
uri, RoleLevel.SELF);
}
protected boolean canModifyPredicate(String uri) {
protected boolean canModifyPredicate(Property predicate) {
return PropertyRestrictionPolicyHelper.getBean(ctx).canModifyPredicate(
uri, RoleLevel.SELF);
predicate, RoleLevel.SELF);
}
protected PolicyDecision cantModifyResource(String uri) {

3
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/RequestActionConstants.java
View file

@ -2,9 +2,12 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
public class RequestActionConstants {
public static String actionNamespace = "java:";
public static String SOME_URI = "?SOME_URI";
public static Property SOME_PREDICATE = new Property(SOME_URI);
public static String SOME_LITERAL = "?SOME_LITERAL";
}

12
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractDataPropertyStatementAction.java
View file

@ -5,6 +5,7 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
import com.hp.hpl.jena.ontology.OntModel;
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
/**
* A base class for requested actions that involve adding, editing, or dropping
@ -14,12 +15,16 @@ public abstract class AbstractDataPropertyStatementAction extends
AbstractPropertyStatementAction {
private final String subjectUri;
private final String predicateUri;
private final Property predicate;
public AbstractDataPropertyStatementAction(OntModel ontModel,
String subjectUri, String predicateUri) {
super(ontModel);
this.subjectUri = subjectUri;
this.predicateUri = predicateUri;
Property dataProperty = new Property();
dataProperty.setURI(predicateUri);
this.predicate = dataProperty;
}
public AbstractDataPropertyStatementAction(OntModel ontModel,
@ -28,12 +33,19 @@ public abstract class AbstractDataPropertyStatementAction extends
this.subjectUri = (dps.getIndividual() == null) ? dps
.getIndividualURI() : dps.getIndividual().getURI();
this.predicateUri = dps.getDatapropURI();
Property dataProperty = new Property();
dataProperty.setURI(predicateUri);
this.predicate = dataProperty;
}
public String getSubjectUri() {
return subjectUri;
}
public Property getPredicate() {
return predicate;
}
@Override
public String getPredicateUri() {
return predicateUri;

18
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractObjectPropertyStatementAction.java
View file

@ -5,6 +5,7 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
import com.hp.hpl.jena.ontology.OntModel;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
/**
* A base class for requested actions that involve adding, editing, or deleting
@ -13,14 +14,14 @@ import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
public abstract class AbstractObjectPropertyStatementAction extends
AbstractPropertyStatementAction {
private final String subjectUri;
private final String predicateUri;
private final Property predicate;
private final String objectUri;
public AbstractObjectPropertyStatementAction(OntModel ontModel, String subjectUri,
String predicateUri, String objectUri) {
Property predicate, String objectUri) {
super(ontModel);
this.subjectUri = subjectUri;
this.predicateUri = predicateUri;
this.predicate = predicate;
this.objectUri = objectUri;
}
@ -28,8 +29,7 @@ public abstract class AbstractObjectPropertyStatementAction extends
super(ontModel);
this.subjectUri = (ops.getSubject() == null) ? ops.getSubjectURI()
: ops.getSubject().getURI();
this.predicateUri = (ops.getProperty() == null) ? ops.getPropertyURI()
: ops.getProperty().getURI();
this.predicate = (ops.getProperty());
this.objectUri = (ops.getObject() == null) ? ops.getObjectURI() : ops
.getObject().getURI();
}
@ -42,9 +42,13 @@ public abstract class AbstractObjectPropertyStatementAction extends
return objectUri;
}
public Property getPredicate() {
return predicate;
}
@Override
public String getPredicateUri() {
return predicateUri;
return predicate.getURI();
}
@Override
@ -55,6 +59,6 @@ public abstract class AbstractObjectPropertyStatementAction extends
@Override
public String toString() {
return this.getClass().getSimpleName() + ": <" + subjectUri + "> <"
+ predicateUri + "> <" + objectUri + ">";
+ predicate.getURI() + "> <" + objectUri + ">";
}
}

3
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AbstractPropertyStatementAction.java
View file

@ -5,6 +5,7 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
import com.hp.hpl.jena.ontology.OntModel;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
/**
* A base class for requested actions that involve adding, editing, or deleting
@ -27,5 +28,7 @@ public abstract class AbstractPropertyStatementAction extends RequestedAction {
*/
public abstract String[] getResourceUris();
public abstract Property getPredicate();
public abstract String getPredicateUri();
}

5
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/AddObjectPropertyStatement.java
View file

@ -5,6 +5,7 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
import com.hp.hpl.jena.ontology.OntModel;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
/**
* Should we allow the user to add this ObjectPropertyStatement to this model?
@ -12,8 +13,8 @@ import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
public class AddObjectPropertyStatement extends
AbstractObjectPropertyStatementAction {
public AddObjectPropertyStatement(OntModel ontModel, String uriOfSub,
String uriOfPred, String uriOfObj) {
super(ontModel, uriOfSub, uriOfPred, uriOfObj);
Property predicate, String uriOfObj) {
super(ontModel, uriOfSub, predicate, uriOfObj);
}
public AddObjectPropertyStatement(OntModel ontModel,

3
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/DropObjectPropertyStatement.java
View file

@ -5,6 +5,7 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
import com.hp.hpl.jena.ontology.OntModel;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
/**
* Should we allow the user to delete this ObjectPropertyStatement from this
@ -13,7 +14,7 @@ import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
public class DropObjectPropertyStatement extends
AbstractObjectPropertyStatementAction {
public DropObjectPropertyStatement(OntModel ontModel, String sub,
String pred, String obj) {
Property pred, String obj) {
super(ontModel, sub, pred, obj);
}

5
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/propstmt/EditObjectPropertyStatement.java
View file

@ -5,6 +5,7 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt;
import com.hp.hpl.jena.ontology.OntModel;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
/**
* Should we allow the user to edit this ObjectPropertyStatement in this model?
@ -12,8 +13,8 @@ import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
public class EditObjectPropertyStatement extends
AbstractObjectPropertyStatementAction {
public EditObjectPropertyStatement(OntModel ontModel, String subjectUri,
String keywordPredUri, String objectUri) {
super(ontModel, subjectUri, keywordPredUri, objectUri);
Property keywordPred, String objectUri) {
super(ontModel, subjectUri, keywordPred, objectUri);
}
public EditObjectPropertyStatement(OntModel ontModel,

8
webapp/src/edu/cornell/mannlib/vitro/webapp/beans/ObjectProperty.java
View file

@ -78,10 +78,12 @@ public class ObjectProperty extends Property implements Comparable<ObjectPropert
e.writeObject(this);
}
@Override
public String getDomainVClassURI() {
return domainVClassURI;
}
@Override
public void setDomainVClassURI(String domainClassURI) {
this.domainVClassURI = domainClassURI;
}
@ -111,9 +113,13 @@ public class ObjectProperty extends Property implements Comparable<ObjectPropert
public void setParentURI(String parentURI) {
this.parentURI = parentURI;
}
@Override
public String getRangeVClassURI() {
return rangeVClassURI;
}
@Override
public void setRangeVClassURI(String rangeClassURI) {
this.rangeVClassURI = rangeClassURI;
}

22
webapp/src/edu/cornell/mannlib/vitro/webapp/beans/Property.java
View file

@ -15,11 +15,17 @@ public class Property extends BaseResourceBean {
private String groupURI = null;
private String label = null; // keep so can set in a context-specific way
private final boolean subjectSide = true; // only relevant to ObjectProperty
private String domainVClassURI = null;
private String rangeVClassURI = null;
public Property() {
this.groupURI = null;
this.label = null;
}
public Property(String URI) {
this.setURI(URI);
}
public String getCustomEntryForm() {
return customEntryForm;
@ -43,6 +49,22 @@ public class Property extends BaseResourceBean {
this.label = label;
}
public String getDomainVClassURI() {
return this.domainVClassURI;
}
public void setDomainVClassURI(String domainVClassURI) {
this.domainVClassURI = domainVClassURI;
}
public String getRangeVClassURI() {
return this.rangeVClassURI;
}
public void setRangeVClassURI(String rangeVClassURI) {
this.rangeVClassURI = rangeVClassURI;
}
public boolean isSubjectSide() {
return subjectSide;
}

2
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/admin/ShowAuthController.java
View file

@ -91,7 +91,7 @@ public class ShowAuthController extends FreemarkerHttpServlet {
private boolean mayEditIndividual(VitroRequest vreq, String individualUri) {
RequestedAction action = new EditObjectPropertyStatement(
vreq.getJenaOntModel(), individualUri,
RequestActionConstants.SOME_URI,
RequestActionConstants.SOME_PREDICATE,
RequestActionConstants.SOME_URI);
return PolicyHelper.isAuthorizedForActions(vreq, action);
}

10
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java
View file

@ -23,6 +23,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectP
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.ParamMap;
@ -146,20 +147,23 @@ public class ImageUploadController extends FreemarkerHttpServlet {
String action = vreq.getParameter(PARAMETER_ACTION);
Individual entity = validateEntityUri(vreq);
String imageUri = entity.getMainImageUri();
Property indMainImage = new Property();
indMainImage.setURI(VitroVocabulary.IND_MAIN_IMAGE);
RequestedAction ra;
if (ACTION_DELETE.equals(action)
|| ACTION_DELETE_EDIT.equals(action)) {
ra = new DropObjectPropertyStatement(vreq.getJenaOntModel(),
entity.getURI(), VitroVocabulary.IND_MAIN_IMAGE,
entity.getURI(), indMainImage,
imageUri);
} else if (imageUri != null) {
ra = new EditObjectPropertyStatement(vreq.getJenaOntModel(),
entity.getURI(), VitroVocabulary.IND_MAIN_IMAGE,
entity.getURI(), indMainImage,
imageUri);
} else {
ra = new AddObjectPropertyStatement(vreq.getJenaOntModel(),
entity.getURI(), VitroVocabulary.IND_MAIN_IMAGE,
entity.getURI(), indMainImage,
RequestActionConstants.SOME_URI);
}
return new Actions(ra);

167
webapp/src/edu/cornell/mannlib/vitro/webapp/utils/ApplicationConfigurationOntologyUtils.java
View file

@ -23,6 +23,7 @@ import com.hp.hpl.jena.rdf.model.Resource;
import com.hp.hpl.jena.rdf.model.ResourceFactory;
import com.hp.hpl.jena.vocabulary.RDFS;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
import edu.cornell.mannlib.vitro.webapp.beans.VClass;
@ -41,86 +42,118 @@ public class ApplicationConfigurationOntologyUtils {
return getAdditionalFauxSubpropertiesForList(propList, subject, displayModel, tboxModel);
}
public static List<ObjectProperty> getAdditionalFauxSubproperties(ObjectProperty op,
Individual subject,
Model tboxModel,
Model union) {
List<ObjectProperty> additionalProps = new ArrayList<ObjectProperty>();
String propQuery = "PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#> \n" +
"PREFIX config: <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#> \n" +
"PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n" +
"SELECT DISTINCT ?range ?domain ?label ?group ?customForm ?displayLevel ?updateLevel WHERE { \n" +
// " ?p rdfs:subPropertyOf ?property . \n" +
" ?context config:configContextFor ?property . \n" +
" ?context config:qualifiedBy ?range . \n" +
" ?context config:hasConfiguration ?configuration . \n" +
" OPTIONAL { ?context config:qualifiedByDomain ?domain } \n" +
" OPTIONAL { ?configuration config:propertyGroup ?group } \n" +
" OPTIONAL { ?configuration config:displayName ?label } \n" +
" OPTIONAL { ?configuration vitro:customEntryFormAnnot ?customForm } \n" +
" OPTIONAL { ?configuration vitro:hiddenFromDisplayBelowRoleLevelAnnot ?displayLevel } \n" +
" OPTIONAL { ?configuration vitro:prohibitedFromUpdateBelowRoleLevelAnnot ?updateLevel } \n" +
"}";
log.debug("Checking " + op.getURI() + " for additional properties");
String queryStr = propQuery.replaceAll("\\?property", "<" + op.getURI() + ">");
log.debug(queryStr);
Query q = QueryFactory.create(queryStr);
QueryExecution qe = QueryExecutionFactory.create(q, union);
try {
ResultSet rs = qe.execSelect();
while (rs.hasNext()) {
ObjectProperty newProp = new ObjectProperty();
newProp.setURI(op.getURI());
QuerySolution qsoln = rs.nextSolution();
log.debug(qsoln);
Resource domainRes = qsoln.getResource("domain");
if(domainRes != null) {
if(!appropriateDomain(
domainRes, subject, tboxModel)) {
continue;
} else {
newProp.setDomainVClassURI(domainRes.getURI());
}
} else {
newProp.setDomainVClassURI(op.getDomainVClassURI());
}
Resource rangeRes = qsoln.getResource("range");
if (rangeRes != null) {
newProp.setRangeVClassURI(rangeRes.getURI());
} else {
newProp.setRangeVClassURI(op.getRangeVClassURI());
}
Resource groupRes = qsoln.getResource("group");
if (groupRes != null) {
newProp.setGroupURI(groupRes.getURI());
} else {
newProp.setGroupURI(op.getURI());
}
Literal labelLit = qsoln.getLiteral("label");
if (labelLit != null) {
newProp.setDomainPublic(labelLit.getLexicalForm());
} else {
newProp.setDomainPublic(op.getDomainPublic());
}
Literal customFormLit = qsoln.getLiteral("customForm");
if (customFormLit != null) {
newProp.setCustomEntryForm(customFormLit.getLexicalForm());
} else {
newProp.setCustomEntryForm(op.getCustomEntryForm());
}
Resource displayLevelRes = qsoln.getResource("displayLevel");
if (displayLevelRes != null) {
newProp.setHiddenFromDisplayBelowRoleLevel(
BaseResourceBean.RoleLevel.getRoleByUri(
displayLevelRes.getURI()));
}
Resource updateLevelRes = qsoln.getResource("updateLevel");
if (updateLevelRes != null) {
log.info("updateLevel!");
newProp.setProhibitedFromUpdateBelowRoleLevel(
BaseResourceBean.RoleLevel.getRoleByUri(
updateLevelRes.getURI()));
}
additionalProps.add(newProp);
}
} finally {
qe.close();
}
return additionalProps;
}
public static List<ObjectProperty> getAdditionalFauxSubpropertiesForList(List<ObjectProperty> propList,
Individual subject,
Model displayModel,
Model tboxModel) {
List<ObjectProperty> additionalProps = new ArrayList<ObjectProperty>();
Model union = ModelFactory.createUnion(displayModel, tboxModel);
String propQuery = "PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#> \n" +
"PREFIX config: <http://vitro.mannlib.cornell.edu/ns/vitro/ApplicationConfiguration#> \n" +
"PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n" +
"SELECT DISTINCT ?range ?domain ?label ?group ?customForm WHERE { \n" +
" ?p rdfs:subPropertyOf ?property . \n" +
" ?context config:configContextFor ?p . \n" +
" ?context config:qualifiedBy ?range . \n" +
" ?context config:hasConfiguration ?configuration . \n" +
" OPTIONAL { ?context config:qualifiedByDomain ?domain } \n" +
" OPTIONAL { ?configuration config:propertyGroup ?group } \n" +
" OPTIONAL { ?configuration config:displayName ?label } \n" +
" OPTIONAL { ?configuration vitro:customEntryFormAnnot ?customForm } \n" +
"}";
for (ObjectProperty op : propList) {
log.debug("Checking " + op.getURI() + " for additional properties");
String queryStr = propQuery.replaceAll("\\?property", "<" + op.getURI() + ">");
log.debug(queryStr);
Query q = QueryFactory.create(queryStr);
QueryExecution qe = QueryExecutionFactory.create(q, union);
try {
ResultSet rs = qe.execSelect();
while (rs.hasNext()) {
ObjectProperty newProp = new ObjectProperty();
newProp.setURI(op.getURI());
QuerySolution qsoln = rs.nextSolution();
log.debug(qsoln);
Resource domainRes = qsoln.getResource("domain");
if(domainRes != null) {
if(!appropriateDomain(domainRes, subject, tboxModel)) {
continue;
} else {
newProp.setDomainVClassURI(domainRes.getURI());
}
} else {
newProp.setDomainVClassURI(op.getDomainVClassURI());
}
Resource rangeRes = qsoln.getResource("range");
if (rangeRes != null) {
newProp.setRangeVClassURI(rangeRes.getURI());
} else {
newProp.setRangeVClassURI(op.getRangeVClassURI());
}
Resource groupRes = qsoln.getResource("group");
if (groupRes != null) {
newProp.setGroupURI(groupRes.getURI());
} else {
newProp.setGroupURI(op.getURI());
}
Literal labelLit = qsoln.getLiteral("label");
if (labelLit != null) {
newProp.setDomainPublic(labelLit.getLexicalForm());
} else {
newProp.setDomainPublic(op.getDomainPublic());
}
Literal customFormLit = qsoln.getLiteral("customForm");
if (customFormLit != null) {
newProp.setCustomEntryForm(customFormLit.getLexicalForm());
} else {
newProp.setCustomEntryForm(op.getCustomEntryForm());
}
additionalProps.add(newProp);
}
} finally {
qe.close();
}
}
for (ObjectProperty op : propList) {
propList.addAll(getAdditionalFauxSubproperties(op, subject, tboxModel, union));
}
return additionalProps;
}
private static boolean appropriateDomain(Resource domainRes, Individual subject, Model tboxModel) {
if (subject == null) {
return true;
}
for (VClass vclass : subject.getVClasses()) {
if ((vclass.getURI() != null) &&
((vclass.getURI().equals(domainRes.getURI()) ||

7
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/edit/EditConfigurationTemplateModel.java
View file

@ -453,13 +453,14 @@ public class EditConfigurationTemplateModel extends BaseTemplateModel {
String objectKey = vreq.getParameter("objectKey");
statementDisplay.put(objectKey, objectUri);
ObjectProperty predicate = new ObjectProperty();
predicate.setURI(predicateUri);
//Using object property statement template model here
ObjectPropertyStatementTemplateModel osm = new ObjectPropertyStatementTemplateModel(
subjectUri,
predicateUri,
predicate,
objectKey,
null,
null,
statementDisplay,
null, vreq);
ReadOnlyBeansWrapper wrapper = new ReadOnlyBeansWrapper();

2
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
View file

@ -117,7 +117,7 @@ public abstract class BaseIndividualTemplateModel extends BaseTemplateModel {
RequestActionConstants.SOME_URI);
AddObjectPropertyStatement aops = new AddObjectPropertyStatement(
vreq.getJenaOntModel(), individual.getURI(),
RequestActionConstants.SOME_URI,
RequestActionConstants.SOME_PREDICATE,
RequestActionConstants.SOME_URI);
return PolicyHelper.isAuthorizedForActions(vreq, new Actions(adps).or(aops));
}

7
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/CollatedObjectPropertyTemplateModel.java
View file

@ -18,6 +18,7 @@ import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
import edu.cornell.mannlib.vitro.webapp.beans.VClass;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.dao.VClassDao;
@ -58,7 +59,7 @@ public class CollatedObjectPropertyTemplateModel extends ObjectPropertyTemplateM
postprocess(statementData);
/* Collate the data */
subclasses = collate(subjectUri, propertyUri, statementData, editing);
subclasses = collate(subjectUri, op, statementData, editing);
for (SubclassTemplateModel subclass : subclasses) {
List<ObjectPropertyStatementTemplateModel> list = subclass.getStatements();
@ -188,7 +189,7 @@ public class CollatedObjectPropertyTemplateModel extends ObjectPropertyTemplateM
}
// Collate the statements by subclass.
private List<SubclassTemplateModel> collate(String subjectUri, String propertyUri,
private List<SubclassTemplateModel> collate(String subjectUri, ObjectProperty property,
List<Map<String, String>> statementData, boolean editing) {
String objectKey = getObjectKey();
@ -218,7 +219,7 @@ public class CollatedObjectPropertyTemplateModel extends ObjectPropertyTemplateM
}
listForThisSubclass.add(new ObjectPropertyStatementTemplateModel(subjectUri,
propertyUri, domainUri, rangeUri, objectKey, map, getTemplateName(), vreq));
property, objectKey, map, getTemplateName(), vreq));
}

15
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyStatementTemplateModel.java
View file

@ -13,12 +13,14 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPr
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.ParamMap;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.RdfLiteralHash;
public class DataPropertyStatementTemplateModel extends PropertyStatementTemplateModel {
private static final Log log = LogFactory.getLog(DataPropertyStatementTemplateModel.class);
@ -28,9 +30,10 @@ public class DataPropertyStatementTemplateModel extends PropertyStatementTemplat
private final String templateName;
//Extended to include vitro request to check for special parameters
public DataPropertyStatementTemplateModel(String subjectUri, String propertyUri, Literal literal,
public DataPropertyStatementTemplateModel(String subjectUri, Property property, Literal literal,
String templateName, VitroRequest vreq) {
super(subjectUri, propertyUri, vreq);
super(subjectUri, property, vreq);
this.literalValue = literal;
this.templateName = templateName;
@ -50,7 +53,7 @@ public class DataPropertyStatementTemplateModel extends PropertyStatementTemplat
ParamMap params = new ParamMap(
"subjectUri", subjectUri,
"predicateUri", propertyUri,
"predicateUri", property.getURI(),
"datapropKey", makeHash(dps),
"cmd", "delete");
@ -63,7 +66,7 @@ public class DataPropertyStatementTemplateModel extends PropertyStatementTemplat
private String makeEditUrl() {
// vitro:moniker is deprecated. We display existing data values so editors can
// move them to other properties and delete, but don't allow editing.
if ( propertyUri.equals(VitroVocabulary.MONIKER) ) {
if ( VitroVocabulary.MONIKER.equals(property.getURI()) ) {
return "";
}
@ -76,7 +79,7 @@ public class DataPropertyStatementTemplateModel extends PropertyStatementTemplat
ParamMap params = new ParamMap(
"subjectUri", subjectUri,
"predicateUri", propertyUri,
"predicateUri", property.getURI(),
"datapropKey", makeHash(dps));
if ( deleteUrl.isEmpty() ) {
@ -89,7 +92,7 @@ public class DataPropertyStatementTemplateModel extends PropertyStatementTemplat
}
private DataPropertyStatement makeStatement() {
DataPropertyStatement dps = new DataPropertyStatementImpl(subjectUri, propertyUri, literalValue.getLexicalForm());
DataPropertyStatement dps = new DataPropertyStatementImpl(subjectUri, property.getURI(), literalValue.getLexicalForm());
// Language and datatype are needed to get the correct hash value
dps.setLanguage(literalValue.getLanguage());
dps.setDatatypeURI(literalValue.getDatatypeURI());

2
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/DataPropertyTemplateModel.java
View file

@ -91,7 +91,7 @@ public class DataPropertyTemplateModel extends PropertyTemplateModel {
DataPropertyStatementDao dpDao = vreq.getWebappDaoFactory().getDataPropertyStatementDao();
List<Literal> values = dpDao.getDataPropertyValuesForIndividualByProperty(subject, dp, queryString, constructQueries);
for (Literal value : values) {
statements.add(new DataPropertyStatementTemplateModel(subjectUri, propertyUri, value, getTemplateName(), vreq));
statements.add(new DataPropertyStatementTemplateModel(subjectUri, dp, value, getTemplateName(), vreq));
}
} else {
log.debug("Data property " + getUri() + " is unpopulated.");

13
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/EditLinkSuppressor.java
View file

@ -8,6 +8,7 @@ import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
/**
@ -73,22 +74,22 @@ public class EditLinkSuppressor {
/**
* Should we suppress the Edit link on this property?
*/
public boolean isEditLinkSuppressed(String propertyUri) {
if (propertyUri == null) {
public boolean isEditLinkSuppressed(Property property) {
if (property == null || property.getURI() == null) {
log.error("Suppressing the edit link on a null property.");
return true;
}
return suppressEditLinksForThese.contains(propertyUri);
return suppressEditLinksForThese.contains(property.getURI());
}
/**
* Should we suppress the Delete link on this property?
*/
public boolean isDeleteLinkSuppressed(String propertyUri) {
if (propertyUri == null) {
public boolean isDeleteLinkSuppressed(Property property) {
if (property == null || property.getURI() == null) {
log.error("Suppressing the delete link on a null property.");
return true;
}
return suppressDeleteLinksForThese.contains(propertyUri);
return suppressDeleteLinksForThese.contains(property.getURI());
}
}

7
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/NameStatementTemplateModel.java
View file

@ -14,6 +14,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.ParamMap;
@ -37,7 +38,7 @@ public class NameStatementTemplateModel extends PropertyStatementTemplateModel {
private final String editUrl;
NameStatementTemplateModel(String subjectUri, VitroRequest vreq) {
super(subjectUri, VitroVocabulary.LABEL, vreq);
super(subjectUri, new Property(VitroVocabulary.LABEL), vreq);
// NIHVIVO-2466 Use the same methods to get the label that are used elsewhere in the
// application, to guarantee consistent results for individuals with multiple labels
@ -69,7 +70,7 @@ public class NameStatementTemplateModel extends PropertyStatementTemplateModel {
ParamMap params = new ParamMap(
"subjectUri", subjectUri,
"predicateUri", propertyUri,
"predicateUri", property.getURI(),
"datapropKey", makeHash(dps),
"deleteProhibited", "prohibited");
@ -80,7 +81,7 @@ public class NameStatementTemplateModel extends PropertyStatementTemplateModel {
private DataPropertyStatement makeStatement(Literal literalValue) {
DataPropertyStatement dps = new DataPropertyStatementImpl(subjectUri,
propertyUri, literalValue.getLexicalForm());
property.getURI(), literalValue.getLexicalForm());
// Language and datatype are needed to get the correct hash value
dps.setLanguage(literalValue.getLanguage());
dps.setDatatypeURI(literalValue.getDatatypeURI());

40
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyStatementTemplateModel.java
View file

@ -13,8 +13,10 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatementImpl;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.ParamMap;
@ -31,14 +33,9 @@ public class ObjectPropertyStatementTemplateModel extends PropertyStatementTempl
private final String editUrl;
private final String deleteUrl;
public ObjectPropertyStatementTemplateModel(String subjectUri, String propertyUri, String rangeUri, String objectKey,
public ObjectPropertyStatementTemplateModel(String subjectUri, ObjectProperty predicate, String objectKey,
Map<String, String> data, String templateName, VitroRequest vreq) {
this (subjectUri, propertyUri, null, rangeUri, objectKey, data, templateName, vreq);
}
public ObjectPropertyStatementTemplateModel(String subjectUri, String propertyUri, String domainUri, String rangeUri, String objectKey,
Map<String, String> data, String templateName, VitroRequest vreq) {
super(subjectUri, propertyUri, vreq);
super(subjectUri, predicate, vreq);
this.data = Collections.unmodifiableMap(new HashMap<String, String>(data));
this.objectUri = data.get(objectKey);
@ -46,33 +43,34 @@ public class ObjectPropertyStatementTemplateModel extends PropertyStatementTempl
//to keep track of later
this.objectKey = objectKey;
ObjectPropertyStatement ops = new ObjectPropertyStatementImpl(subjectUri, propertyUri, objectUri);
ObjectPropertyStatement ops = new ObjectPropertyStatementImpl(subjectUri, property.getURI(), objectUri);
ops.setProperty(predicate);
// Do delete url first, since it is used in building edit url
this.deleteUrl = makeDeleteUrl();
this.editUrl = makeEditUrl(ops, domainUri, rangeUri);
this.editUrl = makeEditUrl(ops);
}
private String makeDeleteUrl() {
// Is the delete link suppressed for this property?
if (new EditLinkSuppressor(vreq).isDeleteLinkSuppressed(propertyUri)) {
if (new EditLinkSuppressor(vreq).isDeleteLinkSuppressed(property)) {
return "";
}
// Determine whether the statement can be deleted
RequestedAction action = new DropObjectPropertyStatement(
vreq.getJenaOntModel(), subjectUri, propertyUri, objectUri);
vreq.getJenaOntModel(), subjectUri, property, objectUri);
if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) {
return "";
}
if (propertyUri.equals(VitroVocabulary.IND_MAIN_IMAGE)) {
if (VitroVocabulary.IND_MAIN_IMAGE.equals(property.getURI())) {
return ObjectPropertyTemplateModel.getImageUploadUrl(subjectUri, "delete");
}
ParamMap params = new ParamMap(
"subjectUri", subjectUri,
"predicateUri", propertyUri,
"predicateUri", property.getURI(),
"objectUri", objectUri,
"cmd", "delete",
"objectKey", objectKey);
@ -95,9 +93,9 @@ public class ObjectPropertyStatementTemplateModel extends PropertyStatementTempl
return UrlBuilder.getUrl(EDIT_PATH, params);
}
private String makeEditUrl(ObjectPropertyStatement ops, String domainUri, String rangeUri) {
private String makeEditUrl(ObjectPropertyStatement ops) {
// Is the edit link suppressed for this property?
if (new EditLinkSuppressor(vreq).isEditLinkSuppressed(propertyUri)) {
if (new EditLinkSuppressor(vreq).isEditLinkSuppressed(property)) {
return "";
}
@ -107,24 +105,24 @@ public class ObjectPropertyStatementTemplateModel extends PropertyStatementTempl
return "";
}
if (propertyUri.equals(VitroVocabulary.IND_MAIN_IMAGE)) {
if (VitroVocabulary.IND_MAIN_IMAGE.equals(property.getURI())) {
return ObjectPropertyTemplateModel.getImageUploadUrl(subjectUri, "edit");
}
ParamMap params = new ParamMap(
"subjectUri", subjectUri,
"predicateUri", propertyUri,
"predicateUri", property.getURI(),
"objectUri", objectUri);
if ( deleteUrl.isEmpty() ) {
params.put("deleteProhibited", "prohibited");
}
if (domainUri != null) {
params.put("domainUri", rangeUri);
if (ops.getProperty()!= null && ops.getProperty().getDomainVClassURI() != null) {
params.put("domainUri", ops.getProperty().getDomainVClassURI());
}
if (rangeUri != null) {
params.put("rangeUri", rangeUri);
if (ops.getProperty()!= null && ops.getProperty().getRangeVClassURI() != null) {
params.put("rangeUri", ops.getProperty().getRangeVClassURI());
}
params.putAll(UrlBuilder.getModelParams(vreq));

2
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/ObjectPropertyTemplateModel.java
View file

@ -116,7 +116,7 @@ public abstract class ObjectPropertyTemplateModel extends PropertyTemplateModel
// Determine whether a new statement can be added
RequestedAction action = new AddObjectPropertyStatement(
vreq.getJenaOntModel(), subjectUri, propertyUri,
vreq.getJenaOntModel(), subjectUri, property,
RequestActionConstants.SOME_URI);
if ( ! PolicyHelper.isAuthorizedForActions(vreq, action) ) {
return;

7
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyStatementTemplateModel.java
View file

@ -2,6 +2,7 @@
package edu.cornell.mannlib.vitro.webapp.web.templatemodels.individual;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.web.templatemodels.BaseTemplateModel;
@ -10,12 +11,12 @@ public abstract class PropertyStatementTemplateModel extends BaseTemplateModel {
protected final VitroRequest vreq;
protected final String subjectUri;
protected final String propertyUri;
protected final Property property;
PropertyStatementTemplateModel(String subjectUri, String propertyUri, VitroRequest vreq) {
PropertyStatementTemplateModel(String subjectUri, Property property, VitroRequest vreq) {
this.vreq = vreq;
this.subjectUri = subjectUri;
this.propertyUri = propertyUri;
this.property = property;
}
/* Template properties */

2
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyTemplateModel.java
View file

@ -28,6 +28,7 @@ public abstract class PropertyTemplateModel extends BaseTemplateModel {
protected final VitroRequest vreq;
protected final String subjectUri;
protected final Property property;
protected final String propertyUri;
protected String domainUri;
protected String rangeUri;
@ -41,6 +42,7 @@ public abstract class PropertyTemplateModel extends BaseTemplateModel {
PropertyTemplateModel(Property property, Individual subject, VitroRequest vreq) {
this.vreq = vreq;
subjectUri = subject.getURI();
this.property = property;
propertyUri = property.getURI();
localName = property.getLocalName();
log.debug("Local name for property " + propertyUri + ": " + localName);

2
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/UncollatedObjectPropertyTemplateModel.java
View file

@ -41,7 +41,7 @@ public class UncollatedObjectPropertyTemplateModel extends ObjectPropertyTemplat
String objectKey = getObjectKey();
for (Map<String, String> map : statementData) {
statements.add(new ObjectPropertyStatementTemplateModel(subjectUri,
propertyUri, rangeUri, objectKey, map, getTemplateName(), vreq));
op, objectKey, map, getTemplateName(), vreq));
}
postprocessStatementList(statements);

29
webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java
View file

@ -42,6 +42,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObject
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
public class SelfEditingPolicyTest extends AbstractTestClass {
@ -55,8 +56,8 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
private static final String UNSAFE_RESOURCE = UNSAFE_NS
+ "otherIndividual99999";
private static final String SAFE_PREDICATE = SAFE_NS + "hasHairStyle";
private static final String UNSAFE_PREDICATE = UNSAFE_NS + "hasSuperPowers";
private static final Property SAFE_PREDICATE = new Property(SAFE_NS + "hasHairStyle");
private static final Property UNSAFE_PREDICATE = new Property(UNSAFE_NS + "hasSuperPowers");
private ServletContextStub ctx;
@ -95,19 +96,19 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
PropertyRestrictionPolicyHelper.setBean(ctx, prph);
whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI,
"http://mannlib.cornell.edu/bad#prp234", SAFE_RESOURCE);
new Property("http://mannlib.cornell.edu/bad#prp234"), SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropertyStatement(ontModel, SAFE_RESOURCE,
"http://mannlib.cornell.edu/bad#prp234", SELFEDITOR_URI);
new Property("http://mannlib.cornell.edu/bad#prp234"), SELFEDITOR_URI);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI,
"http://mannlib.cornell.edu/bad#prp999", SAFE_RESOURCE);
new Property("http://mannlib.cornell.edu/bad#prp999"), SAFE_RESOURCE);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropertyStatement(ontModel, SAFE_RESOURCE,
"http://mannlib.cornell.edu/bad#prp999", SELFEDITOR_URI);
new Property("http://mannlib.cornell.edu/bad#prp999"), SELFEDITOR_URI);
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddObjectPropertyStatement(ontModel, SAFE_RESOURCE,
@ -132,11 +133,11 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddDataPropertyStatement(ontModel, SELFEDITOR_URI,
SAFE_PREDICATE);
SAFE_PREDICATE.getURI());
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new AddDataPropertyStatement(ontModel, SELFEDITOR_URI,
UNSAFE_PREDICATE);
UNSAFE_PREDICATE.getURI());
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
}
@ -218,16 +219,16 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
//
@Test
public void testVisitIdentifierBundleEditDataPropStmt() {
whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI,SAFE_PREDICATE);
whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI,SAFE_PREDICATE.getURI());
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI, UNSAFE_PREDICATE);
whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI, UNSAFE_PREDICATE.getURI());
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new EditDataPropertyStatement(ontModel, UNSAFE_RESOURCE, SAFE_PREDICATE);
whatToAuth = new EditDataPropertyStatement(ontModel, UNSAFE_RESOURCE, SAFE_PREDICATE.getURI());
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
whatToAuth = new EditDataPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE);
whatToAuth = new EditDataPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE.getURI());
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
}
@ -287,7 +288,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
public void twoSEIsFindDataPropertySubject() {
setUpTwoSEIs();
whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI, SAFE_PREDICATE);
whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI, SAFE_PREDICATE.getURI());
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
}
@ -295,7 +296,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
public void twoSEIsDontFindInDataProperty() {
setUpTwoSEIs();
whatToAuth = new EditDataPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE);
whatToAuth = new EditDataPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE.getURI());
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
}

7
webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy_2_Test.java
View file

@ -32,6 +32,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPr
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl;
import edu.cornell.mannlib.vitro.webapp.beans.Property;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
public class SelfEditingPolicy_2_Test extends AbstractTestClass {
@ -123,7 +124,7 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass {
@Test
public void nullIdentifierBundle() {
AddObjectPropertyStatement whatToAuth = new AddObjectPropertyStatement(
ontModel, SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE);
ontModel, SELFEDITOR_URI, new Property(SAFE_PREDICATE), SAFE_RESOURCE);
PolicyDecision dec = policy.isAuthorized(null, whatToAuth);
Assert.assertNotNull(dec);
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
@ -277,7 +278,7 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass {
private void assertAddObjectPropStmt(String uriOfSub, String uriOfPred,
String uriOfObj, Authorization expectedAuthorization) {
AddObjectPropertyStatement whatToAuth = new AddObjectPropertyStatement(
ontModel, uriOfSub, uriOfPred, uriOfObj);
ontModel, uriOfSub, new Property(uriOfPred), uriOfObj);
PolicyDecision dec = policy.isAuthorized(ids, whatToAuth);
log.debug(dec);
Assert.assertNotNull(dec);
@ -291,7 +292,7 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass {
private void assertEditObjPropStmt(String uriOfSub, String uriOfPred,
String uriOfObj, Authorization expectedAuthorization) {
EditObjectPropertyStatement whatToAuth = new EditObjectPropertyStatement(
ontModel, uriOfSub, uriOfPred, uriOfObj);
ontModel, uriOfSub, new Property(uriOfPred), uriOfObj);
PolicyDecision dec = policy.isAuthorized(ids, whatToAuth);
log.debug(dec);
Assert.assertNotNull(dec);

79
webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelperTest.java
View file

@ -18,7 +18,6 @@ import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.log4j.Level;
import org.junit.Before;
import org.junit.Test;
@ -27,6 +26,8 @@ import com.hp.hpl.jena.ontology.OntModelSpec;
import com.hp.hpl.jena.rdf.model.ModelFactory;
import com.hp.hpl.jena.rdf.model.Property;
import com.hp.hpl.jena.rdf.model.Resource;
import com.hp.hpl.jena.sdb.util.Pair;
import com.hp.hpl.jena.vocabulary.OWL;
import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
@ -58,17 +59,25 @@ public class PropertyRestrictionPolicyHelperTest extends AbstractTestClass {
// setLoggerLevel(PropertyRestrictionPolicyHelper.class, Level.DEBUG);
}
private void mapPut(String predicateURI, RoleLevel roleLevel,
Map<Pair<String, Pair<String,String>>, RoleLevel> map) {
map.put(new Pair<String, Pair<String,String>>(
OWL.Thing.getURI(), new Pair<String, String>(
predicateURI, OWL.Thing.getURI())), roleLevel);
}
@Before
public void createTheBean() {
Map<String, RoleLevel> displayLevels = new HashMap<String, BaseResourceBean.RoleLevel>();
displayLevels.put("http://predicates#display_self", SELF);
displayLevels.put("http://predicates#display_curator", CURATOR);
displayLevels.put("http://predicates#display_hidden", NOBODY);
Map<Pair<String, Pair<String,String>>, RoleLevel> displayLevels =
new HashMap<Pair<String, Pair<String,String>>, RoleLevel>();
mapPut("http://predicates#display_curator", CURATOR, displayLevels);
mapPut("http://predicates#display_hidden", NOBODY, displayLevels);
Map<String, RoleLevel> modifyLevels = new HashMap<String, BaseResourceBean.RoleLevel>();
modifyLevels.put("http://predicates#modify_self", SELF);
modifyLevels.put("http://predicates#modify_curator", CURATOR);
modifyLevels.put("http://predicates#modify_hidden", NOBODY);
Map<Pair<String, Pair<String,String>>, RoleLevel> modifyLevels =
new HashMap<Pair<String, Pair<String,String>>, RoleLevel>();
mapPut("http://predicates#modify_self", SELF, modifyLevels);
mapPut("http://predicates#modify_curator", CURATOR, modifyLevels);
mapPut("http://predicates#modify_hidden", NOBODY, modifyLevels);
bean = new PropertyRestrictionPolicyHelper(
Arrays.asList(PROHIBITED_NAMESPACES),
@ -125,68 +134,75 @@ public class PropertyRestrictionPolicyHelperTest extends AbstractTestClass {
@Test
public void displayPredicateNoRestriction() {
assertEquals("displayPredicate: open", true,
bean.canDisplayPredicate("http://predicates#open", PUBLIC));
bean.canDisplayPredicate(createVitroProperty(
"http://predicates#open"), PUBLIC));
}
@Test
public void displayPredicateRestrictionLower() {
assertEquals("displayPredicate: lower restriction", true,
bean.canDisplayPredicate("http://predicates#display_self",
CURATOR));
bean.canDisplayPredicate(createVitroProperty(
"http://predicates#display_self"), CURATOR));
}
@Test
public void displayPredicateRestrictionEqual() {
assertEquals("displayPredicate: equal restriction", true,
bean.canDisplayPredicate("http://predicates#display_curator",
CURATOR));
bean.canDisplayPredicate(createVitroProperty(
"http://predicates#display_curator"), CURATOR));
}
@Test
public void displayPredicateRestrictionHigher() {
assertEquals("displayPredicate: higher restriction", false,
bean.canDisplayPredicate("http://predicates#display_hidden",
CURATOR));
bean.canDisplayPredicate(createVitroProperty(
"http://predicates#display_hidden"), CURATOR));
}
@Test
public void modifyPredicateNoRestriction() {
assertEquals("modifyPredicate: open", true,
bean.canModifyPredicate("http://predicates#open", PUBLIC));
bean.canModifyPredicate(new edu.cornell.mannlib.vitro.webapp.beans.Property(
"http://predicates#open"), PUBLIC));
}
@Test
public void modifyPredicateRestrictionLower() {
assertEquals("modifyPredicate: lower restriction", true,
bean.canModifyPredicate("http://predicates#modify_self",
bean.canModifyPredicate(new edu.cornell.mannlib.vitro.webapp.beans.Property(
"http://predicates#modify_self"),
CURATOR));
}
@Test
public void modifyPredicateRestrictionEqual() {
assertEquals("modifyPredicate: equal restriction", true,
bean.canModifyPredicate("http://predicates#modify_curator",
bean.canModifyPredicate(new edu.cornell.mannlib.vitro.webapp.beans.Property(
"http://predicates#modify_curator"),
CURATOR));
}
@Test
public void modifyPredicateRestrictionHigher() {
assertEquals("modifyPredicate: higher restriction", false,
bean.canModifyPredicate("http://predicates#modify_hidden",
bean.canModifyPredicate(new edu.cornell.mannlib.vitro.webapp.beans.Property(
"http://predicates#modify_hidden"),
CURATOR));
}
@Test
public void modifyPredicateProhibitedNamespace() {
assertEquals("modifyPredicate: prohibited namespace", false,
bean.canModifyPredicate(PROHIBITED_NAMESPACES[0] + "randoom",
bean.canModifyPredicate(new edu.cornell.mannlib.vitro.webapp.beans.Property(
PROHIBITED_NAMESPACES[0] + "randoom"),
DB_ADMIN));
}
@Test
public void modifyPredicatePermittedException() {
assertEquals("modifyPredicate: permitted exception", true,
bean.canModifyPredicate(PERMITTED_EXCEPTIONS[0], DB_ADMIN));
bean.canModifyPredicate(new edu.cornell.mannlib.vitro.webapp.beans.Property(
PERMITTED_EXCEPTIONS[0]), DB_ADMIN));
}
// ----------------------------------------------------------------------
@ -195,9 +211,10 @@ public class PropertyRestrictionPolicyHelperTest extends AbstractTestClass {
@Test
public void buildDisplayThresholds() {
Map<String, RoleLevel> expectedMap = new HashMap<String, BaseResourceBean.RoleLevel>();
expectedMap.put("http://thresholds#display_public", PUBLIC);
expectedMap.put("http://thresholds#display_hidden", NOBODY);
Map<Pair<String, Pair<String,String>>, BaseResourceBean.RoleLevel> expectedMap =
new HashMap<Pair<String, Pair<String,String>>, BaseResourceBean.RoleLevel>();
mapPut("http://thresholds#display_public", PUBLIC, expectedMap);
mapPut("http://thresholds#display_hidden", NOBODY, expectedMap);
Map<String, RoleLevel> actualMap = populateThresholdMap(PROPERTY_DISPLAY_THRESHOLD);
assertEquals("display thresholds", expectedMap, actualMap);
@ -205,9 +222,10 @@ public class PropertyRestrictionPolicyHelperTest extends AbstractTestClass {
@Test
public void buildModifyThresholds() {
Map<String, RoleLevel> expectedMap = new HashMap<String, BaseResourceBean.RoleLevel>();
expectedMap.put("http://thresholds#modify_editor", EDITOR);
expectedMap.put("http://thresholds#modify_curator", CURATOR);
Map<Pair<String, Pair<String,String>>, BaseResourceBean.RoleLevel> expectedMap =
new HashMap<Pair<String, Pair<String,String>>, BaseResourceBean.RoleLevel>();
mapPut("http://thresholds#modify_editor", EDITOR, expectedMap);
mapPut("http://thresholds#modify_curator", CURATOR, expectedMap);
Map<String, RoleLevel> actualMap = populateThresholdMap(PROPERTY_MODIFY_THRESHOLD);
assertEquals("modify thresholds", expectedMap, actualMap);
@ -244,4 +262,9 @@ public class PropertyRestrictionPolicyHelperTest extends AbstractTestClass {
model.add(subject, property, object);
}
}
private edu.cornell.mannlib.vitro.webapp.beans.Property createVitroProperty(
String propertyURI) {
return new edu.cornell.mannlib.vitro.webapp.beans.Property(propertyURI);
}
}

15
webapp/test/stubs/edu/cornell/mannlib/vitro/webapp/auth/policy/bean/PropertyRestrictionPolicyHelperStub.java
View file

@ -10,6 +10,8 @@ import java.util.Set;
import com.hp.hpl.jena.rdf.model.Model;
import com.hp.hpl.jena.rdf.model.ModelFactory;
import com.hp.hpl.jena.sdb.util.Pair;
import com.hp.hpl.jena.vocabulary.OWL;
import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
@ -43,10 +45,15 @@ public class PropertyRestrictionPolicyHelperStub extends
namespaceSet.addAll(Arrays.asList(restrictedNamespaces));
}
Map<String, RoleLevel> thresholdMap = new HashMap<String, RoleLevel>();
Map<Pair<String, Pair<String,String>>, RoleLevel> thresholdMap = new HashMap<
Pair<String, Pair<String,String>>, RoleLevel>();
if (restrictedProperties != null) {
for (String prop : restrictedProperties) {
thresholdMap.put(prop, RoleLevel.NOBODY);
thresholdMap.put(
new Pair<String, Pair<String, String>>(
OWL.Thing.getURI(), new Pair<String, String>(
prop, OWL.Thing.getURI())),
RoleLevel.NOBODY);
}
}
@ -57,8 +64,8 @@ public class PropertyRestrictionPolicyHelperStub extends
private PropertyRestrictionPolicyHelperStub(
Set<String> modifyRestrictedNamespaces,
Set<String> modifyPermittedExceptions,
Map<String, RoleLevel> displayThresholds,
Map<String, RoleLevel> modifyThresholds) {
Map<Pair<String, Pair<String,String>>, RoleLevel> displayThresholds,
Map<Pair<String, Pair<String,String>>, RoleLevel> modifyThresholds) {
super(modifyRestrictedNamespaces, modifyPermittedExceptions,
displayThresholds, modifyThresholds, ModelFactory.createDefaultModel());
}