support for edit permissions for qualified properties (almost finished)
This commit is contained in:
brianjlowe
parent
b1d549f01f
commit
ca32a51740
37 changed files with 469 additions and 310 deletions
|
|
@ -42,6 +42,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObject
|
|||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropertyStatement;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.Property;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
|
||||
|
||||
public class SelfEditingPolicyTest extends AbstractTestClass {
|
||||
|
|
@ -55,8 +56,8 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
|
|||
private static final String UNSAFE_RESOURCE = UNSAFE_NS
|
||||
+ "otherIndividual99999";
|
||||
|
||||
private static final String SAFE_PREDICATE = SAFE_NS + "hasHairStyle";
|
||||
private static final String UNSAFE_PREDICATE = UNSAFE_NS + "hasSuperPowers";
|
||||
private static final Property SAFE_PREDICATE = new Property(SAFE_NS + "hasHairStyle");
|
||||
private static final Property UNSAFE_PREDICATE = new Property(UNSAFE_NS + "hasSuperPowers");
|
||||
|
||||
private ServletContextStub ctx;
|
||||
|
||||
|
|
@ -95,19 +96,19 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
|
|||
PropertyRestrictionPolicyHelper.setBean(ctx, prph);
|
||||
|
||||
whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI,
|
||||
"http://mannlib.cornell.edu/bad#prp234", SAFE_RESOURCE);
|
||||
new Property("http://mannlib.cornell.edu/bad#prp234"), SAFE_RESOURCE);
|
||||
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
|
||||
|
||||
whatToAuth = new AddObjectPropertyStatement(ontModel, SAFE_RESOURCE,
|
||||
"http://mannlib.cornell.edu/bad#prp234", SELFEDITOR_URI);
|
||||
new Property("http://mannlib.cornell.edu/bad#prp234"), SELFEDITOR_URI);
|
||||
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
|
||||
|
||||
whatToAuth = new AddObjectPropertyStatement(ontModel, SELFEDITOR_URI,
|
||||
"http://mannlib.cornell.edu/bad#prp999", SAFE_RESOURCE);
|
||||
new Property("http://mannlib.cornell.edu/bad#prp999"), SAFE_RESOURCE);
|
||||
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
|
||||
|
||||
whatToAuth = new AddObjectPropertyStatement(ontModel, SAFE_RESOURCE,
|
||||
"http://mannlib.cornell.edu/bad#prp999", SELFEDITOR_URI);
|
||||
new Property("http://mannlib.cornell.edu/bad#prp999"), SELFEDITOR_URI);
|
||||
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
|
||||
|
||||
whatToAuth = new AddObjectPropertyStatement(ontModel, SAFE_RESOURCE,
|
||||
|
|
@ -132,11 +133,11 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
|
|||
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
|
||||
|
||||
whatToAuth = new AddDataPropertyStatement(ontModel, SELFEDITOR_URI,
|
||||
SAFE_PREDICATE);
|
||||
SAFE_PREDICATE.getURI());
|
||||
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
|
||||
|
||||
whatToAuth = new AddDataPropertyStatement(ontModel, SELFEDITOR_URI,
|
||||
UNSAFE_PREDICATE);
|
||||
UNSAFE_PREDICATE.getURI());
|
||||
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
|
||||
}
|
||||
|
||||
|
|
@ -218,16 +219,16 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
|
|||
//
|
||||
@Test
|
||||
public void testVisitIdentifierBundleEditDataPropStmt() {
|
||||
whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI,SAFE_PREDICATE);
|
||||
whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI,SAFE_PREDICATE.getURI());
|
||||
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
|
||||
|
||||
whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI, UNSAFE_PREDICATE);
|
||||
whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI, UNSAFE_PREDICATE.getURI());
|
||||
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
|
||||
|
||||
whatToAuth = new EditDataPropertyStatement(ontModel, UNSAFE_RESOURCE, SAFE_PREDICATE);
|
||||
whatToAuth = new EditDataPropertyStatement(ontModel, UNSAFE_RESOURCE, SAFE_PREDICATE.getURI());
|
||||
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
|
||||
|
||||
whatToAuth = new EditDataPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE);
|
||||
whatToAuth = new EditDataPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE.getURI());
|
||||
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
|
||||
}
|
||||
|
||||
|
|
@ -287,7 +288,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
|
|||
public void twoSEIsFindDataPropertySubject() {
|
||||
setUpTwoSEIs();
|
||||
|
||||
whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI, SAFE_PREDICATE);
|
||||
whatToAuth = new EditDataPropertyStatement(ontModel, SELFEDITOR_URI, SAFE_PREDICATE.getURI());
|
||||
assertDecision(AUTHORIZED, policy.isAuthorized(ids, whatToAuth));
|
||||
}
|
||||
|
||||
|
|
@ -295,7 +296,7 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
|
|||
public void twoSEIsDontFindInDataProperty() {
|
||||
setUpTwoSEIs();
|
||||
|
||||
whatToAuth = new EditDataPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE);
|
||||
whatToAuth = new EditDataPropertyStatement(ontModel, SAFE_RESOURCE, SAFE_PREDICATE.getURI());
|
||||
assertDecision(INCONCLUSIVE, policy.isAuthorized(ids, whatToAuth));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPr
|
|||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjectPropertyStatement;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.Property;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
|
||||
|
||||
public class SelfEditingPolicy_2_Test extends AbstractTestClass {
|
||||
|
|
@ -123,7 +124,7 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass {
|
|||
@Test
|
||||
public void nullIdentifierBundle() {
|
||||
AddObjectPropertyStatement whatToAuth = new AddObjectPropertyStatement(
|
||||
ontModel, SELFEDITOR_URI, SAFE_PREDICATE, SAFE_RESOURCE);
|
||||
ontModel, SELFEDITOR_URI, new Property(SAFE_PREDICATE), SAFE_RESOURCE);
|
||||
PolicyDecision dec = policy.isAuthorized(null, whatToAuth);
|
||||
Assert.assertNotNull(dec);
|
||||
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
|
||||
|
|
@ -277,7 +278,7 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass {
|
|||
private void assertAddObjectPropStmt(String uriOfSub, String uriOfPred,
|
||||
String uriOfObj, Authorization expectedAuthorization) {
|
||||
AddObjectPropertyStatement whatToAuth = new AddObjectPropertyStatement(
|
||||
ontModel, uriOfSub, uriOfPred, uriOfObj);
|
||||
ontModel, uriOfSub, new Property(uriOfPred), uriOfObj);
|
||||
PolicyDecision dec = policy.isAuthorized(ids, whatToAuth);
|
||||
log.debug(dec);
|
||||
Assert.assertNotNull(dec);
|
||||
|
|
@ -291,7 +292,7 @@ public class SelfEditingPolicy_2_Test extends AbstractTestClass {
|
|||
private void assertEditObjPropStmt(String uriOfSub, String uriOfPred,
|
||||
String uriOfObj, Authorization expectedAuthorization) {
|
||||
EditObjectPropertyStatement whatToAuth = new EditObjectPropertyStatement(
|
||||
ontModel, uriOfSub, uriOfPred, uriOfObj);
|
||||
ontModel, uriOfSub, new Property(uriOfPred), uriOfObj);
|
||||
PolicyDecision dec = policy.isAuthorized(ids, whatToAuth);
|
||||
log.debug(dec);
|
||||
Assert.assertNotNull(dec);
|
||||
|
|
|
|||
|
|
@ -18,7 +18,6 @@ import java.util.Map;
|
|||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.apache.log4j.Level;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
|
|
@ -27,6 +26,8 @@ import com.hp.hpl.jena.ontology.OntModelSpec;
|
|||
import com.hp.hpl.jena.rdf.model.ModelFactory;
|
||||
import com.hp.hpl.jena.rdf.model.Property;
|
||||
import com.hp.hpl.jena.rdf.model.Resource;
|
||||
import com.hp.hpl.jena.sdb.util.Pair;
|
||||
import com.hp.hpl.jena.vocabulary.OWL;
|
||||
|
||||
import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean;
|
||||
|
|
@ -58,17 +59,25 @@ public class PropertyRestrictionPolicyHelperTest extends AbstractTestClass {
|
|||
// setLoggerLevel(PropertyRestrictionPolicyHelper.class, Level.DEBUG);
|
||||
}
|
||||
|
||||
private void mapPut(String predicateURI, RoleLevel roleLevel,
|
||||
Map<Pair<String, Pair<String,String>>, RoleLevel> map) {
|
||||
map.put(new Pair<String, Pair<String,String>>(
|
||||
OWL.Thing.getURI(), new Pair<String, String>(
|
||||
predicateURI, OWL.Thing.getURI())), roleLevel);
|
||||
}
|
||||
|
||||
@Before
|
||||
public void createTheBean() {
|
||||
Map<String, RoleLevel> displayLevels = new HashMap<String, BaseResourceBean.RoleLevel>();
|
||||
displayLevels.put("http://predicates#display_self", SELF);
|
||||
displayLevels.put("http://predicates#display_curator", CURATOR);
|
||||
displayLevels.put("http://predicates#display_hidden", NOBODY);
|
||||
Map<Pair<String, Pair<String,String>>, RoleLevel> displayLevels =
|
||||
new HashMap<Pair<String, Pair<String,String>>, RoleLevel>();
|
||||
mapPut("http://predicates#display_curator", CURATOR, displayLevels);
|
||||
mapPut("http://predicates#display_hidden", NOBODY, displayLevels);
|
||||
|
||||
Map<String, RoleLevel> modifyLevels = new HashMap<String, BaseResourceBean.RoleLevel>();
|
||||
modifyLevels.put("http://predicates#modify_self", SELF);
|
||||
modifyLevels.put("http://predicates#modify_curator", CURATOR);
|
||||
modifyLevels.put("http://predicates#modify_hidden", NOBODY);
|
||||
Map<Pair<String, Pair<String,String>>, RoleLevel> modifyLevels =
|
||||
new HashMap<Pair<String, Pair<String,String>>, RoleLevel>();
|
||||
mapPut("http://predicates#modify_self", SELF, modifyLevels);
|
||||
mapPut("http://predicates#modify_curator", CURATOR, modifyLevels);
|
||||
mapPut("http://predicates#modify_hidden", NOBODY, modifyLevels);
|
||||
|
||||
bean = new PropertyRestrictionPolicyHelper(
|
||||
Arrays.asList(PROHIBITED_NAMESPACES),
|
||||
|
|
@ -125,68 +134,75 @@ public class PropertyRestrictionPolicyHelperTest extends AbstractTestClass {
|
|||
@Test
|
||||
public void displayPredicateNoRestriction() {
|
||||
assertEquals("displayPredicate: open", true,
|
||||
bean.canDisplayPredicate("http://predicates#open", PUBLIC));
|
||||
bean.canDisplayPredicate(createVitroProperty(
|
||||
"http://predicates#open"), PUBLIC));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void displayPredicateRestrictionLower() {
|
||||
assertEquals("displayPredicate: lower restriction", true,
|
||||
bean.canDisplayPredicate("http://predicates#display_self",
|
||||
CURATOR));
|
||||
bean.canDisplayPredicate(createVitroProperty(
|
||||
"http://predicates#display_self"), CURATOR));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void displayPredicateRestrictionEqual() {
|
||||
assertEquals("displayPredicate: equal restriction", true,
|
||||
bean.canDisplayPredicate("http://predicates#display_curator",
|
||||
CURATOR));
|
||||
bean.canDisplayPredicate(createVitroProperty(
|
||||
"http://predicates#display_curator"), CURATOR));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void displayPredicateRestrictionHigher() {
|
||||
assertEquals("displayPredicate: higher restriction", false,
|
||||
bean.canDisplayPredicate("http://predicates#display_hidden",
|
||||
CURATOR));
|
||||
bean.canDisplayPredicate(createVitroProperty(
|
||||
"http://predicates#display_hidden"), CURATOR));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void modifyPredicateNoRestriction() {
|
||||
assertEquals("modifyPredicate: open", true,
|
||||
bean.canModifyPredicate("http://predicates#open", PUBLIC));
|
||||
bean.canModifyPredicate(new edu.cornell.mannlib.vitro.webapp.beans.Property(
|
||||
"http://predicates#open"), PUBLIC));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void modifyPredicateRestrictionLower() {
|
||||
assertEquals("modifyPredicate: lower restriction", true,
|
||||
bean.canModifyPredicate("http://predicates#modify_self",
|
||||
bean.canModifyPredicate(new edu.cornell.mannlib.vitro.webapp.beans.Property(
|
||||
"http://predicates#modify_self"),
|
||||
CURATOR));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void modifyPredicateRestrictionEqual() {
|
||||
assertEquals("modifyPredicate: equal restriction", true,
|
||||
bean.canModifyPredicate("http://predicates#modify_curator",
|
||||
bean.canModifyPredicate(new edu.cornell.mannlib.vitro.webapp.beans.Property(
|
||||
"http://predicates#modify_curator"),
|
||||
CURATOR));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void modifyPredicateRestrictionHigher() {
|
||||
assertEquals("modifyPredicate: higher restriction", false,
|
||||
bean.canModifyPredicate("http://predicates#modify_hidden",
|
||||
bean.canModifyPredicate(new edu.cornell.mannlib.vitro.webapp.beans.Property(
|
||||
"http://predicates#modify_hidden"),
|
||||
CURATOR));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void modifyPredicateProhibitedNamespace() {
|
||||
assertEquals("modifyPredicate: prohibited namespace", false,
|
||||
bean.canModifyPredicate(PROHIBITED_NAMESPACES[0] + "randoom",
|
||||
bean.canModifyPredicate(new edu.cornell.mannlib.vitro.webapp.beans.Property(
|
||||
PROHIBITED_NAMESPACES[0] + "randoom"),
|
||||
DB_ADMIN));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void modifyPredicatePermittedException() {
|
||||
assertEquals("modifyPredicate: permitted exception", true,
|
||||
bean.canModifyPredicate(PERMITTED_EXCEPTIONS[0], DB_ADMIN));
|
||||
bean.canModifyPredicate(new edu.cornell.mannlib.vitro.webapp.beans.Property(
|
||||
PERMITTED_EXCEPTIONS[0]), DB_ADMIN));
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------
|
||||
|
|
@ -195,9 +211,10 @@ public class PropertyRestrictionPolicyHelperTest extends AbstractTestClass {
|
|||
|
||||
@Test
|
||||
public void buildDisplayThresholds() {
|
||||
Map<String, RoleLevel> expectedMap = new HashMap<String, BaseResourceBean.RoleLevel>();
|
||||
expectedMap.put("http://thresholds#display_public", PUBLIC);
|
||||
expectedMap.put("http://thresholds#display_hidden", NOBODY);
|
||||
Map<Pair<String, Pair<String,String>>, BaseResourceBean.RoleLevel> expectedMap =
|
||||
new HashMap<Pair<String, Pair<String,String>>, BaseResourceBean.RoleLevel>();
|
||||
mapPut("http://thresholds#display_public", PUBLIC, expectedMap);
|
||||
mapPut("http://thresholds#display_hidden", NOBODY, expectedMap);
|
||||
|
||||
Map<String, RoleLevel> actualMap = populateThresholdMap(PROPERTY_DISPLAY_THRESHOLD);
|
||||
assertEquals("display thresholds", expectedMap, actualMap);
|
||||
|
|
@ -205,9 +222,10 @@ public class PropertyRestrictionPolicyHelperTest extends AbstractTestClass {
|
|||
|
||||
@Test
|
||||
public void buildModifyThresholds() {
|
||||
Map<String, RoleLevel> expectedMap = new HashMap<String, BaseResourceBean.RoleLevel>();
|
||||
expectedMap.put("http://thresholds#modify_editor", EDITOR);
|
||||
expectedMap.put("http://thresholds#modify_curator", CURATOR);
|
||||
Map<Pair<String, Pair<String,String>>, BaseResourceBean.RoleLevel> expectedMap =
|
||||
new HashMap<Pair<String, Pair<String,String>>, BaseResourceBean.RoleLevel>();
|
||||
mapPut("http://thresholds#modify_editor", EDITOR, expectedMap);
|
||||
mapPut("http://thresholds#modify_curator", CURATOR, expectedMap);
|
||||
|
||||
Map<String, RoleLevel> actualMap = populateThresholdMap(PROPERTY_MODIFY_THRESHOLD);
|
||||
assertEquals("modify thresholds", expectedMap, actualMap);
|
||||
|
|
@ -244,4 +262,9 @@ public class PropertyRestrictionPolicyHelperTest extends AbstractTestClass {
|
|||
model.add(subject, property, object);
|
||||
}
|
||||
}
|
||||
|
||||
private edu.cornell.mannlib.vitro.webapp.beans.Property createVitroProperty(
|
||||
String propertyURI) {
|
||||
return new edu.cornell.mannlib.vitro.webapp.beans.Property(propertyURI);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,6 +10,8 @@ import java.util.Set;
|
|||
|
||||
import com.hp.hpl.jena.rdf.model.Model;
|
||||
import com.hp.hpl.jena.rdf.model.ModelFactory;
|
||||
import com.hp.hpl.jena.sdb.util.Pair;
|
||||
import com.hp.hpl.jena.vocabulary.OWL;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.bean.PropertyRestrictionPolicyHelper;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
|
||||
|
|
@ -43,10 +45,15 @@ public class PropertyRestrictionPolicyHelperStub extends
|
|||
namespaceSet.addAll(Arrays.asList(restrictedNamespaces));
|
||||
}
|
||||
|
||||
Map<String, RoleLevel> thresholdMap = new HashMap<String, RoleLevel>();
|
||||
Map<Pair<String, Pair<String,String>>, RoleLevel> thresholdMap = new HashMap<
|
||||
Pair<String, Pair<String,String>>, RoleLevel>();
|
||||
if (restrictedProperties != null) {
|
||||
for (String prop : restrictedProperties) {
|
||||
thresholdMap.put(prop, RoleLevel.NOBODY);
|
||||
thresholdMap.put(
|
||||
new Pair<String, Pair<String, String>>(
|
||||
OWL.Thing.getURI(), new Pair<String, String>(
|
||||
prop, OWL.Thing.getURI())),
|
||||
RoleLevel.NOBODY);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -57,8 +64,8 @@ public class PropertyRestrictionPolicyHelperStub extends
|
|||
private PropertyRestrictionPolicyHelperStub(
|
||||
Set<String> modifyRestrictedNamespaces,
|
||||
Set<String> modifyPermittedExceptions,
|
||||
Map<String, RoleLevel> displayThresholds,
|
||||
Map<String, RoleLevel> modifyThresholds) {
|
||||
Map<Pair<String, Pair<String,String>>, RoleLevel> displayThresholds,
|
||||
Map<Pair<String, Pair<String,String>>, RoleLevel> modifyThresholds) {
|
||||
super(modifyRestrictedNamespaces, modifyPermittedExceptions,
|
||||
displayThresholds, modifyThresholds, ModelFactory.createDefaultModel());
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue