litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-1232 Refactor to remove duplicated code and to avoid the Visitor pattern.

Browse source
This commit is contained in:
jeb228 2010-12-02 19:50:02 +00:00
parent d27c258ad5
commit fb855abaf1
1 changed files with 108 additions and 219 deletions
Download patch file Download diff file Expand all files Collapse all files

327
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java
View file

@ -16,35 +16,17 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing; import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.SelfEditing;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.VisitingPolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.OntoRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AbstractResourceAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AddResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource;
/** /**
* Policy to use for Vivo Self-Editing based on NetId for use at Cornell. All * Policy to use for Vivo Self-Editing based on NetId for use at Cornell. All
* methods in this class should be thread safe and side effect free. * methods in this class should be thread safe and side effect free.
*/ */
public class SelfEditingPolicy implements VisitingPolicyIface { public class SelfEditingPolicy implements PolicyIface {
protected static Log log = LogFactory.getLog(SelfEditingPolicy.class); protected static Log log = LogFactory.getLog(SelfEditingPolicy.class);
protected final OntModel model; protected final OntModel model;
@ -68,226 +50,119 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
if (whatToAuth == null) { if (whatToAuth == null) {
return defaultDecision("whatToAuth was null"); return defaultDecision("whatToAuth was null");
} }
if (whatToAuth instanceof OntoRequestedAction) {
return defaultDecision("Won't authorize OntoRequestedActions"); List<String> userUris = getUrisOfSelfEditor(whoToAuth);
}
if (whatToAuth instanceof AdminRequestedAction) { if (userUris.isEmpty()) {
return defaultDecision("Won't authorize AdminRequestedActions"); return defaultDecision("Not self-editing.");
}
if (getUrisOfSelfEditor(whoToAuth).isEmpty()) {
return defaultDecision("no non-blacklisted SelfEditing Identifier "
+ "found in IdentifierBundle");
} }
// kick off the visitor pattern if (whatToAuth instanceof AbstractObjectPropertyAction) {
return whatToAuth.accept(this, whoToAuth); return isAuthorizedForObjectPropertyAction(userUris,
(AbstractObjectPropertyAction) whatToAuth);
}
if (whatToAuth instanceof AbstractDataPropertyAction) {
return isAuthorizedForDataPropertyAction(userUris,
(AbstractDataPropertyAction) whatToAuth);
}
if (whatToAuth instanceof AbstractResourceAction) {
return isAuthorizedForResourceAction((AbstractResourceAction) whatToAuth);
}
return defaultDecision("Does not authorize "
+ whatToAuth.getClass().getSimpleName() + " actions");
} }
// ---------------------------------------------------------------------- /**
// Visitor methods. * The user can edit a object property if it is not restricted and if it is
// ---------------------------------------------------------------------- * about him.
*/
private PolicyDecision isAuthorizedForObjectPropertyAction(
List<String> userUris, AbstractObjectPropertyAction action) {
String subject = action.getUriOfSubject();
String predicate = action.getUriOfPredicate();
String object = action.getUriOfObject();
public PolicyDecision visit(IdentifierBundle ids, AddResource action) { if (!restrictor.canModifyResource(subject)) {
PolicyDecision pd = checkNullArguments(ids, action); return cantModifyResource(subject);
if (pd == null) }
pd = checkRestrictedResource(action.getSubjectUri()); if (!restrictor.canModifyPredicate(predicate)) {
if (pd == null) return cantModifyPredicate(predicate);
pd = authorizedDecision("May add resource."); }
return pd; if (!restrictor.canModifyResource(object)) {
return cantModifyResource(object);
}
if (userCanEditAsSubjectOrObjectOfStmt(userUris, subject, object)) {
return authorizedDecision("User is subject or object of statement.");
} else {
return userNotAuthorizedToStatement();
}
} }
public PolicyDecision visit(IdentifierBundle ids, DropResource action) { /**
PolicyDecision pd = checkNullArguments(ids, action); * The user can edit a data property if it is not restricted and if it is
if (pd == null) * about him.
pd = checkRestrictedResource(action.getSubjectUri()); */
if (pd == null) private PolicyDecision isAuthorizedForDataPropertyAction(
pd = authorizedDecision("May remove resource."); List<String> userUris, AbstractDataPropertyAction action) {
return pd; String subject = action.getSubjectUri();
String predicate = action.getPredicateUri();
if (!restrictor.canModifyResource(subject)) {
return cantModifyResource(subject);
}
if (!restrictor.canModifyPredicate(predicate)) {
return cantModifyPredicate(predicate);
}
if (userCanEditAsSubjectOfStmt(userUris, subject)) {
return authorizedDecision("User is subject of statement.");
} else {
return userNotAuthorizedToStatement();
}
} }
public PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) { /**
PolicyDecision pd = checkNullArguments(ids, action); * The user can add or remove resources if they are not restricted.
if (pd == null) */
pd = checkRestrictedResource(action.uriOfSubject); private PolicyDecision isAuthorizedForResourceAction(
if (pd == null) AbstractResourceAction action) {
pd = checkRestrictedResource(action.uriOfObject); String uri = action.getSubjectUri();
if (pd == null) if (!restrictor.canModifyResource(uri)) {
pd = checkRestrictedPredicate(action.uriOfPredicate); return cantModifyResource(uri);
if (pd == null) } else {
pd = checkUserEditsAsSubjectOrObjectOfStmt(ids, return authorizedDecision("May add/remove resource.");
action.uriOfSubject, action.uriOfObject); }
if (pd == null)
pd = defaultDecision("No basis for decision.");
return pd;
}
public PolicyDecision visit(IdentifierBundle ids, EditObjPropStmt action) {
PolicyDecision pd = checkNullArguments(ids, action);
if (pd == null)
pd = checkRestrictedResource(action.uriOfSubject);
if (pd == null)
pd = checkRestrictedResource(action.uriOfObject);
if (pd == null)
pd = checkRestrictedPredicate(action.uriOfPredicate);
if (pd == null)
pd = checkUserEditsAsSubjectOrObjectOfStmt(ids,
action.uriOfSubject, action.uriOfObject);
if (pd == null)
pd = defaultDecision("No basis for decision.");
return pd;
}
public PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) {
PolicyDecision pd = checkNullArguments(ids, action);
if (pd == null)
pd = checkRestrictedResource(action.uriOfSubject);
if (pd == null)
pd = checkRestrictedResource(action.uriOfObject);
if (pd == null)
pd = checkRestrictedPredicate(action.uriOfPredicate);
if (pd == null)
pd = checkUserEditsAsSubjectOrObjectOfStmt(ids,
action.uriOfSubject, action.uriOfObject);
if (pd == null)
pd = defaultDecision("No basis for decision.");
return pd;
}
public PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) {
PolicyDecision pd = checkNullArguments(ids, action);
if (pd == null)
pd = checkRestrictedResource(action.getSubjectUri());
if (pd == null)
pd = checkRestrictedPredicate(action.getPredicateUri());
if (pd == null)
pd = checkUserEditsAsSubjectOfStmt(ids, action.getSubjectUri());
if (pd == null)
pd = defaultDecision("No basis for decision.");
return pd;
}
public PolicyDecision visit(IdentifierBundle ids, EditDataPropStmt action) {
PolicyDecision pd = checkNullArguments(ids, action);
if (pd == null)
pd = checkRestrictedResource(action.getSubjectUri());
if (pd == null)
pd = checkRestrictedPredicate(action.getPredicateUri());
if (pd == null)
pd = checkUserEditsAsSubjectOfStmt(ids, action.getSubjectUri());
if (pd == null)
pd = defaultDecision("No basis for decision.");
return pd;
}
public PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) {
PolicyDecision pd = checkNullArguments(ids, action);
if (pd == null)
pd = checkRestrictedResource(action.getSubjectUri());
if (pd == null)
pd = checkRestrictedPredicate(action.getPredicateUri());
if (pd == null)
pd = checkUserEditsAsSubjectOfStmt(ids, action.getSubjectUri());
if (pd == null)
pd = defaultDecision("No basis for decision.");
return pd;
}
public PolicyDecision visit(IdentifierBundle ids, AddNewUser action) {
return defaultDecision("does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, RemoveUser action) {
return defaultDecision("does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, LoadOntology action) {
return defaultDecision("does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, RebuildTextIndex action) {
return defaultDecision("does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, UpdateTextIndex action) {
return defaultDecision("does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, ServerStatus action) {
return defaultDecision("does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, CreateOwlClass action) {
return defaultDecision("does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, RemoveOwlClass action) {
return defaultDecision("does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, DefineDataProperty action) {
return defaultDecision("does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids,
DefineObjectProperty action) {
return defaultDecision("does not authorize administrative modifications");
}
public PolicyDecision visit(IdentifierBundle ids, UploadFile action) {
return defaultDecision("does not authorize administrative modifications");
} }
// ---------------------------------------------------------------------- // ----------------------------------------------------------------------
// Helper methods // Helper methods
// ---------------------------------------------------------------------- // ----------------------------------------------------------------------
private PolicyDecision checkNullArguments(IdentifierBundle ids, private boolean userCanEditAsSubjectOfStmt(List<String> userUris,
RequestedAction action) { String subject) {
if (ids == null || action == null) {
return defaultDecision("Null action or ids.");
}
return null;
}
private PolicyDecision checkRestrictedResource(String uri) {
if (!restrictor.canModifyResource(uri)) {
return defaultDecision("No access to admin resources; "
+ "cannot modify " + uri);
}
return null;
}
private PolicyDecision checkRestrictedPredicate(String uri) {
if (!restrictor.canModifyPredicate(uri)) {
return defaultDecision("No access to admin predicates; "
+ "cannot modify " + uri);
}
return null;
}
private PolicyDecision checkUserEditsAsSubjectOfStmt(IdentifierBundle ids,
String uriOfSubject) {
List<String> userUris = getUrisOfSelfEditor(ids);
for (String userUri : userUris) { for (String userUri : userUris) {
if (userUri.equals(uriOfSubject)) { if (userUri.equals(subject)) {
return authorizedDecision("User is subject of statement."); return true;
} }
} }
return null; return false;
} }
private PolicyDecision checkUserEditsAsSubjectOrObjectOfStmt( private boolean userCanEditAsSubjectOrObjectOfStmt(List<String> userUris,
IdentifierBundle ids, String uriOfSubject, String uriOfObject) { String subject, String object) {
List<String> userUris = getUrisOfSelfEditor(ids);
for (String userUri : userUris) { for (String userUri : userUris) {
if (userUri.equals(uriOfSubject)) { if (userUri.equals(subject)) {
return authorizedDecision("User is subject of statement."); return true;
} }
if (userUri.equals(uriOfObject)) { if (userUri.equals(object)) {
return authorizedDecision("User is subject of statement."); return true;
} }
} }
return null; return false;
} }
private List<String> getUrisOfSelfEditor(IdentifierBundle ids) { private List<String> getUrisOfSelfEditor(IdentifierBundle ids) {
@ -305,6 +180,20 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
return uris; return uris;
} }
protected PolicyDecision cantModifyResource(String uri) {
return defaultDecision("No access to admin resources; cannot modify "
+ uri);
}
protected PolicyDecision cantModifyPredicate(String uri) {
return defaultDecision("No access to admin predicates; cannot modify "
+ uri);
}
private PolicyDecision userNotAuthorizedToStatement() {
return defaultDecision("User has no access to this statement.");
}
private PolicyDecision defaultDecision(String message) { private PolicyDecision defaultDecision(String message) {
return new BasicPolicyDecision(DEFAULT_AUTHORIZATION, return new BasicPolicyDecision(DEFAULT_AUTHORIZATION,
"SelfEditingPolicy: " + message); "SelfEditingPolicy: " + message);