litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

VIVO-692 Restrict LOD by Publish level, not by Display level

Browse source 
Create a new annotation for properties and classes, HiddenFromPublishBelowRoleLevelAnnot.
Provide the means to initialize these annotations, edit them, and display them in the verbose property display.
Create a Permission and some requested actions so the policies can decide which statements must be filtered out, based on the user's role.
Add unit tests and improve acceptance tests
This commit is contained in:
j2blake 2014-03-10 17:42:05 -04:00
parent 95538e4c8a
commit fdeee35bb4
55 changed files with 1977 additions and 251 deletions
Download patch file Download diff file Expand all files Collapse all files

6
webapp/rdf/auth/everytime/permission_config.n3
View file

@ -5,6 +5,7 @@
@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
@prefix displayByRole: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.DisplayByRolePermission#> .
@prefix editByRole: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.EditByRolePermission#> .
@prefix publishByRole: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.PublishByRolePermission#> .
auth:ADMIN
a auth:PermissionSet ;
@ -65,6 +66,7 @@ auth:ADMIN
# role-based permissions for ADMIN
auth:hasPermission displayByRole:Admin ;
auth:hasPermission editByRole:Admin ;
auth:hasPermission publishByRole:Admin ;
.
auth:CURATOR
@ -104,6 +106,7 @@ auth:CURATOR
# role-based permissions for CURATOR
auth:hasPermission displayByRole:Curator ;
auth:hasPermission editByRole:Curator ;
auth:hasPermission publishByRole:Curator ;
.
auth:EDITOR
@ -134,6 +137,7 @@ auth:EDITOR
# role-based permissions for EDITOR
auth:hasPermission displayByRole:Editor ;
auth:hasPermission editByRole:Editor ;
auth:hasPermission publishByRole:Editor ;
.
auth:SELF_EDITOR
@ -158,6 +162,7 @@ auth:SELF_EDITOR
# For role-based display and editing, SelfEditor is like Public.
# SelfEditor uses its special permissions to edit/display its own values.
auth:hasPermission displayByRole:Public ;
auth:hasPermission publishByRole:Public ;
.
auth:PUBLIC
@ -171,4 +176,5 @@ auth:PUBLIC
# role-based permissions for PUBLIC
auth:hasPermission displayByRole:Public ;
auth:hasPermission publishByRole:Public ;
.