VIVO-692 Restrict LOD by Publish level, not by Display level
Create a new annotation for properties and classes, HiddenFromPublishBelowRoleLevelAnnot. Provide the means to initialize these annotations, edit them, and display them in the verbose property display. Create a Permission and some requested actions so the policies can decide which statements must be filtered out, based on the user's role. Add unit tests and improve acceptance tests
This commit is contained in:
parent
95538e4c8a
commit
fdeee35bb4
55 changed files with 1977 additions and 251 deletions
|
@ -5,6 +5,7 @@
|
|||
@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
|
||||
@prefix displayByRole: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.DisplayByRolePermission#> .
|
||||
@prefix editByRole: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.EditByRolePermission#> .
|
||||
@prefix publishByRole: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.PublishByRolePermission#> .
|
||||
|
||||
auth:ADMIN
|
||||
a auth:PermissionSet ;
|
||||
|
@ -65,6 +66,7 @@ auth:ADMIN
|
|||
# role-based permissions for ADMIN
|
||||
auth:hasPermission displayByRole:Admin ;
|
||||
auth:hasPermission editByRole:Admin ;
|
||||
auth:hasPermission publishByRole:Admin ;
|
||||
.
|
||||
|
||||
auth:CURATOR
|
||||
|
@ -104,6 +106,7 @@ auth:CURATOR
|
|||
# role-based permissions for CURATOR
|
||||
auth:hasPermission displayByRole:Curator ;
|
||||
auth:hasPermission editByRole:Curator ;
|
||||
auth:hasPermission publishByRole:Curator ;
|
||||
.
|
||||
|
||||
auth:EDITOR
|
||||
|
@ -134,6 +137,7 @@ auth:EDITOR
|
|||
# role-based permissions for EDITOR
|
||||
auth:hasPermission displayByRole:Editor ;
|
||||
auth:hasPermission editByRole:Editor ;
|
||||
auth:hasPermission publishByRole:Editor ;
|
||||
.
|
||||
|
||||
auth:SELF_EDITOR
|
||||
|
@ -158,6 +162,7 @@ auth:SELF_EDITOR
|
|||
# For role-based display and editing, SelfEditor is like Public.
|
||||
# SelfEditor uses its special permissions to edit/display its own values.
|
||||
auth:hasPermission displayByRole:Public ;
|
||||
auth:hasPermission publishByRole:Public ;
|
||||
.
|
||||
|
||||
auth:PUBLIC
|
||||
|
@ -171,4 +176,5 @@ auth:PUBLIC
|
|||
|
||||
# role-based permissions for PUBLIC
|
||||
auth:hasPermission displayByRole:Public ;
|
||||
auth:hasPermission publishByRole:Public ;
|
||||
.
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue