litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-3523 Create the DisplayByRolePermission, so we can use the PermissionsPolicy instead of DisplayRestrictedDataByRoleLevelPolicy, and these display restrictions can be assigned to arbitrary PermissionSets.

Browse source
This commit is contained in:
j2blake 2012-01-06 21:58:16 +00:00
parent 6bd7e4bb7b
commit ffafc5f3e0
8 changed files with 305 additions and 190 deletions
Download patch file Download diff file Expand all files Collapse all files

18
webapp/web/WEB-INF/resources/permission_config.n3
View file

@ -3,6 +3,7 @@
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
@prefix displayByRole: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.DisplayByRolePermission#> .
auth:ADMIN
a auth:PermissionSet ;
@ -45,6 +46,9 @@ auth:ADMIN
# permissions for ANY user, even if they are not logged in.
auth:hasPermission simplePermission:QueryFullModel ;
# role-based permissions for ADMIN
auth:hasPermission displayByRole:Admin ;
.
auth:CURATOR
@ -76,6 +80,9 @@ auth:CURATOR
# permissions for ANY user, even if they are not logged in.
auth:hasPermission simplePermission:QueryFullModel ;
# role-based permissions for CURATOR
auth:hasPermission displayByRole:Curator ;
.
auth:EDITOR
@ -99,6 +106,9 @@ auth:EDITOR
# permissions for ANY user, even if they are not logged in.
auth:hasPermission simplePermission:QueryFullModel ;
# role-based permissions for EDITOR
auth:hasPermission displayByRole:Editor ;
.
auth:SELF_EDITOR
@ -116,6 +126,11 @@ auth:SELF_EDITOR
# permissions for ANY user, even if they are not logged in.
auth:hasPermission simplePermission:QueryFullModel ;
# role-based permissions for SELF_EDITOR
# For role-based display, SelfEditor is like Public.
# SelfEditor uses its special permissions to edit/display its own values.
auth:hasPermission displayByRole:Public ;
.
auth:PUBLIC
@ -125,4 +140,7 @@ auth:PUBLIC
# permissions for ANY user, even if they are not logged in.
auth:hasPermission simplePermission:QueryFullModel ;
# role-based permissions for PUBLIC
auth:hasPermission displayByRole:Public ;
.

5
webapp/web/WEB-INF/resources/startup_listeners.txt
View file

@ -46,7 +46,8 @@ edu.cornell.mannlib.vitro.webapp.auth.policy.RootUserPolicy$Setup
edu.cornell.mannlib.vitro.webapp.auth.policy.RestrictHomeMenuItemEditingPolicy$Setup
# The Solr index uses a "public" filter, so the PropertyRestrictionPolicyHelper must already be set up.
# The Solr index uses a "public" permission, so the PropertyRestrictionPolicyHelper
# and the PermissionRegistry must already be set up.
edu.cornell.mannlib.vitro.webapp.search.solr.SolrSetup
edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerSetup
@ -54,6 +55,8 @@ edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerSetup
# On shutdown, this will kill the background thread started by Apache Commons File Upload
org.apache.commons.fileupload.servlet.FileCleanerCleanup
# The VClassGroupCache index uses a "public" permission, so the PropertyRestrictionPolicyHelper
# and the PermissionRegistry must already be set up.
edu.cornell.mannlib.vitro.webapp.dao.jena.VClassGroupCache$Setup
# This should be near the end, because it will issue a warning if the connection to Solr times out.