litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-3523 Create the DisplayByRolePermission, so we can use the PermissionsPolicy instead of DisplayRestrictedDataByRoleLevelPolicy, and these display restrictions can be assigned to arbitrary PermissionSets.

Browse source
This commit is contained in:
j2blake 2012-01-06 21:58:16 +00:00
parent 6bd7e4bb7b
commit ffafc5f3e0
8 changed files with 305 additions and 190 deletions
Download patch file Download diff file Expand all files Collapse all files

18
webapp/web/WEB-INF/resources/permission_config.n3
View file

@ -3,6 +3,7 @@
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#> .
@prefix simplePermission: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#> .
@prefix displayByRole: <java:edu.cornell.mannlib.vitro.webapp.auth.permissions.DisplayByRolePermission#> .
auth:ADMIN
a auth:PermissionSet ;
@ -45,6 +46,9 @@ auth:ADMIN
# permissions for ANY user, even if they are not logged in.
auth:hasPermission simplePermission:QueryFullModel ;
# role-based permissions for ADMIN
auth:hasPermission displayByRole:Admin ;
.
auth:CURATOR
@ -76,6 +80,9 @@ auth:CURATOR
# permissions for ANY user, even if they are not logged in.
auth:hasPermission simplePermission:QueryFullModel ;
# role-based permissions for CURATOR
auth:hasPermission displayByRole:Curator ;
.
auth:EDITOR
@ -99,6 +106,9 @@ auth:EDITOR
# permissions for ANY user, even if they are not logged in.
auth:hasPermission simplePermission:QueryFullModel ;
# role-based permissions for EDITOR
auth:hasPermission displayByRole:Editor ;
.
auth:SELF_EDITOR
@ -116,6 +126,11 @@ auth:SELF_EDITOR
# permissions for ANY user, even if they are not logged in.
auth:hasPermission simplePermission:QueryFullModel ;
# role-based permissions for SELF_EDITOR
# For role-based display, SelfEditor is like Public.
# SelfEditor uses its special permissions to edit/display its own values.
auth:hasPermission displayByRole:Public ;
.
auth:PUBLIC
@ -125,4 +140,7 @@ auth:PUBLIC
# permissions for ANY user, even if they are not logged in.
auth:hasPermission simplePermission:QueryFullModel ;
# role-based permissions for PUBLIC
auth:hasPermission displayByRole:Public ;
.