diff --git a/src/edu/cornell/mannlib/vivo/auth/policy/AdvisingRelationshipChecker.java b/src/edu/cornell/mannlib/vivo/auth/policy/AdvisingRelationshipChecker.java new file mode 100644 index 00000000..a75f5c38 --- /dev/null +++ b/src/edu/cornell/mannlib/vivo/auth/policy/AdvisingRelationshipChecker.java @@ -0,0 +1,57 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vivo.auth.policy; + +import java.util.List; + +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; +import edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships.RelationshipChecker; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractPropertyStatementAction; + +/** + * Does the requested action involve a change to an Advising Relationship that the self-editor + * is authorized to modify? + */ +public class AdvisingRelationshipChecker extends RelationshipChecker { + private static final String NS_CORE = "http://vivoweb.org/ontology/core#"; + private static final String URI_ADVISING_RELATIONSHIP_TYPE = NS_CORE + + "AdvisingRelationship"; + private static final String URI_ADVISOR_PROPERTY = NS_CORE + "advisor"; + + private final String[] resourceUris; + + public AdvisingRelationshipChecker(AbstractPropertyStatementAction action) { + super(action.getOntModel()); + this.resourceUris = action.getResourceUris(); + } + + /** + * A self-editor is authorized to add, edit, or delete a statement if the + * subject or object refers to an Advising Relationship, and if the self-editor: + * + * 1) is an Advisor in that Relationship + */ + public PolicyDecision isAuthorized(List userUris) { + for (String resourceUri : resourceUris) { + if (isAdvisingRelationship(resourceUri)) { + if (anyUrisInCommon(userUris, getUrisOfAdvisors(resourceUri))) { + return authorizedAdvisor(resourceUri); + } + } + } + return null; + } + + private boolean isAdvisingRelationship(String resourceUri) { + return isResourceOfType(resourceUri, URI_ADVISING_RELATIONSHIP_TYPE); + } + + private List getUrisOfAdvisors(String resourceUri) { + return getObjectsOfProperty(resourceUri, URI_ADVISOR_PROPERTY); + } + + private PolicyDecision authorizedAdvisor(String resourceUri) { + return authorizedDecision("User is an Advisor of " + resourceUri); + } + +} diff --git a/src/edu/cornell/mannlib/vivo/auth/policy/CourseChecker.java b/src/edu/cornell/mannlib/vivo/auth/policy/CourseChecker.java new file mode 100644 index 00000000..e952ef94 --- /dev/null +++ b/src/edu/cornell/mannlib/vivo/auth/policy/CourseChecker.java @@ -0,0 +1,60 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vivo.auth.policy; + +import java.util.List; + +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; +import edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships.RelationshipChecker; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractPropertyStatementAction; + +/** + * Does the requested action involve a change to a Course that the self-editor + * is authorized to modify? + */ +public class CourseChecker extends RelationshipChecker { + private static final String NS_CORE = "http://vivoweb.org/ontology/core#"; + private static final String URI_COURSE_TYPE = NS_CORE + "Course"; + private static final String URI_RELATED_ROLE_PROPERTY = NS_CORE + + "relatedRole"; + private static final String URI_TEACHER_ROLE_OF_PROPERTY = NS_CORE + + "teacherRoleOf"; + + private final String[] resourceUris; + + public CourseChecker(AbstractPropertyStatementAction action) { + super(action.getOntModel()); + this.resourceUris = action.getResourceUris(); + } + + /** + * A self-editor is authorized to add, edit, or delete a statement if the + * subject or object refers to a Course, and if the self-editor: + * + * 1) is a Teacher of that Course + */ + public PolicyDecision isAuthorized(List userUris) { + for (String resourceUri : resourceUris) { + if (isCourse(resourceUri)) { + if (anyUrisInCommon(userUris, getUrisOfTeachers(resourceUri))) { + return authorizedTeacher(resourceUri); + } + } + } + return null; + } + + private boolean isCourse(String resourceUri) { + return isResourceOfType(resourceUri, URI_COURSE_TYPE); + } + + private List getUrisOfTeachers(String resourceUri) { + return getObjectsOfLinkedProperty(resourceUri, + URI_RELATED_ROLE_PROPERTY, URI_TEACHER_ROLE_OF_PROPERTY); + } + + private PolicyDecision authorizedTeacher(String resourceUri) { + return authorizedDecision("User is a Teacher of " + resourceUri); + } + +} diff --git a/src/edu/cornell/mannlib/vivo/auth/policy/GrantChecker.java b/src/edu/cornell/mannlib/vivo/auth/policy/GrantChecker.java new file mode 100644 index 00000000..365175d8 --- /dev/null +++ b/src/edu/cornell/mannlib/vivo/auth/policy/GrantChecker.java @@ -0,0 +1,82 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vivo.auth.policy; + +import java.util.List; + +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; +import edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships.RelationshipChecker; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractPropertyStatementAction; + +/** + * Does the requested action involve a change to a Grant that the self-editor is + * authorized to modify? + */ +public class GrantChecker extends RelationshipChecker { + private static final String NS_CORE = "http://vivoweb.org/ontology/core#"; + private static final String URI_GRANT_TYPE = NS_CORE + "Grant"; + private static final String URI_RELATED_ROLE_PROPERTY = NS_CORE + + "relatedRole"; + private static final String URI_PRINCIPAL_INVESTIGATOR_OF_PROPERTY = NS_CORE + + "principalInvestigatorRoleOf"; + private static final String URI_CO_PRINCIPAL_INVESTIGATOR_OF_PROPERTY = NS_CORE + + "co-PrincipalInvestigatorRoleOf"; + + private final String[] resourceUris; + + public GrantChecker(AbstractPropertyStatementAction action) { + super(action.getOntModel()); + this.resourceUris = action.getResourceUris(); + } + + /** + * A self-editor is authorized to add, edit, or delete a statement if the + * subject or object refers to a Grant, and if the self-editor: + * + * 1) is a Principal Investigator (PI) of that Grant, or + * + * 2) is a co-Principal Investigator (co-PI) of that Grant + */ + public PolicyDecision isAuthorized(List userUris) { + for (String resourceUri : resourceUris) { + if (isGrant(resourceUri)) { + if (anyUrisInCommon(userUris, + getUrisOfPrincipalInvestigators(resourceUri))) { + return authorizedPI(resourceUri); + } + if (anyUrisInCommon(userUris, + getUrisOfCoPrincipalInvestigators(resourceUri))) { + return authorizedCoPI(resourceUri); + } + } + } + return null; + } + + private boolean isGrant(String resourceUri) { + return isResourceOfType(resourceUri, URI_GRANT_TYPE); + } + + private List getUrisOfPrincipalInvestigators(String resourceUri) { + return getObjectsOfLinkedProperty(resourceUri, + URI_RELATED_ROLE_PROPERTY, + URI_PRINCIPAL_INVESTIGATOR_OF_PROPERTY); + } + + private List getUrisOfCoPrincipalInvestigators(String resourceUri) { + return getObjectsOfLinkedProperty(resourceUri, + URI_RELATED_ROLE_PROPERTY, + URI_CO_PRINCIPAL_INVESTIGATOR_OF_PROPERTY); + } + + private PolicyDecision authorizedPI(String resourceUri) { + return authorizedDecision("User is Principal Investigator of " + + resourceUri); + } + + private PolicyDecision authorizedCoPI(String resourceUri) { + return authorizedDecision("User is Co-Principal Investigator of " + + resourceUri); + } + +} diff --git a/src/edu/cornell/mannlib/vivo/auth/policy/InformationResourceChecker.java b/src/edu/cornell/mannlib/vivo/auth/policy/InformationResourceChecker.java new file mode 100644 index 00000000..3f31816d --- /dev/null +++ b/src/edu/cornell/mannlib/vivo/auth/policy/InformationResourceChecker.java @@ -0,0 +1,94 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vivo.auth.policy; + +import java.util.List; + +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; +import edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships.RelationshipChecker; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractPropertyStatementAction; + +/** + * Does the requested action involve a change to an Information Resource that + * the self-editor is authorized to modify? + */ +public class InformationResourceChecker extends RelationshipChecker { + private static final String NS_CORE = "http://vivoweb.org/ontology/core#"; + private static final String URI_INFORMATION_RESOURCE_TYPE = NS_CORE + + "InformationResource"; + private static final String URI_EDITOR_PROPERTY = "http://purl.org/ontology/bibo/editor"; + private static final String URI_FEATURES_PROPERTY = NS_CORE + "features"; + private static final String URI_IN_AUTHORSHIP_PROPERTY = NS_CORE + + "informationResourceInAuthorship"; + private static final String URI_LINKED_AUTHOR_PROPERTY = NS_CORE + + "linkedAuthor"; + + private final String[] resourceUris; + + public InformationResourceChecker(AbstractPropertyStatementAction action) { + super(action.getOntModel()); + this.resourceUris = action.getResourceUris(); + } + + /** + * A self-editor is authorized to add, edit, or delete a statement if the + * subject or object refers to an Information Resource, and if the + * self-editor: + * + * 1) is an Author of that Information Resource + * + * 2) is an Editor of that Information Resource, or + * + * 3) is Featured in that Information Resource. + */ + public PolicyDecision isAuthorized(List userUris) { + for (String resourceUri : resourceUris) { + if (isInformationResource(resourceUri)) { + if (anyUrisInCommon(userUris, getUrisOfEditors(resourceUri))) { + return authorizedEditor(resourceUri); + } + if (anyUrisInCommon(userUris, getUrisOfAuthors(resourceUri))) { + return authorizedAuthor(resourceUri); + } + if (anyUrisInCommon(userUris, getUrisOfFeatured(resourceUri))) { + return authorizedFeatured(resourceUri); + } + } + } + return null; + } + + // ---------------------------------------------------------------------- + // methods for InformationResource + // ---------------------------------------------------------------------- + + private boolean isInformationResource(String resourceUri) { + return isResourceOfType(resourceUri, URI_INFORMATION_RESOURCE_TYPE); + } + + private List getUrisOfEditors(String resourceUri) { + return getObjectsOfProperty(resourceUri, URI_EDITOR_PROPERTY); + } + + private List getUrisOfFeatured(String resourceUri) { + return getObjectsOfProperty(resourceUri, URI_FEATURES_PROPERTY); + } + + private List getUrisOfAuthors(String resourceUri) { + return getObjectsOfLinkedProperty(resourceUri, + URI_IN_AUTHORSHIP_PROPERTY, URI_LINKED_AUTHOR_PROPERTY); + } + + private PolicyDecision authorizedEditor(String uri) { + return authorizedDecision("User is an editor of " + uri); + } + + private PolicyDecision authorizedAuthor(String uri) { + return authorizedDecision("User is author of " + uri); + } + + private PolicyDecision authorizedFeatured(String uri) { + return authorizedDecision("User is featured in " + uri); + } + +} diff --git a/src/edu/cornell/mannlib/vivo/auth/policy/PresentationChecker.java b/src/edu/cornell/mannlib/vivo/auth/policy/PresentationChecker.java new file mode 100644 index 00000000..662b7604 --- /dev/null +++ b/src/edu/cornell/mannlib/vivo/auth/policy/PresentationChecker.java @@ -0,0 +1,61 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vivo.auth.policy; + +import java.util.List; + +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; +import edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships.RelationshipChecker; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractPropertyStatementAction; + +/** + * Does the requested action involve a change to a Presentation that the + * self-editor is authorized to modify? + */ +public class PresentationChecker extends RelationshipChecker { + private static final String NS_CORE = "http://vivoweb.org/ontology/core#"; + private static final String URI_PRESENTATION_TYPE = NS_CORE + + "Presentation"; + private static final String URI_RELATED_ROLE_PROPERTY = NS_CORE + + "relatedRole"; + private static final String URI_PRESENTER_ROLE_OF_PROPERTY = NS_CORE + + "presenterRoleOf"; + + private final String[] resourceUris; + + public PresentationChecker(AbstractPropertyStatementAction action) { + super(action.getOntModel()); + this.resourceUris = action.getResourceUris(); + } + + /** + * A self-editor is authorized to add, edit, or delete a statement if the + * subject or object refers to a Presentation, and if the self-editor: + * + * 1) is a Presenter of that Presentation + */ + public PolicyDecision isAuthorized(List userUris) { + for (String resourceUri : resourceUris) { + if (isPresentation(resourceUri)) { + if (anyUrisInCommon(userUris, getUrisOfPresenters(resourceUri))) { + return authorizedPresenter(resourceUri); + } + } + } + return null; + } + + private boolean isPresentation(String resourceUri) { + return isResourceOfType(resourceUri, URI_PRESENTATION_TYPE); + } + + private List getUrisOfPresenters(String resourceUri) { + return getObjectsOfLinkedProperty(resourceUri, + URI_RELATED_ROLE_PROPERTY, URI_PRESENTER_ROLE_OF_PROPERTY); + } + + private PolicyDecision authorizedPresenter(String resourceUri) { + return authorizedDecision("User is a Presenter of " + resourceUri); + } + +} diff --git a/src/edu/cornell/mannlib/vivo/auth/policy/ProjectOrServiceChecker.java b/src/edu/cornell/mannlib/vivo/auth/policy/ProjectOrServiceChecker.java new file mode 100644 index 00000000..3f2e9dcd --- /dev/null +++ b/src/edu/cornell/mannlib/vivo/auth/policy/ProjectOrServiceChecker.java @@ -0,0 +1,67 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vivo.auth.policy; + +import java.util.List; + +import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; +import edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships.RelationshipChecker; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractPropertyStatementAction; + +/** + * Does the requested action involve a change to a Project or Service that the + * self-editor is authorized to modify? + */ +public class ProjectOrServiceChecker extends RelationshipChecker { + private static final String NS_CORE = "http://vivoweb.org/ontology/core#"; + private static final String URI_PROJECT_TYPE = NS_CORE + "Project"; + private static final String URI_SERVICE_TYPE = NS_CORE + "Service"; + private static final String URI_RELATED_ROLE_PROPERTY = NS_CORE + + "relatedRole"; + private static final String URI_CLINICAL_ROLE_OF_PROPERTY = NS_CORE + + "clinicalRoleOf"; + + private final String[] resourceUris; + + public ProjectOrServiceChecker(AbstractPropertyStatementAction action) { + super(action.getOntModel()); + this.resourceUris = action.getResourceUris(); + } + + /** + * A self-editor is authorized to add, edit, or delete a statement if the + * subject or object refers to a Project or a Service, and if the + * self-editor: + * + * 1) is a Clinical Agent of that Project or Service + */ + public PolicyDecision isAuthorized(List userUris) { + for (String resourceUri : resourceUris) { + if (isProject(resourceUri) || isService(resourceUri)) { + if (anyUrisInCommon(userUris, + getUrisOfClinicalAgents(resourceUri))) { + return authorizedClinicalAgent(resourceUri); + } + } + } + return null; + } + + private boolean isProject(String resourceUri) { + return isResourceOfType(resourceUri, URI_PROJECT_TYPE); + } + + private boolean isService(String resourceUri) { + return isResourceOfType(resourceUri, URI_SERVICE_TYPE); + } + + private List getUrisOfClinicalAgents(String resourceUri) { + return getObjectsOfLinkedProperty(resourceUri, + URI_RELATED_ROLE_PROPERTY, URI_CLINICAL_ROLE_OF_PROPERTY); + } + + private PolicyDecision authorizedClinicalAgent(String resourceUri) { + return authorizedDecision("User has a Clinical Role on " + resourceUri); + } + +} diff --git a/src/edu/cornell/mannlib/vivo/auth/policy/SelfEditorRelationshipPolicy.java b/src/edu/cornell/mannlib/vivo/auth/policy/SelfEditorRelationshipPolicy.java index 5db7d567..862c5fa9 100644 --- a/src/edu/cornell/mannlib/vivo/auth/policy/SelfEditorRelationshipPolicy.java +++ b/src/edu/cornell/mannlib/vivo/auth/policy/SelfEditorRelationshipPolicy.java @@ -12,8 +12,6 @@ import javax.servlet.ServletContextListener; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import com.hp.hpl.jena.ontology.OntModel; - import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasAssociatedIndividual; import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; @@ -21,8 +19,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships.AbstractRelationshipPolicy; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyStatementAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractPropertyStatementAction; /** * Permit self-editors to edit the properties of classes with which they share a @@ -43,156 +40,71 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractOb * NOTE: This could be further generalized by building a list of authorizing * relationships, where each relationship may specify a type of object, a * relating property (or chain of properties), and a text message describing the - * relationship (to be used in the decision). We could go even farther and drive - * this from an XML config file, so site administrators could configure it - * themselves. A great tool for this is the one used to process the Tomcat - * server.xml file, see http://commons.apache.org/digester/ + * relationship (to be used in the decision). */ public class SelfEditorRelationshipPolicy extends AbstractRelationshipPolicy implements PolicyIface { private static final Log log = LogFactory .getLog(SelfEditorRelationshipPolicy.class); - private static final String NS_CORE = "http://vivoweb.org/ontology/core#"; - private static final String URI_INFORMATION_RESOURCE_TYPE = NS_CORE - + "InformationResource"; - private static final String URI_EDITOR_PROPERTY = "http://purl.org/ontology/bibo/editor"; - private static final String URI_FEATURES_PROPERTY = NS_CORE + "features"; - private static final String URI_IN_AUTHORSHIP_PROPERTY = NS_CORE - + "informationResourceInAuthorship"; - private static final String URI_LINKED_AUTHOR_PROPERTY = NS_CORE - + "linkedAuthor"; - - private static final String URI_GRANT_TYPE = NS_CORE + "Grant"; - private static final String URI_RELATED_ROLE_PROPERTY = NS_CORE - + "relatedRole"; - private static final String URI_PRINCIPAL_INVESTIGATOR_OF_PROPERTY = NS_CORE - + "principalInvestigatorRoleOf"; - private static final String URI_CO_PRINCIPAL_INVESTIGATOR_OF_PROPERTY = NS_CORE - + "co-PrincipalInvestigatorRoleOf"; - - private static final String URI_PROJECT_TYPE = NS_CORE + "Project"; - private static final String URI_SERVICE_TYPE = NS_CORE + "Service"; - private static final String URI_CLINICAL_ROLE_OF_PROPERTY = NS_CORE - + "clinicalRoleOf"; - - private static final String URI_PRESENTATION_TYPE = NS_CORE - + "Presentation"; - private static final String URI_PRESENTER_ROLE_OF_PROPERTY = NS_CORE - + "presenterRoleOf"; - - private static final String URI_COURSE_TYPE = NS_CORE + "Course"; - private static final String URI_TEACHER_ROLE_OF_PROPERTY = NS_CORE - + "teacherRoleOf"; - - private static final String URI_ADVISING_RELATIONSHIP_TYPE = NS_CORE - + "AdvisingRelationship"; - private static final String URI_ADVISOR_PROPERTY = NS_CORE + "advisor"; - - public SelfEditorRelationshipPolicy(ServletContext ctx, OntModel model) { - super(ctx, model); + public SelfEditorRelationshipPolicy(ServletContext ctx) { + super(ctx); } @Override public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, RequestedAction whatToAuth) { - PolicyDecision decision = null; - if (whatToAuth == null) { - decision = inconclusiveDecision("whatToAuth was null"); - } else if (whatToAuth instanceof AbstractDataPropertyStatementAction) { - decision = isAuthorized(whoToAuth, - distill((AbstractDataPropertyStatementAction) whatToAuth)); - } else if (whatToAuth instanceof AbstractObjectPropertyStatementAction) { - decision = isAuthorized(whoToAuth, - distill((AbstractObjectPropertyStatementAction) whatToAuth)); - } else { - decision = inconclusiveDecision("Does not authorize " + return inconclusiveDecision("whatToAuth was null"); + } + + if (!(whatToAuth instanceof AbstractPropertyStatementAction)) { + return inconclusiveDecision("Does not authorize " + whatToAuth.getClass().getSimpleName() + " actions"); } + AbstractPropertyStatementAction action = (AbstractPropertyStatementAction) whatToAuth; - if (decision == null) { - return userNotAuthorizedToStatement(); - } else { - return decision; - } - } - - private DistilledAction distill(AbstractDataPropertyStatementAction action) { - return new DistilledAction(action.getPredicateUri(), - action.getSubjectUri()); - } - - private DistilledAction distill(AbstractObjectPropertyStatementAction action) { - return new DistilledAction(action.getPredicateUri(), - action.getSubjectUri(), action.getObjectUri()); - } - - private PolicyDecision isAuthorized(IdentifierBundle ids, - DistilledAction action) { List userUris = new ArrayList( - HasAssociatedIndividual.getIndividualUris(ids)); - + HasAssociatedIndividual.getIndividualUris(whoToAuth)); if (userUris.isEmpty()) { return inconclusiveDecision("Not self-editing."); } - if (!canModifyPredicate(action.predicateUri)) { - return cantModifyPredicate(action.predicateUri); + if (!canModifyPredicate(action.getPredicateUri())) { + return cantModifyPredicate(action.getPredicateUri()); } - for (String resourceUri : action.resourceUris) { + for (String resourceUri : action.getResourceUris()) { if (!canModifyResource(resourceUri)) { return cantModifyResource(resourceUri); } } - for (String resourceUri : action.resourceUris) { - if (isInformationResource(resourceUri)) { - if (anyUrisInCommon(userUris, getUrisOfEditors(resourceUri))) { - return authorizedEditor(resourceUri); - } - if (anyUrisInCommon(userUris, getUrisOfAuthors(resourceUri))) { - return authorizedAuthor(resourceUri); - } - if (anyUrisInCommon(userUris, getUrisOfFeatured(resourceUri))) { - return authorizedFeatured(resourceUri); - } - } - if (isGrant(resourceUri)) { - if (anyUrisInCommon(userUris, - getUrisOfPrincipalInvestigators(resourceUri))) { - return authorizedPI(resourceUri); - } - if (anyUrisInCommon(userUris, - getUrisOfCoPrincipalInvestigators(resourceUri))) { - return authorizedCoPI(resourceUri); - } - } - if (isProject(resourceUri) || isService(resourceUri)) { - if (anyUrisInCommon(userUris, - getUrisOfClinicalAgents(resourceUri))) { - return authorizedClinicalAgent(resourceUri); - } - } - if (isPresentation(resourceUri)) { - if (anyUrisInCommon(userUris, getUrisOfPresenters(resourceUri))) { - return authorizedPresenter(resourceUri); - } - } - if (isCourse(resourceUri)) { - if (anyUrisInCommon(userUris, getUrisOfTeachers(resourceUri))) { - return authorizedTeacher(resourceUri); - } - } - if (isAdvisingRelationship(resourceUri)) { - if (anyUrisInCommon(userUris, getUrisOfAdvisors(resourceUri))) { - return authorizedAdvisor(resourceUri); - } - } - } + return checkRelationships(userUris, action); + } - return userNotAuthorizedToStatement(); + private PolicyDecision checkRelationships(List userUris, + AbstractPropertyStatementAction action) { + + PolicyDecision decision = new InformationResourceChecker(action) + .isAuthorized(userUris); + if (decision == null) { + decision = new GrantChecker(action).isAuthorized(userUris); + } + if (decision == null) { + decision = new ProjectOrServiceChecker(action) + .isAuthorized(userUris); + } + if (decision == null) { + decision = new PresentationChecker(action).isAuthorized(userUris); + } + if (decision == null) { + decision = new CourseChecker(action).isAuthorized(userUris); + } + if (decision == null) { + decision = userNotAuthorizedToStatement(); + } + return decision; } @Override @@ -202,158 +114,10 @@ public class SelfEditorRelationshipPolicy extends AbstractRelationshipPolicy + hashCode(); } - // ---------------------------------------------------------------------- - // methods for InformationResource - // ---------------------------------------------------------------------- - - private boolean isInformationResource(String resourceUri) { - return isResourceOfType(resourceUri, URI_INFORMATION_RESOURCE_TYPE); - } - - private List getUrisOfEditors(String resourceUri) { - return getObjectsOfProperty(resourceUri, URI_EDITOR_PROPERTY); - } - - private List getUrisOfFeatured(String resourceUri) { - return getObjectsOfProperty(resourceUri, URI_FEATURES_PROPERTY); - } - - private List getUrisOfAuthors(String resourceUri) { - return getObjectsOfLinkedProperty(resourceUri, - URI_IN_AUTHORSHIP_PROPERTY, URI_LINKED_AUTHOR_PROPERTY); - } - - private PolicyDecision authorizedEditor(String uri) { - return authorizedDecision("User is an editor of " + uri); - } - - private PolicyDecision authorizedAuthor(String uri) { - return authorizedDecision("User is author of " + uri); - } - - private PolicyDecision authorizedFeatured(String uri) { - return authorizedDecision("User is featured in " + uri); - } - - // ---------------------------------------------------------------------- - // methods for Grant - // ---------------------------------------------------------------------- - - private boolean isGrant(String resourceUri) { - return isResourceOfType(resourceUri, URI_GRANT_TYPE); - } - - private List getUrisOfPrincipalInvestigators(String resourceUri) { - return getObjectsOfLinkedProperty(resourceUri, - URI_RELATED_ROLE_PROPERTY, - URI_PRINCIPAL_INVESTIGATOR_OF_PROPERTY); - } - - private List getUrisOfCoPrincipalInvestigators(String resourceUri) { - return getObjectsOfLinkedProperty(resourceUri, - URI_RELATED_ROLE_PROPERTY, - URI_CO_PRINCIPAL_INVESTIGATOR_OF_PROPERTY); - } - - private PolicyDecision authorizedPI(String resourceUri) { - return authorizedDecision("User is Principal Investigator of " - + resourceUri); - } - - private PolicyDecision authorizedCoPI(String resourceUri) { - return authorizedDecision("User is Co-Principal Investigator of " - + resourceUri); - } - - // ---------------------------------------------------------------------- - // methods for Project or Service - // ---------------------------------------------------------------------- - - private boolean isProject(String resourceUri) { - return isResourceOfType(resourceUri, URI_PROJECT_TYPE); - } - - private boolean isService(String resourceUri) { - return isResourceOfType(resourceUri, URI_SERVICE_TYPE); - } - - private List getUrisOfClinicalAgents(String resourceUri) { - return getObjectsOfLinkedProperty(resourceUri, - URI_RELATED_ROLE_PROPERTY, URI_CLINICAL_ROLE_OF_PROPERTY); - } - - private PolicyDecision authorizedClinicalAgent(String resourceUri) { - return authorizedDecision("User has a Clinical Role on " + resourceUri); - } - - // ---------------------------------------------------------------------- - // methods for Presentation - // ---------------------------------------------------------------------- - - private boolean isPresentation(String resourceUri) { - return isResourceOfType(resourceUri, URI_PRESENTATION_TYPE); - } - - private List getUrisOfPresenters(String resourceUri) { - return getObjectsOfLinkedProperty(resourceUri, - URI_RELATED_ROLE_PROPERTY, URI_PRESENTER_ROLE_OF_PROPERTY); - } - - private PolicyDecision authorizedPresenter(String resourceUri) { - return authorizedDecision("User is a Presenter of " + resourceUri); - } - - // ---------------------------------------------------------------------- - // methods for Course - // ---------------------------------------------------------------------- - - private boolean isCourse(String resourceUri) { - return isResourceOfType(resourceUri, URI_COURSE_TYPE); - } - - private List getUrisOfTeachers(String resourceUri) { - return getObjectsOfLinkedProperty(resourceUri, - URI_RELATED_ROLE_PROPERTY, URI_TEACHER_ROLE_OF_PROPERTY); - } - - private PolicyDecision authorizedTeacher(String resourceUri) { - return authorizedDecision("User is a Teacher of " + resourceUri); - } - - // ---------------------------------------------------------------------- - // methods for AdvisingRelationship - // ---------------------------------------------------------------------- - - private boolean isAdvisingRelationship(String resourceUri) { - return isResourceOfType(resourceUri, URI_ADVISING_RELATIONSHIP_TYPE); - } - - private List getUrisOfAdvisors(String resourceUri) { - return getObjectsOfProperty(resourceUri, URI_ADVISOR_PROPERTY); - } - - private PolicyDecision authorizedAdvisor(String resourceUri) { - return authorizedDecision("User is an Advisor of " + resourceUri); - } - // ---------------------------------------------------------------------- // helper classes // ---------------------------------------------------------------------- - /** - * This allows us to treat data properties and object properties the same. - * It's just that object properties have more resourceUris. - */ - static class DistilledAction { - final String[] resourceUris; - final String predicateUri; - - public DistilledAction(String predicateUri, String... resourceUris) { - this.resourceUris = resourceUris; - this.predicateUri = predicateUri; - } - } - /** * When the system starts up, install the policy. This class must be a * listener in web.xml @@ -365,11 +129,8 @@ public class SelfEditorRelationshipPolicy extends AbstractRelationshipPolicy public void contextInitialized(ServletContextEvent sce) { ServletContext ctx = sce.getServletContext(); - OntModel ontModel = (OntModel) sce.getServletContext() - .getAttribute("jenaOntModel"); - ServletPolicyList.addPolicy(ctx, new SelfEditorRelationshipPolicy( - ctx, ontModel)); + ctx)); } @Override diff --git a/test/edu/cornell/mannlib/vivo/auth/policy/SelfEditorRelationshipPolicyTest.java b/test/edu/cornell/mannlib/vivo/auth/policy/SelfEditorRelationshipPolicyTest.java index 5fe7d939..2abd52d6 100644 --- a/test/edu/cornell/mannlib/vivo/auth/policy/SelfEditorRelationshipPolicyTest.java +++ b/test/edu/cornell/mannlib/vivo/auth/policy/SelfEditorRelationshipPolicyTest.java @@ -122,7 +122,7 @@ public class SelfEditorRelationshipPolicyTest extends AbstractTestClass { .getInstance(new String[] { NS_RESTRICTED }); PropertyRestrictionPolicyHelper.setBean(ctx, prph); - policy = new SelfEditorRelationshipPolicy(ctx, ontModel); + policy = new SelfEditorRelationshipPolicy(ctx); } private IdentifierBundle idNobody;