litvinovg/vivo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-3404 Restructure the SelfEditorRelationshipPolicy to use the model in the RequestedAction, instead of a model assigned at system startup time. Also, break out the logic into separate RelationshipChecker objects, for easier maintenance.

Browse source
This commit is contained in:
j2blake 2012-04-03 16:13:38 +00:00
parent 671c6214c4
commit 6695832257
8 changed files with 461 additions and 279 deletions
Download patch file Download diff file Expand all files Collapse all files

57
src/edu/cornell/mannlib/vivo/auth/policy/AdvisingRelationshipChecker.java Normal file
View file

@ -0,0 +1,57 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vivo.auth.policy;
import java.util.List;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships.RelationshipChecker;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractPropertyStatementAction;
/**
* Does the requested action involve a change to an Advising Relationship that the self-editor
* is authorized to modify?
*/
public class AdvisingRelationshipChecker extends RelationshipChecker {
private static final String NS_CORE = "http://vivoweb.org/ontology/core#";
private static final String URI_ADVISING_RELATIONSHIP_TYPE = NS_CORE
+ "AdvisingRelationship";
private static final String URI_ADVISOR_PROPERTY = NS_CORE + "advisor";
private final String[] resourceUris;
public AdvisingRelationshipChecker(AbstractPropertyStatementAction action) {
super(action.getOntModel());
this.resourceUris = action.getResourceUris();
}
/**
* A self-editor is authorized to add, edit, or delete a statement if the
* subject or object refers to an Advising Relationship, and if the self-editor:
*
* 1) is an Advisor in that Relationship
*/
public PolicyDecision isAuthorized(List<String> userUris) {
for (String resourceUri : resourceUris) {
if (isAdvisingRelationship(resourceUri)) {
if (anyUrisInCommon(userUris, getUrisOfAdvisors(resourceUri))) {
return authorizedAdvisor(resourceUri);
}
}
}
return null;
}
private boolean isAdvisingRelationship(String resourceUri) {
return isResourceOfType(resourceUri, URI_ADVISING_RELATIONSHIP_TYPE);
}
private List<String> getUrisOfAdvisors(String resourceUri) {
return getObjectsOfProperty(resourceUri, URI_ADVISOR_PROPERTY);
}
private PolicyDecision authorizedAdvisor(String resourceUri) {
return authorizedDecision("User is an Advisor of " + resourceUri);
}
}

60
src/edu/cornell/mannlib/vivo/auth/policy/CourseChecker.java Normal file
View file

@ -0,0 +1,60 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vivo.auth.policy;
import java.util.List;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships.RelationshipChecker;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractPropertyStatementAction;
/**
* Does the requested action involve a change to a Course that the self-editor
* is authorized to modify?
*/
public class CourseChecker extends RelationshipChecker {
private static final String NS_CORE = "http://vivoweb.org/ontology/core#";
private static final String URI_COURSE_TYPE = NS_CORE + "Course";
private static final String URI_RELATED_ROLE_PROPERTY = NS_CORE
+ "relatedRole";
private static final String URI_TEACHER_ROLE_OF_PROPERTY = NS_CORE
+ "teacherRoleOf";
private final String[] resourceUris;
public CourseChecker(AbstractPropertyStatementAction action) {
super(action.getOntModel());
this.resourceUris = action.getResourceUris();
}
/**
* A self-editor is authorized to add, edit, or delete a statement if the
* subject or object refers to a Course, and if the self-editor:
*
* 1) is a Teacher of that Course
*/
public PolicyDecision isAuthorized(List<String> userUris) {
for (String resourceUri : resourceUris) {
if (isCourse(resourceUri)) {
if (anyUrisInCommon(userUris, getUrisOfTeachers(resourceUri))) {
return authorizedTeacher(resourceUri);
}
}
}
return null;
}
private boolean isCourse(String resourceUri) {
return isResourceOfType(resourceUri, URI_COURSE_TYPE);
}
private List<String> getUrisOfTeachers(String resourceUri) {
return getObjectsOfLinkedProperty(resourceUri,
URI_RELATED_ROLE_PROPERTY, URI_TEACHER_ROLE_OF_PROPERTY);
}
private PolicyDecision authorizedTeacher(String resourceUri) {
return authorizedDecision("User is a Teacher of " + resourceUri);
}
}

82
src/edu/cornell/mannlib/vivo/auth/policy/GrantChecker.java Normal file
View file

@ -0,0 +1,82 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vivo.auth.policy;
import java.util.List;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships.RelationshipChecker;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractPropertyStatementAction;
/**
* Does the requested action involve a change to a Grant that the self-editor is
* authorized to modify?
*/
public class GrantChecker extends RelationshipChecker {
private static final String NS_CORE = "http://vivoweb.org/ontology/core#";
private static final String URI_GRANT_TYPE = NS_CORE + "Grant";
private static final String URI_RELATED_ROLE_PROPERTY = NS_CORE
+ "relatedRole";
private static final String URI_PRINCIPAL_INVESTIGATOR_OF_PROPERTY = NS_CORE
+ "principalInvestigatorRoleOf";
private static final String URI_CO_PRINCIPAL_INVESTIGATOR_OF_PROPERTY = NS_CORE
+ "co-PrincipalInvestigatorRoleOf";
private final String[] resourceUris;
public GrantChecker(AbstractPropertyStatementAction action) {
super(action.getOntModel());
this.resourceUris = action.getResourceUris();
}
/**
* A self-editor is authorized to add, edit, or delete a statement if the
* subject or object refers to a Grant, and if the self-editor:
*
* 1) is a Principal Investigator (PI) of that Grant, or
*
* 2) is a co-Principal Investigator (co-PI) of that Grant
*/
public PolicyDecision isAuthorized(List<String> userUris) {
for (String resourceUri : resourceUris) {
if (isGrant(resourceUri)) {
if (anyUrisInCommon(userUris,
getUrisOfPrincipalInvestigators(resourceUri))) {
return authorizedPI(resourceUri);
}
if (anyUrisInCommon(userUris,
getUrisOfCoPrincipalInvestigators(resourceUri))) {
return authorizedCoPI(resourceUri);
}
}
}
return null;
}
private boolean isGrant(String resourceUri) {
return isResourceOfType(resourceUri, URI_GRANT_TYPE);
}
private List<String> getUrisOfPrincipalInvestigators(String resourceUri) {
return getObjectsOfLinkedProperty(resourceUri,
URI_RELATED_ROLE_PROPERTY,
URI_PRINCIPAL_INVESTIGATOR_OF_PROPERTY);
}
private List<String> getUrisOfCoPrincipalInvestigators(String resourceUri) {
return getObjectsOfLinkedProperty(resourceUri,
URI_RELATED_ROLE_PROPERTY,
URI_CO_PRINCIPAL_INVESTIGATOR_OF_PROPERTY);
}
private PolicyDecision authorizedPI(String resourceUri) {
return authorizedDecision("User is Principal Investigator of "
+ resourceUri);
}
private PolicyDecision authorizedCoPI(String resourceUri) {
return authorizedDecision("User is Co-Principal Investigator of "
+ resourceUri);
}
}

94
src/edu/cornell/mannlib/vivo/auth/policy/InformationResourceChecker.java Normal file
View file

@ -0,0 +1,94 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vivo.auth.policy;
import java.util.List;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships.RelationshipChecker;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractPropertyStatementAction;
/**
* Does the requested action involve a change to an Information Resource that
* the self-editor is authorized to modify?
*/
public class InformationResourceChecker extends RelationshipChecker {
private static final String NS_CORE = "http://vivoweb.org/ontology/core#";
private static final String URI_INFORMATION_RESOURCE_TYPE = NS_CORE
+ "InformationResource";
private static final String URI_EDITOR_PROPERTY = "http://purl.org/ontology/bibo/editor";
private static final String URI_FEATURES_PROPERTY = NS_CORE + "features";
private static final String URI_IN_AUTHORSHIP_PROPERTY = NS_CORE
+ "informationResourceInAuthorship";
private static final String URI_LINKED_AUTHOR_PROPERTY = NS_CORE
+ "linkedAuthor";
private final String[] resourceUris;
public InformationResourceChecker(AbstractPropertyStatementAction action) {
super(action.getOntModel());
this.resourceUris = action.getResourceUris();
}
/**
* A self-editor is authorized to add, edit, or delete a statement if the
* subject or object refers to an Information Resource, and if the
* self-editor:
*
* 1) is an Author of that Information Resource
*
* 2) is an Editor of that Information Resource, or
*
* 3) is Featured in that Information Resource.
*/
public PolicyDecision isAuthorized(List<String> userUris) {
for (String resourceUri : resourceUris) {
if (isInformationResource(resourceUri)) {
if (anyUrisInCommon(userUris, getUrisOfEditors(resourceUri))) {
return authorizedEditor(resourceUri);
}
if (anyUrisInCommon(userUris, getUrisOfAuthors(resourceUri))) {
return authorizedAuthor(resourceUri);
}
if (anyUrisInCommon(userUris, getUrisOfFeatured(resourceUri))) {
return authorizedFeatured(resourceUri);
}
}
}
return null;
}
// ----------------------------------------------------------------------
// methods for InformationResource
// ----------------------------------------------------------------------
private boolean isInformationResource(String resourceUri) {
return isResourceOfType(resourceUri, URI_INFORMATION_RESOURCE_TYPE);
}
private List<String> getUrisOfEditors(String resourceUri) {
return getObjectsOfProperty(resourceUri, URI_EDITOR_PROPERTY);
}
private List<String> getUrisOfFeatured(String resourceUri) {
return getObjectsOfProperty(resourceUri, URI_FEATURES_PROPERTY);
}
private List<String> getUrisOfAuthors(String resourceUri) {
return getObjectsOfLinkedProperty(resourceUri,
URI_IN_AUTHORSHIP_PROPERTY, URI_LINKED_AUTHOR_PROPERTY);
}
private PolicyDecision authorizedEditor(String uri) {
return authorizedDecision("User is an editor of " + uri);
}
private PolicyDecision authorizedAuthor(String uri) {
return authorizedDecision("User is author of " + uri);
}
private PolicyDecision authorizedFeatured(String uri) {
return authorizedDecision("User is featured in " + uri);
}
}

61
src/edu/cornell/mannlib/vivo/auth/policy/PresentationChecker.java Normal file
View file

@ -0,0 +1,61 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vivo.auth.policy;
import java.util.List;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships.RelationshipChecker;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractPropertyStatementAction;
/**
* Does the requested action involve a change to a Presentation that the
* self-editor is authorized to modify?
*/
public class PresentationChecker extends RelationshipChecker {
private static final String NS_CORE = "http://vivoweb.org/ontology/core#";
private static final String URI_PRESENTATION_TYPE = NS_CORE
+ "Presentation";
private static final String URI_RELATED_ROLE_PROPERTY = NS_CORE
+ "relatedRole";
private static final String URI_PRESENTER_ROLE_OF_PROPERTY = NS_CORE
+ "presenterRoleOf";
private final String[] resourceUris;
public PresentationChecker(AbstractPropertyStatementAction action) {
super(action.getOntModel());
this.resourceUris = action.getResourceUris();
}
/**
* A self-editor is authorized to add, edit, or delete a statement if the
* subject or object refers to a Presentation, and if the self-editor:
*
* 1) is a Presenter of that Presentation
*/
public PolicyDecision isAuthorized(List<String> userUris) {
for (String resourceUri : resourceUris) {
if (isPresentation(resourceUri)) {
if (anyUrisInCommon(userUris, getUrisOfPresenters(resourceUri))) {
return authorizedPresenter(resourceUri);
}
}
}
return null;
}
private boolean isPresentation(String resourceUri) {
return isResourceOfType(resourceUri, URI_PRESENTATION_TYPE);
}
private List<String> getUrisOfPresenters(String resourceUri) {
return getObjectsOfLinkedProperty(resourceUri,
URI_RELATED_ROLE_PROPERTY, URI_PRESENTER_ROLE_OF_PROPERTY);
}
private PolicyDecision authorizedPresenter(String resourceUri) {
return authorizedDecision("User is a Presenter of " + resourceUri);
}
}

67
src/edu/cornell/mannlib/vivo/auth/policy/ProjectOrServiceChecker.java Normal file
View file

@ -0,0 +1,67 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vivo.auth.policy;
import java.util.List;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships.RelationshipChecker;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractPropertyStatementAction;
/**
* Does the requested action involve a change to a Project or Service that the
* self-editor is authorized to modify?
*/
public class ProjectOrServiceChecker extends RelationshipChecker {
private static final String NS_CORE = "http://vivoweb.org/ontology/core#";
private static final String URI_PROJECT_TYPE = NS_CORE + "Project";
private static final String URI_SERVICE_TYPE = NS_CORE + "Service";
private static final String URI_RELATED_ROLE_PROPERTY = NS_CORE
+ "relatedRole";
private static final String URI_CLINICAL_ROLE_OF_PROPERTY = NS_CORE
+ "clinicalRoleOf";
private final String[] resourceUris;
public ProjectOrServiceChecker(AbstractPropertyStatementAction action) {
super(action.getOntModel());
this.resourceUris = action.getResourceUris();
}
/**
* A self-editor is authorized to add, edit, or delete a statement if the
* subject or object refers to a Project or a Service, and if the
* self-editor:
*
* 1) is a Clinical Agent of that Project or Service
*/
public PolicyDecision isAuthorized(List<String> userUris) {
for (String resourceUri : resourceUris) {
if (isProject(resourceUri) || isService(resourceUri)) {
if (anyUrisInCommon(userUris,
getUrisOfClinicalAgents(resourceUri))) {
return authorizedClinicalAgent(resourceUri);
}
}
}
return null;
}
private boolean isProject(String resourceUri) {
return isResourceOfType(resourceUri, URI_PROJECT_TYPE);
}
private boolean isService(String resourceUri) {
return isResourceOfType(resourceUri, URI_SERVICE_TYPE);
}
private List<String> getUrisOfClinicalAgents(String resourceUri) {
return getObjectsOfLinkedProperty(resourceUri,
URI_RELATED_ROLE_PROPERTY, URI_CLINICAL_ROLE_OF_PROPERTY);
}
private PolicyDecision authorizedClinicalAgent(String resourceUri) {
return authorizedDecision("User has a Clinical Role on " + resourceUri);
}
}

315
src/edu/cornell/mannlib/vivo/auth/policy/SelfEditorRelationshipPolicy.java
View file

@ -12,8 +12,6 @@ import javax.servlet.ServletContextListener;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.ontology.OntModel;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasAssociatedIndividual; import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasAssociatedIndividual;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
@ -21,8 +19,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships.AbstractRelationshipPolicy; import edu.cornell.mannlib.vitro.webapp.auth.policy.specialrelationships.AbstractRelationshipPolicy;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractDataPropertyStatementAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractPropertyStatementAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractObjectPropertyStatementAction;
/** /**
* Permit self-editors to edit the properties of classes with which they share a * Permit self-editors to edit the properties of classes with which they share a
@ -43,156 +40,71 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AbstractOb
* NOTE: This could be further generalized by building a list of authorizing * NOTE: This could be further generalized by building a list of authorizing
* relationships, where each relationship may specify a type of object, a * relationships, where each relationship may specify a type of object, a
* relating property (or chain of properties), and a text message describing the * relating property (or chain of properties), and a text message describing the
* relationship (to be used in the decision). We could go even farther and drive * relationship (to be used in the decision).
* this from an XML config file, so site administrators could configure it
* themselves. A great tool for this is the one used to process the Tomcat
* server.xml file, see http://commons.apache.org/digester/
*/ */
public class SelfEditorRelationshipPolicy extends AbstractRelationshipPolicy public class SelfEditorRelationshipPolicy extends AbstractRelationshipPolicy
implements PolicyIface { implements PolicyIface {
private static final Log log = LogFactory private static final Log log = LogFactory
.getLog(SelfEditorRelationshipPolicy.class); .getLog(SelfEditorRelationshipPolicy.class);
private static final String NS_CORE = "http://vivoweb.org/ontology/core#"; public SelfEditorRelationshipPolicy(ServletContext ctx) {
private static final String URI_INFORMATION_RESOURCE_TYPE = NS_CORE super(ctx);
+ "InformationResource";
private static final String URI_EDITOR_PROPERTY = "http://purl.org/ontology/bibo/editor";
private static final String URI_FEATURES_PROPERTY = NS_CORE + "features";
private static final String URI_IN_AUTHORSHIP_PROPERTY = NS_CORE
+ "informationResourceInAuthorship";
private static final String URI_LINKED_AUTHOR_PROPERTY = NS_CORE
+ "linkedAuthor";
private static final String URI_GRANT_TYPE = NS_CORE + "Grant";
private static final String URI_RELATED_ROLE_PROPERTY = NS_CORE
+ "relatedRole";
private static final String URI_PRINCIPAL_INVESTIGATOR_OF_PROPERTY = NS_CORE
+ "principalInvestigatorRoleOf";
private static final String URI_CO_PRINCIPAL_INVESTIGATOR_OF_PROPERTY = NS_CORE
+ "co-PrincipalInvestigatorRoleOf";
private static final String URI_PROJECT_TYPE = NS_CORE + "Project";
private static final String URI_SERVICE_TYPE = NS_CORE + "Service";
private static final String URI_CLINICAL_ROLE_OF_PROPERTY = NS_CORE
+ "clinicalRoleOf";
private static final String URI_PRESENTATION_TYPE = NS_CORE
+ "Presentation";
private static final String URI_PRESENTER_ROLE_OF_PROPERTY = NS_CORE
+ "presenterRoleOf";
private static final String URI_COURSE_TYPE = NS_CORE + "Course";
private static final String URI_TEACHER_ROLE_OF_PROPERTY = NS_CORE
+ "teacherRoleOf";
private static final String URI_ADVISING_RELATIONSHIP_TYPE = NS_CORE
+ "AdvisingRelationship";
private static final String URI_ADVISOR_PROPERTY = NS_CORE + "advisor";
public SelfEditorRelationshipPolicy(ServletContext ctx, OntModel model) {
super(ctx, model);
} }
@Override @Override
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
RequestedAction whatToAuth) { RequestedAction whatToAuth) {
PolicyDecision decision = null;
if (whatToAuth == null) { if (whatToAuth == null) {
decision = inconclusiveDecision("whatToAuth was null"); return inconclusiveDecision("whatToAuth was null");
} else if (whatToAuth instanceof AbstractDataPropertyStatementAction) { }
decision = isAuthorized(whoToAuth,
distill((AbstractDataPropertyStatementAction) whatToAuth)); if (!(whatToAuth instanceof AbstractPropertyStatementAction)) {
} else if (whatToAuth instanceof AbstractObjectPropertyStatementAction) { return inconclusiveDecision("Does not authorize "
decision = isAuthorized(whoToAuth,
distill((AbstractObjectPropertyStatementAction) whatToAuth));
} else {
decision = inconclusiveDecision("Does not authorize "
+ whatToAuth.getClass().getSimpleName() + " actions"); + whatToAuth.getClass().getSimpleName() + " actions");
} }
AbstractPropertyStatementAction action = (AbstractPropertyStatementAction) whatToAuth;
if (decision == null) {
return userNotAuthorizedToStatement();
} else {
return decision;
}
}
private DistilledAction distill(AbstractDataPropertyStatementAction action) {
return new DistilledAction(action.getPredicateUri(),
action.getSubjectUri());
}
private DistilledAction distill(AbstractObjectPropertyStatementAction action) {
return new DistilledAction(action.getPredicateUri(),
action.getSubjectUri(), action.getObjectUri());
}
private PolicyDecision isAuthorized(IdentifierBundle ids,
DistilledAction action) {
List<String> userUris = new ArrayList<String>( List<String> userUris = new ArrayList<String>(
HasAssociatedIndividual.getIndividualUris(ids)); HasAssociatedIndividual.getIndividualUris(whoToAuth));
if (userUris.isEmpty()) { if (userUris.isEmpty()) {
return inconclusiveDecision("Not self-editing."); return inconclusiveDecision("Not self-editing.");
} }
if (!canModifyPredicate(action.predicateUri)) { if (!canModifyPredicate(action.getPredicateUri())) {
return cantModifyPredicate(action.predicateUri); return cantModifyPredicate(action.getPredicateUri());
} }
for (String resourceUri : action.resourceUris) { for (String resourceUri : action.getResourceUris()) {
if (!canModifyResource(resourceUri)) { if (!canModifyResource(resourceUri)) {
return cantModifyResource(resourceUri); return cantModifyResource(resourceUri);
} }
} }
for (String resourceUri : action.resourceUris) { return checkRelationships(userUris, action);
if (isInformationResource(resourceUri)) {
if (anyUrisInCommon(userUris, getUrisOfEditors(resourceUri))) {
return authorizedEditor(resourceUri);
}
if (anyUrisInCommon(userUris, getUrisOfAuthors(resourceUri))) {
return authorizedAuthor(resourceUri);
}
if (anyUrisInCommon(userUris, getUrisOfFeatured(resourceUri))) {
return authorizedFeatured(resourceUri);
}
}
if (isGrant(resourceUri)) {
if (anyUrisInCommon(userUris,
getUrisOfPrincipalInvestigators(resourceUri))) {
return authorizedPI(resourceUri);
}
if (anyUrisInCommon(userUris,
getUrisOfCoPrincipalInvestigators(resourceUri))) {
return authorizedCoPI(resourceUri);
}
}
if (isProject(resourceUri) || isService(resourceUri)) {
if (anyUrisInCommon(userUris,
getUrisOfClinicalAgents(resourceUri))) {
return authorizedClinicalAgent(resourceUri);
}
}
if (isPresentation(resourceUri)) {
if (anyUrisInCommon(userUris, getUrisOfPresenters(resourceUri))) {
return authorizedPresenter(resourceUri);
}
}
if (isCourse(resourceUri)) {
if (anyUrisInCommon(userUris, getUrisOfTeachers(resourceUri))) {
return authorizedTeacher(resourceUri);
}
}
if (isAdvisingRelationship(resourceUri)) {
if (anyUrisInCommon(userUris, getUrisOfAdvisors(resourceUri))) {
return authorizedAdvisor(resourceUri);
}
}
} }
return userNotAuthorizedToStatement(); private PolicyDecision checkRelationships(List<String> userUris,
AbstractPropertyStatementAction action) {
PolicyDecision decision = new InformationResourceChecker(action)
.isAuthorized(userUris);
if (decision == null) {
decision = new GrantChecker(action).isAuthorized(userUris);
}
if (decision == null) {
decision = new ProjectOrServiceChecker(action)
.isAuthorized(userUris);
}
if (decision == null) {
decision = new PresentationChecker(action).isAuthorized(userUris);
}
if (decision == null) {
decision = new CourseChecker(action).isAuthorized(userUris);
}
if (decision == null) {
decision = userNotAuthorizedToStatement();
}
return decision;
} }
@Override @Override
@ -202,158 +114,10 @@ public class SelfEditorRelationshipPolicy extends AbstractRelationshipPolicy
+ hashCode(); + hashCode();
} }
// ----------------------------------------------------------------------
// methods for InformationResource
// ----------------------------------------------------------------------
private boolean isInformationResource(String resourceUri) {
return isResourceOfType(resourceUri, URI_INFORMATION_RESOURCE_TYPE);
}
private List<String> getUrisOfEditors(String resourceUri) {
return getObjectsOfProperty(resourceUri, URI_EDITOR_PROPERTY);
}
private List<String> getUrisOfFeatured(String resourceUri) {
return getObjectsOfProperty(resourceUri, URI_FEATURES_PROPERTY);
}
private List<String> getUrisOfAuthors(String resourceUri) {
return getObjectsOfLinkedProperty(resourceUri,
URI_IN_AUTHORSHIP_PROPERTY, URI_LINKED_AUTHOR_PROPERTY);
}
private PolicyDecision authorizedEditor(String uri) {
return authorizedDecision("User is an editor of " + uri);
}
private PolicyDecision authorizedAuthor(String uri) {
return authorizedDecision("User is author of " + uri);
}
private PolicyDecision authorizedFeatured(String uri) {
return authorizedDecision("User is featured in " + uri);
}
// ----------------------------------------------------------------------
// methods for Grant
// ----------------------------------------------------------------------
private boolean isGrant(String resourceUri) {
return isResourceOfType(resourceUri, URI_GRANT_TYPE);
}
private List<String> getUrisOfPrincipalInvestigators(String resourceUri) {
return getObjectsOfLinkedProperty(resourceUri,
URI_RELATED_ROLE_PROPERTY,
URI_PRINCIPAL_INVESTIGATOR_OF_PROPERTY);
}
private List<String> getUrisOfCoPrincipalInvestigators(String resourceUri) {
return getObjectsOfLinkedProperty(resourceUri,
URI_RELATED_ROLE_PROPERTY,
URI_CO_PRINCIPAL_INVESTIGATOR_OF_PROPERTY);
}
private PolicyDecision authorizedPI(String resourceUri) {
return authorizedDecision("User is Principal Investigator of "
+ resourceUri);
}
private PolicyDecision authorizedCoPI(String resourceUri) {
return authorizedDecision("User is Co-Principal Investigator of "
+ resourceUri);
}
// ----------------------------------------------------------------------
// methods for Project or Service
// ----------------------------------------------------------------------
private boolean isProject(String resourceUri) {
return isResourceOfType(resourceUri, URI_PROJECT_TYPE);
}
private boolean isService(String resourceUri) {
return isResourceOfType(resourceUri, URI_SERVICE_TYPE);
}
private List<String> getUrisOfClinicalAgents(String resourceUri) {
return getObjectsOfLinkedProperty(resourceUri,
URI_RELATED_ROLE_PROPERTY, URI_CLINICAL_ROLE_OF_PROPERTY);
}
private PolicyDecision authorizedClinicalAgent(String resourceUri) {
return authorizedDecision("User has a Clinical Role on " + resourceUri);
}
// ----------------------------------------------------------------------
// methods for Presentation
// ----------------------------------------------------------------------
private boolean isPresentation(String resourceUri) {
return isResourceOfType(resourceUri, URI_PRESENTATION_TYPE);
}
private List<String> getUrisOfPresenters(String resourceUri) {
return getObjectsOfLinkedProperty(resourceUri,
URI_RELATED_ROLE_PROPERTY, URI_PRESENTER_ROLE_OF_PROPERTY);
}
private PolicyDecision authorizedPresenter(String resourceUri) {
return authorizedDecision("User is a Presenter of " + resourceUri);
}
// ----------------------------------------------------------------------
// methods for Course
// ----------------------------------------------------------------------
private boolean isCourse(String resourceUri) {
return isResourceOfType(resourceUri, URI_COURSE_TYPE);
}
private List<String> getUrisOfTeachers(String resourceUri) {
return getObjectsOfLinkedProperty(resourceUri,
URI_RELATED_ROLE_PROPERTY, URI_TEACHER_ROLE_OF_PROPERTY);
}
private PolicyDecision authorizedTeacher(String resourceUri) {
return authorizedDecision("User is a Teacher of " + resourceUri);
}
// ----------------------------------------------------------------------
// methods for AdvisingRelationship
// ----------------------------------------------------------------------
private boolean isAdvisingRelationship(String resourceUri) {
return isResourceOfType(resourceUri, URI_ADVISING_RELATIONSHIP_TYPE);
}
private List<String> getUrisOfAdvisors(String resourceUri) {
return getObjectsOfProperty(resourceUri, URI_ADVISOR_PROPERTY);
}
private PolicyDecision authorizedAdvisor(String resourceUri) {
return authorizedDecision("User is an Advisor of " + resourceUri);
}
// ---------------------------------------------------------------------- // ----------------------------------------------------------------------
// helper classes // helper classes
// ---------------------------------------------------------------------- // ----------------------------------------------------------------------
/**
* This allows us to treat data properties and object properties the same.
* It's just that object properties have more resourceUris.
*/
static class DistilledAction {
final String[] resourceUris;
final String predicateUri;
public DistilledAction(String predicateUri, String... resourceUris) {
this.resourceUris = resourceUris;
this.predicateUri = predicateUri;
}
}
/** /**
* When the system starts up, install the policy. This class must be a * When the system starts up, install the policy. This class must be a
* listener in web.xml * listener in web.xml
@ -365,11 +129,8 @@ public class SelfEditorRelationshipPolicy extends AbstractRelationshipPolicy
public void contextInitialized(ServletContextEvent sce) { public void contextInitialized(ServletContextEvent sce) {
ServletContext ctx = sce.getServletContext(); ServletContext ctx = sce.getServletContext();
OntModel ontModel = (OntModel) sce.getServletContext()
.getAttribute("jenaOntModel");
ServletPolicyList.addPolicy(ctx, new SelfEditorRelationshipPolicy( ServletPolicyList.addPolicy(ctx, new SelfEditorRelationshipPolicy(
ctx, ontModel)); ctx));
} }
@Override @Override

2
test/edu/cornell/mannlib/vivo/auth/policy/SelfEditorRelationshipPolicyTest.java
View file

@ -122,7 +122,7 @@ public class SelfEditorRelationshipPolicyTest extends AbstractTestClass {
.getInstance(new String[] { NS_RESTRICTED }); .getInstance(new String[] { NS_RESTRICTED });
PropertyRestrictionPolicyHelper.setBean(ctx, prph); PropertyRestrictionPolicyHelper.setBean(ctx, prph);
policy = new SelfEditorRelationshipPolicy(ctx, ontModel); policy = new SelfEditorRelationshipPolicy(ctx);
} }
private IdentifierBundle idNobody; private IdentifierBundle idNobody;