Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[VIVO-1436] Implementation of Advanced Role Management #80

Closed
wants to merge 12 commits into from
Closed

[VIVO-1436] Implementation of Advanced Role Management #80

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
ce6a29f
Implementation of Advanced Role Management, including migration of ex…
grahamtriggs Jul 13, 2018
dbe2a25
[VIVO-1436] Remove redundant RoleLevel options
grahamtriggs Oct 2, 2018
c3556df
Improvements requested in PR review
grahamtriggs Oct 26, 2018
582ad9a
Improvements requested in PR review
grahamtriggs Oct 26, 2018
9b54783
Fix editable public properties in vclass edit
grahamtriggs Jan 18, 2019
661ccf6
Improve Self Editing Performance
grahamtriggs Jun 5, 2019
a021543
Implementation of Advanced Role Management, including migration of ex…
grahamtriggs Jul 13, 2018
2c6bead
Improvements requested in PR review
grahamtriggs Oct 26, 2018
7876996
Implementation of Advanced Role Management, including migration of ex…
grahamtriggs Jul 13, 2018
d9d2312
Improvements requested in PR review
grahamtriggs Oct 26, 2018
6c8fc04
Implementation of Advanced Role Management, including migration of ex…
grahamtriggs Jul 13, 2018
fff18ef
Improvements requested in PR review
grahamtriggs Oct 26, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
116 changes: 113 additions & 3 deletions api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,19 +9,23 @@
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Comparator;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.Random;

import javax.servlet.http.HttpServletRequest;

import edu.cornell.mannlib.vitro.webapp.auth.permissions.EntityDisplayPermission;
import edu.cornell.mannlib.vitro.webapp.auth.permissions.EntityPermission;
import edu.cornell.mannlib.vitro.webapp.auth.permissions.EntityPublishPermission;
import edu.cornell.mannlib.vitro.webapp.auth.permissions.EntityUpdatePermission;
import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

Expand All @@ -33,6 +37,14 @@
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
import org.apache.jena.ontology.OntModel;
import org.apache.jena.query.Query;
import org.apache.jena.query.QueryExecution;
import org.apache.jena.query.QueryExecutionFactory;
import org.apache.jena.query.QueryFactory;
import org.apache.jena.query.QuerySolution;
import org.apache.jena.query.ResultSet;
import org.apache.jena.shared.Lock;

public class BaseEditController extends VitroHttpServlet {

Expand Down Expand Up @@ -201,4 +213,102 @@ public String getDefaultLandingPage(HttpServletRequest request) {
return(request.getContextPath() + DEFAULT_LANDING_PAGE);
}

protected static void addPermissionAttributes(HttpServletRequest req, String permissionsEntityURI) {
// Add the permissionsEntityURI (if we are creating a new property, this will be empty)
req.setAttribute("_permissionsEntityURI", permissionsEntityURI);

// Get the available permission sets
List<PermissionSet> roles = buildListOfSelectableRoles(ModelAccess.on(req).getWebappDaoFactory());

// Add the permission sets to the request object
req.setAttribute("roles", roles);

// If the namespace is empty (e.e. we are creating a new record)
if (StringUtils.isEmpty(permissionsEntityURI)) {
List<String> displayRoles = new ArrayList<>();
List<String> updateRoles = new ArrayList<>();
List<String> publishRoles = new ArrayList<>();

// Generate a default set of permissions (allow everything apart from public edit)
for (PermissionSet role : roles) {
if (!role.isForPublic()) {
updateRoles.add(role.getUri());
}
displayRoles.add(role.getUri());
publishRoles.add(role.getUri());
}

// Add the generated permission sets to the request object
req.setAttribute("displayRoles", displayRoles);
req.setAttribute("updateRoles", updateRoles);
req.setAttribute("publishRoles", publishRoles);
} else {
// Get the User Accounts model
OntModel userAccounts = ModelAccess.on(req).getOntModelSelector().getUserAccountsModel();

// Get the permission sets that are granted permission for this entity
req.setAttribute("displayRoles", getGrantedRolesForEntity(userAccounts, permissionsEntityURI, EntityDisplayPermission.class));
req.setAttribute("updateRoles", getGrantedRolesForEntity(userAccounts, permissionsEntityURI, EntityUpdatePermission.class));
req.setAttribute("publishRoles", getGrantedRolesForEntity(userAccounts, permissionsEntityURI, EntityPublishPermission.class));
}
}

/**
* Create a list of all known PermissionSets.
*/
private static List<PermissionSet> buildListOfSelectableRoles(WebappDaoFactory wadf) {
List<PermissionSet> list = new ArrayList<>();

// Get the non-public PermissionSets.
for (PermissionSet ps: wadf.getUserAccountsDao().getAllPermissionSets()) {
if (!ps.isForPublic()) {
list.add(ps);
}
}

// Sort the non-public PermissionSets
list.sort(new Comparator<PermissionSet>() {
@Override
public int compare(PermissionSet ps1, PermissionSet ps2) {
return ps1.getUri().compareTo(ps2.getUri());
}
});

// Add the public PermissionSets.
for (PermissionSet ps: wadf.getUserAccountsDao().getAllPermissionSets()) {
if (ps.isForPublic()) {
list.add(ps);
}
}

return list;
}

protected static List<String> getGrantedRolesForEntity(OntModel userAccounts, String key, Class<? extends EntityPermission> permission) {
List<String> roles = new ArrayList<>();

userAccounts.enterCriticalSection(Lock.READ);
try {
Query query = QueryFactory.create("SELECT ?role WHERE { " +
" ?role <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#hasPermission> ?permission . " +
" ?permission a <java:" + permission.getName() + "#Set> . " +
" ?permission <" + VitroVocabulary.PERMISSION_FOR_ENTITY + "> <" + key + "> . " +
"}");

QueryExecution qexec = QueryExecutionFactory.create(query, userAccounts);
try {
ResultSet rs = qexec.execSelect();
while (rs.hasNext()) {
QuerySolution qs = rs.next();
roles.add(qs.getResource("role").getURI());
}
} finally {
qexec.close();
}
} finally {
userAccounts.leaveCriticalSection();
}

return roles;
}
}
46 changes: 45 additions & 1 deletion api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
Expand All @@ -15,6 +16,11 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
import edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDao;
import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

Expand Down Expand Up @@ -123,6 +129,45 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
return;
}

// If contains restrictions
if (request.getParameter("_permissions") != null) {
// Get the namespace that we are editing
String entityKey = request.getParameter("_permissionsEntityURI");
if (StringUtils.isEmpty(entityKey)) {
// If we don't have a namespace set, we are creating a new entity so use that namespace
entityKey = request.getParameter("Namespace");
}

// Get the granted permissions from the request object
String[] displayRoles = request.getParameterValues("displayRoles");
String[] updateRoles = request.getParameterValues("updateRoles");
String[] publishRoles = request.getParameterValues("publishRoles");

UserAccountsDao userDao = ModelAccess.on(request).getWebappDaoFactory().getUserAccountsDao();

// Convert the list of roles into lists of permission sets
List<PermissionSet> displaySets = new ArrayList<>();
List<PermissionSet> updateSets = new ArrayList<>();
List<PermissionSet> publishSets = new ArrayList<>();

for (PermissionSet ps : userDao.getAllPermissionSets()) {
if (ArrayUtils.contains(displayRoles, ps.getUri())) {
displaySets.add(ps);
}

if (ArrayUtils.contains(updateRoles, ps.getUri())) {
updateSets.add(ps);
}

if (ArrayUtils.contains(publishRoles, ps.getUri())) {
publishSets.add(ps);
}
}

// Set the various permissions for the given entity
userDao.setEntityPermissions(entityKey, displaySets, updateSets, publishSets);
}

/* put request parameters and attributes into epo where the listeners can see */
epo.setRequestParameterMap(request.getParameterMap());

Expand Down Expand Up @@ -508,5 +553,4 @@ private boolean performEdit(EditProcessObject epo, Object newObj, String action)
return SUCCESS;

}

}
4 changes: 3 additions & 1 deletion api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/BrokenPermission.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@

import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;

import java.util.List;

/**
* This is what the PermissionRegistry hands out if you ask for a Permission
* that it doesn't know about. Nothing is authorized by this Permission.
Expand All @@ -14,7 +16,7 @@ public BrokenPermission(String uri) {
}

@Override
public boolean isAuthorized(RequestedAction whatToAuth) {
public boolean isAuthorized(List<String> personUris, RequestedAction whatToAuth) {
return false;
}

Expand Down
127 changes: 0 additions & 127 deletions .../main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/DisplayByRolePermission.java
View file
Open in desktop

This file was deleted.

Loading