@Override
public void addPolicies(Context c, List<ResourcePolicy> policies, DSpaceObject dest)
throws SQLException, AuthorizeException {
// now add them to the destination object
List<ResourcePolicy> newPolicies = new LinkedList<>();
for (ResourcePolicy srp : policies) {
ResourcePolicy rp = resourcePolicyService.create(c);
// copy over values
rp.setdSpaceObject(dest);
rp.setAction(srp.getAction());
rp.setEPerson(srp.getEPerson());
rp.setGroup(srp.getGroup());
rp.setStartDate(srp.getStartDate());
rp.setEndDate(srp.getEndDate());
rp.setRpName(srp.getRpName());
rp.setRpDescription(srp.getRpDescription());
rp.setRpType(srp.getRpType());
// and add policy to list of new policies
newPolicies.add(rp);
}
resourcePolicyService.update(c, newPolicies);
}
/**
* Generate Policies policies READ for the date in input adding reason. New policies are assigned
* automatically at the groups that have right on the collection. E.g., if the anonymous can
* access the collection policies are assigned to anonymous.
*
* @param context The relevant DSpace Context.
* @param embargoDate embargo end date
* @param reason embargo reason
* @param dso DSpace object
* @param owningCollection collection to get group policies from
* @throws SQLException if database error
* @throws AuthorizeException if authorization error
*/
@Override
public void generateAutomaticPolicies(
Context context,
Date embargoDate,
String reason,
DSpaceObject dso,
Collection owningCollection)
throws SQLException, AuthorizeException {
if (embargoDate != null || (embargoDate == null && dso instanceof Bitstream)) {
List<Group> authorizedGroups =
getAuthorizedGroups(context, owningCollection, Constants.DEFAULT_ITEM_READ);
removeAllPoliciesByDSOAndType(context, dso, ResourcePolicy.TYPE_CUSTOM);
// look for anonymous
boolean isAnonymousInPlace = false;
for (Group g : authorizedGroups) {
if (StringUtils.equals(g.getName(), Group.ANONYMOUS)) {
isAnonymousInPlace = true;
}
}
if (!isAnonymousInPlace) {
// add policies for all the groups
for (Group g : authorizedGroups) {
ResourcePolicy rp =
createOrModifyPolicy(
null, context, null, g, null, embargoDate, Constants.READ, reason, dso);
if (rp != null) resourcePolicyService.update(context, rp);
}
} else {
// add policy just for anonymous
ResourcePolicy rp =
createOrModifyPolicy(
null,
context,
null,
groupService.findByName(context, Group.ANONYMOUS),
null,
embargoDate,
Constants.READ,
reason,
dso);
if (rp != null) resourcePolicyService.update(context, rp);
}
}
}
@Override
public void switchPoliciesAction(Context context, DSpaceObject dso, int fromAction, int toAction)
throws SQLException, AuthorizeException {
List<ResourcePolicy> rps = getPoliciesActionFilter(context, dso, fromAction);
for (ResourcePolicy rp : rps) {
rp.setAction(toAction);
}
resourcePolicyService.update(context, rps);
}
@Override
public ResourcePolicy createResourcePolicy(
Context context, DSpaceObject dso, Group group, EPerson eperson, int type, String rpType)
throws SQLException, AuthorizeException {
if (group == null && eperson == null) {
throw new IllegalArgumentException(
"We need at least an eperson or a group in order to create a resource policy.");
}
ResourcePolicy myPolicy = resourcePolicyService.create(context);
myPolicy.setdSpaceObject(dso);
myPolicy.setAction(type);
myPolicy.setGroup(group);
myPolicy.setEPerson(eperson);
myPolicy.setRpType(rpType);
resourcePolicyService.update(context, myPolicy);
return myPolicy;
}
@Override
public ResourcePolicy findByTypeIdGroupAction(
Context c, DSpaceObject dso, Group group, int action, int policyID) throws SQLException {
List<ResourcePolicy> policies = resourcePolicyService.find(c, dso, group, action, policyID);
if (CollectionUtils.isNotEmpty(policies)) {
return policies.iterator().next();
} else {
return null;
}
}
public boolean isCollectionAdmin(Context c) throws SQLException {
EPerson e = c.getCurrentUser();
if (e != null) {
List<ResourcePolicy> policies =
resourcePolicyService.find(
c, e, groupService.allMemberGroups(c, e), Constants.ADMIN, Constants.COLLECTION);
if (CollectionUtils.isNotEmpty(policies)) {
return true;
}
}
return false;
}
public void addListPolicies(List parent, DSpaceObject dso, Collection owningCollection)
throws WingException, SQLException {
if (!isAdvancedFormEnabled) {
return;
}
parent.addLabel(T_head_policies_table);
java.util.List<ResourcePolicy> resourcePolicies =
authorizeService.findPoliciesByDSOAndType(context, dso, ResourcePolicy.TYPE_CUSTOM);
if (resourcePolicies.isEmpty()) {
parent.addItem(T_no_policies);
return;
}
for (ResourcePolicy rp : resourcePolicies) {
int id = rp.getID();
String name = "";
if (rp.getRpName() != null) name = rp.getRpName();
String action = resourcePolicyService.getActionText(rp);
// if it is the default policy for the Submitter don't show it.
if (dso instanceof org.dspace.content.Item) {
org.dspace.content.Item item = (org.dspace.content.Item) dso;
if (rp.getEPerson() != null) {
if (item.getSubmitter().equals(rp.getEPerson())) continue;
}
}
String group = "";
if (rp.getGroup() != null) group = rp.getGroup().getName();
// start
String startDate = "";
if (rp.getStartDate() != null) {
startDate = DateFormatUtils.format(rp.getStartDate(), "yyyy-MM-dd");
}
// endDate
String endDate = "";
if (rp.getEndDate() != null) {
endDate = DateFormatUtils.format(rp.getEndDate(), "yyyy-MM-dd");
}
parent.addItem(T_policy.parameterize(name, action, group, startDate, endDate));
}
}
@Override
public boolean isAdmin(Context c, DSpaceObject o) throws SQLException {
// return true if user is an Administrator
if (isAdmin(c)) {
return true;
}
if (o == null) {
return false;
}
//
// First, check all Resource Policies directly on this object
//
List<ResourcePolicy> policies = getPoliciesActionFilter(c, o, Constants.ADMIN);
for (ResourcePolicy rp : policies) {
// check policies for date validity
if (resourcePolicyService.isDateValid(rp)) {
if (rp.getEPerson() != null && rp.getEPerson().equals(c.getCurrentUser())) {
return true; // match
}
if ((rp.getGroup() != null) && (groupService.isMember(c, rp.getGroup()))) {
// group was set, and eperson is a member
// of that group
return true;
}
}
}
// If user doesn't have specific Admin permissions on this object,
// check the *parent* objects of this object. This allows Admin
// permissions to be inherited automatically (e.g. Admin on Community
// is also an Admin of all Collections/Items in that Community)
DSpaceObject parent = serviceFactory.getDSpaceObjectService(o).getParentObject(c, o);
if (parent != null) {
return isAdmin(c, parent);
}
return false;
}
public void addTablePolicies(Division parent, DSpaceObject dso, Collection owningCollection)
throws WingException, SQLException {
if (!isAdvancedFormEnabled) {
return;
}
Division div = parent.addDivision("access-existing-policies");
div.setHead(T_head_policies_table);
div.addPara(T_policies_help.parameterize(owningCollection));
java.util.List<ResourcePolicy> resourcePolicies =
authorizeService.findPoliciesByDSOAndType(context, dso, ResourcePolicy.TYPE_CUSTOM);
if (resourcePolicies.isEmpty()) {
div.addPara(T_no_policies);
return;
}
int cols = resourcePolicies.size();
if (cols == 0) cols = 1;
Table policies = div.addTable("policies", 6, cols);
Row header = policies.addRow(Row.ROLE_HEADER);
header.addCellContent(T_column0); // name
header.addCellContent(T_column1); // action
header.addCellContent(T_column2); // group
header.addCellContent(T_column3); // start_date
header.addCellContent(T_column4); // end_date
for (ResourcePolicy rp : resourcePolicies) {
int id = rp.getID();
String name = "";
if (rp.getRpName() != null) name = rp.getRpName();
String action = resourcePolicyService.getActionText(rp);
// if it is the default policy for the Submitter don't show it.
if (dso instanceof org.dspace.content.Item) {
org.dspace.content.Item item = (org.dspace.content.Item) dso;
if (rp.getEPerson() != null) {
if (item.getSubmitter().equals(rp.getEPerson())) continue;
}
}
String group = "";
if (rp.getGroup() != null) group = rp.getGroup().getName();
Row row = policies.addRow();
row.addCellContent(name);
row.addCellContent(action);
row.addCellContent(group);
// start
String startDate = "";
if (rp.getStartDate() != null) {
startDate = DateFormatUtils.format(rp.getStartDate(), "yyyy-MM-dd");
}
row.addCellContent(startDate);
// endDate
String endDate = "";
if (rp.getEndDate() != null) {
endDate = DateFormatUtils.format(rp.getEndDate(), "yyyy-MM-dd");
}
row.addCellContent(endDate);
Button edit = row.addCell().addButton("submit_edit_edit_policies_" + id);
edit.setValue(T_table_submit_edit);
Button delete = row.addCell().addButton("submit_delete_edit_policies_" + id);
delete.setValue(T_table_submit_delete);
}
}
/**
* Check to see if the given user can perform the given action on the given object. Always returns
* true if the ignore authorization flat is set in the current context.
*
* @param c current context. User is irrelevant; "ignore authorization" flag is relevant
* @param o object action is being attempted on
* @param action ID of action being attempted, from <code>org.dspace.core.Constants</code>
* @param e user attempting action
* @param useInheritance flag to say if ADMIN action on the current object or parent object can be
* used
* @return <code>true</code> if user is authorized to perform the given action, <code>false</code>
* otherwise
* @throws SQLException if database error
*/
protected boolean authorize(
Context c, DSpaceObject o, int action, EPerson e, boolean useInheritance)
throws SQLException {
// return FALSE if there is no DSpaceObject
if (o == null) {
return false;
}
// is authorization disabled for this context?
if (c.ignoreAuthorization()) {
return true;
}
// is eperson set? if not, userToCheck = null (anonymous)
EPerson userToCheck = null;
if (e != null) {
userToCheck = e;
// perform isAdmin check to see
// if user is an Admin on this object
DSpaceObject adminObject =
useInheritance
? serviceFactory.getDSpaceObjectService(o).getAdminObject(c, o, action)
: null;
if (isAdmin(c, adminObject)) {
return true;
}
}
// In case the dso is an bundle or bitstream we must ignore custom
// policies if it does not belong to at least one installed item (see
// DS-2614).
// In case the dso is an item and a corresponding workspace or workflow
// item exist, we have to ignore custom policies (see DS-2614).
boolean ignoreCustomPolicies = false;
if (o instanceof Bitstream) {
Bitstream b = (Bitstream) o;
// Ensure that this is not a collection or community logo
DSpaceObject parent = bitstreamService.getParentObject(c, b);
if (!(parent instanceof Collection) && !(parent instanceof Community)) {
ignoreCustomPolicies = !isAnyItemInstalled(c, b.getBundles());
}
}
if (o instanceof Bundle) {
ignoreCustomPolicies = !isAnyItemInstalled(c, Arrays.asList(((Bundle) o)));
}
if (o instanceof Item) {
if (workspaceItemService.findByItem(c, (Item) o) != null
|| workflowItemService.findByItem(c, (Item) o) != null) {
ignoreCustomPolicies = true;
}
}
for (ResourcePolicy rp : getPoliciesActionFilter(c, o, action)) {
if (ignoreCustomPolicies && ResourcePolicy.TYPE_CUSTOM.equals(rp.getRpType())) {
continue;
}
// check policies for date validity
if (resourcePolicyService.isDateValid(rp)) {
if (rp.getEPerson() != null && rp.getEPerson().equals(userToCheck)) {
return true; // match
}
if ((rp.getGroup() != null) && (groupService.isMember(c, rp.getGroup()))) {
// group was set, and eperson is a member
// of that group
return true;
}
}
}
// default authorization is denial
return false;
}
@Override
public void removeEPersonPolicies(Context c, DSpaceObject o, EPerson e)
throws SQLException, AuthorizeException {
resourcePolicyService.removeDsoEPersonPolicies(c, o, e);
}
@Override
public void removeGroupPolicies(Context c, DSpaceObject o, Group g)
throws SQLException, AuthorizeException {
resourcePolicyService.removeDsoGroupPolicies(c, o, g);
}
@Override
public void removeGroupPolicies(Context c, Group group) throws SQLException {
resourcePolicyService.removeGroupPolicies(c, group);
}
@Override
public void removePoliciesActionFilter(Context context, DSpaceObject dso, int actionID)
throws SQLException, AuthorizeException {
resourcePolicyService.removePolicies(context, dso, actionID);
}
@Override
public void removeAllPoliciesByDSOAndType(Context c, DSpaceObject o, String type)
throws SQLException, AuthorizeException {
resourcePolicyService.removePolicies(c, o, type);
}
@Override
public void removeAllPolicies(Context c, DSpaceObject o) throws SQLException, AuthorizeException {
resourcePolicyService.removeAllPolicies(c, o);
}
@Override
public List<ResourcePolicy> getPoliciesActionFilter(Context c, DSpaceObject o, int actionID)
throws SQLException {
return resourcePolicyService.find(c, o, actionID);
}
@Override
public List<ResourcePolicy> getPoliciesForGroup(Context c, Group g) throws SQLException {
return resourcePolicyService.find(c, g);
}
@Override
public List<ResourcePolicy> findPoliciesByDSOAndType(Context c, DSpaceObject o, String type)
throws SQLException {
return resourcePolicyService.find(c, o, type);
}
@Override
public List<ResourcePolicy> getPolicies(Context c, DSpaceObject o) throws SQLException {
return resourcePolicyService.find(c, o);
}
