protected void addGroupPolicyToItem(Context context, Item item, int type, Group group) throws AuthorizeException, SQLException { if (group != null) { authorizeService.addPolicy(context, item, type, group); List<Bundle> bundles = item.getBundles(); for (Bundle bundle : bundles) { authorizeService.addPolicy(context, bundle, type, group); List<Bitstream> bits = bundle.getBitstreams(); for (Bitstream bit : bits) { authorizeService.addPolicy(context, bit, type, group); } } } }
public boolean canSubmitTo(SwordContext swordContext, Item item) throws DSpaceSwordException { // a context can submit to an item if the following are satisfied // // 1/ the primary authenticating user is authenticated (which is implicit // in there being a context in the first place) // 2/ If an On-Behalf-Of request, the On-Behalf-Of user is authorised to // carry out the action and the authenticating user is in the list // of allowed mediaters // 3/ If not an On-Behalf-Of request, the authenticating user is authorised // to carry out the action try { boolean isObo = swordContext.getOnBehalfOf() != null; Context allowContext = null; if (isObo) { // we need to find out if the authenticated user is permitted to mediate if (!this.allowedToMediate(swordContext.getAuthenticatorContext())) { return false; } allowContext = swordContext.getOnBehalfOfContext(); } else { allowContext = swordContext.getAuthenticatorContext(); } // we now need to check whether the selected context that we are authorising // has the appropriate permissions boolean write = AuthorizeManager.authorizeActionBoolean(allowContext, item, Constants.WRITE); Bundle[] bundles = item.getBundles("ORIGINAL"); boolean add = false; if (bundles.length == 0) { add = AuthorizeManager.authorizeActionBoolean(allowContext, item, Constants.ADD); } else { for (int i = 0; i < bundles.length; i++) { add = AuthorizeManager.authorizeActionBoolean(allowContext, bundles[i], Constants.ADD); if (!add) { break; } } } boolean allowed = write && add; return allowed; } catch (SQLException e) { log.error("Caught exception: ", e); throw new DSpaceSwordException(e); } }
protected void removeGroupItemPolicies(Context context, Item item, Group e) throws SQLException, AuthorizeException { if (e != null) { // Also remove any lingering authorizations from this user authorizeService.removeGroupPolicies(context, item, e); // Remove the bundle rights List<Bundle> bundles = item.getBundles(); for (Bundle bundle : bundles) { authorizeService.removeGroupPolicies(context, bundle, e); List<Bitstream> bitstreams = bundle.getBitstreams(); for (Bitstream bitstream : bitstreams) { authorizeService.removeGroupPolicies(context, bitstream, e); } } } }
/** Add rights information. This attaches an href to the URL of the item's licence file */ protected void addRights() throws DSpaceSWORDException { try { // work our way up to the item List<Bundle> bundle2bitstreams = this.bitstream.getBundles(); if (bundle2bitstreams.isEmpty()) { log.error("Found orphaned bitstream: " + bitstream.getID()); throw new DSpaceSWORDException("Orphaned bitstream discovered"); } Bundle bundle = bundle2bitstreams.get(0); List<Item> items = bundle.getItems(); if (items.isEmpty()) { log.error("Found orphaned bundle: " + bundle.getID()); throw new DSpaceSWORDException("Orphaned bundle discovered"); } Item item = items.get(0); // now get the licence out of the item SWORDUrlManager urlManager = swordService.getUrlManager(); StringBuilder rightsString = new StringBuilder(); List<Bundle> lbundles = item.getBundles(); for (Bundle lbundle : lbundles) { if (!Constants.LICENSE_BUNDLE_NAME.equals(lbundle.getName())) { // skip non-license bundles continue; } List<Bitstream> bss = lbundle.getBitstreams(); for (Bitstream bs : bss) { String url = urlManager.getBitstreamUrl(bs); rightsString.append(url).append(" "); } } Rights rights = new Rights(); rights.setContent(rightsString.toString()); rights.setType(ContentType.TEXT); entry.setRights(rights); log.debug("Added rights entry to entity"); } catch (SQLException e) { log.error("caught exception: ", e); throw new DSpaceSWORDException(e); } }
protected void removeUserItemPolicies(Context context, Item item, EPerson e) throws SQLException, AuthorizeException { if (e != null) { // Also remove any lingering authorizations from this user authorizeService.removeEPersonPolicies(context, item, e); // Remove the bundle rights List<Bundle> bundles = item.getBundles(); for (Bundle bundle : bundles) { authorizeService.removeEPersonPolicies(context, bundle, e); List<Bitstream> bitstreams = bundle.getBitstreams(); for (Bitstream bitstream : bitstreams) { authorizeService.removeEPersonPolicies(context, bitstream, e); } } // Ensure that the submitter always retains his resource policies if (e.getID().equals(item.getSubmitter().getID())) { grantSubmitterReadPolicies(context, item); } } }
/** * Get a list of all the items that the current SWORD context will allow deposit onto in the given * DSpace context * * <p>IF: the authenticated user is an administrator AND: (the on-behalf-of user is an * administrator OR the on-behalf-of user is authorised to WRITE on the item and ADD on the * ORIGINAL bundle OR the on-behalf-of user is null) OR IF: the authenticated user is authorised * to WRITE on the item and ADD on the ORIGINAL bundle AND: (the on-behalf-of user is an * administrator OR the on-behalf-of user is authorised to WRITE on the item and ADD on the * ORIGINAL bundle OR the on-behalf-of user is null) * * @param swordContext * @return the array of allowed collections * @throws DSpaceSwordException */ public List<Item> getAllowedItems( SwordContext swordContext, org.dspace.content.Collection collection) throws DSpaceSwordException { // an item is allowed if the following conditions are met // // - the authenticated user is an administrator // -- the on-behalf-of user is an administrator // -- the on-behalf-of user is authorised to WRITE on the item and ADD on the ORIGINAL bundle // -- the on-behalf-of user is null // - the authenticated user is authorised to WRITE on the item and ADD on the ORIGINAL bundle // -- the on-behalf-of user is an administrator // -- the on-behalf-of user is authorised to WRITE on the item and ADD on the ORIGINAL bundle // -- the on-behalf-of user is null try { List<Item> allowed = new ArrayList<Item>(); ItemIterator ii = collection.getItems(); while (ii.hasNext()) { Item item = ii.next(); boolean authAllowed = false; boolean oboAllowed = false; // check for obo null if (swordContext.getOnBehalfOf() == null) { oboAllowed = true; } // get the "ORIGINAL" bundle(s) Bundle[] bundles = item.getBundles("ORIGINAL"); // look up the READ policy on the community. This will include determining if the user is // an administrator // so we do not need to check that separately if (!authAllowed) { boolean write = AuthorizeManager.authorizeActionBoolean( swordContext.getAuthenticatorContext(), item, Constants.WRITE); boolean add = false; if (bundles.length == 0) { add = AuthorizeManager.authorizeActionBoolean( swordContext.getAuthenticatorContext(), item, Constants.ADD); } else { for (int i = 0; i < bundles.length; i++) { add = AuthorizeManager.authorizeActionBoolean( swordContext.getAuthenticatorContext(), bundles[i], Constants.ADD); if (!add) { break; } } } authAllowed = write && add; } // if we have not already determined that the obo user is ok to submit, look up the READ // policy on the // community. THis will include determining if the user is an administrator. if (!oboAllowed) { boolean write = AuthorizeManager.authorizeActionBoolean( swordContext.getOnBehalfOfContext(), item, Constants.WRITE); boolean add = false; if (bundles.length == 0) { add = AuthorizeManager.authorizeActionBoolean( swordContext.getAuthenticatorContext(), item, Constants.ADD); } else { for (int i = 0; i < bundles.length; i++) { add = AuthorizeManager.authorizeActionBoolean( swordContext.getAuthenticatorContext(), bundles[i], Constants.ADD); if (!add) { break; } } } oboAllowed = write && add; } // final check to see if we are allowed to READ if (authAllowed && oboAllowed) { allowed.add(item); } } return allowed; } catch (SQLException e) { throw new DSpaceSwordException(e); } }