protected void addGroupPolicyToItem(Context context, Item item, int type, Group group)
throws AuthorizeException, SQLException {
if (group != null) {
authorizeService.addPolicy(context, item, type, group);
List<Bundle> bundles = item.getBundles();
for (Bundle bundle : bundles) {
authorizeService.addPolicy(context, bundle, type, group);
List<Bitstream> bits = bundle.getBitstreams();
for (Bitstream bit : bits) {
authorizeService.addPolicy(context, bit, type, group);
}
}
}
}
public boolean canSubmitTo(SwordContext swordContext, Item item) throws DSpaceSwordException {
// a context can submit to an item if the following are satisfied
//
// 1/ the primary authenticating user is authenticated (which is implicit
// in there being a context in the first place)
// 2/ If an On-Behalf-Of request, the On-Behalf-Of user is authorised to
// carry out the action and the authenticating user is in the list
// of allowed mediaters
// 3/ If not an On-Behalf-Of request, the authenticating user is authorised
// to carry out the action
try {
boolean isObo = swordContext.getOnBehalfOf() != null;
Context allowContext = null;
if (isObo) {
// we need to find out if the authenticated user is permitted to mediate
if (!this.allowedToMediate(swordContext.getAuthenticatorContext())) {
return false;
}
allowContext = swordContext.getOnBehalfOfContext();
} else {
allowContext = swordContext.getAuthenticatorContext();
}
// we now need to check whether the selected context that we are authorising
// has the appropriate permissions
boolean write = AuthorizeManager.authorizeActionBoolean(allowContext, item, Constants.WRITE);
Bundle[] bundles = item.getBundles("ORIGINAL");
boolean add = false;
if (bundles.length == 0) {
add = AuthorizeManager.authorizeActionBoolean(allowContext, item, Constants.ADD);
} else {
for (int i = 0; i < bundles.length; i++) {
add = AuthorizeManager.authorizeActionBoolean(allowContext, bundles[i], Constants.ADD);
if (!add) {
break;
}
}
}
boolean allowed = write && add;
return allowed;
} catch (SQLException e) {
log.error("Caught exception: ", e);
throw new DSpaceSwordException(e);
}
}
protected void removeGroupItemPolicies(Context context, Item item, Group e)
throws SQLException, AuthorizeException {
if (e != null) {
// Also remove any lingering authorizations from this user
authorizeService.removeGroupPolicies(context, item, e);
// Remove the bundle rights
List<Bundle> bundles = item.getBundles();
for (Bundle bundle : bundles) {
authorizeService.removeGroupPolicies(context, bundle, e);
List<Bitstream> bitstreams = bundle.getBitstreams();
for (Bitstream bitstream : bitstreams) {
authorizeService.removeGroupPolicies(context, bitstream, e);
}
}
}
}
/** Add rights information. This attaches an href to the URL of the item's licence file */
protected void addRights() throws DSpaceSWORDException {
try {
// work our way up to the item
List<Bundle> bundle2bitstreams = this.bitstream.getBundles();
if (bundle2bitstreams.isEmpty()) {
log.error("Found orphaned bitstream: " + bitstream.getID());
throw new DSpaceSWORDException("Orphaned bitstream discovered");
}
Bundle bundle = bundle2bitstreams.get(0);
List<Item> items = bundle.getItems();
if (items.isEmpty()) {
log.error("Found orphaned bundle: " + bundle.getID());
throw new DSpaceSWORDException("Orphaned bundle discovered");
}
Item item = items.get(0);
// now get the licence out of the item
SWORDUrlManager urlManager = swordService.getUrlManager();
StringBuilder rightsString = new StringBuilder();
List<Bundle> lbundles = item.getBundles();
for (Bundle lbundle : lbundles) {
if (!Constants.LICENSE_BUNDLE_NAME.equals(lbundle.getName())) {
// skip non-license bundles
continue;
}
List<Bitstream> bss = lbundle.getBitstreams();
for (Bitstream bs : bss) {
String url = urlManager.getBitstreamUrl(bs);
rightsString.append(url).append(" ");
}
}
Rights rights = new Rights();
rights.setContent(rightsString.toString());
rights.setType(ContentType.TEXT);
entry.setRights(rights);
log.debug("Added rights entry to entity");
} catch (SQLException e) {
log.error("caught exception: ", e);
throw new DSpaceSWORDException(e);
}
}
protected void removeUserItemPolicies(Context context, Item item, EPerson e)
throws SQLException, AuthorizeException {
if (e != null) {
// Also remove any lingering authorizations from this user
authorizeService.removeEPersonPolicies(context, item, e);
// Remove the bundle rights
List<Bundle> bundles = item.getBundles();
for (Bundle bundle : bundles) {
authorizeService.removeEPersonPolicies(context, bundle, e);
List<Bitstream> bitstreams = bundle.getBitstreams();
for (Bitstream bitstream : bitstreams) {
authorizeService.removeEPersonPolicies(context, bitstream, e);
}
}
// Ensure that the submitter always retains his resource policies
if (e.getID().equals(item.getSubmitter().getID())) {
grantSubmitterReadPolicies(context, item);
}
}
}
/**
* Get a list of all the items that the current SWORD context will allow deposit onto in the given
* DSpace context
*
* <p>IF: the authenticated user is an administrator AND: (the on-behalf-of user is an
* administrator OR the on-behalf-of user is authorised to WRITE on the item and ADD on the
* ORIGINAL bundle OR the on-behalf-of user is null) OR IF: the authenticated user is authorised
* to WRITE on the item and ADD on the ORIGINAL bundle AND: (the on-behalf-of user is an
* administrator OR the on-behalf-of user is authorised to WRITE on the item and ADD on the
* ORIGINAL bundle OR the on-behalf-of user is null)
*
* @param swordContext
* @return the array of allowed collections
* @throws DSpaceSwordException
*/
public List<Item> getAllowedItems(
SwordContext swordContext, org.dspace.content.Collection collection)
throws DSpaceSwordException {
// an item is allowed if the following conditions are met
//
// - the authenticated user is an administrator
// -- the on-behalf-of user is an administrator
// -- the on-behalf-of user is authorised to WRITE on the item and ADD on the ORIGINAL bundle
// -- the on-behalf-of user is null
// - the authenticated user is authorised to WRITE on the item and ADD on the ORIGINAL bundle
// -- the on-behalf-of user is an administrator
// -- the on-behalf-of user is authorised to WRITE on the item and ADD on the ORIGINAL bundle
// -- the on-behalf-of user is null
try {
List<Item> allowed = new ArrayList<Item>();
ItemIterator ii = collection.getItems();
while (ii.hasNext()) {
Item item = ii.next();
boolean authAllowed = false;
boolean oboAllowed = false;
// check for obo null
if (swordContext.getOnBehalfOf() == null) {
oboAllowed = true;
}
// get the "ORIGINAL" bundle(s)
Bundle[] bundles = item.getBundles("ORIGINAL");
// look up the READ policy on the community. This will include determining if the user is
// an administrator
// so we do not need to check that separately
if (!authAllowed) {
boolean write =
AuthorizeManager.authorizeActionBoolean(
swordContext.getAuthenticatorContext(), item, Constants.WRITE);
boolean add = false;
if (bundles.length == 0) {
add =
AuthorizeManager.authorizeActionBoolean(
swordContext.getAuthenticatorContext(), item, Constants.ADD);
} else {
for (int i = 0; i < bundles.length; i++) {
add =
AuthorizeManager.authorizeActionBoolean(
swordContext.getAuthenticatorContext(), bundles[i], Constants.ADD);
if (!add) {
break;
}
}
}
authAllowed = write && add;
}
// if we have not already determined that the obo user is ok to submit, look up the READ
// policy on the
// community. THis will include determining if the user is an administrator.
if (!oboAllowed) {
boolean write =
AuthorizeManager.authorizeActionBoolean(
swordContext.getOnBehalfOfContext(), item, Constants.WRITE);
boolean add = false;
if (bundles.length == 0) {
add =
AuthorizeManager.authorizeActionBoolean(
swordContext.getAuthenticatorContext(), item, Constants.ADD);
} else {
for (int i = 0; i < bundles.length; i++) {
add =
AuthorizeManager.authorizeActionBoolean(
swordContext.getAuthenticatorContext(), bundles[i], Constants.ADD);
if (!add) {
break;
}
}
}
oboAllowed = write && add;
}
// final check to see if we are allowed to READ
if (authAllowed && oboAllowed) {
allowed.add(item);
}
}
return allowed;
} catch (SQLException e) {
throw new DSpaceSwordException(e);
}
}
