@Override public void addPolicies(Context c, List<ResourcePolicy> policies, DSpaceObject dest) throws SQLException, AuthorizeException { // now add them to the destination object List<ResourcePolicy> newPolicies = new LinkedList<>(); for (ResourcePolicy srp : policies) { ResourcePolicy rp = resourcePolicyService.create(c); // copy over values rp.setdSpaceObject(dest); rp.setAction(srp.getAction()); rp.setEPerson(srp.getEPerson()); rp.setGroup(srp.getGroup()); rp.setStartDate(srp.getStartDate()); rp.setEndDate(srp.getEndDate()); rp.setRpName(srp.getRpName()); rp.setRpDescription(srp.getRpDescription()); rp.setRpType(srp.getRpType()); // and add policy to list of new policies newPolicies.add(rp); } resourcePolicyService.update(c, newPolicies); }
/** * Generate Policies policies READ for the date in input adding reason. New policies are assigned * automatically at the groups that have right on the collection. E.g., if the anonymous can * access the collection policies are assigned to anonymous. * * @param context The relevant DSpace Context. * @param embargoDate embargo end date * @param reason embargo reason * @param dso DSpace object * @param owningCollection collection to get group policies from * @throws SQLException if database error * @throws AuthorizeException if authorization error */ @Override public void generateAutomaticPolicies( Context context, Date embargoDate, String reason, DSpaceObject dso, Collection owningCollection) throws SQLException, AuthorizeException { if (embargoDate != null || (embargoDate == null && dso instanceof Bitstream)) { List<Group> authorizedGroups = getAuthorizedGroups(context, owningCollection, Constants.DEFAULT_ITEM_READ); removeAllPoliciesByDSOAndType(context, dso, ResourcePolicy.TYPE_CUSTOM); // look for anonymous boolean isAnonymousInPlace = false; for (Group g : authorizedGroups) { if (StringUtils.equals(g.getName(), Group.ANONYMOUS)) { isAnonymousInPlace = true; } } if (!isAnonymousInPlace) { // add policies for all the groups for (Group g : authorizedGroups) { ResourcePolicy rp = createOrModifyPolicy( null, context, null, g, null, embargoDate, Constants.READ, reason, dso); if (rp != null) resourcePolicyService.update(context, rp); } } else { // add policy just for anonymous ResourcePolicy rp = createOrModifyPolicy( null, context, null, groupService.findByName(context, Group.ANONYMOUS), null, embargoDate, Constants.READ, reason, dso); if (rp != null) resourcePolicyService.update(context, rp); } } }
@Override public void switchPoliciesAction(Context context, DSpaceObject dso, int fromAction, int toAction) throws SQLException, AuthorizeException { List<ResourcePolicy> rps = getPoliciesActionFilter(context, dso, fromAction); for (ResourcePolicy rp : rps) { rp.setAction(toAction); } resourcePolicyService.update(context, rps); }
@Override public ResourcePolicy createResourcePolicy( Context context, DSpaceObject dso, Group group, EPerson eperson, int type, String rpType) throws SQLException, AuthorizeException { if (group == null && eperson == null) { throw new IllegalArgumentException( "We need at least an eperson or a group in order to create a resource policy."); } ResourcePolicy myPolicy = resourcePolicyService.create(context); myPolicy.setdSpaceObject(dso); myPolicy.setAction(type); myPolicy.setGroup(group); myPolicy.setEPerson(eperson); myPolicy.setRpType(rpType); resourcePolicyService.update(context, myPolicy); return myPolicy; }
@Override public ResourcePolicy findByTypeIdGroupAction( Context c, DSpaceObject dso, Group group, int action, int policyID) throws SQLException { List<ResourcePolicy> policies = resourcePolicyService.find(c, dso, group, action, policyID); if (CollectionUtils.isNotEmpty(policies)) { return policies.iterator().next(); } else { return null; } }
public boolean isCollectionAdmin(Context c) throws SQLException { EPerson e = c.getCurrentUser(); if (e != null) { List<ResourcePolicy> policies = resourcePolicyService.find( c, e, groupService.allMemberGroups(c, e), Constants.ADMIN, Constants.COLLECTION); if (CollectionUtils.isNotEmpty(policies)) { return true; } } return false; }
public void addListPolicies(List parent, DSpaceObject dso, Collection owningCollection) throws WingException, SQLException { if (!isAdvancedFormEnabled) { return; } parent.addLabel(T_head_policies_table); java.util.List<ResourcePolicy> resourcePolicies = authorizeService.findPoliciesByDSOAndType(context, dso, ResourcePolicy.TYPE_CUSTOM); if (resourcePolicies.isEmpty()) { parent.addItem(T_no_policies); return; } for (ResourcePolicy rp : resourcePolicies) { int id = rp.getID(); String name = ""; if (rp.getRpName() != null) name = rp.getRpName(); String action = resourcePolicyService.getActionText(rp); // if it is the default policy for the Submitter don't show it. if (dso instanceof org.dspace.content.Item) { org.dspace.content.Item item = (org.dspace.content.Item) dso; if (rp.getEPerson() != null) { if (item.getSubmitter().equals(rp.getEPerson())) continue; } } String group = ""; if (rp.getGroup() != null) group = rp.getGroup().getName(); // start String startDate = ""; if (rp.getStartDate() != null) { startDate = DateFormatUtils.format(rp.getStartDate(), "yyyy-MM-dd"); } // endDate String endDate = ""; if (rp.getEndDate() != null) { endDate = DateFormatUtils.format(rp.getEndDate(), "yyyy-MM-dd"); } parent.addItem(T_policy.parameterize(name, action, group, startDate, endDate)); } }
@Override public boolean isAdmin(Context c, DSpaceObject o) throws SQLException { // return true if user is an Administrator if (isAdmin(c)) { return true; } if (o == null) { return false; } // // First, check all Resource Policies directly on this object // List<ResourcePolicy> policies = getPoliciesActionFilter(c, o, Constants.ADMIN); for (ResourcePolicy rp : policies) { // check policies for date validity if (resourcePolicyService.isDateValid(rp)) { if (rp.getEPerson() != null && rp.getEPerson().equals(c.getCurrentUser())) { return true; // match } if ((rp.getGroup() != null) && (groupService.isMember(c, rp.getGroup()))) { // group was set, and eperson is a member // of that group return true; } } } // If user doesn't have specific Admin permissions on this object, // check the *parent* objects of this object. This allows Admin // permissions to be inherited automatically (e.g. Admin on Community // is also an Admin of all Collections/Items in that Community) DSpaceObject parent = serviceFactory.getDSpaceObjectService(o).getParentObject(c, o); if (parent != null) { return isAdmin(c, parent); } return false; }
public void addTablePolicies(Division parent, DSpaceObject dso, Collection owningCollection) throws WingException, SQLException { if (!isAdvancedFormEnabled) { return; } Division div = parent.addDivision("access-existing-policies"); div.setHead(T_head_policies_table); div.addPara(T_policies_help.parameterize(owningCollection)); java.util.List<ResourcePolicy> resourcePolicies = authorizeService.findPoliciesByDSOAndType(context, dso, ResourcePolicy.TYPE_CUSTOM); if (resourcePolicies.isEmpty()) { div.addPara(T_no_policies); return; } int cols = resourcePolicies.size(); if (cols == 0) cols = 1; Table policies = div.addTable("policies", 6, cols); Row header = policies.addRow(Row.ROLE_HEADER); header.addCellContent(T_column0); // name header.addCellContent(T_column1); // action header.addCellContent(T_column2); // group header.addCellContent(T_column3); // start_date header.addCellContent(T_column4); // end_date for (ResourcePolicy rp : resourcePolicies) { int id = rp.getID(); String name = ""; if (rp.getRpName() != null) name = rp.getRpName(); String action = resourcePolicyService.getActionText(rp); // if it is the default policy for the Submitter don't show it. if (dso instanceof org.dspace.content.Item) { org.dspace.content.Item item = (org.dspace.content.Item) dso; if (rp.getEPerson() != null) { if (item.getSubmitter().equals(rp.getEPerson())) continue; } } String group = ""; if (rp.getGroup() != null) group = rp.getGroup().getName(); Row row = policies.addRow(); row.addCellContent(name); row.addCellContent(action); row.addCellContent(group); // start String startDate = ""; if (rp.getStartDate() != null) { startDate = DateFormatUtils.format(rp.getStartDate(), "yyyy-MM-dd"); } row.addCellContent(startDate); // endDate String endDate = ""; if (rp.getEndDate() != null) { endDate = DateFormatUtils.format(rp.getEndDate(), "yyyy-MM-dd"); } row.addCellContent(endDate); Button edit = row.addCell().addButton("submit_edit_edit_policies_" + id); edit.setValue(T_table_submit_edit); Button delete = row.addCell().addButton("submit_delete_edit_policies_" + id); delete.setValue(T_table_submit_delete); } }
/** * Check to see if the given user can perform the given action on the given object. Always returns * true if the ignore authorization flat is set in the current context. * * @param c current context. User is irrelevant; "ignore authorization" flag is relevant * @param o object action is being attempted on * @param action ID of action being attempted, from <code>org.dspace.core.Constants</code> * @param e user attempting action * @param useInheritance flag to say if ADMIN action on the current object or parent object can be * used * @return <code>true</code> if user is authorized to perform the given action, <code>false</code> * otherwise * @throws SQLException if database error */ protected boolean authorize( Context c, DSpaceObject o, int action, EPerson e, boolean useInheritance) throws SQLException { // return FALSE if there is no DSpaceObject if (o == null) { return false; } // is authorization disabled for this context? if (c.ignoreAuthorization()) { return true; } // is eperson set? if not, userToCheck = null (anonymous) EPerson userToCheck = null; if (e != null) { userToCheck = e; // perform isAdmin check to see // if user is an Admin on this object DSpaceObject adminObject = useInheritance ? serviceFactory.getDSpaceObjectService(o).getAdminObject(c, o, action) : null; if (isAdmin(c, adminObject)) { return true; } } // In case the dso is an bundle or bitstream we must ignore custom // policies if it does not belong to at least one installed item (see // DS-2614). // In case the dso is an item and a corresponding workspace or workflow // item exist, we have to ignore custom policies (see DS-2614). boolean ignoreCustomPolicies = false; if (o instanceof Bitstream) { Bitstream b = (Bitstream) o; // Ensure that this is not a collection or community logo DSpaceObject parent = bitstreamService.getParentObject(c, b); if (!(parent instanceof Collection) && !(parent instanceof Community)) { ignoreCustomPolicies = !isAnyItemInstalled(c, b.getBundles()); } } if (o instanceof Bundle) { ignoreCustomPolicies = !isAnyItemInstalled(c, Arrays.asList(((Bundle) o))); } if (o instanceof Item) { if (workspaceItemService.findByItem(c, (Item) o) != null || workflowItemService.findByItem(c, (Item) o) != null) { ignoreCustomPolicies = true; } } for (ResourcePolicy rp : getPoliciesActionFilter(c, o, action)) { if (ignoreCustomPolicies && ResourcePolicy.TYPE_CUSTOM.equals(rp.getRpType())) { continue; } // check policies for date validity if (resourcePolicyService.isDateValid(rp)) { if (rp.getEPerson() != null && rp.getEPerson().equals(userToCheck)) { return true; // match } if ((rp.getGroup() != null) && (groupService.isMember(c, rp.getGroup()))) { // group was set, and eperson is a member // of that group return true; } } } // default authorization is denial return false; }
@Override public void removeEPersonPolicies(Context c, DSpaceObject o, EPerson e) throws SQLException, AuthorizeException { resourcePolicyService.removeDsoEPersonPolicies(c, o, e); }
@Override public void removeGroupPolicies(Context c, DSpaceObject o, Group g) throws SQLException, AuthorizeException { resourcePolicyService.removeDsoGroupPolicies(c, o, g); }
@Override public void removeGroupPolicies(Context c, Group group) throws SQLException { resourcePolicyService.removeGroupPolicies(c, group); }
@Override public void removePoliciesActionFilter(Context context, DSpaceObject dso, int actionID) throws SQLException, AuthorizeException { resourcePolicyService.removePolicies(context, dso, actionID); }
@Override public void removeAllPoliciesByDSOAndType(Context c, DSpaceObject o, String type) throws SQLException, AuthorizeException { resourcePolicyService.removePolicies(c, o, type); }
@Override public void removeAllPolicies(Context c, DSpaceObject o) throws SQLException, AuthorizeException { resourcePolicyService.removeAllPolicies(c, o); }
@Override public List<ResourcePolicy> getPoliciesActionFilter(Context c, DSpaceObject o, int actionID) throws SQLException { return resourcePolicyService.find(c, o, actionID); }
@Override public List<ResourcePolicy> getPoliciesForGroup(Context c, Group g) throws SQLException { return resourcePolicyService.find(c, g); }
@Override public List<ResourcePolicy> findPoliciesByDSOAndType(Context c, DSpaceObject o, String type) throws SQLException { return resourcePolicyService.find(c, o, type); }
@Override public List<ResourcePolicy> getPolicies(Context c, DSpaceObject o) throws SQLException { return resourcePolicyService.find(c, o); }