@Override public List<Group> getAuthorizedGroups(Context c, DSpaceObject o, int actionID) throws java.sql.SQLException { List<ResourcePolicy> policies = getPoliciesActionFilter(c, o, actionID); List<Group> groups = new ArrayList<Group>(); for (ResourcePolicy resourcePolicy : policies) { if (resourcePolicy.getGroup() != null) { groups.add(resourcePolicy.getGroup()); } } return groups; }
@Override public void addPolicies(Context c, List<ResourcePolicy> policies, DSpaceObject dest) throws SQLException, AuthorizeException { // now add them to the destination object List<ResourcePolicy> newPolicies = new LinkedList<>(); for (ResourcePolicy srp : policies) { ResourcePolicy rp = resourcePolicyService.create(c); // copy over values rp.setdSpaceObject(dest); rp.setAction(srp.getAction()); rp.setEPerson(srp.getEPerson()); rp.setGroup(srp.getGroup()); rp.setStartDate(srp.getStartDate()); rp.setEndDate(srp.getEndDate()); rp.setRpName(srp.getRpName()); rp.setRpDescription(srp.getRpDescription()); rp.setRpType(srp.getRpType()); // and add policy to list of new policies newPolicies.add(rp); } resourcePolicyService.update(c, newPolicies); }
@Override public boolean isAdmin(Context c, DSpaceObject o) throws SQLException { // return true if user is an Administrator if (isAdmin(c)) { return true; } if (o == null) { return false; } // // First, check all Resource Policies directly on this object // List<ResourcePolicy> policies = getPoliciesActionFilter(c, o, Constants.ADMIN); for (ResourcePolicy rp : policies) { // check policies for date validity if (resourcePolicyService.isDateValid(rp)) { if (rp.getEPerson() != null && rp.getEPerson().equals(c.getCurrentUser())) { return true; // match } if ((rp.getGroup() != null) && (groupService.isMember(c, rp.getGroup()))) { // group was set, and eperson is a member // of that group return true; } } } // If user doesn't have specific Admin permissions on this object, // check the *parent* objects of this object. This allows Admin // permissions to be inherited automatically (e.g. Admin on Community // is also an Admin of all Collections/Items in that Community) DSpaceObject parent = serviceFactory.getDSpaceObjectService(o).getParentObject(c, o); if (parent != null) { return isAdmin(c, parent); } return false; }
@Override public boolean isAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject o, ResourcePolicy rp) throws SQLException { return isAnIdenticalPolicyAlreadyInPlace(c, o, rp.getGroup(), rp.getAction(), rp.getID()); }
/** * Check to see if the given user can perform the given action on the given object. Always returns * true if the ignore authorization flat is set in the current context. * * @param c current context. User is irrelevant; "ignore authorization" flag is relevant * @param o object action is being attempted on * @param action ID of action being attempted, from <code>org.dspace.core.Constants</code> * @param e user attempting action * @param useInheritance flag to say if ADMIN action on the current object or parent object can be * used * @return <code>true</code> if user is authorized to perform the given action, <code>false</code> * otherwise * @throws SQLException if database error */ protected boolean authorize( Context c, DSpaceObject o, int action, EPerson e, boolean useInheritance) throws SQLException { // return FALSE if there is no DSpaceObject if (o == null) { return false; } // is authorization disabled for this context? if (c.ignoreAuthorization()) { return true; } // is eperson set? if not, userToCheck = null (anonymous) EPerson userToCheck = null; if (e != null) { userToCheck = e; // perform isAdmin check to see // if user is an Admin on this object DSpaceObject adminObject = useInheritance ? serviceFactory.getDSpaceObjectService(o).getAdminObject(c, o, action) : null; if (isAdmin(c, adminObject)) { return true; } } // In case the dso is an bundle or bitstream we must ignore custom // policies if it does not belong to at least one installed item (see // DS-2614). // In case the dso is an item and a corresponding workspace or workflow // item exist, we have to ignore custom policies (see DS-2614). boolean ignoreCustomPolicies = false; if (o instanceof Bitstream) { Bitstream b = (Bitstream) o; // Ensure that this is not a collection or community logo DSpaceObject parent = bitstreamService.getParentObject(c, b); if (!(parent instanceof Collection) && !(parent instanceof Community)) { ignoreCustomPolicies = !isAnyItemInstalled(c, b.getBundles()); } } if (o instanceof Bundle) { ignoreCustomPolicies = !isAnyItemInstalled(c, Arrays.asList(((Bundle) o))); } if (o instanceof Item) { if (workspaceItemService.findByItem(c, (Item) o) != null || workflowItemService.findByItem(c, (Item) o) != null) { ignoreCustomPolicies = true; } } for (ResourcePolicy rp : getPoliciesActionFilter(c, o, action)) { if (ignoreCustomPolicies && ResourcePolicy.TYPE_CUSTOM.equals(rp.getRpType())) { continue; } // check policies for date validity if (resourcePolicyService.isDateValid(rp)) { if (rp.getEPerson() != null && rp.getEPerson().equals(userToCheck)) { return true; // match } if ((rp.getGroup() != null) && (groupService.isMember(c, rp.getGroup()))) { // group was set, and eperson is a member // of that group return true; } } } // default authorization is denial return false; }