From b2fd2504450cbf076e56ca8e50c85a0f89aeefd3 Mon Sep 17 00:00:00 2001 From: Pavel Stastny Date: Tue, 13 Dec 2016 12:26:01 +0100 Subject: [PATCH] Issue #406 --- .../impl/criteria/BenevolentModelFilter.java | 106 ++++++++++++++++++ .../NegativeBenevolentModelFilter.java | 67 +++++++++++ .../incad/kramerius/security/res/criteriums | 4 +- search/src/java/labels.properties | 3 + search/src/java/labels_cs.properties | 3 + 5 files changed, 182 insertions(+), 1 deletion(-) create mode 100644 common/src/main/java/cz/incad/kramerius/security/impl/criteria/BenevolentModelFilter.java create mode 100644 common/src/main/java/cz/incad/kramerius/security/impl/criteria/NegativeBenevolentModelFilter.java diff --git a/common/src/main/java/cz/incad/kramerius/security/impl/criteria/BenevolentModelFilter.java b/common/src/main/java/cz/incad/kramerius/security/impl/criteria/BenevolentModelFilter.java new file mode 100644 index 0000000000..2de9ac1431 --- /dev/null +++ b/common/src/main/java/cz/incad/kramerius/security/impl/criteria/BenevolentModelFilter.java @@ -0,0 +1,106 @@ +/* + * Copyright (C) 2016 Pavel Stastny + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +package cz.incad.kramerius.security.impl.criteria; + +import java.io.IOException; +import java.util.logging.Level; +import java.util.logging.Logger; + +import cz.incad.kramerius.FedoraAccess; +import cz.incad.kramerius.ObjectPidsPath; +import cz.incad.kramerius.security.EvaluatingResult; +import cz.incad.kramerius.security.RightCriterium; +import cz.incad.kramerius.security.RightCriteriumContext; +import cz.incad.kramerius.security.RightCriteriumException; +import cz.incad.kramerius.security.RightCriteriumPriorityHint; +import cz.incad.kramerius.security.SecuredActions; + +/** + * @author pavels + * + */ +public class BenevolentModelFilter extends AbstractCriterium implements RightCriterium { + + public static final Logger LOGGER = Logger.getLogger(BenevolentModelFilter.class.getName()); + + + /* (non-Javadoc) + * @see cz.incad.kramerius.security.RightCriterium#evalute() + */ + @Override + public EvaluatingResult evalute() throws RightCriteriumException { + return evaluateInternal(getObjects(), getEvaluateContext()); + } + + /** + * @return + */ + static EvaluatingResult evaluateInternal(Object[] params, RightCriteriumContext ctx) { + try { + FedoraAccess fa = ctx.getFedoraAccess(); + ObjectPidsPath[] pathsToRoot = ctx + .getPathsToRoot(); + for (ObjectPidsPath pth : pathsToRoot) { + String[] pids = pth.getPathFromLeafToRoot(); + for (String pid : pids) { + String modelName = fa.getKrameriusModelName(pid); + if (containsModelName(params,modelName)) return EvaluatingResult.TRUE; + } + } + return EvaluatingResult.NOT_APPLICABLE; + } catch (IOException e) { + LOGGER.log(Level.SEVERE, e.getMessage(), e); + return EvaluatingResult.NOT_APPLICABLE; + } + } + + static boolean containsModelName(Object[] objects, String modelName) { + for (Object object : objects) { + if (object.toString().equals(modelName)) return true; + } + return false; + } + + /* (non-Javadoc) + * @see cz.incad.kramerius.security.RightCriterium#getApplicableActions() + */ + @Override + public SecuredActions[] getApplicableActions() { + return new SecuredActions[] { + SecuredActions.READ, + SecuredActions.SHOW_CLIENT_PRINT_MENU, + SecuredActions.SHOW_CLIENT_PDF_MENU + }; + } + + /* (non-Javadoc) + * @see cz.incad.kramerius.security.RightCriterium#getPriorityHint() + */ + @Override + public RightCriteriumPriorityHint getPriorityHint() { + return RightCriteriumPriorityHint.NORMAL; + } + + /* (non-Javadoc) + * @see cz.incad.kramerius.security.RightCriterium#isParamsNecessary() + */ + @Override + public boolean isParamsNecessary() { + return true; + } + +} diff --git a/common/src/main/java/cz/incad/kramerius/security/impl/criteria/NegativeBenevolentModelFilter.java b/common/src/main/java/cz/incad/kramerius/security/impl/criteria/NegativeBenevolentModelFilter.java new file mode 100644 index 0000000000..0ff489955b --- /dev/null +++ b/common/src/main/java/cz/incad/kramerius/security/impl/criteria/NegativeBenevolentModelFilter.java @@ -0,0 +1,67 @@ +/* + * Copyright (C) 2016 Pavel Stastny + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +package cz.incad.kramerius.security.impl.criteria; + +import cz.incad.kramerius.security.EvaluatingResult; +import cz.incad.kramerius.security.RightCriterium; +import cz.incad.kramerius.security.RightCriteriumException; +import cz.incad.kramerius.security.RightCriteriumPriorityHint; +import cz.incad.kramerius.security.SecuredActions; + +/** + * @author pavels + * + */ +public class NegativeBenevolentModelFilter extends AbstractCriterium implements RightCriterium { + + /* (non-Javadoc) + * @see cz.incad.kramerius.security.RightCriterium#evalute() + */ + @Override + public EvaluatingResult evalute() throws RightCriteriumException { + EvaluatingResult result = BenevolentModelFilter.evaluateInternal(getObjects(), getEvaluateContext()); + return result.equals(EvaluatingResult.TRUE) ? EvaluatingResult.NOT_APPLICABLE : EvaluatingResult.TRUE; + } + + /* (non-Javadoc) + * @see cz.incad.kramerius.security.RightCriterium#getApplicableActions() + */ + @Override + public SecuredActions[] getApplicableActions() { + return new SecuredActions[] { + SecuredActions.READ, + SecuredActions.SHOW_CLIENT_PRINT_MENU, + SecuredActions.SHOW_CLIENT_PDF_MENU + }; + } + + /* (non-Javadoc) + * @see cz.incad.kramerius.security.RightCriterium#getPriorityHint() + */ + @Override + public RightCriteriumPriorityHint getPriorityHint() { + return RightCriteriumPriorityHint.NORMAL; + } + + /* (non-Javadoc) + * @see cz.incad.kramerius.security.RightCriterium#isParamsNecessary() + */ + @Override + public boolean isParamsNecessary() { + return true; + } +} diff --git a/common/src/main/java/cz/incad/kramerius/security/res/criteriums b/common/src/main/java/cz/incad/kramerius/security/res/criteriums index 076ded190c..b4ce8b2a31 100644 --- a/common/src/main/java/cz/incad/kramerius/security/res/criteriums +++ b/common/src/main/java/cz/incad/kramerius/security/res/criteriums @@ -6,4 +6,6 @@ cz.incad.kramerius.security.impl.criteria.StrictIPAddresFilter cz.incad.kramerius.security.impl.criteria.DefaultIPAddressFilter cz.incad.kramerius.security.impl.criteria.PolicyFlag cz.incad.kramerius.security.impl.criteria.DefaultDomainFilter -cz.incad.kramerius.security.impl.criteria.StrictDomainFilter \ No newline at end of file +cz.incad.kramerius.security.impl.criteria.StrictDomainFilter +cz.incad.kramerius.security.impl.criteria.NegativeBenevolentModelFilter +cz.incad.kramerius.security.impl.criteria.BenevolentModelFilter diff --git a/search/src/java/labels.properties b/search/src/java/labels.properties index 8bb702532b..5e69b05f67 100644 --- a/search/src/java/labels.properties +++ b/search/src/java/labels.properties @@ -873,6 +873,9 @@ rights.dialog.editright.title= Change right for action rights.dialog.showrights.title= Secured action for this object +cz.incad.kramerius.security.impl.criteria.NegativeBenevolentModelFilter=Negative object's model Filter (benevolent) +cz.incad.kramerius.security.impl.criteria.BenevolentModelFilter=Object's model Filter (benevolent) + cz.incad.kramerius.security.impl.criteria.DefaultDomainFilter=Domain Filter (benevolent) cz.incad.kramerius.security.impl.criteria.StrictDomainFilter=Domain Filter (strict) diff --git a/search/src/java/labels_cs.properties b/search/src/java/labels_cs.properties index a52ba0e5ed..89fa5cc887 100644 --- a/search/src/java/labels_cs.properties +++ b/search/src/java/labels_cs.properties @@ -869,6 +869,9 @@ rights.dialog.editright.title=Zm\u011Bna pr\u00E1va pro akci rights.dialog.showrights.title=Pr\u00E1va objektu +cz.incad.kramerius.security.impl.criteria.NegativeBenevolentModelFilter=Filtr modelu - negace (benevolentn\u00ED) +cz.incad.kramerius.security.impl.criteria.BenevolentModelFilter=Filtr modelu (benevolentn\u00ED) + cz.incad.kramerius.security.impl.criteria.DefaultDomainFilter=Dom\u00E9nov\u00FD Filtr (benevolentn\u00ED) cz.incad.kramerius.security.impl.criteria.StrictDomainFilter=Dom\u00E9nov\u00FD filtr (striktn\u00ED)