AuthorizeManager (DSpace Kernel :: API and Implementation 3.0-rc2 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.dspace.authorize
Class AuthorizeManager

java.lang.Object
  org.dspace.authorize.AuthorizeManager

public class AuthorizeManager
extends Object
extends Object

AuthorizeManager handles all authorization checks for DSpace. For better security, DSpace assumes that you do not have the right to do something unless that permission is spelled out somewhere. That "somewhere" is the ResourcePolicy table. The AuthorizeManager is given a user, an object, and an action, and it then does a lookup in the ResourcePolicy table to see if there are any policies giving the user permission to do that action.

ResourcePolicies now apply to single objects (such as submit (ADD) permission to a collection.)

Note: If an eperson is a member of the administrator group (id 1), then they are automatically given permission for all requests another special group is group 0, which is anonymous - all EPeople are members of group 0.

Constructor Summary
`AuthorizeManager()`

Method Summary
`static void`	`addPolicies(Context c, List<ResourcePolicy> policies, DSpaceObject dest)` Copies policies from a list of resource policies to a given DSpaceObject
`static void`	`addPolicy(Context c, DSpaceObject o, int actionID, EPerson e)` Add a policy for an individual eperson
`static void`	`addPolicy(Context c, DSpaceObject o, int actionID, EPerson e, String type)` Add a policy for an individual eperson
`static void`	`addPolicy(Context c, DSpaceObject o, int actionID, Group g)` Add a policy for a group
`static void`	`addPolicy(Context c, DSpaceObject o, int actionID, Group g, String type)` Add a policy for a group
`static void`	`authorizeAction(Context c, DSpaceObject o, int action)` Checks that the context's current user can perform the given action on the given object.
`static void`	`authorizeAction(Context c, DSpaceObject o, int action, boolean useInheritance)` Checks that the context's current user can perform the given action on the given object.
`static boolean`	`authorizeActionBoolean(Context c, DSpaceObject o, int a)` same authorize, returns boolean for those who don't want to deal with catching exceptions.
`static boolean`	`authorizeActionBoolean(Context c, DSpaceObject o, int a, boolean useInheritance)` same authorize, returns boolean for those who don't want to deal with catching exceptions.
`static void`	`authorizeAnyOf(Context c, DSpaceObject o, int[] actions)` Utility method, checks that the current user of the given context can perform all of the specified actions on the given object.
`static ResourcePolicy`	`createOrModifyPolicy(ResourcePolicy policy, Context context, String name, int idGroup, EPerson ePerson, Date embargoDate, int action, String reason, DSpaceObject dso)`
`static ResourcePolicy`	`findByTypeIdGroupAction(Context c, int dsoType, int dsoID, int groupID, int action, int policyID)`
`static List<ResourcePolicy>`	`findPoliciesByDSOAndType(Context c, DSpaceObject o, String type)` Return a List of the policies for an object
`static void`	`generateAutomaticPolicies(Context context, Date embargoDate, String reason, DSpaceObject dso, Collection owningCollection)` Generate Policies policies READ for the date in input adding reason.
`static Group[]`	`getAuthorizedGroups(Context c, DSpaceObject o, int actionID)` Returns all groups authorized to perform an action on an object.
`static List<ResourcePolicy>`	`getPolicies(Context c, DSpaceObject o)` Return a List of the policies for an object
`static List<ResourcePolicy>`	`getPoliciesActionFilter(Context c, DSpaceObject o, int actionID)` Return a list of policies for an object that match the action
`static List<ResourcePolicy>`	`getPoliciesForGroup(Context c, Group g)` Return a List of the policies for a group
`static void`	`inheritPolicies(Context c, DSpaceObject src, DSpaceObject dest)` Add policies to an object to match those from a previous object
`static boolean`	`isAdmin(Context c)` Check to see if the current user is a System Admin.
`static boolean`	`isAdmin(Context c, DSpaceObject o)` Check to see if the current user is an Administrator of a given object within DSpace.
`static boolean`	`isAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject o, int groupID, int action, int policyID)`
`static boolean`	`isAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject o, ResourcePolicy rp)`
`static boolean`	`isAnIdenticalPolicyAlreadyInPlace(Context c, int dsoType, int dsoID, int groupID, int action, int policyID)`
`static void`	`removeAllPolicies(Context c, DSpaceObject o)` removes ALL policies for an object.
`static void`	`removeAllPoliciesByDSOAndType(Context c, DSpaceObject o, String type)` removes policies
`static void`	`removeAllPoliciesByDSOAndTypeNotEqualsTo(Context c, DSpaceObject o, String type)` removes ALL policies for an object that are not of the input type.
`static void`	`removeEPersonPolicies(Context c, DSpaceObject o, EPerson e)` Removes all policies from an eperson for a particular object that belong to an EPerson.
`static void`	`removeGroupPolicies(Context c, DSpaceObject o, Group g)` Removes all policies from a group for a particular object that belong to a Group.
`static void`	`removeGroupPolicies(Context c, int groupID)` Removes all policies relating to a particular group.
`static void`	`removePoliciesActionFilter(Context context, DSpaceObject dso, int actionID)` Remove all policies from an object that match a given action.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

AuthorizeManager

public AuthorizeManager()

Method Detail

authorizeAnyOf

public static void authorizeAnyOf(Context c,
                                  DSpaceObject o,
                                  int[] actions)
                           throws AuthorizeException,
                                  SQLException

Utility method, checks that the current user of the given context can perform all of the specified actions on the given object. An AuthorizeException if all the authorizations fail.

Parameters:: c - context with the current user; o - DSpace object user is attempting to perform action on; actions - array of action IDs from org.dspace.core.Constants
Throws:: AuthorizeException - if any one of the specified actions cannot be performed by the current user on the given object.; SQLException - if there's a database problem

authorizeAction

public static void authorizeAction(Context c,
                                   DSpaceObject o,
                                   int action)
                            throws AuthorizeException,
                                   SQLException

Checks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.

Parameters:: c - context; o - a DSpaceObject; action - action to perform from org.dspace.core.Constants
Throws:: AuthorizeException - if the user is denied; SQLException

authorizeAction

public static void authorizeAction(Context c,
                                   DSpaceObject o,
                                   int action,
                                   boolean useInheritance)
                            throws AuthorizeException,
                                   SQLException

Checks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.

Parameters:: c - context; o - a DSpaceObject; useInheritance - flag to say if ADMIN action on the current object or parent object can be used; action - action to perform from org.dspace.core.Constants
Throws:: AuthorizeException - if the user is denied; SQLException

authorizeActionBoolean

public static boolean authorizeActionBoolean(Context c,
                                             DSpaceObject o,
                                             int a)
                                      throws SQLException

same authorize, returns boolean for those who don't want to deal with catching exceptions.

Parameters:: c - DSpace context, containing current user; o - DSpaceObject; a - action being attempted, from org.dspace.core.Constants
Returns:: true if the current user in the context is authorized to perform the given action on the given object
Throws:: SQLException

authorizeActionBoolean

public static boolean authorizeActionBoolean(Context c,
                                             DSpaceObject o,
                                             int a,
                                             boolean useInheritance)
                                      throws SQLException

same authorize, returns boolean for those who don't want to deal with catching exceptions.

Parameters:: c - DSpace context, containing current user; o - DSpaceObject; a - action being attempted, from org.dspace.core.Constants; useInheritance - flag to say if ADMIN action on the current object or parent object can be used
Returns:: true if the current user in the context is authorized to perform the given action on the given object
Throws:: SQLException

isAdmin

public static boolean isAdmin(Context c,
                              DSpaceObject o)
                       throws SQLException

Check to see if the current user is an Administrator of a given object within DSpace. Always return true if the user is a System Admin

Parameters:: c - current context; o - current DSpace Object, if null the call will be equivalent to a call to the isAdmin(Context c) method
Returns:: true if user has administrative privileges on the given DSpace object
Throws:: SQLException

isAdmin

public static boolean isAdmin(Context c)
                       throws SQLException

Check to see if the current user is a System Admin. Always return true if c.ignoreAuthorization is set. Anonymous users can't be Admins (EPerson set to NULL)

Parameters:: c - current context
Returns:: true if user is an admin or ignore authorization flag set
Throws:: SQLException

addPolicy

public static void addPolicy(Context c,
                             DSpaceObject o,
                             int actionID,
                             EPerson e)
                      throws SQLException,
                             AuthorizeException

Add a policy for an individual eperson

Parameters:: c - context. Current user irrelevant; o - DSpaceObject to add policy to; actionID - ID of action from org.dspace.core.Constants; e - eperson who can perform the action
Throws:: AuthorizeException - if current user in context is not authorized to add policies; SQLException

addPolicy

public static void addPolicy(Context c,
                             DSpaceObject o,
                             int actionID,
                             EPerson e,
                             String type)
                      throws SQLException,
                             AuthorizeException

Add a policy for an individual eperson

Parameters:: c - context. Current user irrelevant; o - DSpaceObject to add policy to; actionID - ID of action from org.dspace.core.Constants; e - eperson who can perform the action; type - policy type, deafult types are declared in the ResourcePolicy class
Throws:: AuthorizeException - if current user in context is not authorized to add policies; SQLException

addPolicy

public static void addPolicy(Context c,
                             DSpaceObject o,
                             int actionID,
                             Group g)
                      throws SQLException,
                             AuthorizeException

Add a policy for a group

Parameters:: c - current context; o - object to add policy for; actionID - ID of action from org.dspace.core.Constants; g - group to add policy for
Throws:: SQLException - if there's a database problem; AuthorizeException - if the current user is not authorized to add this policy

addPolicy

public static void addPolicy(Context c,
                             DSpaceObject o,
                             int actionID,
                             Group g,
                             String type)
                      throws SQLException,
                             AuthorizeException

Add a policy for a group

Parameters:: c - current context; o - object to add policy for; actionID - ID of action from org.dspace.core.Constants; g - group to add policy for; type - policy type, deafult types are declared in the ResourcePolicy class
Throws:: SQLException - if there's a database problem; AuthorizeException - if the current user is not authorized to add this policy

getPolicies

public static List<ResourcePolicy> getPolicies(Context c,
                                               DSpaceObject o)
                                        throws SQLException

Return a List of the policies for an object

Parameters:: c - current context; o - object to retrieve policies for
Returns:: List of ResourcePolicy objects
Throws:: SQLException

findPoliciesByDSOAndType

public static List<ResourcePolicy> findPoliciesByDSOAndType(Context c,
                                                            DSpaceObject o,
                                                            String type)
                                                     throws SQLException

Return a List of the policies for an object

Parameters:: c - current context; o - object to retrieve policies for
Returns:: List of ResourcePolicy objects
Throws:: SQLException

getPoliciesForGroup

public static List<ResourcePolicy> getPoliciesForGroup(Context c,
                                                       Group g)
                                                throws SQLException

Return a List of the policies for a group

Parameters:: c - current context; g - group to retrieve policies for
Returns:: List of ResourcePolicy objects
Throws:: SQLException

getPoliciesActionFilter

public static List<ResourcePolicy> getPoliciesActionFilter(Context c,
                                                           DSpaceObject o,
                                                           int actionID)
                                                    throws SQLException

Return a list of policies for an object that match the action

Parameters:: c - context; o - DSpaceObject policies relate to; actionID - action (defined in class Constants)
Throws:: SQLException - if there's a database problem

inheritPolicies

public static void inheritPolicies(Context c,
                                   DSpaceObject src,
                                   DSpaceObject dest)
                            throws SQLException,
                                   AuthorizeException

Add policies to an object to match those from a previous object

Parameters:: c - context; src - source of policies; dest - destination of inherited policies
Throws:: SQLException - if there's a database problem; AuthorizeException - if the current user is not authorized to add these policies

addPolicies

public static void addPolicies(Context c,
                               List<ResourcePolicy> policies,
                               DSpaceObject dest)
                        throws SQLException,
                               AuthorizeException

Copies policies from a list of resource policies to a given DSpaceObject

Parameters:: c - DSpace context; policies - List of ResourcePolicy objects; dest - object to have policies added
Throws:: SQLException - if there's a database problem; AuthorizeException - if the current user is not authorized to add these policies

removeAllPolicies

public static void removeAllPolicies(Context c,
                                     DSpaceObject o)
                              throws SQLException

removes ALL policies for an object. FIXME doesn't check authorization

Parameters:: c - DSpace context; o - object to remove policies for
Throws:: SQLException - if there's a database problem

removeAllPoliciesByDSOAndTypeNotEqualsTo

public static void removeAllPoliciesByDSOAndTypeNotEqualsTo(Context c,
                                                            DSpaceObject o,
                                                            String type)
                                                     throws SQLException

removes ALL policies for an object that are not of the input type.

Parameters:: c - DSpace context; o - object to remove policies for
Throws:: SQLException - if there's a database problem

removeAllPoliciesByDSOAndType

public static void removeAllPoliciesByDSOAndType(Context c,
                                                 DSpaceObject o,
                                                 String type)
                                          throws SQLException

removes policies

Parameters:: c - DSpace context; o - object to remove policies for; type - policy type
Throws:: SQLException - if there's a database problem

removePoliciesActionFilter

public static void removePoliciesActionFilter(Context context,
                                              DSpaceObject dso,
                                              int actionID)
                                       throws SQLException

Remove all policies from an object that match a given action. FIXME doesn't check authorization

Parameters:: context - current context; dso - object to remove policies from; actionID - ID of action to match from org.dspace.core.Constants, or -1=all
Throws:: SQLException - if there's a database problem

removeGroupPolicies

public static void removeGroupPolicies(Context c,
                                       int groupID)
                                throws SQLException

Removes all policies relating to a particular group. FIXME doesn't check authorization

Parameters:: c - current context; groupID - ID of the group
Throws:: SQLException - if there's a database problem

removeGroupPolicies

public static void removeGroupPolicies(Context c,
                                       DSpaceObject o,
                                       Group g)
                                throws SQLException

Removes all policies from a group for a particular object that belong to a Group. FIXME doesn't check authorization

Parameters:: c - current context; o - the object; g - the group
Throws:: SQLException - if there's a database problem

removeEPersonPolicies

public static void removeEPersonPolicies(Context c,
                                         DSpaceObject o,
                                         EPerson e)
                                  throws SQLException

Removes all policies from an eperson for a particular object that belong to an EPerson. FIXME doesn't check authorization

Parameters:: c - current context; o - the object; e - the eperson
Throws:: SQLException - if there's a database problem

getAuthorizedGroups

public static Group[] getAuthorizedGroups(Context c,
                                          DSpaceObject o,
                                          int actionID)
                                   throws SQLException

Returns all groups authorized to perform an action on an object. Returns empty array if no matches.

Parameters:: c - current context; o - object; actionID - ID of action frm org.dspace.core.Constants
Returns:: array of Groups that can perform the specified action on the specified object
Throws:: SQLException - if there's a database problem

isAnIdenticalPolicyAlreadyInPlace

public static boolean isAnIdenticalPolicyAlreadyInPlace(Context c,
                                                        DSpaceObject o,
                                                        ResourcePolicy rp)
                                                 throws SQLException

Throws:: SQLException

isAnIdenticalPolicyAlreadyInPlace

public static boolean isAnIdenticalPolicyAlreadyInPlace(Context c,
                                                        DSpaceObject o,
                                                        int groupID,
                                                        int action,
                                                        int policyID)
                                                 throws SQLException

Throws:: SQLException

isAnIdenticalPolicyAlreadyInPlace

public static boolean isAnIdenticalPolicyAlreadyInPlace(Context c,
                                                        int dsoType,
                                                        int dsoID,
                                                        int groupID,
                                                        int action,
                                                        int policyID)
                                                 throws SQLException

Throws:: SQLException

findByTypeIdGroupAction

public static ResourcePolicy findByTypeIdGroupAction(Context c,
                                                     int dsoType,
                                                     int dsoID,
                                                     int groupID,
                                                     int action,
                                                     int policyID)
                                              throws SQLException

Throws:: SQLException

generateAutomaticPolicies

public static void generateAutomaticPolicies(Context context,
                                             Date embargoDate,
                                             String reason,
                                             DSpaceObject dso,
                                             Collection owningCollection)
                                      throws SQLException,
                                             AuthorizeException

Generate Policies policies READ for the date in input adding reason. New policies are assigned automatically at the groups that have right on the collection. E.g., if the anonymous can access the collection policies are assigned to anonymous.

Parameters:: context -; embargoDate -; reason -; dso -; owningCollection -
Throws:: SQLException; AuthorizeException

createOrModifyPolicy

public static ResourcePolicy createOrModifyPolicy(ResourcePolicy policy,
                                                  Context context,
                                                  String name,
                                                  int idGroup,
                                                  EPerson ePerson,
                                                  Date embargoDate,
                                                  int action,
                                                  String reason,
                                                  DSpaceObject dso)
                                           throws AuthorizeException,
                                                  SQLException

Throws:: AuthorizeException; SQLException

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.dspace.authorize Class AuthorizeManager

AuthorizeManager

authorizeAnyOf

authorizeAction

authorizeAction

authorizeActionBoolean

authorizeActionBoolean

isAdmin

isAdmin

addPolicy

addPolicy

addPolicy

addPolicy

getPolicies

findPoliciesByDSOAndType

getPoliciesForGroup

getPoliciesActionFilter

inheritPolicies

addPolicies

removeAllPolicies

removeAllPoliciesByDSOAndTypeNotEqualsTo

removeAllPoliciesByDSOAndType

removePoliciesActionFilter

removeGroupPolicies

removeGroupPolicies

removeEPersonPolicies

getAuthorizedGroups

isAnIdenticalPolicyAlreadyInPlace

isAnIdenticalPolicyAlreadyInPlace

isAnIdenticalPolicyAlreadyInPlace

findByTypeIdGroupAction

generateAutomaticPolicies

createOrModifyPolicy

org.dspace.authorize
Class AuthorizeManager