AuthorizeManager (DSpace Kernel :: API and Implementation 5.0-rc1 API)

java.lang.Object
- org.dspace.authorize.AuthorizeManager

```
public class AuthorizeManager
extends Object
```
AuthorizeManager handles all authorization checks for DSpace. For better security, DSpace assumes that you do not have the right to do something unless that permission is spelled out somewhere. That "somewhere" is the ResourcePolicy table. The AuthorizeManager is given a user, an object, and an action, and it then does a lookup in the ResourcePolicy table to see if there are any policies giving the user permission to do that action.
ResourcePolicies now apply to single objects (such as submit (ADD) permission to a collection.)
Note: If an eperson is a member of the administrator group (id 1), then they are automatically given permission for all requests another special group is group 0, which is anonymous - all EPeople are members of group 0.

Constructor Summary

Constructors
Constructor and Description

AuthorizeManager()

Constructors
Constructor and Description
`AuthorizeManager()`

Method Summary

Methods
Modifier and Type	Method and Description
`static void`	`addPolicies(Context c, List<ResourcePolicy> policies, DSpaceObject dest)` Copies policies from a list of resource policies to a given DSpaceObject
`static void`	`addPolicy(Context c, DSpaceObject o, int actionID, EPerson e)` Add a policy for an individual eperson
`static void`	`addPolicy(Context c, DSpaceObject o, int actionID, EPerson e, String type)` Add a policy for an individual eperson
`static void`	`addPolicy(Context c, DSpaceObject o, int actionID, Group g)` Add a policy for a group
`static void`	`addPolicy(Context c, DSpaceObject o, int actionID, Group g, String type)` Add a policy for a group
`static void`	`authorizeAction(Context c, DSpaceObject o, int action)` Checks that the context's current user can perform the given action on the given object.
`static void`	`authorizeAction(Context c, DSpaceObject o, int action, boolean useInheritance)` Checks that the context's current user can perform the given action on the given object.
`static boolean`	`authorizeActionBoolean(Context c, DSpaceObject o, int a)` same authorize, returns boolean for those who don't want to deal with catching exceptions.
`static boolean`	`authorizeActionBoolean(Context c, DSpaceObject o, int a, boolean useInheritance)` same authorize, returns boolean for those who don't want to deal with catching exceptions.
`static void`	`authorizeAnyOf(Context c, DSpaceObject o, int[] actions)` Utility method, checks that the current user of the given context can perform all of the specified actions on the given object.
`static ResourcePolicy`	`createOrModifyPolicy(ResourcePolicy policy, Context context, String name, int idGroup, EPerson ePerson, Date embargoDate, int action, String reason, DSpaceObject dso)`
`static ResourcePolicy`	`findByTypeIdGroupAction(Context c, int dsoType, int dsoID, int groupID, int action, int policyID)`
`static List<ResourcePolicy>`	`findPoliciesByDSOAndType(Context c, DSpaceObject o, String type)` Return a List of the policies for an object
`static void`	`generateAutomaticPolicies(Context context, Date embargoDate, String reason, DSpaceObject dso, Collection owningCollection)` Generate Policies policies READ for the date in input adding reason.
`static Group[]`	`getAuthorizedGroups(Context c, DSpaceObject o, int actionID)` Returns all groups authorized to perform an action on an object.
`static List<ResourcePolicy>`	`getPolicies(Context c, DSpaceObject o)` Return a List of the policies for an object
`static List<ResourcePolicy>`	`getPoliciesActionFilter(Context c, DSpaceObject o, int actionID)` Return a list of policies for an object that match the action
`static List<ResourcePolicy>`	`getPoliciesForGroup(Context c, Group g)` Return a List of the policies for a group
`static void`	`inheritPolicies(Context c, DSpaceObject src, DSpaceObject dest)` Add policies to an object to match those from a previous object
`static boolean`	`isAdmin(Context c)` Check to see if the current user is a System Admin.
`static boolean`	`isAdmin(Context c, DSpaceObject o)` Check to see if the current user is an Administrator of a given object within DSpace.
`static boolean`	`isAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject o, int groupID, int action, int policyID)` Is a policy with the specified parameters already in place?
`static boolean`	`isAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject o, ResourcePolicy rp)`
`static boolean`	`isAnIdenticalPolicyAlreadyInPlace(Context c, int dsoType, int dsoID, int groupID, int action, int policyID)` Is a policy with the specified parameters already in place?
`static void`	`removeAllPolicies(Context c, DSpaceObject o)` removes ALL policies for an object.
`static void`	`removeAllPoliciesByDSOAndType(Context c, DSpaceObject o, String type)` removes policies
`static void`	`removeAllPoliciesByDSOAndTypeNotEqualsTo(Context c, DSpaceObject o, String type)` removes ALL policies for an object that are not of the input type.
`static void`	`removeEPersonPolicies(Context c, DSpaceObject o, EPerson e)` Removes all policies from an eperson for a particular object that belong to an EPerson.
`static void`	`removeGroupPolicies(Context c, DSpaceObject o, Group g)` Removes all policies from a group for a particular object that belong to a Group.
`static void`	`removeGroupPolicies(Context c, int groupID)` Removes all policies relating to a particular group.
`static void`	`removePoliciesActionFilter(Context context, DSpaceObject dso, int actionID)` Remove all policies from an object that match a given action.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- AuthorizeManager
```
public AuthorizeManager()
```

Method Detail

authorizeAnyOf
```
public static void authorizeAnyOf(Context c,
                  DSpaceObject o,
                  int[] actions)
                           throws AuthorizeException,
                                  SQLException
```
Utility method, checks that the current user of the given context can perform all of the specified actions on the given object. An AuthorizeException if all the authorizations fail.

Parameters:
c - context with the current user
o - DSpace object user is attempting to perform action on
actions - array of action IDs from org.dspace.core.Constants

Throws:

AuthorizeException - if any one of the specified actions cannot be performed by the current user on the given object.

SQLException - if there's a database problem

authorizeAction
```
public static void authorizeAction(Context c,
                   DSpaceObject o,
                   int action)
                            throws AuthorizeException,
                                   SQLException
```
Checks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.

Parameters:
c - context
o - a DSpaceObject
action - action to perform from org.dspace.core.Constants

Throws:

AuthorizeException - if the user is denied

SQLException

authorizeAction
```
public static void authorizeAction(Context c,
                   DSpaceObject o,
                   int action,
                   boolean useInheritance)
                            throws AuthorizeException,
                                   SQLException
```
Checks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.

Parameters:
c - context
o - a DSpaceObject
useInheritance - flag to say if ADMIN action on the current object or parent object can be used
action - action to perform from org.dspace.core.Constants

Throws:

AuthorizeException - if the user is denied

SQLException

authorizeActionBoolean
```
public static boolean authorizeActionBoolean(Context c,
                             DSpaceObject o,
                             int a)
                                      throws SQLException
```
same authorize, returns boolean for those who don't want to deal with catching exceptions.

Parameters:
c - DSpace context, containing current user
o - DSpaceObject
a - action being attempted, from org.dspace.core.Constants

Returns:
true if the current user in the context is authorized to perform the given action on the given object

Throws:

SQLException

authorizeActionBoolean
```
public static boolean authorizeActionBoolean(Context c,
                             DSpaceObject o,
                             int a,
                             boolean useInheritance)
                                      throws SQLException
```
same authorize, returns boolean for those who don't want to deal with catching exceptions.

Parameters:
c - DSpace context, containing current user
o - DSpaceObject
a - action being attempted, from org.dspace.core.Constants
useInheritance - flag to say if ADMIN action on the current object or parent object can be used

Returns:
true if the current user in the context is authorized to perform the given action on the given object

Throws:

SQLException

isAdmin
```
public static boolean isAdmin(Context c,
              DSpaceObject o)
                       throws SQLException
```
Check to see if the current user is an Administrator of a given object within DSpace. Always return true if the user is a System Admin

Parameters:
c - current context
o - current DSpace Object, if null the call will be equivalent to a call to the isAdmin(Context c) method

Returns:
true if user has administrative privileges on the given DSpace object

Throws:

SQLException

isAdmin
```
public static boolean isAdmin(Context c)
                       throws SQLException
```
Check to see if the current user is a System Admin. Always return true if c.ignoreAuthorization is set. Anonymous users can't be Admins (EPerson set to NULL)

Parameters:
c - current context

Returns:
true if user is an admin or ignore authorization flag set

Throws:

SQLException

addPolicy
```
public static void addPolicy(Context c,
             DSpaceObject o,
             int actionID,
             EPerson e)
                      throws SQLException,
                             AuthorizeException
```
Add a policy for an individual eperson

Parameters:
c - context. Current user irrelevant
o - DSpaceObject to add policy to
actionID - ID of action from org.dspace.core.Constants
e - eperson who can perform the action

Throws:

AuthorizeException - if current user in context is not authorized to add policies

SQLException

addPolicy
```
public static void addPolicy(Context c,
             DSpaceObject o,
             int actionID,
             EPerson e,
             String type)
                      throws SQLException,
                             AuthorizeException
```
Add a policy for an individual eperson

Parameters:
c - context. Current user irrelevant
o - DSpaceObject to add policy to
actionID - ID of action from org.dspace.core.Constants
e - eperson who can perform the action
type - policy type, deafult types are declared in the ResourcePolicy class

Throws:

AuthorizeException - if current user in context is not authorized to add policies

SQLException

addPolicy
```
public static void addPolicy(Context c,
             DSpaceObject o,
             int actionID,
             Group g)
                      throws SQLException,
                             AuthorizeException
```
Add a policy for a group

Parameters:
c - current context
o - object to add policy for
actionID - ID of action from org.dspace.core.Constants
g - group to add policy for

Throws:

SQLException - if there's a database problem

AuthorizeException - if the current user is not authorized to add this policy

addPolicy
```
public static void addPolicy(Context c,
             DSpaceObject o,
             int actionID,
             Group g,
             String type)
                      throws SQLException,
                             AuthorizeException
```
Add a policy for a group

Parameters:
c - current context
o - object to add policy for
actionID - ID of action from org.dspace.core.Constants
g - group to add policy for
type - policy type, deafult types are declared in the ResourcePolicy class

Throws:

SQLException - if there's a database problem

AuthorizeException - if the current user is not authorized to add this policy

getPolicies

public static List<ResourcePolicy> getPolicies(Context c,
                               DSpaceObject o)
                                        throws SQLException

Return a List of the policies for an object

Parameters:: c - current context; o - object to retrieve policies for
Returns:: List of ResourcePolicy objects
Throws:: SQLException

findPoliciesByDSOAndType

public static List<ResourcePolicy> findPoliciesByDSOAndType(Context c,
                                            DSpaceObject o,
                                            String type)
                                                     throws SQLException

Return a List of the policies for an object

Parameters:: c - current context; o - object to retrieve policies for
Returns:: List of ResourcePolicy objects
Throws:: SQLException

getPoliciesForGroup

public static List<ResourcePolicy> getPoliciesForGroup(Context c,
                                       Group g)
                                                throws SQLException

Return a List of the policies for a group

Parameters:: c - current context; g - group to retrieve policies for
Returns:: List of ResourcePolicy objects
Throws:: SQLException

getPoliciesActionFilter

public static List<ResourcePolicy> getPoliciesActionFilter(Context c,
                                           DSpaceObject o,
                                           int actionID)
                                                    throws SQLException

Return a list of policies for an object that match the action

Parameters:: c - context; o - DSpaceObject policies relate to; actionID - action (defined in class Constants)
Throws:: SQLException - if there's a database problem

inheritPolicies

public static void inheritPolicies(Context c,
                   DSpaceObject src,
                   DSpaceObject dest)
                            throws SQLException,
                                   AuthorizeException

Add policies to an object to match those from a previous object

Parameters:: c - context; src - source of policies; dest - destination of inherited policies
Throws:: SQLException - if there's a database problem; AuthorizeException - if the current user is not authorized to add these policies

addPolicies
```
public static void addPolicies(Context c,
               List<ResourcePolicy> policies,
               DSpaceObject dest)
                        throws SQLException,
                               AuthorizeException
```
Copies policies from a list of resource policies to a given DSpaceObject

Parameters:
c - DSpace context
policies - List of ResourcePolicy objects
dest - object to have policies added

Throws:

SQLException - if there's a database problem

AuthorizeException - if the current user is not authorized to add these policies

removeAllPolicies
```
public static void removeAllPolicies(Context c,
                     DSpaceObject o)
                              throws SQLException
```
removes ALL policies for an object. FIXME doesn't check authorization

Parameters:
c - DSpace context
o - object to remove policies for

Throws:

SQLException - if there's a database problem

removeAllPoliciesByDSOAndTypeNotEqualsTo

public static void removeAllPoliciesByDSOAndTypeNotEqualsTo(Context c,
                                            DSpaceObject o,
                                            String type)
                                                     throws SQLException

removes ALL policies for an object that are not of the input type.

Parameters:: c - DSpace context; o - object to remove policies for
Throws:: SQLException - if there's a database problem

removeAllPoliciesByDSOAndType

public static void removeAllPoliciesByDSOAndType(Context c,
                                 DSpaceObject o,
                                 String type)
                                          throws SQLException

removes policies

Parameters:: c - DSpace context; o - object to remove policies for; type - policy type
Throws:: SQLException - if there's a database problem

removePoliciesActionFilter
```
public static void removePoliciesActionFilter(Context context,
                              DSpaceObject dso,
                              int actionID)
                                       throws SQLException
```
Remove all policies from an object that match a given action. FIXME doesn't check authorization

Parameters:
context - current context
dso - object to remove policies from
actionID - ID of action to match from org.dspace.core.Constants, or -1=all

Throws:

SQLException - if there's a database problem

removeGroupPolicies
```
public static void removeGroupPolicies(Context c,
                       int groupID)
                                throws SQLException
```
Removes all policies relating to a particular group. FIXME doesn't check authorization

Parameters:
c - current context
groupID - ID of the group

Throws:

SQLException - if there's a database problem

removeGroupPolicies
```
public static void removeGroupPolicies(Context c,
                       DSpaceObject o,
                       Group g)
                                throws SQLException
```
Removes all policies from a group for a particular object that belong to a Group. FIXME doesn't check authorization

Parameters:
c - current context
o - the object
g - the group

Throws:

SQLException - if there's a database problem

removeEPersonPolicies
```
public static void removeEPersonPolicies(Context c,
                         DSpaceObject o,
                         EPerson e)
                                  throws SQLException
```
Removes all policies from an eperson for a particular object that belong to an EPerson. FIXME doesn't check authorization

Parameters:
c - current context
o - the object
e - the eperson

Throws:

SQLException - if there's a database problem

getAuthorizedGroups
```
public static Group[] getAuthorizedGroups(Context c,
                          DSpaceObject o,
                          int actionID)
                                   throws SQLException
```
Returns all groups authorized to perform an action on an object. Returns empty array if no matches.

Parameters:
c - current context
o - object
actionID - ID of action from org.dspace.core.Constants

Returns:
array of Groups that can perform the specified action on the specified object

Throws:

SQLException - if there's a database problem

isAnIdenticalPolicyAlreadyInPlace

public static boolean isAnIdenticalPolicyAlreadyInPlace(Context c,
                                        DSpaceObject o,
                                        ResourcePolicy rp)
                                                 throws SQLException

Throws:: SQLException

isAnIdenticalPolicyAlreadyInPlace

public static boolean isAnIdenticalPolicyAlreadyInPlace(Context c,
                                        DSpaceObject o,
                                        int groupID,
                                        int action,
                                        int policyID)
                                                 throws SQLException

Is a policy with the specified parameters already in place?

Parameters:: c - current context; o - object; actionID - ID of action from org.dspace.core.Constants; policyID - ID of an existing policy. If -1 is specified, this parameter will be ignored
Returns:: true if such a policy exists, false otherwise
Throws:: SQLException - if there's a database problem

isAnIdenticalPolicyAlreadyInPlace

public static boolean isAnIdenticalPolicyAlreadyInPlace(Context c,
                                        int dsoType,
                                        int dsoID,
                                        int groupID,
                                        int action,
                                        int policyID)
                                                 throws SQLException

Is a policy with the specified parameters already in place?

Parameters:: c - current context; o - ID of an object; action - ID of action from org.dspace.core.Constants; policyID - ID of an existing policy. If -1 is specified, this parameter will be ignored
Returns:: true if such a policy exists, false otherwise
Throws:: SQLException - if there's a database problem

findByTypeIdGroupAction

public static ResourcePolicy findByTypeIdGroupAction(Context c,
                                     int dsoType,
                                     int dsoID,
                                     int groupID,
                                     int action,
                                     int policyID)
                                              throws SQLException

Throws:: SQLException

generateAutomaticPolicies

public static void generateAutomaticPolicies(Context context,
                             Date embargoDate,
                             String reason,
                             DSpaceObject dso,
                             Collection owningCollection)
                                      throws SQLException,
                                             AuthorizeException

Generate Policies policies READ for the date in input adding reason. New policies are assigned automatically at the groups that have right on the collection. E.g., if the anonymous can access the collection policies are assigned to anonymous.

Parameters:: context -; embargoDate -; reason -; dso -; owningCollection -
Throws:: SQLException; AuthorizeException

createOrModifyPolicy

public static ResourcePolicy createOrModifyPolicy(ResourcePolicy policy,
                                  Context context,
                                  String name,
                                  int idGroup,
                                  EPerson ePerson,
                                  Date embargoDate,
                                  int action,
                                  String reason,
                                  DSpaceObject dso)
                                           throws AuthorizeException,
                                                  SQLException

Throws:: AuthorizeException; SQLException

Class AuthorizeManager

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

AuthorizeManager

Method Detail

authorizeAnyOf

authorizeAction

authorizeAction

authorizeActionBoolean

authorizeActionBoolean

isAdmin

isAdmin

addPolicy

addPolicy

addPolicy

addPolicy

getPolicies

findPoliciesByDSOAndType

getPoliciesForGroup

getPoliciesActionFilter

inheritPolicies

addPolicies

removeAllPolicies

removeAllPoliciesByDSOAndTypeNotEqualsTo

removeAllPoliciesByDSOAndType

removePoliciesActionFilter

removeGroupPolicies

removeGroupPolicies

removeEPersonPolicies

getAuthorizedGroups

isAnIdenticalPolicyAlreadyInPlace

isAnIdenticalPolicyAlreadyInPlace

isAnIdenticalPolicyAlreadyInPlace

findByTypeIdGroupAction

generateAutomaticPolicies

createOrModifyPolicy