org.dspace.authorize

Class AuthorizeServiceImpl

java.lang.Object

org.dspace.authorize.AuthorizeServiceImpl

All Implemented Interfaces:

AuthorizeService

public class AuthorizeServiceImpl
extends Object
implements AuthorizeService

AuthorizeManager handles all authorization checks for DSpace. For better security, DSpace assumes that you do not have the right to do something unless that permission is spelled out somewhere. That "somewhere" is the ResourcePolicy table. The AuthorizeManager is given a user, an object, and an action, and it then does a lookup in the ResourcePolicy table to see if there are any policies giving the user permission to do that action.

ResourcePolicies now apply to single objects (such as submit (ADD) permission to a collection.)

Note: If an eperson is a member of the administrator group (id 1), then they are automatically given permission for all requests another special group is group 0, which is anonymous - all EPeople are members of group 0.

Field Summary

Fields

Modifier and Type	Field and Description
protected BitstreamService	bitstreamService
protected GroupService	groupService
protected ResourcePolicyService	resourcePolicyService
protected ContentServiceFactory	serviceFactory
protected WorkflowItemService	workflowItemService
protected WorkspaceItemService	workspaceItemService

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	AuthorizeServiceImpl()

Method Summary

Methods

Modifier and Type	Method and Description
void	addPolicies(Context c, List<ResourcePolicy> policies, DSpaceObject dest) Copies policies from a list of resource policies to a given DSpaceObject
void	addPolicy(Context c, DSpaceObject o, int actionID, EPerson e) Add a policy for an individual eperson
void	addPolicy(Context context, DSpaceObject o, int actionID, EPerson e, String type) Add a policy for an individual eperson
void	addPolicy(Context c, DSpaceObject o, int actionID, Group g) Add a policy for a group
void	addPolicy(Context c, DSpaceObject o, int actionID, Group g, String type) Add a policy for a group
protected boolean	authorize(Context c, DSpaceObject o, int action, EPerson e, boolean useInheritance) Check to see if the given user can perform the given action on the given object.
void	authorizeAction(Context c, DSpaceObject o, int action) Checks that the context's current user can perform the given action on the given object.
void	authorizeAction(Context c, DSpaceObject o, int action, boolean useInheritance) Checks that the context's current user can perform the given action on the given object.
void	authorizeAction(Context c, EPerson e, DSpaceObject o, int action, boolean useInheritance) Checks that the specified eperson can perform the given action on the given object.
boolean	authorizeActionBoolean(Context c, DSpaceObject o, int a) same authorize, returns boolean for those who don't want to deal with catching exceptions.
boolean	authorizeActionBoolean(Context c, DSpaceObject o, int a, boolean useInheritance) same authorize, returns boolean for those who don't want to deal with catching exceptions.
boolean	authorizeActionBoolean(Context c, EPerson e, DSpaceObject o, int a, boolean useInheritance) same authorize with a specif eperson (not the current user), returns boolean for those who don't want to deal with catching exceptions.
void	authorizeAnyOf(Context c, DSpaceObject o, int[] actions) Utility method, checks that the current user of the given context can perform all of the specified actions on the given object.
ResourcePolicy	createOrModifyPolicy(ResourcePolicy policy, Context context, String name, Group group, EPerson ePerson, Date embargoDate, int action, String reason, DSpaceObject dso)
ResourcePolicy	createResourcePolicy(Context context, DSpaceObject dso, Group group, EPerson eperson, int type, String rpType)
ResourcePolicy	findByTypeIdGroupAction(Context c, DSpaceObject dso, Group group, int action, int policyID)
List<ResourcePolicy>	findPoliciesByDSOAndType(Context c, DSpaceObject o, String type) Return a List of the policies for an object
void	generateAutomaticPolicies(Context context, Date embargoDate, String reason, DSpaceObject dso, Collection owningCollection) Generate Policies policies READ for the date in input adding reason.
List<Group>	getAuthorizedGroups(Context c, DSpaceObject o, int actionID) Returns all groups authorized to perform an action on an object.
List<ResourcePolicy>	getPolicies(Context c, DSpaceObject o) Return a List of the policies for an object
List<ResourcePolicy>	getPoliciesActionFilter(Context c, DSpaceObject o, int actionID) Return a list of policies for an object that match the action
List<ResourcePolicy>	getPoliciesForGroup(Context c, Group g) Return a List of the policies for a group
void	inheritPolicies(Context c, DSpaceObject src, DSpaceObject dest) Add policies to an object to match those from a previous object
boolean	isAdmin(Context c) Check to see if the current user is a System Admin.
boolean	isAdmin(Context c, DSpaceObject o) Check to see if the current user is an Administrator of a given object within DSpace.
boolean	isAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject dso, Group group, int action, int policyID) Is a policy with the specified parameters already in place?
boolean	isAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject o, ResourcePolicy rp)
protected boolean	isAnyItemInstalled(Context ctx, List<Bundle> bundles)
void	removeAllPolicies(Context c, DSpaceObject o) removes ALL policies for an object.
void	removeAllPolicies(Context c, DSpaceObject o, boolean updateLastModified)
void	removeAllPoliciesByDSOAndType(Context c, DSpaceObject o, String type) removes policies
void	removeAllPoliciesByDSOAndTypeNotEqualsTo(Context c, DSpaceObject o, String type) removes ALL policies for an object that are not of the input type.
void	removeEPersonPolicies(Context c, DSpaceObject o, EPerson e) Removes all policies from an eperson for a particular object that belong to an EPerson.
void	removeGroupPolicies(Context c, DSpaceObject o, Group g) Removes all policies from a group for a particular object that belong to a Group.
void	removeGroupPolicies(Context c, Group group) Removes all policies relating to a particular group.
void	removePoliciesActionFilter(Context context, DSpaceObject dso, int actionID) Remove all policies from an object that match a given action.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

bitstreamService

@Autowired(required=true)
protected BitstreamService bitstreamService

serviceFactory

@Autowired(required=true)
protected ContentServiceFactory serviceFactory

groupService

@Autowired(required=true)
protected GroupService groupService

resourcePolicyService

@Autowired(required=true)
protected ResourcePolicyService resourcePolicyService

workspaceItemService

@Autowired(required=true)
protected WorkspaceItemService workspaceItemService

workflowItemService

@Autowired(required=true)
protected WorkflowItemService workflowItemService

Constructor Detail

AuthorizeServiceImpl

protected AuthorizeServiceImpl()

Method Detail

authorizeAnyOf

public void authorizeAnyOf(Context c,
                  DSpaceObject o,
                  int[] actions)
                    throws AuthorizeException,
                           SQLException

Description copied from interface: AuthorizeService

Utility method, checks that the current user of the given context can perform all of the specified actions on the given object. An AuthorizeException if all the authorizations fail.

Specified by:

authorizeAnyOf in interface AuthorizeService

Parameters:

c - context with the current user

o - DSpace object user is attempting to perform action on

actions - array of action IDs from org.dspace.core.Constants

Throws:

AuthorizeException - if any one of the specified actions cannot be performed by the current user on the given object.

SQLException

authorizeAction

public void authorizeAction(Context c,
                   DSpaceObject o,
                   int action)
                     throws AuthorizeException,
                            SQLException

Description copied from interface: AuthorizeService

Checks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.

Specified by:

authorizeAction in interface AuthorizeService

Parameters:

c - context

o - a DSpaceObject

action - action to perform from org.dspace.core.Constants

Throws:

AuthorizeException - if the user is denied

SQLException

authorizeAction

public void authorizeAction(Context c,
                   DSpaceObject o,
                   int action,
                   boolean useInheritance)
                     throws AuthorizeException,
                            SQLException

Description copied from interface: AuthorizeService

Checks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.

Specified by:

authorizeAction in interface AuthorizeService

Parameters:

c - context

o - a DSpaceObject

action - action to perform from org.dspace.core.Constants

useInheritance - flag to say if ADMIN action on the current object or parent object can be used

Throws:

AuthorizeException - if the user is denied

SQLException

authorizeAction

public void authorizeAction(Context c,
                   EPerson e,
                   DSpaceObject o,
                   int action,
                   boolean useInheritance)
                     throws AuthorizeException,
                            SQLException

Description copied from interface: AuthorizeService

Checks that the specified eperson can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.

Specified by:

authorizeAction in interface AuthorizeService

Parameters:

c - context

e - the eperson to use for the authorization check

o - a DSpaceObject

action - action to perform from org.dspace.core.Constants

useInheritance - flag to say if ADMIN action on the current object or parent object can be used

Throws:

AuthorizeException - if the user is denied

SQLException

authorizeActionBoolean

public boolean authorizeActionBoolean(Context c,
                             DSpaceObject o,
                             int a)
                               throws SQLException

Description copied from interface: AuthorizeService

same authorize, returns boolean for those who don't want to deal with catching exceptions.

Specified by:

authorizeActionBoolean in interface AuthorizeService

Parameters:

c - DSpace context, containing current user

o - DSpaceObject

a - action being attempted, from org.dspace.core.Constants

Returns:

true if the current user in the context is authorized to perform the given action on the given object

Throws:

SQLException

authorizeActionBoolean

public boolean authorizeActionBoolean(Context c,
                             DSpaceObject o,
                             int a,
                             boolean useInheritance)
                               throws SQLException

Description copied from interface: AuthorizeService

same authorize, returns boolean for those who don't want to deal with catching exceptions.

Specified by:

authorizeActionBoolean in interface AuthorizeService

Parameters:

c - DSpace context, containing current user

o - DSpaceObject

a - action being attempted, from org.dspace.core.Constants

useInheritance - flag to say if ADMIN action on the current object or parent object can be used

Returns:

true if the current user in the context is authorized to perform the given action on the given object

Throws:

SQLException

authorizeActionBoolean

public boolean authorizeActionBoolean(Context c,
                             EPerson e,
                             DSpaceObject o,
                             int a,
                             boolean useInheritance)
                               throws SQLException

Description copied from interface: AuthorizeService

same authorize with a specif eperson (not the current user), returns boolean for those who don't want to deal with catching exceptions.

Specified by:

authorizeActionBoolean in interface AuthorizeService

Parameters:

c - DSpace context

e - EPerson to use in the check

o - DSpaceObject

a - action being attempted, from org.dspace.core.Constants

useInheritance - flag to say if ADMIN action on the current object or parent object can be used

Returns:

true if the requested user is authorized to perform the given action on the given object

Throws:

SQLException

authorize

protected boolean authorize(Context c,
                DSpaceObject o,
                int action,
                EPerson e,
                boolean useInheritance)
                     throws SQLException

Check to see if the given user can perform the given action on the given object. Always returns true if the ignore authorization flat is set in the current context.

Parameters:

c - current context. User is irrelevant; "ignore authorization" flag is relevant

o - object action is being attempted on

action - ID of action being attempted, from org.dspace.core.Constants

e - user attempting action

useInheritance - flag to say if ADMIN action on the current object or parent object can be used

Returns:

true if user is authorized to perform the given action, false otherwise

Throws:

SQLException

isAnyItemInstalled

protected boolean isAnyItemInstalled(Context ctx,
                         List<Bundle> bundles)
                              throws SQLException

Throws:

SQLException

isAdmin

public boolean isAdmin(Context c,
              DSpaceObject o)
                throws SQLException

Description copied from interface: AuthorizeService

Check to see if the current user is an Administrator of a given object within DSpace. Always return true if the user is a System Admin

Specified by:

isAdmin in interface AuthorizeService

Parameters:

c - current context

o - current DSpace Object, if null the call will be equivalent to a call to the isAdmin(Context c) method

Returns:

true if user has administrative privileges on the given DSpace object

Throws:

SQLException

isAdmin

public boolean isAdmin(Context c)
                throws SQLException

Description copied from interface: AuthorizeService

Check to see if the current user is a System Admin. Always return true if c.ignoreAuthorization is set. Anonymous users can't be Admins (EPerson set to NULL)

Specified by:

isAdmin in interface AuthorizeService

Parameters:

c - current context

Returns:

true if user is an admin or ignore authorization flag set

Throws:

SQLException

addPolicy

public void addPolicy(Context c,
             DSpaceObject o,
             int actionID,
             EPerson e)
               throws SQLException,
                      AuthorizeException

Description copied from interface: AuthorizeService

Add a policy for an individual eperson

Specified by:

addPolicy in interface AuthorizeService

Parameters:

c - context. Current user irrelevant

o - DSpaceObject to add policy to

actionID - ID of action from org.dspace.core.Constants

e - eperson who can perform the action

Throws:

AuthorizeException - if current user in context is not authorized to add policies

SQLException

addPolicy

public void addPolicy(Context context,
             DSpaceObject o,
             int actionID,
             EPerson e,
             String type)
               throws SQLException,
                      AuthorizeException

Description copied from interface: AuthorizeService

Add a policy for an individual eperson

Specified by:

addPolicy in interface AuthorizeService

Parameters:

context - context. Current user irrelevant

o - DSpaceObject to add policy to

actionID - ID of action from org.dspace.core.Constants

e - eperson who can perform the action

type - policy type, deafult types are declared in the ResourcePolicy class

Throws:

AuthorizeException - if current user in context is not authorized to add policies

SQLException

addPolicy

public void addPolicy(Context c,
             DSpaceObject o,
             int actionID,
             Group g)
               throws SQLException,
                      AuthorizeException

Description copied from interface: AuthorizeService

Add a policy for a group

Specified by:

addPolicy in interface AuthorizeService

Parameters:

c - current context

o - object to add policy for

actionID - ID of action from org.dspace.core.Constants

g - group to add policy for

Throws:

SQLException - if there's a database problem

AuthorizeException - if the current user is not authorized to add this policy

addPolicy

public void addPolicy(Context c,
             DSpaceObject o,
             int actionID,
             Group g,
             String type)
               throws SQLException,
                      AuthorizeException

Description copied from interface: AuthorizeService

Add a policy for a group

Specified by:

addPolicy in interface AuthorizeService

Parameters:

c - current context

o - object to add policy for

actionID - ID of action from org.dspace.core.Constants

g - group to add policy for

type - policy type, deafult types are declared in the ResourcePolicy class

Throws:

SQLException - if there's a database problem

AuthorizeException - if the current user is not authorized to add this policy

getPolicies

public List<ResourcePolicy> getPolicies(Context c,
                               DSpaceObject o)
                                 throws SQLException

Description copied from interface: AuthorizeService

Return a List of the policies for an object

Specified by:

getPolicies in interface AuthorizeService

Parameters:

c - current context

o - object to retrieve policies for

Returns:

List of ResourcePolicy objects

Throws:

SQLException

findPoliciesByDSOAndType

public List<ResourcePolicy> findPoliciesByDSOAndType(Context c,
                                            DSpaceObject o,
                                            String type)
                                              throws SQLException

Description copied from interface: AuthorizeService

Return a List of the policies for an object

Specified by:

findPoliciesByDSOAndType in interface AuthorizeService

Parameters:

c - current context

o - object to retrieve policies for

Returns:

List of ResourcePolicy objects

Throws:

SQLException

getPoliciesForGroup

public List<ResourcePolicy> getPoliciesForGroup(Context c,
                                       Group g)
                                         throws SQLException

Description copied from interface: AuthorizeService

Return a List of the policies for a group

Specified by:

getPoliciesForGroup in interface AuthorizeService

Parameters:

c - current context

g - group to retrieve policies for

Returns:

List of ResourcePolicy objects

Throws:

SQLException

getPoliciesActionFilter

public List<ResourcePolicy> getPoliciesActionFilter(Context c,
                                           DSpaceObject o,
                                           int actionID)
                                             throws SQLException

Description copied from interface: AuthorizeService

Return a list of policies for an object that match the action

Specified by:

getPoliciesActionFilter in interface AuthorizeService

Parameters:

c - context

o - DSpaceObject policies relate to

actionID - action (defined in class Constants)

Throws:

SQLException - if there's a database problem

inheritPolicies

public void inheritPolicies(Context c,
                   DSpaceObject src,
                   DSpaceObject dest)
                     throws SQLException,
                            AuthorizeException

Description copied from interface: AuthorizeService

Add policies to an object to match those from a previous object

Specified by:

inheritPolicies in interface AuthorizeService

Parameters:

c - context

src - source of policies

dest - destination of inherited policies

Throws:

SQLException - if there's a database problem

AuthorizeException - if the current user is not authorized to add these policies

addPolicies

public void addPolicies(Context c,
               List<ResourcePolicy> policies,
               DSpaceObject dest)
                 throws SQLException,
                        AuthorizeException

Description copied from interface: AuthorizeService

Copies policies from a list of resource policies to a given DSpaceObject

Specified by:

addPolicies in interface AuthorizeService

Parameters:

c - DSpace context

policies - List of ResourcePolicy objects

dest - object to have policies added

Throws:

SQLException - if there's a database problem

AuthorizeException - if the current user is not authorized to add these policies

removeAllPolicies

public void removeAllPolicies(Context c,
                     DSpaceObject o)
                       throws SQLException,
                              AuthorizeException

Description copied from interface: AuthorizeService

removes ALL policies for an object. FIXME doesn't check authorization

Specified by:

removeAllPolicies in interface AuthorizeService

Parameters:

c - DSpace context

o - object to remove policies for

Throws:

SQLException - if there's a database problem

AuthorizeException

removeAllPolicies

public void removeAllPolicies(Context c,
                     DSpaceObject o,
                     boolean updateLastModified)
                       throws SQLException,
                              AuthorizeException

Specified by:

removeAllPolicies in interface AuthorizeService

Throws:

SQLException

AuthorizeException

removeAllPoliciesByDSOAndTypeNotEqualsTo

public void removeAllPoliciesByDSOAndTypeNotEqualsTo(Context c,
                                            DSpaceObject o,
                                            String type)
                                              throws SQLException,
                                                     AuthorizeException

Description copied from interface: AuthorizeService

removes ALL policies for an object that are not of the input type.

Specified by:

removeAllPoliciesByDSOAndTypeNotEqualsTo in interface AuthorizeService

Parameters:

c - DSpace context

o - object to remove policies for

Throws:

SQLException - if there's a database problem

AuthorizeException

removeAllPoliciesByDSOAndType

public void removeAllPoliciesByDSOAndType(Context c,
                                 DSpaceObject o,
                                 String type)
                                   throws SQLException,
                                          AuthorizeException

Description copied from interface: AuthorizeService

removes policies

Specified by:

removeAllPoliciesByDSOAndType in interface AuthorizeService

Parameters:

c - DSpace context

o - object to remove policies for

type - policy type

Throws:

SQLException - if there's a database problem

AuthorizeException

removePoliciesActionFilter

public void removePoliciesActionFilter(Context context,
                              DSpaceObject dso,
                              int actionID)
                                throws SQLException,
                                       AuthorizeException

Description copied from interface: AuthorizeService

Remove all policies from an object that match a given action. FIXME doesn't check authorization

Specified by:

removePoliciesActionFilter in interface AuthorizeService

Parameters:

context - current context

dso - object to remove policies from

actionID - ID of action to match from org.dspace.core.Constants, or -1=all

Throws:

SQLException - if there's a database problem

AuthorizeException

removeGroupPolicies

public void removeGroupPolicies(Context c,
                       Group group)
                         throws SQLException

Description copied from interface: AuthorizeService

Removes all policies relating to a particular group. FIXME doesn't check authorization

Specified by:

removeGroupPolicies in interface AuthorizeService

Parameters:

c - current context

group - the group

Throws:

SQLException - if there's a database problem

removeGroupPolicies

public void removeGroupPolicies(Context c,
                       DSpaceObject o,
                       Group g)
                         throws SQLException,
                                AuthorizeException

Description copied from interface: AuthorizeService

Removes all policies from a group for a particular object that belong to a Group. FIXME doesn't check authorization

Specified by:

removeGroupPolicies in interface AuthorizeService

Parameters:

c - current context

o - the object

g - the group

Throws:

SQLException - if there's a database problem

AuthorizeException

removeEPersonPolicies

public void removeEPersonPolicies(Context c,
                         DSpaceObject o,
                         EPerson e)
                           throws SQLException,
                                  AuthorizeException

Description copied from interface: AuthorizeService

Removes all policies from an eperson for a particular object that belong to an EPerson. FIXME doesn't check authorization

Specified by:

removeEPersonPolicies in interface AuthorizeService

Parameters:

c - current context

o - the object

e - the eperson

Throws:

SQLException - if there's a database problem

AuthorizeException

getAuthorizedGroups

public List<Group> getAuthorizedGroups(Context c,
                              DSpaceObject o,
                              int actionID)
                                throws SQLException

Description copied from interface: AuthorizeService

Returns all groups authorized to perform an action on an object. Returns empty array if no matches.

Specified by:

getAuthorizedGroups in interface AuthorizeService

Parameters:

c - current context

o - object

actionID - ID of action from org.dspace.core.Constants

Returns:

array of Groups that can perform the specified action on the specified object

Throws:

SQLException - if there's a database problem

isAnIdenticalPolicyAlreadyInPlace

public boolean isAnIdenticalPolicyAlreadyInPlace(Context c,
                                        DSpaceObject o,
                                        ResourcePolicy rp)
                                          throws SQLException

Specified by:

isAnIdenticalPolicyAlreadyInPlace in interface AuthorizeService

Throws:

SQLException

isAnIdenticalPolicyAlreadyInPlace

public boolean isAnIdenticalPolicyAlreadyInPlace(Context c,
                                        DSpaceObject dso,
                                        Group group,
                                        int action,
                                        int policyID)
                                          throws SQLException

Description copied from interface: AuthorizeService

Is a policy with the specified parameters already in place?

Specified by:

isAnIdenticalPolicyAlreadyInPlace in interface AuthorizeService

Parameters:

c - current context

dso - object

action - ID of action from org.dspace.core.Constants

policyID - ID of an existing policy. If -1 is specified, this parameter will be ignored

Returns:

true if such a policy exists, false otherwise

Throws:

SQLException - if there's a database problem

findByTypeIdGroupAction

public ResourcePolicy findByTypeIdGroupAction(Context c,
                                     DSpaceObject dso,
                                     Group group,
                                     int action,
                                     int policyID)
                                       throws SQLException

Specified by:

findByTypeIdGroupAction in interface AuthorizeService

Throws:

SQLException

generateAutomaticPolicies

public void generateAutomaticPolicies(Context context,
                             Date embargoDate,
                             String reason,
                             DSpaceObject dso,
                             Collection owningCollection)
                               throws SQLException,
                                      AuthorizeException

Generate Policies policies READ for the date in input adding reason. New policies are assigned automatically at the groups that have right on the collection. E.g., if the anonymous can access the collection policies are assigned to anonymous.

Specified by:

generateAutomaticPolicies in interface AuthorizeService

Parameters:

context -

embargoDate -

reason -

dso -

owningCollection -

Throws:

SQLException

AuthorizeException

createResourcePolicy

public ResourcePolicy createResourcePolicy(Context context,
                                  DSpaceObject dso,
                                  Group group,
                                  EPerson eperson,
                                  int type,
                                  String rpType)
                                    throws SQLException,
                                           AuthorizeException

Specified by:

createResourcePolicy in interface AuthorizeService

Throws:

SQLException

AuthorizeException

createOrModifyPolicy

public ResourcePolicy createOrModifyPolicy(ResourcePolicy policy,
                                  Context context,
                                  String name,
                                  Group group,
                                  EPerson ePerson,
                                  Date embargoDate,
                                  int action,
                                  String reason,
                                  DSpaceObject dso)
                                    throws AuthorizeException,
                                           SQLException

Specified by:

createOrModifyPolicy in interface AuthorizeService

Throws:

AuthorizeException

SQLException