AuthorizeService (DSpace Kernel :: API and Implementation 6.0 API)

All Known Implementing Classes:

AuthorizeServiceImpl
```
public interface AuthorizeService
```
AuthorizeManager handles all authorization checks for DSpace. For better security, DSpace assumes that you do not have the right to do something unless that permission is spelled out somewhere. That "somewhere" is the ResourcePolicy table. The AuthorizeManager is given a user, an object, and an action, and it then does a lookup in the ResourcePolicy table to see if there are any policies giving the user permission to do that action.
ResourcePolicies now apply to single objects (such as submit (ADD) permission to a collection.)
Note: If an eperson is a member of the administrator group, then they are automatically given permission for all requests another special group is group with name "Anonymous" - all EPeople are members of this group.

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`addPolicies(Context c, List<ResourcePolicy> policies, DSpaceObject dest)` Copies policies from a list of resource policies to a given DSpaceObject
`void`	`addPolicy(Context c, DSpaceObject o, int actionID, EPerson e)` Add a policy for an individual eperson
`void`	`addPolicy(Context c, DSpaceObject o, int actionID, EPerson e, String type)` Add a policy for an individual eperson
`void`	`addPolicy(Context c, DSpaceObject o, int actionID, Group g)` Add a policy for a group
`void`	`addPolicy(Context c, DSpaceObject o, int actionID, Group g, String type)` Add a policy for a group
`void`	`authorizeAction(Context c, DSpaceObject o, int action)` Checks that the context's current user can perform the given action on the given object.
`void`	`authorizeAction(Context c, DSpaceObject o, int action, boolean useInheritance)` Checks that the context's current user can perform the given action on the given object.
`void`	`authorizeAction(Context c, EPerson e, DSpaceObject o, int action, boolean useInheritance)` Checks that the specified eperson can perform the given action on the given object.
`boolean`	`authorizeActionBoolean(Context c, DSpaceObject o, int a)` same authorize, returns boolean for those who don't want to deal with catching exceptions.
`boolean`	`authorizeActionBoolean(Context c, DSpaceObject o, int a, boolean useInheritance)` same authorize, returns boolean for those who don't want to deal with catching exceptions.
`boolean`	`authorizeActionBoolean(Context c, EPerson e, DSpaceObject o, int a, boolean useInheritance)` same authorize with a specif eperson (not the current user), returns boolean for those who don't want to deal with catching exceptions.
`void`	`authorizeAnyOf(Context c, DSpaceObject o, int[] actions)` Utility method, checks that the current user of the given context can perform all of the specified actions on the given object.
`ResourcePolicy`	`createOrModifyPolicy(ResourcePolicy policy, Context context, String name, Group group, EPerson ePerson, Date embargoDate, int action, String reason, DSpaceObject dso)`
`ResourcePolicy`	`createResourcePolicy(Context context, DSpaceObject dso, Group group, EPerson eperson, int type, String rpType)`
`ResourcePolicy`	`findByTypeIdGroupAction(Context c, DSpaceObject dso, Group group, int action, int policyID)`
`List<ResourcePolicy>`	`findPoliciesByDSOAndType(Context c, DSpaceObject o, String type)` Return a List of the policies for an object
`void`	`generateAutomaticPolicies(Context context, Date embargoDate, String reason, DSpaceObject dso, Collection owningCollection)` Generate Policies policies READ for the date in input adding reason.
`List<Group>`	`getAuthorizedGroups(Context c, DSpaceObject o, int actionID)` Returns all groups authorized to perform an action on an object.
`List<ResourcePolicy>`	`getPolicies(Context c, DSpaceObject o)` Return a List of the policies for an object
`List<ResourcePolicy>`	`getPoliciesActionFilter(Context c, DSpaceObject o, int actionID)` Return a list of policies for an object that match the action
`List<ResourcePolicy>`	`getPoliciesForGroup(Context c, Group g)` Return a List of the policies for a group
`void`	`inheritPolicies(Context c, DSpaceObject src, DSpaceObject dest)` Add policies to an object to match those from a previous object
`boolean`	`isAdmin(Context c)` Check to see if the current user is a System Admin.
`boolean`	`isAdmin(Context c, DSpaceObject o)` Check to see if the current user is an Administrator of a given object within DSpace.
`boolean`	`isAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject o, Group group, int actionID, int policyID)` Is a policy with the specified parameters already in place?
`boolean`	`isAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject o, ResourcePolicy rp)`
`boolean`	`isCollectionAdmin(Context c)`
`boolean`	`isCommunityAdmin(Context c)`
`void`	`removeAllPolicies(Context c, DSpaceObject o)` removes ALL policies for an object.
`void`	`removeAllPoliciesByDSOAndType(Context c, DSpaceObject o, String type)` removes policies
`void`	`removeAllPoliciesByDSOAndTypeNotEqualsTo(Context c, DSpaceObject o, String type)` removes ALL policies for an object that are not of the input type.
`void`	`removeEPersonPolicies(Context c, DSpaceObject o, EPerson e)` Removes all policies from an eperson for a particular object that belong to an EPerson.
`void`	`removeGroupPolicies(Context c, DSpaceObject o, Group g)` Removes all policies from a group for a particular object that belong to a Group.
`void`	`removeGroupPolicies(Context c, Group group)` Removes all policies relating to a particular group.
`void`	`removePoliciesActionFilter(Context context, DSpaceObject dso, int actionID)` Remove all policies from an object that match a given action.
`void`	`switchPoliciesAction(Context context, DSpaceObject dso, int fromAction, int toAction)` Change all the policies related to the action (fromPolicy) of the specified object to the new action (toPolicy)

Method Detail

authorizeAnyOf
```
void authorizeAnyOf(Context c,
                  DSpaceObject o,
                  int[] actions)
                    throws AuthorizeException,
                           SQLException
```
Utility method, checks that the current user of the given context can perform all of the specified actions on the given object. An AuthorizeException if all the authorizations fail.

Parameters:
c - context with the current user
o - DSpace object user is attempting to perform action on
actions - array of action IDs from org.dspace.core.Constants

Throws:

AuthorizeException - if any one of the specified actions cannot be performed by the current user on the given object.

SQLException - if database error

authorizeAction
```
void authorizeAction(Context c,
                   DSpaceObject o,
                   int action)
                     throws AuthorizeException,
                            SQLException
```
Checks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.

Parameters:
c - context
o - a DSpaceObject
action - action to perform from org.dspace.core.Constants

Throws:

AuthorizeException - if the user is denied

SQLException - if database error

authorizeAction
```
void authorizeAction(Context c,
                   DSpaceObject o,
                   int action,
                   boolean useInheritance)
                     throws AuthorizeException,
                            SQLException
```
Checks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.

Parameters:
c - context
o - a DSpaceObject
useInheritance - flag to say if ADMIN action on the current object or parent object can be used
action - action to perform from org.dspace.core.Constants

Throws:

AuthorizeException - if the user is denied

SQLException - if database error

authorizeAction
```
void authorizeAction(Context c,
                   EPerson e,
                   DSpaceObject o,
                   int action,
                   boolean useInheritance)
                     throws AuthorizeException,
                            SQLException
```
Checks that the specified eperson can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.

Parameters:
c - context
e - the eperson to use for the authorization check
o - a DSpaceObject
useInheritance - flag to say if ADMIN action on the current object or parent object can be used
action - action to perform from org.dspace.core.Constants

Throws:

AuthorizeException - if the user is denied

SQLException - if database error

authorizeActionBoolean
```
boolean authorizeActionBoolean(Context c,
                             DSpaceObject o,
                             int a)
                               throws SQLException
```
same authorize, returns boolean for those who don't want to deal with catching exceptions.

Parameters:
c - DSpace context, containing current user
o - DSpaceObject
a - action being attempted, from org.dspace.core.Constants

Returns:
true if the current user in the context is authorized to perform the given action on the given object

Throws:

SQLException - if database error

authorizeActionBoolean
```
boolean authorizeActionBoolean(Context c,
                             DSpaceObject o,
                             int a,
                             boolean useInheritance)
                               throws SQLException
```
same authorize, returns boolean for those who don't want to deal with catching exceptions.

Parameters:
c - DSpace context, containing current user
o - DSpaceObject
a - action being attempted, from org.dspace.core.Constants
useInheritance - flag to say if ADMIN action on the current object or parent object can be used

Returns:
true if the current user in the context is authorized to perform the given action on the given object

Throws:

SQLException - if database error

authorizeActionBoolean
```
boolean authorizeActionBoolean(Context c,
                             EPerson e,
                             DSpaceObject o,
                             int a,
                             boolean useInheritance)
                               throws SQLException
```
same authorize with a specif eperson (not the current user), returns boolean for those who don't want to deal with catching exceptions.

Parameters:
c - DSpace context
e - EPerson to use in the check
o - DSpaceObject
a - action being attempted, from org.dspace.core.Constants
useInheritance - flag to say if ADMIN action on the current object or parent object can be used

Returns:
true if the requested user is authorized to perform the given action on the given object

Throws:

SQLException - if database error

isAdmin
```
boolean isAdmin(Context c,
              DSpaceObject o)
                throws SQLException
```
Check to see if the current user is an Administrator of a given object within DSpace. Always return true if the user is a System Admin

Parameters:
c - current context
o - current DSpace Object, if null the call will be equivalent to a call to the isAdmin(Context c) method

Returns:
true if user has administrative privileges on the given DSpace object

Throws:

SQLException - if database error

isAdmin
```
boolean isAdmin(Context c)
                throws SQLException
```
Check to see if the current user is a System Admin. Always return true if c.ignoreAuthorization is set. Anonymous users can't be Admins (EPerson set to NULL)

Parameters:
c - current context

Returns:
true if user is an admin or ignore authorization flag set

Throws:

SQLException - if database error

isCommunityAdmin

boolean isCommunityAdmin(Context c)
                         throws SQLException

Throws:: SQLException

isCollectionAdmin

boolean isCollectionAdmin(Context c)
                          throws SQLException

Throws:: SQLException

addPolicy
```
void addPolicy(Context c,
             DSpaceObject o,
             int actionID,
             EPerson e)
               throws SQLException,
                      AuthorizeException
```
Add a policy for an individual eperson

Parameters:
c - context. Current user irrelevant
o - DSpaceObject to add policy to
actionID - ID of action from org.dspace.core.Constants
e - eperson who can perform the action

Throws:

SQLException - if database error

AuthorizeException - if current user in context is not authorized to add policies

addPolicy
```
void addPolicy(Context c,
             DSpaceObject o,
             int actionID,
             EPerson e,
             String type)
               throws SQLException,
                      AuthorizeException
```
Add a policy for an individual eperson

Parameters:
c - context. Current user irrelevant
o - DSpaceObject to add policy to
actionID - ID of action from org.dspace.core.Constants
e - eperson who can perform the action
type - policy type, deafult types are declared in the ResourcePolicy class

Throws:

SQLException - if database error

AuthorizeException - if current user in context is not authorized to add policies

addPolicy
```
void addPolicy(Context c,
             DSpaceObject o,
             int actionID,
             Group g)
               throws SQLException,
                      AuthorizeException
```
Add a policy for a group

Parameters:
c - current context
o - object to add policy for
actionID - ID of action from org.dspace.core.Constants
g - group to add policy for

Throws:

SQLException - if there's a database problem

AuthorizeException - if the current user is not authorized to add this policy

addPolicy
```
void addPolicy(Context c,
             DSpaceObject o,
             int actionID,
             Group g,
             String type)
               throws SQLException,
                      AuthorizeException
```
Add a policy for a group

Parameters:
c - current context
o - object to add policy for
actionID - ID of action from org.dspace.core.Constants
g - group to add policy for
type - policy type, deafult types are declared in the ResourcePolicy class

Throws:

SQLException - if there's a database problem

AuthorizeException - if the current user is not authorized to add this policy

getPolicies
```
List<ResourcePolicy> getPolicies(Context c,
                               DSpaceObject o)
                                 throws SQLException
```
Return a List of the policies for an object

Parameters:
c - current context
o - object to retrieve policies for

Returns:
List of ResourcePolicy objects

Throws:

SQLException - if database error

findPoliciesByDSOAndType

List<ResourcePolicy> findPoliciesByDSOAndType(Context c,
                                            DSpaceObject o,
                                            String type)
                                              throws SQLException

Return a List of the policies for an object

Parameters:: c - current context; o - object to retrieve policies for; type - type
Returns:: List of ResourcePolicy objects
Throws:: SQLException - if database error

getPoliciesForGroup

List<ResourcePolicy> getPoliciesForGroup(Context c,
                                       Group g)
                                         throws SQLException

Return a List of the policies for a group

Parameters:: c - current context; g - group to retrieve policies for
Returns:: List of ResourcePolicy objects
Throws:: SQLException - if database error

getPoliciesActionFilter

List<ResourcePolicy> getPoliciesActionFilter(Context c,
                                           DSpaceObject o,
                                           int actionID)
                                             throws SQLException

Return a list of policies for an object that match the action

Parameters:: c - context; o - DSpaceObject policies relate to; actionID - action (defined in class Constants)
Returns:: list of resource policies
Throws:: SQLException - if there's a database problem

inheritPolicies
```
void inheritPolicies(Context c,
                   DSpaceObject src,
                   DSpaceObject dest)
                     throws SQLException,
                            AuthorizeException
```
Add policies to an object to match those from a previous object

Parameters:
c - context
src - source of policies
dest - destination of inherited policies

Throws:

SQLException - if there's a database problem

AuthorizeException - if the current user is not authorized to add these policies

addPolicies
```
void addPolicies(Context c,
               List<ResourcePolicy> policies,
               DSpaceObject dest)
                 throws SQLException,
                        AuthorizeException
```
Copies policies from a list of resource policies to a given DSpaceObject

Parameters:
c - DSpace context
policies - List of ResourcePolicy objects
dest - object to have policies added

Throws:

SQLException - if there's a database problem

AuthorizeException - if the current user is not authorized to add these policies

removeAllPolicies
```
void removeAllPolicies(Context c,
                     DSpaceObject o)
                       throws SQLException,
                              AuthorizeException
```
removes ALL policies for an object. FIXME doesn't check authorization

Parameters:
c - DSpace context
o - object to remove policies for

Throws:

SQLException - if there's a database problem

AuthorizeException - if authorization error

removeAllPoliciesByDSOAndTypeNotEqualsTo

void removeAllPoliciesByDSOAndTypeNotEqualsTo(Context c,
                                            DSpaceObject o,
                                            String type)
                                              throws SQLException,
                                                     AuthorizeException

removes ALL policies for an object that are not of the input type.

Parameters:: c - DSpace context; o - object to remove policies for; type - type
Throws:: SQLException - if there's a database problem; AuthorizeException - if authorization error

removeAllPoliciesByDSOAndType

void removeAllPoliciesByDSOAndType(Context c,
                                 DSpaceObject o,
                                 String type)
                                   throws SQLException,
                                          AuthorizeException

removes policies

Parameters:: c - DSpace context; o - object to remove policies for; type - policy type
Throws:: SQLException - if there's a database problem; AuthorizeException - if authorization error

removePoliciesActionFilter
```
void removePoliciesActionFilter(Context context,
                              DSpaceObject dso,
                              int actionID)
                                throws SQLException,
                                       AuthorizeException
```
Remove all policies from an object that match a given action. FIXME doesn't check authorization

Parameters:
context - current context
dso - object to remove policies from
actionID - ID of action to match from Constants, or -1=all

Throws:

SQLException - if there's a database problem

AuthorizeException - if authorization error

removeGroupPolicies
```
void removeGroupPolicies(Context c,
                       Group group)
                         throws SQLException
```
Removes all policies relating to a particular group. FIXME doesn't check authorization

Parameters:
c - current context
group - the group

Throws:

SQLException - if there's a database problem

removeGroupPolicies

void removeGroupPolicies(Context c,
                       DSpaceObject o,
                       Group g)
                         throws SQLException,
                                AuthorizeException

Removes all policies from a group for a particular object that belong to a Group. FIXME doesn't check authorization

Parameters:: c - current context; o - the object; g - the group
Throws:: SQLException - if there's a database problem; AuthorizeException - if authorization error

removeEPersonPolicies

void removeEPersonPolicies(Context c,
                         DSpaceObject o,
                         EPerson e)
                           throws SQLException,
                                  AuthorizeException

Removes all policies from an eperson for a particular object that belong to an EPerson. FIXME doesn't check authorization

Parameters:: c - current context; o - the object; e - the eperson
Throws:: SQLException - if there's a database problem; AuthorizeException - if authorization error

getAuthorizedGroups
```
List<Group> getAuthorizedGroups(Context c,
                              DSpaceObject o,
                              int actionID)
                                throws SQLException
```
Returns all groups authorized to perform an action on an object. Returns empty array if no matches.

Parameters:
c - current context
o - object
actionID - ID of action from Constants

Returns:
array of Groups that can perform the specified action on the specified object

Throws:

SQLException - if there's a database problem

isAnIdenticalPolicyAlreadyInPlace

boolean isAnIdenticalPolicyAlreadyInPlace(Context c,
                                        DSpaceObject o,
                                        ResourcePolicy rp)
                                          throws SQLException

Throws:: SQLException

isAnIdenticalPolicyAlreadyInPlace

boolean isAnIdenticalPolicyAlreadyInPlace(Context c,
                                        DSpaceObject o,
                                        Group group,
                                        int actionID,
                                        int policyID)
                                          throws SQLException

Is a policy with the specified parameters already in place?

Parameters:: c - current context; o - object; group - group; actionID - ID of action from Constants; policyID - ID of an existing policy. If -1 is specified, this parameter will be ignored
Returns:: true if such a policy exists, false otherwise
Throws:: SQLException - if there's a database problem

findByTypeIdGroupAction

ResourcePolicy findByTypeIdGroupAction(Context c,
                                     DSpaceObject dso,
                                     Group group,
                                     int action,
                                     int policyID)
                                       throws SQLException

Throws:: SQLException

generateAutomaticPolicies

void generateAutomaticPolicies(Context context,
                             Date embargoDate,
                             String reason,
                             DSpaceObject dso,
                             Collection owningCollection)
                               throws SQLException,
                                      AuthorizeException

Generate Policies policies READ for the date in input adding reason. New policies are assigned automatically at the groups that have right on the collection. E.g., if the anonymous can access the collection policies are assigned to anonymous.

Parameters:: context - current context; embargoDate - date; reason - reason; dso - DSpaceObject; owningCollection - collection
Throws:: SQLException - if database error; AuthorizeException - if authorization error

createResourcePolicy

ResourcePolicy createResourcePolicy(Context context,
                                  DSpaceObject dso,
                                  Group group,
                                  EPerson eperson,
                                  int type,
                                  String rpType)
                                    throws SQLException,
                                           AuthorizeException

Throws:: SQLException; AuthorizeException

createOrModifyPolicy

ResourcePolicy createOrModifyPolicy(ResourcePolicy policy,
                                  Context context,
                                  String name,
                                  Group group,
                                  EPerson ePerson,
                                  Date embargoDate,
                                  int action,
                                  String reason,
                                  DSpaceObject dso)
                                    throws AuthorizeException,
                                           SQLException

Throws:: AuthorizeException; SQLException

switchPoliciesAction

void switchPoliciesAction(Context context,
                        DSpaceObject dso,
                        int fromAction,
                        int toAction)
                          throws SQLException,
                                 AuthorizeException

Change all the policies related to the action (fromPolicy) of the specified object to the new action (toPolicy)

Parameters:: context -; dso - the dspace object; fromAction - the action to change; toAction - the new action to set
Throws:: SQLException; AuthorizeException

Interface AuthorizeService

Method Summary

Method Detail

authorizeAnyOf

authorizeAction

authorizeAction

authorizeAction

authorizeActionBoolean

authorizeActionBoolean

authorizeActionBoolean

isAdmin

isAdmin

isCommunityAdmin

isCollectionAdmin

addPolicy

addPolicy

addPolicy

addPolicy

getPolicies

findPoliciesByDSOAndType

getPoliciesForGroup

getPoliciesActionFilter

inheritPolicies

addPolicies

removeAllPolicies

removeAllPoliciesByDSOAndTypeNotEqualsTo

removeAllPoliciesByDSOAndType

removePoliciesActionFilter

removeGroupPolicies

removeGroupPolicies

removeEPersonPolicies

getAuthorizedGroups

isAnIdenticalPolicyAlreadyInPlace

isAnIdenticalPolicyAlreadyInPlace

findByTypeIdGroupAction

generateAutomaticPolicies

createResourcePolicy

createOrModifyPolicy

switchPoliciesAction