Package org.dspace.authorize.service

Interface AuthorizeService

  • All Known Implementing Classes:
    AuthorizeServiceImpl
    public interface AuthorizeService
    AuthorizeManager handles all authorization checks for DSpace. For better security, DSpace assumes that you do not have the right to do something unless that permission is spelled out somewhere. That "somewhere" is the ResourcePolicy table. The AuthorizeManager is given a user, an object, and an action, and it then does a lookup in the ResourcePolicy table to see if there are any policies giving the user permission to do that action.

    ResourcePolicies now apply to single objects (such as submit (ADD) permission to a collection.)

    Note: If an eperson is a member of the administrator group, then they are automatically given permission for all requests another special group is group with name "Anonymous" - all EPeople are members of this group.

    • Method Detail

      • authorizeAnyOf

        void authorizeAnyOf​(Context c,
                    DSpaceObject o,
                    int[] actions)
             throws AuthorizeException,
                    SQLException
        Utility method, checks that the current user of the given context can perform all of the specified actions on the given object. An AuthorizeException if all the authorizations fail.
        Parameters:
        c - context with the current user
        o - DSpace object user is attempting to perform action on
        actions - array of action IDs from org.dspace.core.Constants
        Throws:
        AuthorizeException - if any one of the specified actions cannot be performed by the current user on the given object.
        SQLException - An exception that provides information on a database access error or other errors.

      • authorizeAction

        void authorizeAction​(Context c,
                     DSpaceObject o,
                     int action)
              throws AuthorizeException,
                     SQLException
        Checks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.
        Parameters:
        c - context
        o - a DSpaceObject
        action - action to perform from org.dspace.core.Constants
        Throws:
        AuthorizeException - Exception indicating the current user of the context does not have permission to perform a particular action.
        SQLException - An exception that provides information on a database access error or other errors.

      • authorizeAction

        void authorizeAction​(Context c,
                     DSpaceObject o,
                     int action,
                     boolean useInheritance)
              throws AuthorizeException,
                     SQLException
        Checks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.
        Parameters:
        c - context
        o - a DSpaceObject
        useInheritance - flag to say if ADMIN action on the current object or parent object can be used
        action - action to perform from org.dspace.core.Constants
        Throws:
        AuthorizeException - Exception indicating the current user of the context does not have permission to perform a particular action.
        SQLException - An exception that provides information on a database access error or other errors.

      • authorizeAction

        void authorizeAction​(Context c,
                     EPerson e,
                     DSpaceObject o,
                     int action,
                     boolean useInheritance)
              throws AuthorizeException,
                     SQLException
        Checks that the specified eperson can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.
        Parameters:
        c - context
        e - the eperson to use for the authorization check
        o - a DSpaceObject
        useInheritance - flag to say if ADMIN action on the current object or parent object can be used
        action - action to perform from org.dspace.core.Constants
        Throws:
        AuthorizeException - Exception indicating the current user of the context does not have permission to perform a particular action.
        SQLException - An exception that provides information on a database access error or other errors.

      • authorizeActionBoolean

        boolean authorizeActionBoolean​(Context c,
                               DSpaceObject o,
                               int a)
                        throws SQLException
        same authorize, returns boolean for those who don't want to deal with catching exceptions.
        Parameters:
        c - DSpace context, containing current user
        o - DSpaceObject
        a - action being attempted, from org.dspace.core.Constants
        Returns:
        true if the current user in the context is authorized to perform the given action on the given object
        Throws:
        SQLException - An exception that provides information on a database access error or other errors.

      • authorizeActionBoolean

        boolean authorizeActionBoolean​(Context c,
                               DSpaceObject o,
                               int a,
                               boolean useInheritance)
                        throws SQLException
        same authorize, returns boolean for those who don't want to deal with catching exceptions.
        Parameters:
        c - DSpace context, containing current user
        o - DSpaceObject
        a - action being attempted, from org.dspace.core.Constants
        useInheritance - flag to say if ADMIN action on the current object or parent object can be used
        Returns:
        true if the current user in the context is authorized to perform the given action on the given object
        Throws:
        SQLException - An exception that provides information on a database access error or other errors.

      • authorizeActionBoolean

        boolean authorizeActionBoolean​(Context c,
                               EPerson e,
                               DSpaceObject o,
                               int a,
                               boolean useInheritance)
                        throws SQLException
        same authorize with a specif eperson (not the current user), returns boolean for those who don't want to deal with catching exceptions.
        Parameters:
        c - DSpace context
        e - EPerson to use in the check
        o - DSpaceObject
        a - action being attempted, from org.dspace.core.Constants
        useInheritance - flag to say if ADMIN action on the current object or parent object can be used
        Returns:
        true if the requested user is authorized to perform the given action on the given object
        Throws:
        SQLException - An exception that provides information on a database access error or other errors.

      • isAdmin

        boolean isAdmin​(Context c,
                DSpaceObject o)
         throws SQLException
        Check to see if the current user is an Administrator of a given object within DSpace. Always return true if the user is a System Admin
        Parameters:
        c - current context
        o - current DSpace Object, if null the call will be equivalent to a call to the isAdmin(Context c) method
        Returns:
        true if user has administrative privileges on the given DSpace object
        Throws:
        SQLException - An exception that provides information on a database access error or other errors.

      • isAdmin

        boolean isAdmin​(Context c,
                EPerson e,
                DSpaceObject o)
         throws SQLException
        Check to see if a specific user is an Administrator of a given object within DSpace. Always return true if the user is a System Admin
        Parameters:
        c - current context
        e - the user to check
        o - current DSpace Object, if null the call will be equivalent to a call to the isAdmin(Context c) method
        Returns:
        true if the user has administrative privileges on the given DSpace object
        Throws:
        SQLException - if database error

      • isAdmin

        boolean isAdmin​(Context c)
         throws SQLException
        Check to see if the current user is a System Admin. Always return true if c.ignoreAuthorization is set. If no EPerson is logged in and context.getCurrentUser() returns null, this method returns false as anonymous users can never be administrators.
        Parameters:
        c - current context
        Returns:
        true if user is an admin or ignore authorization flag set
        Throws:
        SQLException - An exception that provides information on a database access error or other errors.

      • isAdmin

        boolean isAdmin​(Context c,
                EPerson e)
         throws SQLException
        Check to see if a specific user is system admin. Always return true if c.ignoreAuthorization is set.
        Parameters:
        c - current context
        Returns:
        true if user is an admin or ignore authorization flag set
        Throws:
        SQLException - if database error

      • addPolicy

        void addPolicy​(Context c,
               DSpaceObject o,
               int actionID,
               EPerson e)
        throws SQLException,
               AuthorizeException
        Add a policy for an individual eperson
        Parameters:
        c - context. Current user irrelevant
        o - DSpaceObject to add policy to
        actionID - ID of action from org.dspace.core.Constants
        e - eperson who can perform the action
        Throws:
        SQLException - if database error
        AuthorizeException - if current user in context is not authorized to add policies

      • addPolicy

        void addPolicy​(Context c,
               DSpaceObject o,
               int actionID,
               EPerson e,
               String type)
        throws SQLException,
               AuthorizeException
        Add a policy for an individual eperson
        Parameters:
        c - context. Current user irrelevant
        o - DSpaceObject to add policy to
        actionID - ID of action from org.dspace.core.Constants
        e - eperson who can perform the action
        type - policy type, deafult types are declared in the ResourcePolicy class
        Throws:
        SQLException - if database error
        AuthorizeException - if current user in context is not authorized to add policies

      • addPolicy

        void addPolicy​(Context c,
               DSpaceObject o,
               int actionID,
               Group g)
        throws SQLException,
               AuthorizeException
        Add a policy for a group
        Parameters:
        c - current context
        o - object to add policy for
        actionID - ID of action from org.dspace.core.Constants
        g - group to add policy for
        Throws:
        SQLException - if there's a database problem
        AuthorizeException - if the current user is not authorized to add this policy

      • addPolicy

        void addPolicy​(Context c,
               DSpaceObject o,
               int actionID,
               Group g,
               String type)
        throws SQLException,
               AuthorizeException
        Add a policy for a group
        Parameters:
        c - current context
        o - object to add policy for
        actionID - ID of action from org.dspace.core.Constants
        g - group to add policy for
        type - policy type, deafult types are declared in the ResourcePolicy class
        Throws:
        SQLException - if there's a database problem
        AuthorizeException - if the current user is not authorized to add this policy

      • findPoliciesByDSOAndType

        List<ResourcePolicy> findPoliciesByDSOAndType​(Context c,
                                              DSpaceObject o,
                                              String type)
                                       throws SQLException
        Return a List of the policies for an object
        Parameters:
        c - current context
        o - object to retrieve policies for
        type - type
        Returns:
        List of ResourcePolicy objects
        Throws:
        SQLException - if database error

      • getPoliciesForGroup

        List<ResourcePolicy> getPoliciesForGroup​(Context c,
                                         Group g)
                                  throws SQLException
        Return a List of the policies for a group
        Parameters:
        c - current context
        g - group to retrieve policies for
        Returns:
        List of ResourcePolicy objects
        Throws:
        SQLException - if database error

      • getPoliciesActionFilter

        List<ResourcePolicy> getPoliciesActionFilter​(Context c,
                                             DSpaceObject o,
                                             int actionID)
                                      throws SQLException
        Return a list of policies for an object that match the action
        Parameters:
        c - context
        o - DSpaceObject policies relate to
        actionID - action (defined in class Constants)
        Returns:
        list of resource policies
        Throws:
        SQLException - if there's a database problem

      • getPoliciesActionFilterExceptRpType

        List<ResourcePolicy> getPoliciesActionFilterExceptRpType​(Context c,
                                                         DSpaceObject o,
                                                         int actionID,
                                                         String rpType)
                                                  throws SQLException
        Return a list of policies for an object that match the action except the record labeled with the rpType
        Parameters:
        c - context
        o - DSpaceObject policies relate to
        actionID - action (defined in class Constants)
        rpType - the resource policy type
        Returns:
        list of resource policies
        Throws:
        SQLException - if there's a database problem

      • removePoliciesActionFilter

        void removePoliciesActionFilter​(Context context,
                                DSpaceObject dso,
                                int actionID)
                         throws SQLException,
                                AuthorizeException
        Remove all policies from an object that match a given action. FIXME doesn't check authorization
        Parameters:
        context - current context
        dso - object to remove policies from
        actionID - ID of action to match from Constants, or -1=all
        Throws:
        SQLException - if there's a database problem
        AuthorizeException - if authorization error

      • removeGroupPolicies

        void removeGroupPolicies​(Context c,
                         Group group)
                  throws SQLException
        Removes all policies relating to a particular group. FIXME doesn't check authorization
        Parameters:
        c - current context
        group - the group
        Throws:
        SQLException - if there's a database problem

      • getAuthorizedGroups

        List<Group> getAuthorizedGroups​(Context c,
                                DSpaceObject o,
                                int actionID)
                         throws SQLException
        Returns all groups authorized to perform an action on an object. Returns empty array if no matches.
        Parameters:
        c - current context
        o - object
        actionID - ID of action from Constants
        Returns:
        array of Groups that can perform the specified action on the specified object
        Throws:
        SQLException - if there's a database problem

      • isAnIdenticalPolicyAlreadyInPlace

        boolean isAnIdenticalPolicyAlreadyInPlace​(Context c,
                                          DSpaceObject o,
                                          Group group,
                                          int actionID,
                                          int policyID)
                                   throws SQLException
        Is a policy with the specified parameters already in place?
        Parameters:
        c - current context
        o - object
        group - group
        actionID - ID of action from Constants
        policyID - ID of an existing policy. If -1 is specified, this parameter will be ignored
        Returns:
        true if such a policy exists, false otherwise
        Throws:
        SQLException - if there's a database problem

      • generateAutomaticPolicies

        void generateAutomaticPolicies​(Context context,
                               Date embargoDate,
                               String reason,
                               DSpaceObject dso,
                               Collection owningCollection)
                        throws SQLException,
                               AuthorizeException
        Generate Policies policies READ for the date in input adding reason. New policies are assigned automatically at the groups that have right on the collection. E.g., if the anonymous can access the collection policies are assigned to anonymous.
        Parameters:
        context - current context
        embargoDate - date
        reason - reason
        dso - DSpaceObject
        owningCollection - collection
        Throws:
        SQLException - if database error
        AuthorizeException - if authorization error

      • switchPoliciesAction

        void switchPoliciesAction​(Context context,
                          DSpaceObject dso,
                          int fromAction,
                          int toAction)
                   throws SQLException,
                          AuthorizeException
        Change all the policies related to the action (fromPolicy) of the specified object to the new action (toPolicy)
        Parameters:
        context - The relevant DSpace Context.
        dso - the dspace object
        fromAction - the action to change
        toAction - the new action to set
        Throws:
        SQLException - An exception that provides information on a database access error or other errors.
        AuthorizeException - Exception indicating the current user of the context does not have permission to perform a particular action.