Package org.dspace.authorize

Class AuthorizeServiceImpl

java.lang.Object

org.dspace.authorize.AuthorizeServiceImpl

All Implemented Interfaces:

AuthorizeService

public class AuthorizeServiceImpl
extends Object
implements AuthorizeService

AuthorizeManager handles all authorization checks for DSpace. For better security, DSpace assumes that you do not have the right to do something unless that permission is spelled out somewhere. That "somewhere" is the ResourcePolicy table. The AuthorizeManager is given a user, an object, and an action, and it then does a lookup in the ResourcePolicy table to see if there are any policies giving the user permission to do that action.

ResourcePolicies now apply to single objects (such as submit (ADD) permission to a collection.)

Note: If an eperson is a member of the administrator group (id 1), then they are automatically given permission for all requests another special group is group 0, which is anonymous - all EPeople are members of group 0.

Field Summary

Fields

Modifier and Type	Field	Description
protected BitstreamService	bitstreamService
protected GroupService	groupService
protected ResourcePolicyService	resourcePolicyService
protected ContentServiceFactory	serviceFactory
protected WorkflowItemService	workflowItemService
protected WorkspaceItemService	workspaceItemService

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	AuthorizeServiceImpl()

Method Summary

Modifier and Type	Method	Description
void	addPolicies(Context c, List<ResourcePolicy> policies, DSpaceObject dest)	Copies policies from a list of resource policies to a given DSpaceObject
void	addPolicy(Context c, DSpaceObject o, int actionID, EPerson e)	Add a policy for an individual eperson
void	addPolicy(Context context, DSpaceObject o, int actionID, EPerson e, String type)	Add a policy for an individual eperson
void	addPolicy(Context c, DSpaceObject o, int actionID, Group g)	Add a policy for a group
void	addPolicy(Context c, DSpaceObject o, int actionID, Group g, String type)	Add a policy for a group
protected boolean	authorize(Context c, DSpaceObject o, int action, EPerson e, boolean useInheritance)	Check to see if the given user can perform the given action on the given object.
void	authorizeAction(Context c, DSpaceObject o, int action)	Checks that the context's current user can perform the given action on the given object.
void	authorizeAction(Context c, DSpaceObject o, int action, boolean useInheritance)	Checks that the context's current user can perform the given action on the given object.
void	authorizeAction(Context c, EPerson e, DSpaceObject o, int action, boolean useInheritance)	Checks that the specified eperson can perform the given action on the given object.
boolean	authorizeActionBoolean(Context c, DSpaceObject o, int a)	same authorize, returns boolean for those who don't want to deal with catching exceptions.
boolean	authorizeActionBoolean(Context c, DSpaceObject o, int a, boolean useInheritance)	same authorize, returns boolean for those who don't want to deal with catching exceptions.
boolean	authorizeActionBoolean(Context c, EPerson e, DSpaceObject o, int a, boolean useInheritance)	same authorize with a specif eperson (not the current user), returns boolean for those who don't want to deal with catching exceptions.
void	authorizeAnyOf(Context c, DSpaceObject o, int[] actions)	Utility method, checks that the current user of the given context can perform all of the specified actions on the given object.
long	countAdminAuthorizedCollection(Context context, String query)	Finds the amount of collections for which the logged in user has ADMIN rights.
long	countAdminAuthorizedCommunity(Context context, String query)	Finds the amount of communities for which the logged in user has ADMIN rights.
ResourcePolicy	createOrModifyPolicy(ResourcePolicy policy, Context context, String name, Group group, EPerson ePerson, Date embargoDate, int action, String reason, DSpaceObject dso)
ResourcePolicy	createResourcePolicy(Context context, DSpaceObject dso, Group group, EPerson eperson, int type, String rpType)
ResourcePolicy	createResourcePolicy(Context context, DSpaceObject dso, Group group, EPerson eperson, int type, String rpType, String rpName, String rpDescription, Date startDate, Date endDate)
List<Collection>	findAdminAuthorizedCollection(Context context, String query, int offset, int limit)	Finds collections for which the logged in user has ADMIN rights.
List<Community>	findAdminAuthorizedCommunity(Context context, String query, int offset, int limit)	Finds communities for which the logged in user has ADMIN rights.
ResourcePolicy	findByTypeGroupAction(Context c, DSpaceObject dso, Group group, int action)
List<ResourcePolicy>	findPoliciesByDSOAndType(Context c, DSpaceObject o, String type)	Return a List of the policies for an object
void	generateAutomaticPolicies(Context context, Date embargoDate, String reason, DSpaceObject dso, Collection owningCollection)	Generate Policies policies READ for the date in input adding reason.
List<Group>	getAuthorizedGroups(Context c, DSpaceObject o, int actionID)	Returns all groups authorized to perform an action on an object.
List<ResourcePolicy>	getPolicies(Context c, DSpaceObject o)	Return a List of the policies for an object
List<ResourcePolicy>	getPoliciesActionFilter(Context c, DSpaceObject o, int actionID)	Return a list of policies for an object that match the action
List<ResourcePolicy>	getPoliciesActionFilterExceptRpType(Context c, DSpaceObject o, int actionID, String rpType)	Return a list of policies for an object that match the action except the record labeled with the rpType
List<ResourcePolicy>	getPoliciesForGroup(Context c, Group g)	Return a List of the policies for a group
void	inheritPolicies(Context c, DSpaceObject src, DSpaceObject dest)	Add policies to an object to match those from a previous object
boolean	isAdmin(Context c)	Check to see if the current user is a System Admin.
boolean	isAdmin(Context c, DSpaceObject o)	Check to see if the current user is an Administrator of a given object within DSpace.
boolean	isAdmin(Context c, EPerson e)	Check to see if a specific user is system admin.
boolean	isAdmin(Context c, EPerson e, DSpaceObject o)	Check to see if a specific user is an Administrator of a given object within DSpace.
boolean	isAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject o, ResourcePolicy rp)
boolean	isAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject dso, Group group, int action, int policyID)	Is a policy with the specified parameters already in place?
protected boolean	isAnyItemInstalled(Context ctx, List<Bundle> bundles)
boolean	isCollectionAdmin(Context context)	Checks that the context's current user is a collection admin in the site by querying the solr database.
boolean	isComColAdmin(Context context)	Checks that the context's current user is a community or collection admin in the site.
boolean	isCommunityAdmin(Context context)	Checks that the context's current user is a community admin in the site by querying the solr database.
void	removeAllEPersonPolicies(Context c, EPerson e)	Removes all policies from an eperson that belong to an EPerson.
void	removeAllPolicies(Context c, DSpaceObject o)	removes ALL policies for an object.
void	removeAllPoliciesByDSOAndType(Context c, DSpaceObject o, String type)	removes policies
void	removeAllPoliciesByDSOAndTypeNotEqualsTo(Context c, DSpaceObject o, String type)	removes ALL policies for an object that are not of the input type.
void	removeEPersonPolicies(Context c, DSpaceObject o, EPerson e)	Removes all policies from an eperson for a particular object that belong to an EPerson.
void	removeGroupPolicies(Context c, DSpaceObject o, Group g)	Removes all policies from a group for a particular object that belong to a Group.
void	removeGroupPolicies(Context c, Group group)	Removes all policies relating to a particular group.
void	removePoliciesActionFilter(Context context, DSpaceObject dso, int actionID)	Remove all policies from an object that match a given action.
void	switchPoliciesAction(Context context, DSpaceObject dso, int fromAction, int toAction)	Change all the policies related to the action (fromPolicy) of the specified object to the new action (toPolicy)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

bitstreamService

@Autowired(required=true)
protected BitstreamService bitstreamService

serviceFactory

@Autowired(required=true)
protected ContentServiceFactory serviceFactory

groupService

@Autowired(required=true)
protected GroupService groupService

resourcePolicyService

@Autowired(required=true)
protected ResourcePolicyService resourcePolicyService

workspaceItemService

@Autowired(required=true)
protected WorkspaceItemService workspaceItemService

workflowItemService

@Autowired(required=true)
protected WorkflowItemService workflowItemService

Constructor Detail

AuthorizeServiceImpl

protected AuthorizeServiceImpl()

Method Detail

authorizeAnyOf

public void authorizeAnyOf(Context c,
                           DSpaceObject o,
                           int[] actions)
                    throws AuthorizeException,
                           SQLException

Description copied from interface: AuthorizeService

Utility method, checks that the current user of the given context can perform all of the specified actions on the given object. An AuthorizeException if all the authorizations fail.

Specified by:

authorizeAnyOf in interface AuthorizeService

Parameters:

c - context with the current user

o - DSpace object user is attempting to perform action on

actions - array of action IDs from org.dspace.core.Constants

Throws:

AuthorizeException - if any one of the specified actions cannot be performed by the current user on the given object.

SQLException - An exception that provides information on a database access error or other errors.

authorizeAction

public void authorizeAction(Context c,
                            DSpaceObject o,
                            int action)
                     throws AuthorizeException,
                            SQLException

Description copied from interface: AuthorizeService

Checks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.

Specified by:

authorizeAction in interface AuthorizeService

Parameters:

c - context

o - a DSpaceObject

action - action to perform from org.dspace.core.Constants

Throws:

AuthorizeException - Exception indicating the current user of the context does not have permission to perform a particular action.

SQLException - An exception that provides information on a database access error or other errors.

authorizeAction

public void authorizeAction(Context c,
                            DSpaceObject o,
                            int action,
                            boolean useInheritance)
                     throws AuthorizeException,
                            SQLException

Description copied from interface: AuthorizeService

Checks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.

Specified by:

authorizeAction in interface AuthorizeService

Parameters:

c - context

o - a DSpaceObject

action - action to perform from org.dspace.core.Constants

useInheritance - flag to say if ADMIN action on the current object or parent object can be used

Throws:

AuthorizeException - Exception indicating the current user of the context does not have permission to perform a particular action.

SQLException - An exception that provides information on a database access error or other errors.

authorizeAction

public void authorizeAction(Context c,
                            EPerson e,
                            DSpaceObject o,
                            int action,
                            boolean useInheritance)
                     throws AuthorizeException,
                            SQLException

Description copied from interface: AuthorizeService

Checks that the specified eperson can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.

Specified by:

authorizeAction in interface AuthorizeService

Parameters:

c - context

e - the eperson to use for the authorization check

o - a DSpaceObject

action - action to perform from org.dspace.core.Constants

useInheritance - flag to say if ADMIN action on the current object or parent object can be used

Throws:

AuthorizeException - Exception indicating the current user of the context does not have permission to perform a particular action.

SQLException - An exception that provides information on a database access error or other errors.

authorizeActionBoolean

public boolean authorizeActionBoolean(Context c,
                                      DSpaceObject o,
                                      int a)
                               throws SQLException

Description copied from interface: AuthorizeService

same authorize, returns boolean for those who don't want to deal with catching exceptions.

Specified by:

authorizeActionBoolean in interface AuthorizeService

Parameters:

c - DSpace context, containing current user

o - DSpaceObject

a - action being attempted, from org.dspace.core.Constants

Returns:

true if the current user in the context is authorized to perform the given action on the given object

Throws:

SQLException - An exception that provides information on a database access error or other errors.

authorizeActionBoolean

public boolean authorizeActionBoolean(Context c,
                                      DSpaceObject o,
                                      int a,
                                      boolean useInheritance)
                               throws SQLException

Description copied from interface: AuthorizeService

same authorize, returns boolean for those who don't want to deal with catching exceptions.

Specified by:

authorizeActionBoolean in interface AuthorizeService

Parameters:

c - DSpace context, containing current user

o - DSpaceObject

a - action being attempted, from org.dspace.core.Constants

useInheritance - flag to say if ADMIN action on the current object or parent object can be used

Returns:

true if the current user in the context is authorized to perform the given action on the given object

Throws:

SQLException - An exception that provides information on a database access error or other errors.

authorizeActionBoolean

public boolean authorizeActionBoolean(Context c,
                                      EPerson e,
                                      DSpaceObject o,
                                      int a,
                                      boolean useInheritance)
                               throws SQLException

Description copied from interface: AuthorizeService

same authorize with a specif eperson (not the current user), returns boolean for those who don't want to deal with catching exceptions.

Specified by:

authorizeActionBoolean in interface AuthorizeService

Parameters:

c - DSpace context

e - EPerson to use in the check

o - DSpaceObject

a - action being attempted, from org.dspace.core.Constants

useInheritance - flag to say if ADMIN action on the current object or parent object can be used

Returns:

true if the requested user is authorized to perform the given action on the given object

Throws:

SQLException - An exception that provides information on a database access error or other errors.

authorize

protected boolean authorize(Context c,
                            DSpaceObject o,
                            int action,
                            EPerson e,
                            boolean useInheritance)
                     throws SQLException

Check to see if the given user can perform the given action on the given object. Always returns true if the ignore authorization flat is set in the current context.

Parameters:

c - current context. User is irrelevant; "ignore authorization" flag is relevant

o - object action is being attempted on

action - ID of action being attempted, from org.dspace.core.Constants

e - user attempting action

useInheritance - flag to say if ADMIN action on the current object or parent object can be used

Returns:

true if user is authorized to perform the given action, false otherwise

Throws:

SQLException - if database error

isAnyItemInstalled

protected boolean isAnyItemInstalled(Context ctx,
                                     List<Bundle> bundles)
                              throws SQLException

Throws:

SQLException

isAdmin

public boolean isAdmin(Context c,
                       DSpaceObject o)
                throws SQLException

Description copied from interface: AuthorizeService

Check to see if the current user is an Administrator of a given object within DSpace. Always return true if the user is a System Admin

Specified by:

isAdmin in interface AuthorizeService

Parameters:

c - current context

o - current DSpace Object, if null the call will be equivalent to a call to the isAdmin(Context c) method

Returns:

true if user has administrative privileges on the given DSpace object

Throws:

SQLException - An exception that provides information on a database access error or other errors.

isAdmin

public boolean isAdmin(Context c,
                       EPerson e,
                       DSpaceObject o)
                throws SQLException

Description copied from interface: AuthorizeService

Check to see if a specific user is an Administrator of a given object within DSpace. Always return true if the user is a System Admin

Specified by:

isAdmin in interface AuthorizeService

Parameters:

c - current context

e - the user to check

o - current DSpace Object, if null the call will be equivalent to a call to the isAdmin(Context c) method

Returns:

true if the user has administrative privileges on the given DSpace object

Throws:

SQLException - if database error

isAdmin

public boolean isAdmin(Context c)
                throws SQLException

Description copied from interface: AuthorizeService

Check to see if the current user is a System Admin. Always return true if c.ignoreAuthorization is set. If no EPerson is logged in and context.getCurrentUser() returns null, this method returns false as anonymous users can never be administrators.

Specified by:

isAdmin in interface AuthorizeService

Parameters:

c - current context

Returns:

true if user is an admin or ignore authorization flag set

Throws:

SQLException - An exception that provides information on a database access error or other errors.

isAdmin

public boolean isAdmin(Context c,
                       EPerson e)
                throws SQLException

Description copied from interface: AuthorizeService

Check to see if a specific user is system admin. Always return true if c.ignoreAuthorization is set.

Specified by:

isAdmin in interface AuthorizeService

Parameters:

c - current context

Returns:

true if user is an admin or ignore authorization flag set

Throws:

SQLException - if database error

addPolicy

public void addPolicy(Context c,
                      DSpaceObject o,
                      int actionID,
                      EPerson e)
               throws SQLException,
                      AuthorizeException

Description copied from interface: AuthorizeService

Add a policy for an individual eperson

Specified by:

addPolicy in interface AuthorizeService

Parameters:

c - context. Current user irrelevant

o - DSpaceObject to add policy to

actionID - ID of action from org.dspace.core.Constants

e - eperson who can perform the action

Throws:

SQLException - if database error

AuthorizeException - if current user in context is not authorized to add policies

addPolicy

public void addPolicy(Context context,
                      DSpaceObject o,
                      int actionID,
                      EPerson e,
                      String type)
               throws SQLException,
                      AuthorizeException

Description copied from interface: AuthorizeService

Add a policy for an individual eperson

Specified by:

addPolicy in interface AuthorizeService

Parameters:

context - context. Current user irrelevant

o - DSpaceObject to add policy to

actionID - ID of action from org.dspace.core.Constants

e - eperson who can perform the action

type - policy type, deafult types are declared in the ResourcePolicy class

Throws:

SQLException - if database error

AuthorizeException - if current user in context is not authorized to add policies

addPolicy

public void addPolicy(Context c,
                      DSpaceObject o,
                      int actionID,
                      Group g)
               throws SQLException,
                      AuthorizeException

Description copied from interface: AuthorizeService

Add a policy for a group

Specified by:

addPolicy in interface AuthorizeService

Parameters:

c - current context

o - object to add policy for

actionID - ID of action from org.dspace.core.Constants

g - group to add policy for

Throws:

SQLException - if there's a database problem

AuthorizeException - if the current user is not authorized to add this policy

addPolicy

public void addPolicy(Context c,
                      DSpaceObject o,
                      int actionID,
                      Group g,
                      String type)
               throws SQLException,
                      AuthorizeException

Description copied from interface: AuthorizeService

Add a policy for a group

Specified by:

addPolicy in interface AuthorizeService

Parameters:

c - current context

o - object to add policy for

actionID - ID of action from org.dspace.core.Constants

g - group to add policy for

type - policy type, deafult types are declared in the ResourcePolicy class

Throws:

SQLException - if there's a database problem

AuthorizeException - if the current user is not authorized to add this policy

getPolicies

public List<ResourcePolicy> getPolicies(Context c,
                                        DSpaceObject o)
                                 throws SQLException

Description copied from interface: AuthorizeService

Return a List of the policies for an object

Specified by:

getPolicies in interface AuthorizeService

Parameters:

c - current context

o - object to retrieve policies for

Returns:

List of ResourcePolicy objects

Throws:

SQLException - if database error

findPoliciesByDSOAndType

public List<ResourcePolicy> findPoliciesByDSOAndType(Context c,
                                                     DSpaceObject o,
                                                     String type)
                                              throws SQLException

Description copied from interface: AuthorizeService

Return a List of the policies for an object

Specified by:

findPoliciesByDSOAndType in interface AuthorizeService

Parameters:

c - current context

o - object to retrieve policies for

type - type

Returns:

List of ResourcePolicy objects

Throws:

SQLException - if database error

getPoliciesForGroup

public List<ResourcePolicy> getPoliciesForGroup(Context c,
                                                Group g)
                                         throws SQLException

Description copied from interface: AuthorizeService

Return a List of the policies for a group

Specified by:

getPoliciesForGroup in interface AuthorizeService

Parameters:

c - current context

g - group to retrieve policies for

Returns:

List of ResourcePolicy objects

Throws:

SQLException - if database error

getPoliciesActionFilter

public List<ResourcePolicy> getPoliciesActionFilter(Context c,
                                                    DSpaceObject o,
                                                    int actionID)
                                             throws SQLException

Description copied from interface: AuthorizeService

Return a list of policies for an object that match the action

Specified by:

getPoliciesActionFilter in interface AuthorizeService

Parameters:

c - context

o - DSpaceObject policies relate to

actionID - action (defined in class Constants)

Returns:

list of resource policies

Throws:

SQLException - if there's a database problem

inheritPolicies

public void inheritPolicies(Context c,
                            DSpaceObject src,
                            DSpaceObject dest)
                     throws SQLException,
                            AuthorizeException

Description copied from interface: AuthorizeService

Add policies to an object to match those from a previous object

Specified by:

inheritPolicies in interface AuthorizeService

Parameters:

c - context

src - source of policies

dest - destination of inherited policies

Throws:

SQLException - if there's a database problem

AuthorizeException - if the current user is not authorized to add these policies

switchPoliciesAction

public void switchPoliciesAction(Context context,
                                 DSpaceObject dso,
                                 int fromAction,
                                 int toAction)
                          throws SQLException,
                                 AuthorizeException

Description copied from interface: AuthorizeService

Change all the policies related to the action (fromPolicy) of the specified object to the new action (toPolicy)

Specified by:

switchPoliciesAction in interface AuthorizeService

Parameters:

context - The relevant DSpace Context.

dso - the dspace object

fromAction - the action to change

toAction - the new action to set

Throws:

SQLException - An exception that provides information on a database access error or other errors.

AuthorizeException - Exception indicating the current user of the context does not have permission to perform a particular action.

addPolicies

public void addPolicies(Context c,
                        List<ResourcePolicy> policies,
                        DSpaceObject dest)
                 throws SQLException,
                        AuthorizeException

Description copied from interface: AuthorizeService

Copies policies from a list of resource policies to a given DSpaceObject

Specified by:

addPolicies in interface AuthorizeService

Parameters:

c - DSpace context

policies - List of ResourcePolicy objects

dest - object to have policies added

Throws:

SQLException - if there's a database problem

AuthorizeException - if the current user is not authorized to add these policies

removeAllPolicies

public void removeAllPolicies(Context c,
                              DSpaceObject o)
                       throws SQLException,
                              AuthorizeException

Description copied from interface: AuthorizeService

removes ALL policies for an object. FIXME doesn't check authorization

Specified by:

removeAllPolicies in interface AuthorizeService

Parameters:

c - DSpace context

o - object to remove policies for

Throws:

SQLException - if there's a database problem

AuthorizeException - if authorization error

removeAllPoliciesByDSOAndTypeNotEqualsTo

public void removeAllPoliciesByDSOAndTypeNotEqualsTo(Context c,
                                                     DSpaceObject o,
                                                     String type)
                                              throws SQLException,
                                                     AuthorizeException

Description copied from interface: AuthorizeService

removes ALL policies for an object that are not of the input type.

Specified by:

removeAllPoliciesByDSOAndTypeNotEqualsTo in interface AuthorizeService

Parameters:

c - DSpace context

o - object to remove policies for

type - type

Throws:

SQLException - if there's a database problem

AuthorizeException - if authorization error

removeAllPoliciesByDSOAndType

public void removeAllPoliciesByDSOAndType(Context c,
                                          DSpaceObject o,
                                          String type)
                                   throws SQLException,
                                          AuthorizeException

Description copied from interface: AuthorizeService

removes policies

Specified by:

removeAllPoliciesByDSOAndType in interface AuthorizeService

Parameters:

c - DSpace context

o - object to remove policies for

type - policy type

Throws:

SQLException - if there's a database problem

AuthorizeException - if authorization error

removePoliciesActionFilter

public void removePoliciesActionFilter(Context context,
                                       DSpaceObject dso,
                                       int actionID)
                                throws SQLException,
                                       AuthorizeException

Description copied from interface: AuthorizeService

Remove all policies from an object that match a given action. FIXME doesn't check authorization

Specified by:

removePoliciesActionFilter in interface AuthorizeService

Parameters:

context - current context

dso - object to remove policies from

actionID - ID of action to match from Constants, or -1=all

Throws:

SQLException - if there's a database problem

AuthorizeException - if authorization error

removeGroupPolicies

public void removeGroupPolicies(Context c,
                                Group group)
                         throws SQLException

Description copied from interface: AuthorizeService

Removes all policies relating to a particular group. FIXME doesn't check authorization

Specified by:

removeGroupPolicies in interface AuthorizeService

Parameters:

c - current context

group - the group

Throws:

SQLException - if there's a database problem

removeGroupPolicies

public void removeGroupPolicies(Context c,
                                DSpaceObject o,
                                Group g)
                         throws SQLException,
                                AuthorizeException

Description copied from interface: AuthorizeService

Removes all policies from a group for a particular object that belong to a Group. FIXME doesn't check authorization

Specified by:

removeGroupPolicies in interface AuthorizeService

Parameters:

c - current context

o - the object

g - the group

Throws:

SQLException - if there's a database problem

AuthorizeException - if authorization error

removeEPersonPolicies

public void removeEPersonPolicies(Context c,
                                  DSpaceObject o,
                                  EPerson e)
                           throws SQLException,
                                  AuthorizeException

Description copied from interface: AuthorizeService

Removes all policies from an eperson for a particular object that belong to an EPerson. FIXME doesn't check authorization

Specified by:

removeEPersonPolicies in interface AuthorizeService

Parameters:

c - current context

o - the object

e - the eperson

Throws:

SQLException - if there's a database problem

AuthorizeException - if authorization error

removeAllEPersonPolicies

public void removeAllEPersonPolicies(Context c,
                                     EPerson e)
                              throws SQLException,
                                     AuthorizeException

Description copied from interface: AuthorizeService

Removes all policies from an eperson that belong to an EPerson.

Specified by:

removeAllEPersonPolicies in interface AuthorizeService

Parameters:

c - current context

e - the eperson

Throws:

SQLException - if there's a database problem

AuthorizeException - if authorization error

getAuthorizedGroups

public List<Group> getAuthorizedGroups(Context c,
                                       DSpaceObject o,
                                       int actionID)
                                throws SQLException

Description copied from interface: AuthorizeService

Returns all groups authorized to perform an action on an object. Returns empty array if no matches.

Specified by:

getAuthorizedGroups in interface AuthorizeService

Parameters:

c - current context

o - object

actionID - ID of action from Constants

Returns:

array of Groups that can perform the specified action on the specified object

Throws:

SQLException - if there's a database problem

isAnIdenticalPolicyAlreadyInPlace

public boolean isAnIdenticalPolicyAlreadyInPlace(Context c,
                                                 DSpaceObject o,
                                                 ResourcePolicy rp)
                                          throws SQLException

Specified by:

isAnIdenticalPolicyAlreadyInPlace in interface AuthorizeService

Throws:

SQLException

isAnIdenticalPolicyAlreadyInPlace

public boolean isAnIdenticalPolicyAlreadyInPlace(Context c,
                                                 DSpaceObject dso,
                                                 Group group,
                                                 int action,
                                                 int policyID)
                                          throws SQLException

Description copied from interface: AuthorizeService

Is a policy with the specified parameters already in place?

Specified by:

isAnIdenticalPolicyAlreadyInPlace in interface AuthorizeService

Parameters:

c - current context

dso - object

group - group

action - ID of action from Constants

policyID - ID of an existing policy. If -1 is specified, this parameter will be ignored

Returns:

true if such a policy exists, false otherwise

Throws:

SQLException - if there's a database problem

findByTypeGroupAction

public ResourcePolicy findByTypeGroupAction(Context c,
                                            DSpaceObject dso,
                                            Group group,
                                            int action)
                                     throws SQLException

Specified by:

findByTypeGroupAction in interface AuthorizeService

Throws:

SQLException

generateAutomaticPolicies

public void generateAutomaticPolicies(Context context,
                                      Date embargoDate,
                                      String reason,
                                      DSpaceObject dso,
                                      Collection owningCollection)
                               throws SQLException,
                                      AuthorizeException

Generate Policies policies READ for the date in input adding reason. New policies are assigned automatically at the groups that have right on the collection. E.g., if the anonymous can access the collection policies are assigned to anonymous.

Specified by:

generateAutomaticPolicies in interface AuthorizeService

Parameters:

context - The relevant DSpace Context.

embargoDate - embargo end date

reason - embargo reason

dso - DSpace object

owningCollection - collection to get group policies from

Throws:

SQLException - if database error

AuthorizeException - if authorization error

createResourcePolicy

public ResourcePolicy createResourcePolicy(Context context,
                                           DSpaceObject dso,
                                           Group group,
                                           EPerson eperson,
                                           int type,
                                           String rpType)
                                    throws SQLException,
                                           AuthorizeException

Specified by:

createResourcePolicy in interface AuthorizeService

Throws:

SQLException

AuthorizeException

createResourcePolicy

public ResourcePolicy createResourcePolicy(Context context,
                                           DSpaceObject dso,
                                           Group group,
                                           EPerson eperson,
                                           int type,
                                           String rpType,
                                           String rpName,
                                           String rpDescription,
                                           Date startDate,
                                           Date endDate)
                                    throws SQLException,
                                           AuthorizeException

Specified by:

createResourcePolicy in interface AuthorizeService

Throws:

SQLException

AuthorizeException

createOrModifyPolicy

public ResourcePolicy createOrModifyPolicy(ResourcePolicy policy,
                                           Context context,
                                           String name,
                                           Group group,
                                           EPerson ePerson,
                                           Date embargoDate,
                                           int action,
                                           String reason,
                                           DSpaceObject dso)
                                    throws AuthorizeException,
                                           SQLException

Specified by:

createOrModifyPolicy in interface AuthorizeService

Throws:

AuthorizeException

SQLException

getPoliciesActionFilterExceptRpType

public List<ResourcePolicy> getPoliciesActionFilterExceptRpType(Context c,
                                                                DSpaceObject o,
                                                                int actionID,
                                                                String rpType)
                                                         throws SQLException

Description copied from interface: AuthorizeService

Return a list of policies for an object that match the action except the record labeled with the rpType

Specified by:

getPoliciesActionFilterExceptRpType in interface AuthorizeService

Parameters:

c - context

o - DSpaceObject policies relate to

actionID - action (defined in class Constants)

rpType - the resource policy type

Returns:

list of resource policies

Throws:

SQLException - if there's a database problem

isCommunityAdmin

public boolean isCommunityAdmin(Context context)
                         throws SQLException

Checks that the context's current user is a community admin in the site by querying the solr database.

Specified by:

isCommunityAdmin in interface AuthorizeService

Parameters:

context - context with the current user

Returns:

true if the current user is a community admin in the site false when this is not the case, or an exception occurred

Throws:

SQLException - passed through.

isCollectionAdmin

public boolean isCollectionAdmin(Context context)
                          throws SQLException

Checks that the context's current user is a collection admin in the site by querying the solr database.

Specified by:

isCollectionAdmin in interface AuthorizeService

Parameters:

context - context with the current user

Returns:

true if the current user is a collection admin in the site false when this is not the case, or an exception occurred

Throws:

SQLException - passed through.

isComColAdmin

public boolean isComColAdmin(Context context)
                      throws SQLException

Checks that the context's current user is a community or collection admin in the site.

Specified by:

isComColAdmin in interface AuthorizeService

Parameters:

context - context with the current user

Returns:

true if the current user is a community or collection admin in the site false when this is not the case, or an exception occurred

Throws:

SQLException - passed through.

findAdminAuthorizedCommunity

public List<Community> findAdminAuthorizedCommunity(Context context,
                                                    String query,
                                                    int offset,
                                                    int limit)
                                             throws SearchServiceException,
                                                    SQLException

Finds communities for which the logged in user has ADMIN rights.

Specified by:

findAdminAuthorizedCommunity in interface AuthorizeService

Parameters:

context - the context whose user is checked against

query - the optional extra query

offset - the offset for pagination

limit - the amount of dso's to return

Returns:

a list of communities for which the logged in user has ADMIN rights.

Throws:

SearchServiceException

SQLException

countAdminAuthorizedCommunity

public long countAdminAuthorizedCommunity(Context context,
                                          String query)
                                   throws SearchServiceException,
                                          SQLException

Finds the amount of communities for which the logged in user has ADMIN rights.

Specified by:

countAdminAuthorizedCommunity in interface AuthorizeService

Parameters:

context - the context whose user is checked against

query - the optional extra query

Returns:

the number of communities for which the logged in user has ADMIN rights.

Throws:

SearchServiceException

SQLException

findAdminAuthorizedCollection

public List<Collection> findAdminAuthorizedCollection(Context context,
                                                      String query,
                                                      int offset,
                                                      int limit)
                                               throws SearchServiceException,
                                                      SQLException

Finds collections for which the logged in user has ADMIN rights.

Specified by:

findAdminAuthorizedCollection in interface AuthorizeService

Parameters:

context - the context whose user is checked against

query - the optional extra query

offset - the offset for pagination

limit - the amount of dso's to return

Returns:

a list of collections for which the logged in user has ADMIN rights.

Throws:

SearchServiceException

SQLException

countAdminAuthorizedCollection

public long countAdminAuthorizedCollection(Context context,
                                           String query)
                                    throws SearchServiceException,
                                           SQLException

Finds the amount of collections for which the logged in user has ADMIN rights.

Specified by:

countAdminAuthorizedCollection in interface AuthorizeService

Parameters:

context - the context whose user is checked against

query - the optional extra query

Returns:

the number of collections for which the logged in user has ADMIN rights.

Throws:

SearchServiceException

SQLException