Package org.dspace.authorize
Class AuthorizeServiceImpl
- java.lang.Object
-
- org.dspace.authorize.AuthorizeServiceImpl
-
- All Implemented Interfaces:
AuthorizeService
public class AuthorizeServiceImpl extends Object implements AuthorizeService
AuthorizeManager handles all authorization checks for DSpace. For better security, DSpace assumes that you do not have the right to do something unless that permission is spelled out somewhere. That "somewhere" is the ResourcePolicy table. The AuthorizeManager is given a user, an object, and an action, and it then does a lookup in the ResourcePolicy table to see if there are any policies giving the user permission to do that action.ResourcePolicies now apply to single objects (such as submit (ADD) permission to a collection.)
Note: If an eperson is a member of the administrator group (id 1), then they are automatically given permission for all requests another special group is group 0, which is anonymous - all EPeople are members of group 0.
-
-
Field Summary
Fields Modifier and Type Field Description protected BitstreamServicebitstreamServiceprotected GroupServicegroupServiceprotected ResourcePolicyServiceresourcePolicyServiceprotected ContentServiceFactoryserviceFactoryprotected WorkflowItemServiceworkflowItemServiceprotected WorkspaceItemServiceworkspaceItemService
-
Constructor Summary
Constructors Modifier Constructor Description protectedAuthorizeServiceImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidaddPolicies(Context c, List<ResourcePolicy> policies, DSpaceObject dest)Copies policies from a list of resource policies to a given DSpaceObjectvoidaddPolicy(Context c, DSpaceObject o, int actionID, EPerson e)Add a policy for an individual epersonvoidaddPolicy(Context context, DSpaceObject o, int actionID, EPerson e, String type)Add a policy for an individual epersonvoidaddPolicy(Context c, DSpaceObject o, int actionID, Group g)Add a policy for a groupvoidaddPolicy(Context c, DSpaceObject o, int actionID, Group g, String type)Add a policy for a groupprotected booleanauthorize(Context c, DSpaceObject o, int action, EPerson e, boolean useInheritance)Check to see if the given user can perform the given action on the given object.voidauthorizeAction(Context c, DSpaceObject o, int action)Checks that the context's current user can perform the given action on the given object.voidauthorizeAction(Context c, DSpaceObject o, int action, boolean useInheritance)Checks that the context's current user can perform the given action on the given object.voidauthorizeAction(Context c, EPerson e, DSpaceObject o, int action, boolean useInheritance)Checks that the specified eperson can perform the given action on the given object.booleanauthorizeActionBoolean(Context c, DSpaceObject o, int a)same authorize, returns boolean for those who don't want to deal with catching exceptions.booleanauthorizeActionBoolean(Context c, DSpaceObject o, int a, boolean useInheritance)same authorize, returns boolean for those who don't want to deal with catching exceptions.booleanauthorizeActionBoolean(Context c, EPerson e, DSpaceObject o, int a, boolean useInheritance)same authorize with a specif eperson (not the current user), returns boolean for those who don't want to deal with catching exceptions.voidauthorizeAnyOf(Context c, DSpaceObject o, int[] actions)Utility method, checks that the current user of the given context can perform all of the specified actions on the given object.longcountAdminAuthorizedCollection(Context context, String query)Finds the amount of collections for which the logged in user has ADMIN rights.longcountAdminAuthorizedCommunity(Context context, String query)Finds the amount of communities for which the logged in user has ADMIN rights.ResourcePolicycreateOrModifyPolicy(ResourcePolicy policy, Context context, String name, Group group, EPerson ePerson, Date embargoDate, int action, String reason, DSpaceObject dso)ResourcePolicycreateResourcePolicy(Context context, DSpaceObject dso, Group group, EPerson eperson, int type, String rpType)ResourcePolicycreateResourcePolicy(Context context, DSpaceObject dso, Group group, EPerson eperson, int type, String rpType, String rpName, String rpDescription, Date startDate, Date endDate)List<Collection>findAdminAuthorizedCollection(Context context, String query, int offset, int limit)Finds collections for which the logged in user has ADMIN rights.List<Community>findAdminAuthorizedCommunity(Context context, String query, int offset, int limit)Finds communities for which the logged in user has ADMIN rights.ResourcePolicyfindByTypeGroupAction(Context c, DSpaceObject dso, Group group, int action)List<ResourcePolicy>findPoliciesByDSOAndType(Context c, DSpaceObject o, String type)Return a List of the policies for an objectList<Group>getAuthorizedGroups(Context c, DSpaceObject o, int actionID)Returns all groups authorized to perform an action on an object.List<ResourcePolicy>getPolicies(Context c, DSpaceObject o)Return a List of the policies for an objectList<ResourcePolicy>getPoliciesActionFilter(Context c, DSpaceObject o, int actionID)Return a list of policies for an object that match the actionList<ResourcePolicy>getPoliciesActionFilterExceptRpType(Context c, DSpaceObject o, int actionID, String rpType)Return a list of policies for an object that match the action except the record labeled with the rpTypeList<ResourcePolicy>getPoliciesForGroup(Context c, Group g)Return a List of the policies for a groupvoidinheritPolicies(Context c, DSpaceObject src, DSpaceObject dest)Add policies to an object to match those from a previous objectbooleanisAccountManager(Context context)Returns true if the current user can manage accounts.booleanisAdmin(Context c)Check to see if the current user is a System Admin.booleanisAdmin(Context c, DSpaceObject o)Check to see if the current user is an Administrator of a given object within DSpace.booleanisAdmin(Context c, EPerson e)Check to see if a specific user is system admin.booleanisAdmin(Context c, EPerson e, DSpaceObject o)Check to see if a specific user is an Administrator of a given object within DSpace.booleanisAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject o, ResourcePolicy rp)booleanisAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject dso, Group group, int action, int policyID)Is a policy with the specified parameters already in place?protected booleanisAnyItemInstalled(Context ctx, List<Bundle> bundles)booleanisCollectionAdmin(Context context)Checks that the context's current user is a collection admin in the site by querying the solr database.booleanisComColAdmin(Context context)Checks that the context's current user is a community or collection admin in the site.booleanisCommunityAdmin(Context context)Checks that the context's current user is a community admin in the site by querying the solr database.booleanisItemAdmin(Context context)Checks that the context's current user is an item admin in the site by querying the solr database.voidremoveAllEPersonPolicies(Context c, EPerson e)Removes all policies from an eperson that belong to an EPerson.voidremoveAllPolicies(Context c, DSpaceObject o)removes ALL policies for an object.voidremoveAllPoliciesByDSOAndType(Context c, DSpaceObject o, String type)removes policiesvoidremoveAllPoliciesByDSOAndTypeNotEqualsTo(Context c, DSpaceObject o, String type)removes ALL policies for an object that are not of the input type.voidremoveEPersonPolicies(Context c, DSpaceObject o, EPerson e)Removes all policies from an eperson for a particular object that belong to an EPerson.voidremoveGroupPolicies(Context c, DSpaceObject o, Group g)Removes all policies from a group for a particular object that belong to a Group.voidremoveGroupPolicies(Context c, Group group)Removes all policies relating to a particular group.voidremovePoliciesActionFilter(Context context, DSpaceObject dso, int actionID)Remove all policies from an object that match a given action.voidreplaceAllPolicies(Context context, DSpaceObject source, DSpaceObject dest)Replace all the policies in the target object with exactly the same policies that exist in the source objectvoidswitchPoliciesAction(Context context, DSpaceObject dso, int fromAction, int toAction)Change all the policies related to the action (fromPolicy) of the specified object to the new action (toPolicy)
-
-
-
Field Detail
-
bitstreamService
@Autowired(required=true) protected BitstreamService bitstreamService
-
serviceFactory
@Autowired(required=true) protected ContentServiceFactory serviceFactory
-
groupService
@Autowired(required=true) protected GroupService groupService
-
resourcePolicyService
@Autowired(required=true) protected ResourcePolicyService resourcePolicyService
-
workspaceItemService
@Autowired(required=true) protected WorkspaceItemService workspaceItemService
-
workflowItemService
@Autowired(required=true) protected WorkflowItemService workflowItemService
-
-
Method Detail
-
authorizeAnyOf
public void authorizeAnyOf(Context c, DSpaceObject o, int[] actions) throws AuthorizeException, SQLException
Description copied from interface:AuthorizeServiceUtility method, checks that the current user of the given context can perform all of the specified actions on the given object. AnAuthorizeExceptionif all the authorizations fail.- Specified by:
authorizeAnyOfin interfaceAuthorizeService- Parameters:
c- context with the current usero- DSpace object user is attempting to perform action onactions- array of action IDs fromorg.dspace.core.Constants- Throws:
AuthorizeException- if any one of the specified actions cannot be performed by the current user on the given object.SQLException- An exception that provides information on a database access error or other errors.
-
authorizeAction
public void authorizeAction(Context c, DSpaceObject o, int action) throws AuthorizeException, SQLException
Description copied from interface:AuthorizeServiceChecks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.- Specified by:
authorizeActionin interfaceAuthorizeService- Parameters:
c- contexto- a DSpaceObjectaction- action to perform fromorg.dspace.core.Constants- Throws:
AuthorizeException- Exception indicating the current user of the context does not have permission to perform a particular action.SQLException- An exception that provides information on a database access error or other errors.
-
authorizeAction
public void authorizeAction(Context c, DSpaceObject o, int action, boolean useInheritance) throws AuthorizeException, SQLException
Description copied from interface:AuthorizeServiceChecks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.- Specified by:
authorizeActionin interfaceAuthorizeService- Parameters:
c- contexto- a DSpaceObjectaction- action to perform fromorg.dspace.core.ConstantsuseInheritance- flag to say if ADMIN action on the current object or parent object can be used- Throws:
AuthorizeException- Exception indicating the current user of the context does not have permission to perform a particular action.SQLException- An exception that provides information on a database access error or other errors.
-
authorizeAction
public void authorizeAction(Context c, EPerson e, DSpaceObject o, int action, boolean useInheritance) throws AuthorizeException, SQLException
Description copied from interface:AuthorizeServiceChecks that the specified eperson can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.- Specified by:
authorizeActionin interfaceAuthorizeService- Parameters:
c- contexte- the eperson to use for the authorization checko- a DSpaceObjectaction- action to perform fromorg.dspace.core.ConstantsuseInheritance- flag to say if ADMIN action on the current object or parent object can be used- Throws:
AuthorizeException- Exception indicating the current user of the context does not have permission to perform a particular action.SQLException- An exception that provides information on a database access error or other errors.
-
authorizeActionBoolean
public boolean authorizeActionBoolean(Context c, DSpaceObject o, int a) throws SQLException
Description copied from interface:AuthorizeServicesame authorize, returns boolean for those who don't want to deal with catching exceptions.- Specified by:
authorizeActionBooleanin interfaceAuthorizeService- Parameters:
c- DSpace context, containing current usero- DSpaceObjecta- action being attempted, fromorg.dspace.core.Constants- Returns:
trueif the current user in the context is authorized to perform the given action on the given object- Throws:
SQLException- An exception that provides information on a database access error or other errors.
-
authorizeActionBoolean
public boolean authorizeActionBoolean(Context c, DSpaceObject o, int a, boolean useInheritance) throws SQLException
Description copied from interface:AuthorizeServicesame authorize, returns boolean for those who don't want to deal with catching exceptions.- Specified by:
authorizeActionBooleanin interfaceAuthorizeService- Parameters:
c- DSpace context, containing current usero- DSpaceObjecta- action being attempted, fromorg.dspace.core.ConstantsuseInheritance- flag to say if ADMIN action on the current object or parent object can be used- Returns:
trueif the current user in the context is authorized to perform the given action on the given object- Throws:
SQLException- An exception that provides information on a database access error or other errors.
-
authorizeActionBoolean
public boolean authorizeActionBoolean(Context c, EPerson e, DSpaceObject o, int a, boolean useInheritance) throws SQLException
Description copied from interface:AuthorizeServicesame authorize with a specif eperson (not the current user), returns boolean for those who don't want to deal with catching exceptions.- Specified by:
authorizeActionBooleanin interfaceAuthorizeService- Parameters:
c- DSpace contexte- EPerson to use in the checko- DSpaceObjecta- action being attempted, fromorg.dspace.core.ConstantsuseInheritance- flag to say if ADMIN action on the current object or parent object can be used- Returns:
trueif the requested user is authorized to perform the given action on the given object- Throws:
SQLException- An exception that provides information on a database access error or other errors.
-
authorize
protected boolean authorize(Context c, DSpaceObject o, int action, EPerson e, boolean useInheritance) throws SQLException
Check to see if the given user can perform the given action on the given object. Always returns true if the ignore authorization flat is set in the current context.- Parameters:
c- current context. User is irrelevant; "ignore authorization" flag is relevanto- object action is being attempted onaction- ID of action being attempted, fromorg.dspace.core.Constantse- user attempting actionuseInheritance- flag to say if ADMIN action on the current object or parent object can be used- Returns:
trueif user is authorized to perform the given action,falseotherwise- Throws:
SQLException- if database error
-
isAnyItemInstalled
protected boolean isAnyItemInstalled(Context ctx, List<Bundle> bundles) throws SQLException
- Throws:
SQLException
-
isAdmin
public boolean isAdmin(Context c, DSpaceObject o) throws SQLException
Description copied from interface:AuthorizeServiceCheck to see if the current user is an Administrator of a given object within DSpace. Always returntrueif the user is a System Admin- Specified by:
isAdminin interfaceAuthorizeService- Parameters:
c- current contexto- current DSpace Object, ifnullthe call will be equivalent to a call to theisAdmin(Context c)method- Returns:
trueif user has administrative privileges on the given DSpace object- Throws:
SQLException- An exception that provides information on a database access error or other errors.
-
isAdmin
public boolean isAdmin(Context c, EPerson e, DSpaceObject o) throws SQLException
Description copied from interface:AuthorizeServiceCheck to see if a specific user is an Administrator of a given object within DSpace. Always returntrueif the user is a System Admin- Specified by:
isAdminin interfaceAuthorizeService- Parameters:
c- current contexte- the user to checko- current DSpace Object, ifnullthe call will be equivalent to a call to theisAdmin(Context c)method- Returns:
trueif the user has administrative privileges on the given DSpace object- Throws:
SQLException- if database error
-
isAdmin
public boolean isAdmin(Context c) throws SQLException
Description copied from interface:AuthorizeServiceCheck to see if the current user is a System Admin. Always returntrueif c.ignoreAuthorization is set. If no EPerson is logged in and context.getCurrentUser() returns null, this method returns false as anonymous users can never be administrators.- Specified by:
isAdminin interfaceAuthorizeService- Parameters:
c- current context- Returns:
trueif user is an admin or ignore authorization flag set- Throws:
SQLException- An exception that provides information on a database access error or other errors.
-
isAdmin
public boolean isAdmin(Context c, EPerson e) throws SQLException
Description copied from interface:AuthorizeServiceCheck to see if a specific user is system admin. Always returntrueif c.ignoreAuthorization is set.- Specified by:
isAdminin interfaceAuthorizeService- Parameters:
c- current context- Returns:
trueif user is an admin or ignore authorization flag set- Throws:
SQLException- if database error
-
addPolicy
public void addPolicy(Context c, DSpaceObject o, int actionID, EPerson e) throws SQLException, AuthorizeException
Description copied from interface:AuthorizeServiceAdd a policy for an individual eperson- Specified by:
addPolicyin interfaceAuthorizeService- Parameters:
c- context. Current user irrelevanto- DSpaceObject to add policy toactionID- ID of action fromorg.dspace.core.Constantse- eperson who can perform the action- Throws:
SQLException- if database errorAuthorizeException- if current user in context is not authorized to add policies
-
addPolicy
public void addPolicy(Context context, DSpaceObject o, int actionID, EPerson e, String type) throws SQLException, AuthorizeException
Description copied from interface:AuthorizeServiceAdd a policy for an individual eperson- Specified by:
addPolicyin interfaceAuthorizeService- Parameters:
context- context. Current user irrelevanto- DSpaceObject to add policy toactionID- ID of action fromorg.dspace.core.Constantse- eperson who can perform the actiontype- policy type, deafult types are declared in the ResourcePolicy class- Throws:
SQLException- if database errorAuthorizeException- if current user in context is not authorized to add policies
-
addPolicy
public void addPolicy(Context c, DSpaceObject o, int actionID, Group g) throws SQLException, AuthorizeException
Description copied from interface:AuthorizeServiceAdd a policy for a group- Specified by:
addPolicyin interfaceAuthorizeService- Parameters:
c- current contexto- object to add policy foractionID- ID of action fromorg.dspace.core.Constantsg- group to add policy for- Throws:
SQLException- if there's a database problemAuthorizeException- if the current user is not authorized to add this policy
-
addPolicy
public void addPolicy(Context c, DSpaceObject o, int actionID, Group g, String type) throws SQLException, AuthorizeException
Description copied from interface:AuthorizeServiceAdd a policy for a group- Specified by:
addPolicyin interfaceAuthorizeService- Parameters:
c- current contexto- object to add policy foractionID- ID of action fromorg.dspace.core.Constantsg- group to add policy fortype- policy type, deafult types are declared in the ResourcePolicy class- Throws:
SQLException- if there's a database problemAuthorizeException- if the current user is not authorized to add this policy
-
getPolicies
public List<ResourcePolicy> getPolicies(Context c, DSpaceObject o) throws SQLException
Description copied from interface:AuthorizeServiceReturn a List of the policies for an object- Specified by:
getPoliciesin interfaceAuthorizeService- Parameters:
c- current contexto- object to retrieve policies for- Returns:
- List of
ResourcePolicyobjects - Throws:
SQLException- if database error
-
findPoliciesByDSOAndType
public List<ResourcePolicy> findPoliciesByDSOAndType(Context c, DSpaceObject o, String type) throws SQLException
Description copied from interface:AuthorizeServiceReturn a List of the policies for an object- Specified by:
findPoliciesByDSOAndTypein interfaceAuthorizeService- Parameters:
c- current contexto- object to retrieve policies fortype- type- Returns:
- List of
ResourcePolicyobjects - Throws:
SQLException- if database error
-
getPoliciesForGroup
public List<ResourcePolicy> getPoliciesForGroup(Context c, Group g) throws SQLException
Description copied from interface:AuthorizeServiceReturn a List of the policies for a group- Specified by:
getPoliciesForGroupin interfaceAuthorizeService- Parameters:
c- current contextg- group to retrieve policies for- Returns:
- List of
ResourcePolicyobjects - Throws:
SQLException- if database error
-
getPoliciesActionFilter
public List<ResourcePolicy> getPoliciesActionFilter(Context c, DSpaceObject o, int actionID) throws SQLException
Description copied from interface:AuthorizeServiceReturn a list of policies for an object that match the action- Specified by:
getPoliciesActionFilterin interfaceAuthorizeService- Parameters:
c- contexto- DSpaceObject policies relate toactionID- action (defined in class Constants)- Returns:
- list of resource policies
- Throws:
SQLException- if there's a database problem
-
inheritPolicies
public void inheritPolicies(Context c, DSpaceObject src, DSpaceObject dest) throws SQLException, AuthorizeException
Description copied from interface:AuthorizeServiceAdd policies to an object to match those from a previous object- Specified by:
inheritPoliciesin interfaceAuthorizeService- Parameters:
c- contextsrc- source of policiesdest- destination of inherited policies- Throws:
SQLException- if there's a database problemAuthorizeException- if the current user is not authorized to add these policies
-
replaceAllPolicies
public void replaceAllPolicies(Context context, DSpaceObject source, DSpaceObject dest) throws SQLException, AuthorizeException
Description copied from interface:AuthorizeServiceReplace all the policies in the target object with exactly the same policies that exist in the source object- Specified by:
replaceAllPoliciesin interfaceAuthorizeService- Parameters:
context- DSpace Contextsource- source of policiesdest- destination of inherited policies- Throws:
SQLException- if there's a database problemAuthorizeException- if the current user is not authorized to add these policies
-
switchPoliciesAction
public void switchPoliciesAction(Context context, DSpaceObject dso, int fromAction, int toAction) throws SQLException, AuthorizeException
Description copied from interface:AuthorizeServiceChange all the policies related to the action (fromPolicy) of the specified object to the new action (toPolicy)- Specified by:
switchPoliciesActionin interfaceAuthorizeService- Parameters:
context- The relevant DSpace Context.dso- the dspace objectfromAction- the action to changetoAction- the new action to set- Throws:
SQLException- An exception that provides information on a database access error or other errors.AuthorizeException- Exception indicating the current user of the context does not have permission to perform a particular action.
-
addPolicies
public void addPolicies(Context c, List<ResourcePolicy> policies, DSpaceObject dest) throws SQLException, AuthorizeException
Description copied from interface:AuthorizeServiceCopies policies from a list of resource policies to a given DSpaceObject- Specified by:
addPoliciesin interfaceAuthorizeService- Parameters:
c- DSpace contextpolicies- List of ResourcePolicy objectsdest- object to have policies added- Throws:
SQLException- if there's a database problemAuthorizeException- if the current user is not authorized to add these policies
-
removeAllPolicies
public void removeAllPolicies(Context c, DSpaceObject o) throws SQLException, AuthorizeException
Description copied from interface:AuthorizeServiceremoves ALL policies for an object. FIXME doesn't check authorization- Specified by:
removeAllPoliciesin interfaceAuthorizeService- Parameters:
c- DSpace contexto- object to remove policies for- Throws:
SQLException- if there's a database problemAuthorizeException- if authorization error
-
removeAllPoliciesByDSOAndTypeNotEqualsTo
public void removeAllPoliciesByDSOAndTypeNotEqualsTo(Context c, DSpaceObject o, String type) throws SQLException, AuthorizeException
Description copied from interface:AuthorizeServiceremoves ALL policies for an object that are not of the input type.- Specified by:
removeAllPoliciesByDSOAndTypeNotEqualsToin interfaceAuthorizeService- Parameters:
c- DSpace contexto- object to remove policies fortype- type- Throws:
SQLException- if there's a database problemAuthorizeException- if authorization error
-
removeAllPoliciesByDSOAndType
public void removeAllPoliciesByDSOAndType(Context c, DSpaceObject o, String type) throws SQLException, AuthorizeException
Description copied from interface:AuthorizeServiceremoves policies- Specified by:
removeAllPoliciesByDSOAndTypein interfaceAuthorizeService- Parameters:
c- DSpace contexto- object to remove policies fortype- policy type- Throws:
SQLException- if there's a database problemAuthorizeException- if authorization error
-
removePoliciesActionFilter
public void removePoliciesActionFilter(Context context, DSpaceObject dso, int actionID) throws SQLException, AuthorizeException
Description copied from interface:AuthorizeServiceRemove all policies from an object that match a given action. FIXME doesn't check authorization- Specified by:
removePoliciesActionFilterin interfaceAuthorizeService- Parameters:
context- current contextdso- object to remove policies fromactionID- ID of action to match fromConstants, or -1=all- Throws:
SQLException- if there's a database problemAuthorizeException- if authorization error
-
removeGroupPolicies
public void removeGroupPolicies(Context c, Group group) throws SQLException
Description copied from interface:AuthorizeServiceRemoves all policies relating to a particular group. FIXME doesn't check authorization- Specified by:
removeGroupPoliciesin interfaceAuthorizeService- Parameters:
c- current contextgroup- the group- Throws:
SQLException- if there's a database problem
-
removeGroupPolicies
public void removeGroupPolicies(Context c, DSpaceObject o, Group g) throws SQLException, AuthorizeException
Description copied from interface:AuthorizeServiceRemoves all policies from a group for a particular object that belong to a Group. FIXME doesn't check authorization- Specified by:
removeGroupPoliciesin interfaceAuthorizeService- Parameters:
c- current contexto- the objectg- the group- Throws:
SQLException- if there's a database problemAuthorizeException- if authorization error
-
removeEPersonPolicies
public void removeEPersonPolicies(Context c, DSpaceObject o, EPerson e) throws SQLException, AuthorizeException
Description copied from interface:AuthorizeServiceRemoves all policies from an eperson for a particular object that belong to an EPerson. FIXME doesn't check authorization- Specified by:
removeEPersonPoliciesin interfaceAuthorizeService- Parameters:
c- current contexto- the objecte- the eperson- Throws:
SQLException- if there's a database problemAuthorizeException- if authorization error
-
removeAllEPersonPolicies
public void removeAllEPersonPolicies(Context c, EPerson e) throws SQLException, AuthorizeException
Description copied from interface:AuthorizeServiceRemoves all policies from an eperson that belong to an EPerson.- Specified by:
removeAllEPersonPoliciesin interfaceAuthorizeService- Parameters:
c- current contexte- the eperson- Throws:
SQLException- if there's a database problemAuthorizeException- if authorization error
-
getAuthorizedGroups
public List<Group> getAuthorizedGroups(Context c, DSpaceObject o, int actionID) throws SQLException
Description copied from interface:AuthorizeServiceReturns all groups authorized to perform an action on an object. Returns empty array if no matches.- Specified by:
getAuthorizedGroupsin interfaceAuthorizeService- Parameters:
c- current contexto- objectactionID- ID of action fromConstants- Returns:
- array of
Groupsthat can perform the specified action on the specified object - Throws:
SQLException- if there's a database problem
-
isAnIdenticalPolicyAlreadyInPlace
public boolean isAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject o, ResourcePolicy rp) throws SQLException
- Specified by:
isAnIdenticalPolicyAlreadyInPlacein interfaceAuthorizeService- Throws:
SQLException
-
isAnIdenticalPolicyAlreadyInPlace
public boolean isAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject dso, Group group, int action, int policyID) throws SQLException
Description copied from interface:AuthorizeServiceIs a policy with the specified parameters already in place?- Specified by:
isAnIdenticalPolicyAlreadyInPlacein interfaceAuthorizeService- Parameters:
c- current contextdso- objectgroup- groupaction- ID of action fromConstantspolicyID- ID of an existing policy. If -1 is specified, this parameter will be ignored- Returns:
- true if such a policy exists, false otherwise
- Throws:
SQLException- if there's a database problem
-
findByTypeGroupAction
public ResourcePolicy findByTypeGroupAction(Context c, DSpaceObject dso, Group group, int action) throws SQLException
- Specified by:
findByTypeGroupActionin interfaceAuthorizeService- Throws:
SQLException
-
createResourcePolicy
public ResourcePolicy createResourcePolicy(Context context, DSpaceObject dso, Group group, EPerson eperson, int type, String rpType) throws SQLException, AuthorizeException
- Specified by:
createResourcePolicyin interfaceAuthorizeService- Throws:
SQLExceptionAuthorizeException
-
createResourcePolicy
public ResourcePolicy createResourcePolicy(Context context, DSpaceObject dso, Group group, EPerson eperson, int type, String rpType, String rpName, String rpDescription, Date startDate, Date endDate) throws SQLException, AuthorizeException
- Specified by:
createResourcePolicyin interfaceAuthorizeService- Throws:
SQLExceptionAuthorizeException
-
createOrModifyPolicy
public ResourcePolicy createOrModifyPolicy(ResourcePolicy policy, Context context, String name, Group group, EPerson ePerson, Date embargoDate, int action, String reason, DSpaceObject dso) throws AuthorizeException, SQLException
- Specified by:
createOrModifyPolicyin interfaceAuthorizeService- Throws:
AuthorizeExceptionSQLException
-
getPoliciesActionFilterExceptRpType
public List<ResourcePolicy> getPoliciesActionFilterExceptRpType(Context c, DSpaceObject o, int actionID, String rpType) throws SQLException
Description copied from interface:AuthorizeServiceReturn a list of policies for an object that match the action except the record labeled with the rpType- Specified by:
getPoliciesActionFilterExceptRpTypein interfaceAuthorizeService- Parameters:
c- contexto- DSpaceObject policies relate toactionID- action (defined in class Constants)rpType- the resource policy type- Returns:
- list of resource policies
- Throws:
SQLException- if there's a database problem
-
isCommunityAdmin
public boolean isCommunityAdmin(Context context) throws SQLException
Checks that the context's current user is a community admin in the site by querying the solr database.- Specified by:
isCommunityAdminin interfaceAuthorizeService- Parameters:
context- context with the current user- Returns:
- true if the current user is a community admin in the site false when this is not the case, or an exception occurred
- Throws:
SQLException- passed through.
-
isCollectionAdmin
public boolean isCollectionAdmin(Context context) throws SQLException
Checks that the context's current user is a collection admin in the site by querying the solr database.- Specified by:
isCollectionAdminin interfaceAuthorizeService- Parameters:
context- context with the current user- Returns:
- true if the current user is a collection admin in the site false when this is not the case, or an exception occurred
- Throws:
SQLException- passed through.
-
isItemAdmin
public boolean isItemAdmin(Context context) throws SQLException
Checks that the context's current user is an item admin in the site by querying the solr database.- Specified by:
isItemAdminin interfaceAuthorizeService- Parameters:
context- context with the current user- Returns:
- true if the current user is an item admin in the site false when this is not the case, or an exception occurred
- Throws:
SQLException- passed through.
-
isComColAdmin
public boolean isComColAdmin(Context context) throws SQLException
Checks that the context's current user is a community or collection admin in the site.- Specified by:
isComColAdminin interfaceAuthorizeService- Parameters:
context- context with the current user- Returns:
- true if the current user is a community or collection admin in the site false when this is not the case, or an exception occurred
- Throws:
SQLException- passed through.
-
findAdminAuthorizedCommunity
public List<Community> findAdminAuthorizedCommunity(Context context, String query, int offset, int limit) throws SearchServiceException, SQLException
Finds communities for which the logged in user has ADMIN rights.- Specified by:
findAdminAuthorizedCommunityin interfaceAuthorizeService- Parameters:
context- the context whose user is checked againstquery- the optional extra queryoffset- the offset for paginationlimit- the amount of dso's to return- Returns:
- a list of communities for which the logged in user has ADMIN rights.
- Throws:
SearchServiceExceptionSQLException
-
countAdminAuthorizedCommunity
public long countAdminAuthorizedCommunity(Context context, String query) throws SearchServiceException, SQLException
Finds the amount of communities for which the logged in user has ADMIN rights.- Specified by:
countAdminAuthorizedCommunityin interfaceAuthorizeService- Parameters:
context- the context whose user is checked againstquery- the optional extra query- Returns:
- the number of communities for which the logged in user has ADMIN rights.
- Throws:
SearchServiceExceptionSQLException
-
findAdminAuthorizedCollection
public List<Collection> findAdminAuthorizedCollection(Context context, String query, int offset, int limit) throws SearchServiceException, SQLException
Finds collections for which the logged in user has ADMIN rights.- Specified by:
findAdminAuthorizedCollectionin interfaceAuthorizeService- Parameters:
context- the context whose user is checked againstquery- the optional extra queryoffset- the offset for paginationlimit- the amount of dso's to return- Returns:
- a list of collections for which the logged in user has ADMIN rights.
- Throws:
SearchServiceExceptionSQLException
-
countAdminAuthorizedCollection
public long countAdminAuthorizedCollection(Context context, String query) throws SearchServiceException, SQLException
Finds the amount of collections for which the logged in user has ADMIN rights.- Specified by:
countAdminAuthorizedCollectionin interfaceAuthorizeService- Parameters:
context- the context whose user is checked againstquery- the optional extra query- Returns:
- the number of collections for which the logged in user has ADMIN rights.
- Throws:
SearchServiceExceptionSQLException
-
isAccountManager
public boolean isAccountManager(Context context)
Description copied from interface:AuthorizeServiceReturns true if the current user can manage accounts.- Specified by:
isAccountManagerin interfaceAuthorizeService- Parameters:
context- context with the current user- Returns:
- true if the current user can manage accounts
-
-