Package org.dspace.authorize.service

Interface AuthorizeService

All Known Implementing Classes:
AuthorizeServiceImpl
public interface AuthorizeService
AuthorizeManager handles all authorization checks for DSpace. For better security, DSpace assumes that you do not have the right to do something unless that permission is spelled out somewhere. That "somewhere" is the ResourcePolicy table. The AuthorizeManager is given a user, an object, and an action, and it then does a lookup in the ResourcePolicy table to see if there are any policies giving the user permission to do that action.

ResourcePolicies now apply to single objects (such as submit (ADD) permission to a collection.)

Note: If an eperson is a member of the administrator group, then they are automatically given permission for all requests another special group is group with name "Anonymous" - all EPeople are members of this group.

  • Method Details

    • authorizeAnyOf

      void authorizeAnyOf(Context c, DSpaceObject o, int[] actions) throws AuthorizeException, SQLException
      Utility method, checks that the current user of the given context can perform all of the specified actions on the given object. An AuthorizeException if all the authorizations fail.
      Parameters:
      c - context with the current user
      o - DSpace object user is attempting to perform action on
      actions - array of action IDs from org.dspace.core.Constants
      Throws:
      AuthorizeException - if any one of the specified actions cannot be performed by the current user on the given object.
      SQLException - An exception that provides information on a database access error or other errors.

    • authorizeAction

      void authorizeAction(Context c, DSpaceObject o, int action) throws AuthorizeException, SQLException
      Checks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.
      Parameters:
      c - context
      o - a DSpaceObject
      action - action to perform from org.dspace.core.Constants
      Throws:
      AuthorizeException - Exception indicating the current user of the context does not have permission to perform a particular action.
      SQLException - An exception that provides information on a database access error or other errors.

    • authorizeAction

      void authorizeAction(Context c, DSpaceObject o, int action, boolean useInheritance) throws AuthorizeException, SQLException
      Checks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.
      Parameters:
      c - context
      o - a DSpaceObject
      useInheritance - flag to say if ADMIN action on the current object or parent object can be used
      action - action to perform from org.dspace.core.Constants
      Throws:
      AuthorizeException - Exception indicating the current user of the context does not have permission to perform a particular action.
      SQLException - An exception that provides information on a database access error or other errors.

    • authorizeAction

      void authorizeAction(Context c, EPerson e, DSpaceObject o, int action, boolean useInheritance) throws AuthorizeException, SQLException
      Checks that the specified eperson can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.
      Parameters:
      c - context
      e - the eperson to use for the authorization check
      o - a DSpaceObject
      useInheritance - flag to say if ADMIN action on the current object or parent object can be used
      action - action to perform from org.dspace.core.Constants
      Throws:
      AuthorizeException - Exception indicating the current user of the context does not have permission to perform a particular action.
      SQLException - An exception that provides information on a database access error or other errors.

    • authorizeActionBoolean

      boolean authorizeActionBoolean(Context c, DSpaceObject o, int a) throws SQLException
      same authorize, returns boolean for those who don't want to deal with catching exceptions.
      Parameters:
      c - DSpace context, containing current user
      o - DSpaceObject
      a - action being attempted, from org.dspace.core.Constants
      Returns:
      true if the current user in the context is authorized to perform the given action on the given object
      Throws:
      SQLException - An exception that provides information on a database access error or other errors.

    • authorizeActionBoolean

      boolean authorizeActionBoolean(Context c, DSpaceObject o, int a, boolean useInheritance) throws SQLException
      same authorize, returns boolean for those who don't want to deal with catching exceptions.
      Parameters:
      c - DSpace context, containing current user
      o - DSpaceObject
      a - action being attempted, from org.dspace.core.Constants
      useInheritance - flag to say if ADMIN action on the current object or parent object can be used
      Returns:
      true if the current user in the context is authorized to perform the given action on the given object
      Throws:
      SQLException - An exception that provides information on a database access error or other errors.

    • authorizeActionBoolean

      boolean authorizeActionBoolean(Context c, EPerson e, DSpaceObject o, int a, boolean useInheritance) throws SQLException
      same authorize with a specific eperson (not the current user), returns boolean for those who don't want to deal with catching exceptions.
      Parameters:
      c - DSpace context
      e - EPerson to use in the check
      o - DSpaceObject
      a - action being attempted, from org.dspace.core.Constants
      useInheritance - flag to say if ADMIN action on the current object or parent object can be used
      Returns:
      true if the requested user is authorized to perform the given action on the given object
      Throws:
      SQLException - An exception that provides information on a database access error or other errors.

    • isAdmin

      boolean isAdmin(Context c, DSpaceObject o) throws SQLException
      Check to see if the current user is an Administrator of a given object within DSpace. Always return true if the user is a System Admin
      Parameters:
      c - current context
      o - current DSpace Object, if null the call will be equivalent to a call to the isAdmin(Context c) method
      Returns:
      true if user has administrative privileges on the given DSpace object
      Throws:
      SQLException - An exception that provides information on a database access error or other errors.

    • isAdmin

      boolean isAdmin(Context c, EPerson e, DSpaceObject o) throws SQLException
      Check to see if a specific user is an Administrator of a given object within DSpace. Always return true if the user is a System Admin
      Parameters:
      c - current context
      e - the user to check
      o - current DSpace Object, if null the call will be equivalent to a call to the isAdmin(Context c) method
      Returns:
      true if the user has administrative privileges on the given DSpace object
      Throws:
      SQLException - if database error

    • isAdmin

      boolean isAdmin(Context c) throws SQLException
      Check to see if the current user is a System Admin. Always return true if c.ignoreAuthorization is set. If no EPerson is logged in and context.getCurrentUser() returns null, this method returns false as anonymous users can never be administrators.
      Parameters:
      c - current context
      Returns:
      true if user is an admin or ignore authorization flag set
      Throws:
      SQLException - An exception that provides information on a database access error or other errors.

    • isAdmin

      boolean isAdmin(Context c, EPerson e) throws SQLException
      Check to see if a specific user is system admin. Always return true if c.ignoreAuthorization is set.
      Parameters:
      c - current context
      Returns:
      true if user is an admin or ignore authorization flag set
      Throws:
      SQLException - if database error

    • addPolicy

      void addPolicy(Context c, DSpaceObject o, int actionID, EPerson e) throws SQLException, AuthorizeException
      Add a policy for an individual eperson
      Parameters:
      c - context. Current user irrelevant
      o - DSpaceObject to add policy to
      actionID - ID of action from org.dspace.core.Constants
      e - eperson who can perform the action
      Throws:
      SQLException - if database error
      AuthorizeException - if current user in context is not authorized to add policies

    • addPolicy

      void addPolicy(Context c, DSpaceObject o, int actionID, EPerson e, String type) throws SQLException, AuthorizeException
      Add a policy for an individual eperson
      Parameters:
      c - context. Current user irrelevant
      o - DSpaceObject to add policy to
      actionID - ID of action from org.dspace.core.Constants
      e - eperson who can perform the action
      type - policy type, default types are declared in the ResourcePolicy class
      Throws:
      SQLException - if database error
      AuthorizeException - if current user in context is not authorized to add policies

    • addPolicy

      void addPolicy(Context c, DSpaceObject o, int actionID, Group g) throws SQLException, AuthorizeException
      Add a policy for a group
      Parameters:
      c - current context
      o - object to add policy for
      actionID - ID of action from org.dspace.core.Constants
      g - group to add policy for
      Throws:
      SQLException - if there's a database problem
      AuthorizeException - if the current user is not authorized to add this policy

    • addPolicy

      void addPolicy(Context c, DSpaceObject o, int actionID, Group g, String type) throws SQLException, AuthorizeException
      Add a policy for a group
      Parameters:
      c - current context
      o - object to add policy for
      actionID - ID of action from org.dspace.core.Constants
      g - group to add policy for
      type - policy type, default types are declared in the ResourcePolicy class
      Throws:
      SQLException - if there's a database problem
      AuthorizeException - if the current user is not authorized to add this policy

    • getPolicies

      List<ResourcePolicy> getPolicies(Context c, DSpaceObject o) throws SQLException
      Return a List of the policies for an object
      Parameters:
      c - current context
      o - object to retrieve policies for
      Returns:
      List of ResourcePolicy objects
      Throws:
      SQLException - if database error

    • findPoliciesByDSOAndType

      List<ResourcePolicy> findPoliciesByDSOAndType(Context c, DSpaceObject o, String type) throws SQLException
      Return a List of the policies for an object
      Parameters:
      c - current context
      o - object to retrieve policies for
      type - type
      Returns:
      List of ResourcePolicy objects
      Throws:
      SQLException - if database error

    • getPoliciesForGroup

      List<ResourcePolicy> getPoliciesForGroup(Context c, Group g) throws SQLException
      Return a List of the policies for a group
      Parameters:
      c - current context
      g - group to retrieve policies for
      Returns:
      List of ResourcePolicy objects
      Throws:
      SQLException - if database error

    • getPoliciesActionFilter

      List<ResourcePolicy> getPoliciesActionFilter(Context c, DSpaceObject o, int actionID) throws SQLException
      Return a list of policies for an object that match the action
      Parameters:
      c - context
      o - DSpaceObject policies relate to
      actionID - action (defined in class Constants)
      Returns:
      list of resource policies
      Throws:
      SQLException - if there's a database problem

    • getPoliciesActionFilterExceptRpType

      List<ResourcePolicy> getPoliciesActionFilterExceptRpType(Context c, DSpaceObject o, int actionID, String rpType) throws SQLException
      Return a list of policies for an object that match the action except the record labeled with the rpType
      Parameters:
      c - context
      o - DSpaceObject policies relate to
      actionID - action (defined in class Constants)
      rpType - the resource policy type
      Returns:
      list of resource policies
      Throws:
      SQLException - if there's a database problem

    • inheritPolicies

      void inheritPolicies(Context c, DSpaceObject src, DSpaceObject dest) throws SQLException, AuthorizeException
      Add policies to an object to match those from a previous object
      Parameters:
      c - context
      src - source of policies
      dest - destination of inherited policies
      Throws:
      SQLException - if there's a database problem
      AuthorizeException - if the current user is not authorized to add these policies

    • addPolicies

      void addPolicies(Context c, List<ResourcePolicy> policies, DSpaceObject dest) throws SQLException, AuthorizeException
      Copies policies from a list of resource policies to a given DSpaceObject
      Parameters:
      c - DSpace context
      policies - List of ResourcePolicy objects
      dest - object to have policies added
      Throws:
      SQLException - if there's a database problem
      AuthorizeException - if the current user is not authorized to add these policies

    • removeAllPolicies

      void removeAllPolicies(Context c, DSpaceObject o) throws SQLException, AuthorizeException
      removes ALL policies for an object. FIXME doesn't check authorization
      Parameters:
      c - DSpace context
      o - object to remove policies for
      Throws:
      SQLException - if there's a database problem
      AuthorizeException - if authorization error

    • removeAllPoliciesByDSOAndTypeNotEqualsTo

      void removeAllPoliciesByDSOAndTypeNotEqualsTo(Context c, DSpaceObject o, String type) throws SQLException, AuthorizeException
      removes ALL policies for an object that are not of the input type.
      Parameters:
      c - DSpace context
      o - object to remove policies for
      type - type
      Throws:
      SQLException - if there's a database problem
      AuthorizeException - if authorization error

    • removeAllPoliciesByDSOAndType

      void removeAllPoliciesByDSOAndType(Context c, DSpaceObject o, String type) throws SQLException, AuthorizeException
      removes policies
      Parameters:
      c - DSpace context
      o - object to remove policies for
      type - policy type
      Throws:
      SQLException - if there's a database problem
      AuthorizeException - if authorization error

    • removePoliciesActionFilter

      void removePoliciesActionFilter(Context context, DSpaceObject dso, int actionID) throws SQLException, AuthorizeException
      Remove all policies from an object that match a given action. FIXME doesn't check authorization
      Parameters:
      context - current context
      dso - object to remove policies from
      actionID - ID of action to match from Constants, or -1=all
      Throws:
      SQLException - if there's a database problem
      AuthorizeException - if authorization error

    • removeGroupPolicies

      void removeGroupPolicies(Context c, Group group) throws SQLException
      Removes all policies relating to a particular group. FIXME doesn't check authorization
      Parameters:
      c - current context
      group - the group
      Throws:
      SQLException - if there's a database problem

    • removeGroupPolicies

      void removeGroupPolicies(Context c, DSpaceObject o, Group g) throws SQLException, AuthorizeException
      Removes all policies from a group for a particular object that belong to a Group. FIXME doesn't check authorization
      Parameters:
      c - current context
      o - the object
      g - the group
      Throws:
      SQLException - if there's a database problem
      AuthorizeException - if authorization error

    • removeEPersonPolicies

      void removeEPersonPolicies(Context c, DSpaceObject o, EPerson e) throws SQLException, AuthorizeException
      Removes all policies from an eperson for a particular object that belong to an EPerson. FIXME doesn't check authorization
      Parameters:
      c - current context
      o - the object
      e - the eperson
      Throws:
      SQLException - if there's a database problem
      AuthorizeException - if authorization error

    • removeAllEPersonPolicies

      void removeAllEPersonPolicies(Context c, EPerson e) throws SQLException, AuthorizeException
      Removes all policies from an eperson that belong to an EPerson.
      Parameters:
      c - current context
      e - the eperson
      Throws:
      SQLException - if there's a database problem
      AuthorizeException - if authorization error

    • getAuthorizedGroups

      List<Group> getAuthorizedGroups(Context c, DSpaceObject o, int actionID) throws SQLException
      Returns all groups authorized to perform an action on an object. Returns empty array if no matches.
      Parameters:
      c - current context
      o - object
      actionID - ID of action from Constants
      Returns:
      array of Groups that can perform the specified action on the specified object
      Throws:
      SQLException - if there's a database problem

    • isAnIdenticalPolicyAlreadyInPlace

      boolean isAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject o, ResourcePolicy rp) throws SQLException
      Throws:
      SQLException

    • isAnIdenticalPolicyAlreadyInPlace

      boolean isAnIdenticalPolicyAlreadyInPlace(Context c, DSpaceObject o, Group group, int actionID, int policyID) throws SQLException
      Is a policy with the specified parameters already in place?
      Parameters:
      c - current context
      o - object
      group - group
      actionID - ID of action from Constants
      policyID - ID of an existing policy. If -1 is specified, this parameter will be ignored
      Returns:
      true if such a policy exists, false otherwise
      Throws:
      SQLException - if there's a database problem

    • findByTypeGroupAction

      ResourcePolicy findByTypeGroupAction(Context c, DSpaceObject dso, Group group, int action) throws SQLException
      Throws:
      SQLException

    • createResourcePolicy

      ResourcePolicy createResourcePolicy(Context context, DSpaceObject dso, Group group, EPerson eperson, int type, String rpType) throws SQLException, AuthorizeException
      Throws:
      SQLException
      AuthorizeException

    • createResourcePolicy

      ResourcePolicy createResourcePolicy(Context context, DSpaceObject dso, Group group, EPerson eperson, int type, String rpType, String rpName, String rpDescription, LocalDate startDate, LocalDate endDate) throws SQLException, AuthorizeException
      Throws:
      SQLException
      AuthorizeException

    • createOrModifyPolicy

      ResourcePolicy createOrModifyPolicy(ResourcePolicy policy, Context context, String name, Group group, EPerson ePerson, LocalDate embargoDate, int action, String reason, DSpaceObject dso) throws AuthorizeException, SQLException
      Throws:
      AuthorizeException
      SQLException

    • switchPoliciesAction

      void switchPoliciesAction(Context context, DSpaceObject dso, int fromAction, int toAction) throws SQLException, AuthorizeException
      Change all the policies related to the action (fromPolicy) of the specified object to the new action (toPolicy)
      Parameters:
      context - The relevant DSpace Context.
      dso - the dspace object
      fromAction - the action to change
      toAction - the new action to set
      Throws:
      SQLException - An exception that provides information on a database access error or other errors.
      AuthorizeException - Exception indicating the current user of the context does not have permission to perform a particular action.

    • isCommunityAdmin

      boolean isCommunityAdmin(Context context) throws SQLException
      Checks that the context's current user is a community admin in the site by querying the solr database.
      Parameters:
      context - context with the current user
      Returns:
      true if the current user is a community admin in the site false when this is not the case, or an exception occurred
      Throws:
      SQLException

    • isCollectionAdmin

      boolean isCollectionAdmin(Context context) throws SQLException
      Checks that the context's current user is a collection admin in the site by querying the solr database.
      Parameters:
      context - context with the current user
      Returns:
      true if the current user is a collection admin in the site false when this is not the case, or an exception occurred
      Throws:
      SQLException

    • isItemAdmin

      boolean isItemAdmin(Context context) throws SQLException
      Checks that the context's current user is an item admin in the site by querying the solr database.
      Parameters:
      context - context with the current user
      Returns:
      true if the current user is an item admin in the site false when this is not the case, or an exception occurred
      Throws:
      SQLException

    • isComColAdmin

      boolean isComColAdmin(Context context) throws SQLException
      Checks that the context's current user is a community or collection admin in the site.
      Parameters:
      context - context with the current user
      Returns:
      true if the current user is a community or collection admin in the site false when this is not the case, or an exception occurred
      Throws:
      SQLException

    • findAdminAuthorizedCommunity

      List<Community> findAdminAuthorizedCommunity(Context context, String query, int offset, int limit) throws SearchServiceException, SQLException
      Finds communities for which the current user is admin, AND which match the query.
      Parameters:
      context - context with the current user
      query - the query for which to filter the results more
      offset - used for pagination of the results
      limit - used for pagination of the results
      Returns:
      the number of matching communities
      Throws:
      SearchServiceException
      SQLException

    • countAdminAuthorizedCommunity

      long countAdminAuthorizedCommunity(Context context, String query) throws SearchServiceException, SQLException
      Counts communities for which the current user is admin, AND which match the query.
      Parameters:
      context - context with the current user
      query - the query for which to filter the results more
      Returns:
      the matching communities
      Throws:
      SearchServiceException
      SQLException

    • findAdminAuthorizedCollection

      List<Collection> findAdminAuthorizedCollection(Context context, String query, int offset, int limit) throws SearchServiceException, SQLException
      Finds collections for which the current user is admin, AND which match the query.
      Parameters:
      context - context with the current user
      query - the query for which to filter the results more
      offset - used for pagination of the results
      limit - used for pagination of the results
      Returns:
      the matching collections
      Throws:
      SearchServiceException
      SQLException

    • countAdminAuthorizedCollection

      long countAdminAuthorizedCollection(Context context, String query) throws SearchServiceException, SQLException
      Counts collections for which the current user is admin, AND which match the query.
      Parameters:
      context - context with the current user
      query - the query for which to filter the results more
      Returns:
      the number of matching collections
      Throws:
      SearchServiceException
      SQLException

    • isAccountManager

      boolean isAccountManager(Context context)
      Returns true if the current user can manage accounts.
      Parameters:
      context - context with the current user
      Returns:
      true if the current user can manage accounts

    • replaceAllPolicies

      void replaceAllPolicies(Context context, DSpaceObject source, DSpaceObject dest) throws SQLException, AuthorizeException
      Replace all the policies in the target object with exactly the same policies that exist in the source object
      Parameters:
      context - DSpace Context
      source - source of policies
      dest - destination of inherited policies
      Throws:
      SQLException - if there's a database problem
      AuthorizeException - if the current user is not authorized to add these policies