Search in sources :

Example 1 with Subject

use of edu.stanford.bmir.protege.web.server.access.Subject in project webprotege by protegeproject.

the class GetAvailableProjectsHandler method execute.

@Nonnull
@Override
public GetAvailableProjectsResult execute(@Nonnull GetAvailableProjectsAction action, @Nonnull ExecutionContext executionContext) {
    UserId userId = executionContext.getUserId();
    Optional<UserActivityRecord> userActivityRecord = userActivityManager.getUserActivityRecord(executionContext.getUserId());
    Map<ProjectId, Long> lastOpenedMap = new HashMap<>();
    userActivityRecord.ifPresent(record -> record.getRecentProjects().forEach(recent -> lastOpenedMap.put(recent.getProjectId(), recent.getTimestamp())));
    List<AvailableProject> availableProjects = projectPermissionsManager.getReadableProjects(userId).stream().map(details -> {
        Subject user = forUser(userId);
        ProjectResource projectResource = new ProjectResource(details.getProjectId());
        boolean downloadable = accessManager.hasPermission(user, projectResource, DOWNLOAD_PROJECT);
        boolean trashable = details.getOwner().equals(userId) || accessManager.hasPermission(user, projectResource, MOVE_ANY_PROJECT_TO_TRASH);
        long lastOpened = lastOpenedMap.getOrDefault(details.getProjectId(), 0L);
        return new AvailableProject(details, downloadable, trashable, lastOpened);
    }).collect(toList());
    return new GetAvailableProjectsResult(availableProjects);
}
Also used : AvailableProject(edu.stanford.bmir.protege.web.shared.project.AvailableProject) UserActivityManager(edu.stanford.bmir.protege.web.server.user.UserActivityManager) ApplicationActionHandler(edu.stanford.bmir.protege.web.server.dispatch.ApplicationActionHandler) UserActivityRecord(edu.stanford.bmir.protege.web.server.user.UserActivityRecord) HashMap(java.util.HashMap) Inject(javax.inject.Inject) UserId(edu.stanford.bmir.protege.web.shared.user.UserId) AccessManager(edu.stanford.bmir.protege.web.server.access.AccessManager) DOWNLOAD_PROJECT(edu.stanford.bmir.protege.web.shared.access.BuiltInAction.DOWNLOAD_PROJECT) Map(java.util.Map) ProjectResource(edu.stanford.bmir.protege.web.server.access.ProjectResource) Nonnull(javax.annotation.Nonnull) Subject(edu.stanford.bmir.protege.web.server.access.Subject) NullValidator(edu.stanford.bmir.protege.web.server.dispatch.validators.NullValidator) Subject.forUser(edu.stanford.bmir.protege.web.server.access.Subject.forUser) RequestValidator(edu.stanford.bmir.protege.web.server.dispatch.RequestValidator) MOVE_ANY_PROJECT_TO_TRASH(edu.stanford.bmir.protege.web.shared.access.BuiltInAction.MOVE_ANY_PROJECT_TO_TRASH) ProjectPermissionsManager(edu.stanford.bmir.protege.web.server.permissions.ProjectPermissionsManager) List(java.util.List) Collectors.toList(java.util.stream.Collectors.toList) ExecutionContext(edu.stanford.bmir.protege.web.server.dispatch.ExecutionContext) Optional(java.util.Optional) GetAvailableProjectsResult(edu.stanford.bmir.protege.web.shared.project.GetAvailableProjectsResult) ProjectId(edu.stanford.bmir.protege.web.shared.project.ProjectId) RequestContext(edu.stanford.bmir.protege.web.server.dispatch.RequestContext) GetAvailableProjectsAction(edu.stanford.bmir.protege.web.shared.project.GetAvailableProjectsAction) HashMap(java.util.HashMap) ProjectId(edu.stanford.bmir.protege.web.shared.project.ProjectId) Subject(edu.stanford.bmir.protege.web.server.access.Subject) UserActivityRecord(edu.stanford.bmir.protege.web.server.user.UserActivityRecord) UserId(edu.stanford.bmir.protege.web.shared.user.UserId) GetAvailableProjectsResult(edu.stanford.bmir.protege.web.shared.project.GetAvailableProjectsResult) AvailableProject(edu.stanford.bmir.protege.web.shared.project.AvailableProject) ProjectResource(edu.stanford.bmir.protege.web.server.access.ProjectResource) Nonnull(javax.annotation.Nonnull)

Example 2 with Subject

use of edu.stanford.bmir.protege.web.server.access.Subject in project webprotege by protegeproject.

the class ProjectSharingSettingsManagerImpl method getProjectSharingSettings.

@Override
public ProjectSharingSettings getProjectSharingSettings(ProjectId projectId) {
    List<SharingSetting> sharingSettings = new ArrayList<>();
    ProjectResource projectResource = new ProjectResource(projectId);
    Collection<Subject> subjects = accessManager.getSubjectsWithAccessToResource(projectResource);
    subjects.stream().filter(s -> !s.isGuest()).filter(s -> s.getUserName().isPresent()).map(s -> UserId.getUserId(s.getUserName().get())).forEach(u -> {
        Collection<RoleId> roles = accessManager.getAssignedRoles(Subject.forUser(u), projectResource);
        Roles.toSharingPermission(roles).ifPresent(p -> sharingSettings.add(new SharingSetting(PersonId.of(u), p)));
    });
    Collection<RoleId> signedInUserRoles = accessManager.getAssignedRoles(forAnySignedInUser(), projectResource);
    Optional<SharingPermission> linkSharing = Roles.toSharingPermission(signedInUserRoles);
    return new ProjectSharingSettings(projectId, linkSharing, sharingSettings);
}
Also used : Subject(edu.stanford.bmir.protege.web.server.access.Subject) java.util(java.util) ImmutableSet(com.google.common.collect.ImmutableSet) Logger(org.slf4j.Logger) RoleId(edu.stanford.bmir.protege.web.shared.access.RoleId) Collections.emptySet(java.util.Collections.emptySet) Subject.forUser(edu.stanford.bmir.protege.web.server.access.Subject.forUser) LoggerFactory(org.slf4j.LoggerFactory) PersonId(edu.stanford.bmir.protege.web.shared.sharing.PersonId) SharingSetting(edu.stanford.bmir.protege.web.shared.sharing.SharingSetting) Inject(javax.inject.Inject) UserId(edu.stanford.bmir.protege.web.shared.user.UserId) Collectors.toMap(java.util.stream.Collectors.toMap) AccessManager(edu.stanford.bmir.protege.web.server.access.AccessManager) Subject.forAnySignedInUser(edu.stanford.bmir.protege.web.server.access.Subject.forAnySignedInUser) SharingPermission(edu.stanford.bmir.protege.web.shared.sharing.SharingPermission) HasGetUserIdByUserIdOrEmail(edu.stanford.bmir.protege.web.server.user.HasGetUserIdByUserIdOrEmail) ProjectId(edu.stanford.bmir.protege.web.shared.project.ProjectId) ProjectResource(edu.stanford.bmir.protege.web.server.access.ProjectResource) ProjectSharingSettings(edu.stanford.bmir.protege.web.shared.sharing.ProjectSharingSettings) SharingPermission(edu.stanford.bmir.protege.web.shared.sharing.SharingPermission) ProjectSharingSettings(edu.stanford.bmir.protege.web.shared.sharing.ProjectSharingSettings) SharingSetting(edu.stanford.bmir.protege.web.shared.sharing.SharingSetting) ProjectResource(edu.stanford.bmir.protege.web.server.access.ProjectResource) RoleId(edu.stanford.bmir.protege.web.shared.access.RoleId) Subject(edu.stanford.bmir.protege.web.server.access.Subject)

Example 3 with Subject

use of edu.stanford.bmir.protege.web.server.access.Subject in project webprotege by protegeproject.

the class ChangeManager method applyChanges.

/**
 * Applies ontology changes to the ontologies contained within a project.
 *
 * @param userId                     The userId of the user applying the changes.  Not {@code null}.
 * @param changeListGenerator        A generator which creates a list of changes (based on the state of the project at
 *                                   the time of change application).  The idea behind passing in a change generator is that the list of changes to
 *                                   be applied can be created based on the state of the project immediately before they are applied.  This is
 *                                   necessary where the changes depend on the structure/state of the ontology.  This method guarantees that no third
 *                                   party
 *                                   ontology changes will take place between the {@link ChangeListGenerator#generateChanges(ChangeGenerationContext)}
 *                                   method being called and the changes being applied.
 * @return A {@link ChangeApplicationResult} that describes the changes which took place an any renaminings.
 * @throws NullPointerException      if any parameters are {@code null}.
 * @throws PermissionDeniedException if the user identified by {@code userId} does not have permssion to write to
 *                                   ontologies in this project.
 */
@Override
public <R> ChangeApplicationResult<R> applyChanges(final UserId userId, final ChangeListGenerator<R> changeListGenerator) throws PermissionDeniedException {
    // noinspection ResultOfMethodCallIgnored
    checkNotNull(userId);
    // noinspection ResultOfMethodCallIgnored
    checkNotNull(changeListGenerator);
    // Final check of whether the user can actually edit the project
    Subject subject = forUser(userId);
    ProjectResource projectResource = new ProjectResource(projectId);
    if (!accessManager.hasPermission(subject, projectResource, EDIT_ONTOLOGY.getActionId())) {
        throw new PermissionDeniedException("You do not have permission to edit this project", userInSessionFactory.getUserInSession(userId));
    }
    final List<OWLOntologyChange> appliedChanges;
    final ChangeApplicationResult<R> finalResult;
    // with true entity IRIs
    try {
        // Compute the changes that need to take place.  We don't allow any other writes here because the
        // generation of the changes may depend upon the state of the project
        changeProcesssingLock.lock();
        final ChangeGenerationContext context = new ChangeGenerationContext(userId);
        OntologyChangeList<R> gen = changeListGenerator.generateChanges(context);
        // We have our changes
        List<OWLOntologyChange> changes = gen.getChanges();
        // We coin fresh entities for places where tmp: is the scheme - the name for the entity comes from
        // the fragment
        final Map<IRI, IRI> iriRenameMap = new HashMap<>();
        final ChangeSetEntityCrudSession session = getEntityCrudKitHandler().createChangeSetSession();
        Set<OWLOntologyChange> changesToRename = new HashSet<>();
        List<OWLOntologyChange> freshEntityChanges = new ArrayList<>();
        for (OWLOntologyChange change : changes) {
            for (OWLEntity entity : change.getSignature()) {
                if (DataFactory.isFreshEntity(entity)) {
                    if (entity.isOWLClass()) {
                        if (!accessManager.hasPermission(subject, projectResource, CREATE_CLASS.getActionId())) {
                            throw new PermissionDeniedException("You do not have permission to create new classes", userInSessionFactory.getUserInSession(userId));
                        }
                    } else if (entity.isOWLObjectProperty() || entity.isOWLDataProperty() || entity.isOWLAnnotationProperty()) {
                        if (!accessManager.hasPermission(subject, projectResource, CREATE_PROPERTY.getActionId())) {
                            throw new PermissionDeniedException("You do not have permission to create new properties", userInSessionFactory.getUserInSession(userId));
                        }
                    } else if (entity.isOWLNamedIndividual()) {
                        if (!accessManager.hasPermission(subject, projectResource, CREATE_INDIVIDUAL.getActionId())) {
                            throw new PermissionDeniedException("You do not have permission to create new individuals", userInSessionFactory.getUserInSession(userId));
                        }
                    } else if (entity.isOWLDatatype()) {
                        if (!accessManager.hasPermission(subject, projectResource, CREATE_DATATYPE.getActionId())) {
                            throw new PermissionDeniedException("You do not have permission to create new datatypes", userInSessionFactory.getUserInSession(userId));
                        }
                    }
                    changesToRename.add(change);
                    IRI currentIRI = entity.getIRI();
                    if (!iriRenameMap.containsKey(currentIRI)) {
                        String shortName = DataFactory.getFreshEntityShortName(entity);
                        OWLEntityCreator<? extends OWLEntity> creator = getEntityCreator(session, userId, shortName, (EntityType<? extends OWLEntity>) entity.getEntityType());
                        freshEntityChanges.addAll(creator.getChanges());
                        IRI replacementIRI = creator.getEntity().getIRI();
                        iriRenameMap.put(currentIRI, replacementIRI);
                    }
                }
            }
        }
        List<OWLOntologyChange> allChangesIncludingRenames = new ArrayList<>();
        final OWLObjectDuplicator duplicator = new OWLObjectDuplicator(dataFactory, iriRenameMap);
        for (OWLOntologyChange change : changes) {
            if (changesToRename.contains(change)) {
                OWLOntologyChange replacementChange = getRenamedChange(change, duplicator);
                allChangesIncludingRenames.add(replacementChange);
            } else {
                allChangesIncludingRenames.add(change);
            }
        }
        allChangesIncludingRenames.addAll(freshEntityChanges);
        List<OWLOntologyChange> minimisedChanges = getMinimisedChanges(allChangesIncludingRenames);
        final EventTranslatorManager eventTranslatorManager = eventTranslatorManagerProvider.get();
        eventTranslatorManager.prepareForOntologyChanges(minimisedChanges);
        // Now we do the actual changing, so we lock the project here.  No writes or reads can take place whilst
        // we apply the changes
        final Optional<Revision> revision;
        try {
            projectChangeWriteLock.lock();
            ProjectOWLOntologyManager manager = ((ProjectOWLOntologyManager) rootOntology.getOWLOntologyManager());
            List<OWLOntologyChange> effectiveChanges = getEffectiveChanges(minimisedChanges);
            manager.getDelegate().applyChanges(effectiveChanges);
            appliedChanges = effectiveChanges;
            final RenameMap renameMap = new RenameMap(iriRenameMap);
            R renamedResult = getRenamedResult(changeListGenerator, gen.getResult(), renameMap);
            finalResult = new ChangeApplicationResult<>(renamedResult, appliedChanges, renameMap);
            if (!appliedChanges.isEmpty()) {
                Revision rev = logAndBroadcastAppliedChanges(userId, changeListGenerator, finalResult);
                revision = Optional.of(rev);
                projectDetailsRepository.setModified(projectId, rev.getTimestamp(), userId);
            } else {
                revision = Optional.empty();
            }
        } finally {
            // Release for reads
            projectChangeWriteLock.unlock();
        }
        if (revision.isPresent() && !(changeListGenerator instanceof SilentChangeListGenerator)) {
            List<ProjectEvent<?>> highLevelEvents = new ArrayList<>();
            Revision rev = revision.get();
            eventTranslatorManager.translateOntologyChanges(rev, finalResult, highLevelEvents);
            if (changeListGenerator instanceof HasHighLevelEvents) {
                highLevelEvents.addAll(((HasHighLevelEvents) changeListGenerator).getHighLevelEvents());
            }
            projectEventManager.postEvents(highLevelEvents);
            projectChangedWebhookInvoker.invoke(userId, rev.getRevisionNumber(), rev.getTimestamp());
        }
    } finally {
        changeProcesssingLock.unlock();
    }
    return finalResult;
}
Also used : OWLObjectDuplicator(org.semanticweb.owlapi.util.OWLObjectDuplicator) EventTranslatorManager(edu.stanford.bmir.protege.web.server.events.EventTranslatorManager) Subject(edu.stanford.bmir.protege.web.server.access.Subject) Revision(edu.stanford.bmir.protege.web.server.revision.Revision) ProjectResource(edu.stanford.bmir.protege.web.server.access.ProjectResource) PermissionDeniedException(edu.stanford.bmir.protege.web.shared.permissions.PermissionDeniedException) RenameMap(edu.stanford.bmir.protege.web.server.owlapi.RenameMap) ProjectEvent(edu.stanford.bmir.protege.web.shared.event.ProjectEvent)

Example 4 with Subject

use of edu.stanford.bmir.protege.web.server.access.Subject in project webprotege by protegeproject.

the class ProjectSharingSettingsManagerImpl method setProjectSharingSettings.

@Override
public void setProjectSharingSettings(ProjectSharingSettings settings) {
    ProjectId projectId = settings.getProjectId();
    ProjectResource projectResource = new ProjectResource(projectId);
    // Remove existing assignments
    accessManager.getSubjectsWithAccessToResource(projectResource).forEach(subject -> accessManager.setAssignedRoles(subject, projectResource, Collections.emptySet()));
    Map<PersonId, SharingSetting> map = settings.getSharingSettings().stream().collect(toMap(SharingSetting::getPersonId, s -> s, (s1, s2) -> s1));
    Optional<SharingPermission> linkSharingPermission = settings.getLinkSharingPermission();
    linkSharingPermission.ifPresent(permission -> {
        Collection<RoleId> roleId = Roles.fromSharingPermission(permission);
        accessManager.setAssignedRoles(forAnySignedInUser(), projectResource, roleId);
    });
    if (!linkSharingPermission.isPresent()) {
        accessManager.setAssignedRoles(forAnySignedInUser(), projectResource, emptySet());
    }
    for (SharingSetting setting : map.values()) {
        PersonId personId = setting.getPersonId();
        Optional<UserId> userId = userLookup.getUserByUserIdOrEmail(personId.getId());
        if (userId.isPresent()) {
            ImmutableSet<RoleId> roles = Roles.fromSharingPermission(setting.getSharingPermission());
            accessManager.setAssignedRoles(forUser(userId.get()), projectResource, roles);
        } else {
            logger.info("User in sharing setting not found.  An email invitation needs to be sent");
        // TODO
        // We need to send the user an email invitation
        }
    }
}
Also used : Subject(edu.stanford.bmir.protege.web.server.access.Subject) java.util(java.util) ImmutableSet(com.google.common.collect.ImmutableSet) Logger(org.slf4j.Logger) RoleId(edu.stanford.bmir.protege.web.shared.access.RoleId) Collections.emptySet(java.util.Collections.emptySet) Subject.forUser(edu.stanford.bmir.protege.web.server.access.Subject.forUser) LoggerFactory(org.slf4j.LoggerFactory) PersonId(edu.stanford.bmir.protege.web.shared.sharing.PersonId) SharingSetting(edu.stanford.bmir.protege.web.shared.sharing.SharingSetting) Inject(javax.inject.Inject) UserId(edu.stanford.bmir.protege.web.shared.user.UserId) Collectors.toMap(java.util.stream.Collectors.toMap) AccessManager(edu.stanford.bmir.protege.web.server.access.AccessManager) Subject.forAnySignedInUser(edu.stanford.bmir.protege.web.server.access.Subject.forAnySignedInUser) SharingPermission(edu.stanford.bmir.protege.web.shared.sharing.SharingPermission) HasGetUserIdByUserIdOrEmail(edu.stanford.bmir.protege.web.server.user.HasGetUserIdByUserIdOrEmail) ProjectId(edu.stanford.bmir.protege.web.shared.project.ProjectId) ProjectResource(edu.stanford.bmir.protege.web.server.access.ProjectResource) ProjectSharingSettings(edu.stanford.bmir.protege.web.shared.sharing.ProjectSharingSettings) SharingPermission(edu.stanford.bmir.protege.web.shared.sharing.SharingPermission) ProjectId(edu.stanford.bmir.protege.web.shared.project.ProjectId) RoleId(edu.stanford.bmir.protege.web.shared.access.RoleId) PersonId(edu.stanford.bmir.protege.web.shared.sharing.PersonId) SharingSetting(edu.stanford.bmir.protege.web.shared.sharing.SharingSetting) UserId(edu.stanford.bmir.protege.web.shared.user.UserId) ProjectResource(edu.stanford.bmir.protege.web.server.access.ProjectResource)

Aggregations

ProjectResource (edu.stanford.bmir.protege.web.server.access.ProjectResource)4 Subject (edu.stanford.bmir.protege.web.server.access.Subject)4 AccessManager (edu.stanford.bmir.protege.web.server.access.AccessManager)3 Subject.forUser (edu.stanford.bmir.protege.web.server.access.Subject.forUser)3 ProjectId (edu.stanford.bmir.protege.web.shared.project.ProjectId)3 UserId (edu.stanford.bmir.protege.web.shared.user.UserId)3 Inject (javax.inject.Inject)3 ImmutableSet (com.google.common.collect.ImmutableSet)2 Subject.forAnySignedInUser (edu.stanford.bmir.protege.web.server.access.Subject.forAnySignedInUser)2 HasGetUserIdByUserIdOrEmail (edu.stanford.bmir.protege.web.server.user.HasGetUserIdByUserIdOrEmail)2 RoleId (edu.stanford.bmir.protege.web.shared.access.RoleId)2 PersonId (edu.stanford.bmir.protege.web.shared.sharing.PersonId)2 ProjectSharingSettings (edu.stanford.bmir.protege.web.shared.sharing.ProjectSharingSettings)2 SharingPermission (edu.stanford.bmir.protege.web.shared.sharing.SharingPermission)2 SharingSetting (edu.stanford.bmir.protege.web.shared.sharing.SharingSetting)2 java.util (java.util)2 Collections.emptySet (java.util.Collections.emptySet)2 Collectors.toMap (java.util.stream.Collectors.toMap)2 Logger (org.slf4j.Logger)2 LoggerFactory (org.slf4j.LoggerFactory)2