use of edu.unc.lib.boxc.auth.api.models.RoleAssignment in project box-c by UNC-Libraries.
the class AccessControlRetrievalController method stripUserPrefix.
// Trim user namespace off of user principals for the response
private void stripUserPrefix(List<RoleAssignment> assignments) {
for (RoleAssignment assignment : assignments) {
String princ = assignment.getPrincipal();
if (princ.startsWith(USER_NAMESPACE)) {
princ = princ.substring(USER_NAMESPACE.length());
assignment.setPrincipal(princ);
}
}
}
use of edu.unc.lib.boxc.auth.api.models.RoleAssignment in project box-c by UNC-Libraries.
the class AddContainerService method addContainer.
/**
* Creates a new container as a child of the given parent using the agent principals provided.
*
* @param addRequest request object containing the details of the container to create
*/
public void addContainer(AddContainerRequest addRequest) {
notNull(addRequest.getParentPid(), "A parent pid must be provided");
notNull(addRequest.getContainerType(), "A type must be provided for the next container");
PID parentPid = addRequest.getParentPid();
AgentPrincipals agent = addRequest.getAgent();
ContentContainerObject child = null;
FedoraTransaction tx = txManager.startTransaction();
try (Timer.Context context = timer.time()) {
PID containerPid = PIDs.get(UUID.randomUUID().toString());
Model containerModel = createDefaultModel();
Resource containerResc = containerModel.createResource(containerPid.getRepositoryPath());
containerResc.addLiteral(DcElements.title, addRequest.getLabel());
StorageLocation storageLoc = storageLocationManager.getStorageLocation(parentPid);
containerResc.addLiteral(Cdr.storageLocation, storageLoc.getId());
log.debug("Adding new container to storage location {}", storageLoc.getId());
ResourceType containerType = addRequest.getContainerType();
// Create the appropriate container
if (ResourceType.AdminUnit.equals(containerType)) {
aclService.assertHasAccess("User does not have permissions to create admin units", parentPid, agent.getPrincipals(), Permission.createAdminUnit);
child = repoObjFactory.createAdminUnit(containerPid, containerModel);
} else if (ResourceType.Collection.equals(containerType)) {
aclService.assertHasAccess("User does not have permissions to create collections", parentPid, agent.getPrincipals(), Permission.createCollection);
child = repoObjFactory.createCollectionObject(containerPid, containerModel);
} else if (ResourceType.Folder.equals(containerType)) {
aclService.assertHasAccess("User does not have permissions to create folders", parentPid, agent.getPrincipals(), Permission.ingest);
child = repoObjFactory.createFolderObject(containerPid, containerModel);
} else if (ResourceType.Work.equals(containerType)) {
aclService.assertHasAccess("User does not have permissions to create works", parentPid, agent.getPrincipals(), Permission.ingest);
child = repoObjFactory.createWorkObject(containerPid, containerModel);
} else {
throw new AccessRestrictionException("User cannot add a container to object of type " + containerType);
}
ContentContainerObject parent = (ContentContainerObject) repoObjLoader.getRepositoryObject(parentPid);
parent.addMember(child);
if (addRequest.isStaffOnly() && !ResourceType.AdminUnit.equals(containerType)) {
PatronAccessDetails accessDetails = new PatronAccessDetails();
accessDetails.setRoles(asList(new RoleAssignment(PUBLIC_PRINC, none), new RoleAssignment(AUTHENTICATED_PRINC, none)));
patronService.updatePatronAccess(new PatronAccessAssignmentRequest(agent, containerPid, accessDetails).withFolderCreation(true));
} else if (ResourceType.Collection.equals(containerType)) {
PatronAccessDetails accessDetails = new PatronAccessDetails();
accessDetails.setRoles(asList(new RoleAssignment(PUBLIC_PRINC, canViewOriginals), new RoleAssignment(AUTHENTICATED_PRINC, canViewOriginals)));
patronService.updatePatronAccess(new PatronAccessAssignmentRequest(agent, containerPid, accessDetails));
}
storeDescription(containerPid, addRequest);
premisLoggerFactory.createPremisLogger(child).buildEvent(Premis.Creation).addImplementorAgent(AgentPids.forPerson(agent)).addEventDetail("Container added at destination " + parentPid).writeAndClose();
} catch (Exception e) {
tx.cancel(e);
} finally {
tx.close();
}
// Send message that the action completed
operationsMessageSender.sendAddOperation(agent.getUsername(), Arrays.asList(parentPid), Arrays.asList(child.getPid()), null, null);
}
use of edu.unc.lib.boxc.auth.api.models.RoleAssignment in project box-c by UNC-Libraries.
the class InheritedAclFactoryTest method patronAccessActiveEmbargo.
@Test
public void patronAccessActiveEmbargo() {
addPidToAncestors();
addPrincipalRoles(pid, PUBLIC_PRINC, canViewOriginals);
addPrincipalRoles(pid, AUTHENTICATED_PRINC, canViewOriginals);
when(objectAclFactory.getEmbargoUntil(pid)).thenReturn(getNextYear());
List<RoleAssignment> assignments = aclFactory.getPatronAccess(pid);
assertEquals(2, assignments.size());
RoleAssignment assignment1 = getAssignmentByPrincipal(assignments, PUBLIC_PRINC);
assertEquals(canViewMetadata, assignment1.getRole());
RoleAssignment assignment2 = getAssignmentByPrincipal(assignments, AUTHENTICATED_PRINC);
assertEquals(canViewMetadata, assignment2.getRole());
}
use of edu.unc.lib.boxc.auth.api.models.RoleAssignment in project box-c by UNC-Libraries.
the class ObjectACLFactoryTest method testGetStaffRolesSingleRoleValid.
@Test
public void testGetStaffRolesSingleRoleValid() {
objResc.addLiteral(CdrAcl.canManage, MANAGE_GRP);
List<RoleAssignment> assignments = aclFactory.getStaffRoleAssignments(pid);
assertEquals(1, assignments.size());
RoleAssignment assignment = assignments.get(0);
assertEquals(pid.getId(), assignment.getAssignedTo());
assertEquals(CdrAcl.canManage, assignment.getRole().getProperty());
assertEquals(MANAGE_GRP, assignment.getPrincipal());
}
use of edu.unc.lib.boxc.auth.api.models.RoleAssignment in project box-c by UNC-Libraries.
the class ObjectACLFactoryTest method testGetStaffRolesMultipleSamePrincipalValid.
@Test
public void testGetStaffRolesMultipleSamePrincipalValid() {
objResc.addLiteral(CdrAcl.canManage, MANAGE_GRP);
objResc.addLiteral(CdrAcl.canAccess, MANAGE_GRP);
List<RoleAssignment> assignments = aclFactory.getStaffRoleAssignments(pid);
assertEquals(2, assignments.size());
RoleAssignment assignment1 = getAssignmentByRole(assignments, CdrAcl.canManage);
assertEquals(pid.getId(), assignment1.getAssignedTo());
assertEquals(CdrAcl.canManage, assignment1.getRole().getProperty());
assertEquals(MANAGE_GRP, assignment1.getPrincipal());
RoleAssignment assignment2 = getAssignmentByRole(assignments, CdrAcl.canAccess);
assertEquals(pid.getId(), assignment2.getAssignedTo());
assertEquals(CdrAcl.canAccess, assignment2.getRole().getProperty());
assertEquals(MANAGE_GRP, assignment2.getPrincipal());
}
Aggregations