Search in sources :

Example 1 with RoleAssignment

use of edu.unc.lib.boxc.auth.api.models.RoleAssignment in project box-c by UNC-Libraries.

the class AccessControlRetrievalController method stripUserPrefix.

// Trim user namespace off of user principals for the response
private void stripUserPrefix(List<RoleAssignment> assignments) {
    for (RoleAssignment assignment : assignments) {
        String princ = assignment.getPrincipal();
        if (princ.startsWith(USER_NAMESPACE)) {
            princ = princ.substring(USER_NAMESPACE.length());
            assignment.setPrincipal(princ);
        }
    }
}
Also used : RoleAssignment(edu.unc.lib.boxc.auth.api.models.RoleAssignment)

Example 2 with RoleAssignment

use of edu.unc.lib.boxc.auth.api.models.RoleAssignment in project box-c by UNC-Libraries.

the class AddContainerService method addContainer.

/**
 * Creates a new container as a child of the given parent using the agent principals provided.
 *
 * @param addRequest request object containing the details of the container to create
 */
public void addContainer(AddContainerRequest addRequest) {
    notNull(addRequest.getParentPid(), "A parent pid must be provided");
    notNull(addRequest.getContainerType(), "A type must be provided for the next container");
    PID parentPid = addRequest.getParentPid();
    AgentPrincipals agent = addRequest.getAgent();
    ContentContainerObject child = null;
    FedoraTransaction tx = txManager.startTransaction();
    try (Timer.Context context = timer.time()) {
        PID containerPid = PIDs.get(UUID.randomUUID().toString());
        Model containerModel = createDefaultModel();
        Resource containerResc = containerModel.createResource(containerPid.getRepositoryPath());
        containerResc.addLiteral(DcElements.title, addRequest.getLabel());
        StorageLocation storageLoc = storageLocationManager.getStorageLocation(parentPid);
        containerResc.addLiteral(Cdr.storageLocation, storageLoc.getId());
        log.debug("Adding new container to storage location {}", storageLoc.getId());
        ResourceType containerType = addRequest.getContainerType();
        // Create the appropriate container
        if (ResourceType.AdminUnit.equals(containerType)) {
            aclService.assertHasAccess("User does not have permissions to create admin units", parentPid, agent.getPrincipals(), Permission.createAdminUnit);
            child = repoObjFactory.createAdminUnit(containerPid, containerModel);
        } else if (ResourceType.Collection.equals(containerType)) {
            aclService.assertHasAccess("User does not have permissions to create collections", parentPid, agent.getPrincipals(), Permission.createCollection);
            child = repoObjFactory.createCollectionObject(containerPid, containerModel);
        } else if (ResourceType.Folder.equals(containerType)) {
            aclService.assertHasAccess("User does not have permissions to create folders", parentPid, agent.getPrincipals(), Permission.ingest);
            child = repoObjFactory.createFolderObject(containerPid, containerModel);
        } else if (ResourceType.Work.equals(containerType)) {
            aclService.assertHasAccess("User does not have permissions to create works", parentPid, agent.getPrincipals(), Permission.ingest);
            child = repoObjFactory.createWorkObject(containerPid, containerModel);
        } else {
            throw new AccessRestrictionException("User cannot add a container to object of type " + containerType);
        }
        ContentContainerObject parent = (ContentContainerObject) repoObjLoader.getRepositoryObject(parentPid);
        parent.addMember(child);
        if (addRequest.isStaffOnly() && !ResourceType.AdminUnit.equals(containerType)) {
            PatronAccessDetails accessDetails = new PatronAccessDetails();
            accessDetails.setRoles(asList(new RoleAssignment(PUBLIC_PRINC, none), new RoleAssignment(AUTHENTICATED_PRINC, none)));
            patronService.updatePatronAccess(new PatronAccessAssignmentRequest(agent, containerPid, accessDetails).withFolderCreation(true));
        } else if (ResourceType.Collection.equals(containerType)) {
            PatronAccessDetails accessDetails = new PatronAccessDetails();
            accessDetails.setRoles(asList(new RoleAssignment(PUBLIC_PRINC, canViewOriginals), new RoleAssignment(AUTHENTICATED_PRINC, canViewOriginals)));
            patronService.updatePatronAccess(new PatronAccessAssignmentRequest(agent, containerPid, accessDetails));
        }
        storeDescription(containerPid, addRequest);
        premisLoggerFactory.createPremisLogger(child).buildEvent(Premis.Creation).addImplementorAgent(AgentPids.forPerson(agent)).addEventDetail("Container added at destination " + parentPid).writeAndClose();
    } catch (Exception e) {
        tx.cancel(e);
    } finally {
        tx.close();
    }
    // Send message that the action completed
    operationsMessageSender.sendAddOperation(agent.getUsername(), Arrays.asList(parentPid), Arrays.asList(child.getPid()), null, null);
}
Also used : RoleAssignment(edu.unc.lib.boxc.auth.api.models.RoleAssignment) Resource(org.apache.jena.rdf.model.Resource) AccessRestrictionException(edu.unc.lib.boxc.auth.api.exceptions.AccessRestrictionException) PID(edu.unc.lib.boxc.model.api.ids.PID) ResourceType(edu.unc.lib.boxc.model.api.ResourceType) PatronAccessDetails(edu.unc.lib.boxc.operations.impl.acl.PatronAccessDetails) PatronAccessAssignmentRequest(edu.unc.lib.boxc.operations.impl.acl.PatronAccessAssignmentService.PatronAccessAssignmentRequest) ContentContainerObject(edu.unc.lib.boxc.model.api.objects.ContentContainerObject) AccessRestrictionException(edu.unc.lib.boxc.auth.api.exceptions.AccessRestrictionException) IOException(java.io.IOException) AgentPrincipals(edu.unc.lib.boxc.auth.api.models.AgentPrincipals) Timer(io.dropwizard.metrics5.Timer) FedoraTransaction(edu.unc.lib.boxc.fcrepo.utils.FedoraTransaction) Model(org.apache.jena.rdf.model.Model) ModelFactory.createDefaultModel(org.apache.jena.rdf.model.ModelFactory.createDefaultModel) StorageLocation(edu.unc.lib.boxc.persist.api.storage.StorageLocation)

Example 3 with RoleAssignment

use of edu.unc.lib.boxc.auth.api.models.RoleAssignment in project box-c by UNC-Libraries.

the class InheritedAclFactoryTest method patronAccessActiveEmbargo.

@Test
public void patronAccessActiveEmbargo() {
    addPidToAncestors();
    addPrincipalRoles(pid, PUBLIC_PRINC, canViewOriginals);
    addPrincipalRoles(pid, AUTHENTICATED_PRINC, canViewOriginals);
    when(objectAclFactory.getEmbargoUntil(pid)).thenReturn(getNextYear());
    List<RoleAssignment> assignments = aclFactory.getPatronAccess(pid);
    assertEquals(2, assignments.size());
    RoleAssignment assignment1 = getAssignmentByPrincipal(assignments, PUBLIC_PRINC);
    assertEquals(canViewMetadata, assignment1.getRole());
    RoleAssignment assignment2 = getAssignmentByPrincipal(assignments, AUTHENTICATED_PRINC);
    assertEquals(canViewMetadata, assignment2.getRole());
}
Also used : RoleAssignment(edu.unc.lib.boxc.auth.api.models.RoleAssignment) Test(org.junit.Test)

Example 4 with RoleAssignment

use of edu.unc.lib.boxc.auth.api.models.RoleAssignment in project box-c by UNC-Libraries.

the class ObjectACLFactoryTest method testGetStaffRolesSingleRoleValid.

@Test
public void testGetStaffRolesSingleRoleValid() {
    objResc.addLiteral(CdrAcl.canManage, MANAGE_GRP);
    List<RoleAssignment> assignments = aclFactory.getStaffRoleAssignments(pid);
    assertEquals(1, assignments.size());
    RoleAssignment assignment = assignments.get(0);
    assertEquals(pid.getId(), assignment.getAssignedTo());
    assertEquals(CdrAcl.canManage, assignment.getRole().getProperty());
    assertEquals(MANAGE_GRP, assignment.getPrincipal());
}
Also used : RoleAssignment(edu.unc.lib.boxc.auth.api.models.RoleAssignment) Test(org.junit.Test)

Example 5 with RoleAssignment

use of edu.unc.lib.boxc.auth.api.models.RoleAssignment in project box-c by UNC-Libraries.

the class ObjectACLFactoryTest method testGetStaffRolesMultipleSamePrincipalValid.

@Test
public void testGetStaffRolesMultipleSamePrincipalValid() {
    objResc.addLiteral(CdrAcl.canManage, MANAGE_GRP);
    objResc.addLiteral(CdrAcl.canAccess, MANAGE_GRP);
    List<RoleAssignment> assignments = aclFactory.getStaffRoleAssignments(pid);
    assertEquals(2, assignments.size());
    RoleAssignment assignment1 = getAssignmentByRole(assignments, CdrAcl.canManage);
    assertEquals(pid.getId(), assignment1.getAssignedTo());
    assertEquals(CdrAcl.canManage, assignment1.getRole().getProperty());
    assertEquals(MANAGE_GRP, assignment1.getPrincipal());
    RoleAssignment assignment2 = getAssignmentByRole(assignments, CdrAcl.canAccess);
    assertEquals(pid.getId(), assignment2.getAssignedTo());
    assertEquals(CdrAcl.canAccess, assignment2.getRole().getProperty());
    assertEquals(MANAGE_GRP, assignment2.getPrincipal());
}
Also used : RoleAssignment(edu.unc.lib.boxc.auth.api.models.RoleAssignment) Test(org.junit.Test)

Aggregations

RoleAssignment (edu.unc.lib.boxc.auth.api.models.RoleAssignment)113 Test (org.junit.Test)98 PID (edu.unc.lib.boxc.model.api.ids.PID)84 AdminUnit (edu.unc.lib.boxc.model.api.objects.AdminUnit)34 PatronAccessDetails (edu.unc.lib.boxc.operations.impl.acl.PatronAccessDetails)33 PatronAccessAssignmentRequest (edu.unc.lib.boxc.operations.impl.acl.PatronAccessAssignmentService.PatronAccessAssignmentRequest)23 CollectionObject (edu.unc.lib.boxc.model.api.objects.CollectionObject)21 MvcResult (org.springframework.test.web.servlet.MvcResult)19 Matchers.anyString (org.mockito.Matchers.anyString)18 HashSet (java.util.HashSet)17 AclModelBuilder (edu.unc.lib.boxc.model.fcrepo.test.AclModelBuilder)15 BulkPatronAccessDetails (edu.unc.lib.boxc.web.services.rest.modify.UpdatePatronAccessController.BulkPatronAccessDetails)12 Map (java.util.Map)10 RepositoryObject (edu.unc.lib.boxc.model.api.objects.RepositoryObject)8 AccessGroupSetImpl (edu.unc.lib.boxc.auth.fcrepo.models.AccessGroupSetImpl)7 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)7 UserRole (edu.unc.lib.boxc.auth.api.UserRole)6 AccessRestrictionException (edu.unc.lib.boxc.auth.api.exceptions.AccessRestrictionException)6 AgentPrincipals (edu.unc.lib.boxc.auth.api.models.AgentPrincipals)6 ContentObject (edu.unc.lib.boxc.model.api.objects.ContentObject)6