Examples with RoleAssignment edu.unc.lib.boxc.auth.api.models.RoleAssignment used on opensource projects

Example 1 with RoleAssignment

use of edu.unc.lib.boxc.auth.api.models.RoleAssignment in project box-c by UNC-Libraries.

the class AccessControlRetrievalController method stripUserPrefix.

// Trim user namespace off of user principals for the response
private void stripUserPrefix(List<RoleAssignment> assignments) {
    for (RoleAssignment assignment : assignments) {
        String princ = assignment.getPrincipal();
        if (princ.startsWith(USER_NAMESPACE)) {
            princ = princ.substring(USER_NAMESPACE.length());
            assignment.setPrincipal(princ);
        }
    }
}

Example 2 with RoleAssignment

use of edu.unc.lib.boxc.auth.api.models.RoleAssignment in project box-c by UNC-Libraries.

the class AddContainerService method addContainer.

/**
 * Creates a new container as a child of the given parent using the agent principals provided.
 *
 * @param addRequest request object containing the details of the container to create
 */
public void addContainer(AddContainerRequest addRequest) {
    notNull(addRequest.getParentPid(), "A parent pid must be provided");
    notNull(addRequest.getContainerType(), "A type must be provided for the next container");
    PID parentPid = addRequest.getParentPid();
    AgentPrincipals agent = addRequest.getAgent();
    ContentContainerObject child = null;
    FedoraTransaction tx = txManager.startTransaction();
    try (Timer.Context context = timer.time()) {
        PID containerPid = PIDs.get(UUID.randomUUID().toString());
        Model containerModel = createDefaultModel();
        Resource containerResc = containerModel.createResource(containerPid.getRepositoryPath());
        containerResc.addLiteral(DcElements.title, addRequest.getLabel());
        StorageLocation storageLoc = storageLocationManager.getStorageLocation(parentPid);
        containerResc.addLiteral(Cdr.storageLocation, storageLoc.getId());
        log.debug("Adding new container to storage location {}", storageLoc.getId());
        ResourceType containerType = addRequest.getContainerType();
        // Create the appropriate container
        if (ResourceType.AdminUnit.equals(containerType)) {
            aclService.assertHasAccess("User does not have permissions to create admin units", parentPid, agent.getPrincipals(), Permission.createAdminUnit);
            child = repoObjFactory.createAdminUnit(containerPid, containerModel);
        } else if (ResourceType.Collection.equals(containerType)) {
            aclService.assertHasAccess("User does not have permissions to create collections", parentPid, agent.getPrincipals(), Permission.createCollection);
            child = repoObjFactory.createCollectionObject(containerPid, containerModel);
        } else if (ResourceType.Folder.equals(containerType)) {
            aclService.assertHasAccess("User does not have permissions to create folders", parentPid, agent.getPrincipals(), Permission.ingest);
            child = repoObjFactory.createFolderObject(containerPid, containerModel);
        } else if (ResourceType.Work.equals(containerType)) {
            aclService.assertHasAccess("User does not have permissions to create works", parentPid, agent.getPrincipals(), Permission.ingest);
            child = repoObjFactory.createWorkObject(containerPid, containerModel);
        } else {
            throw new AccessRestrictionException("User cannot add a container to object of type " + containerType);
        }
        ContentContainerObject parent = (ContentContainerObject) repoObjLoader.getRepositoryObject(parentPid);
        parent.addMember(child);
        if (addRequest.isStaffOnly() && !ResourceType.AdminUnit.equals(containerType)) {
            PatronAccessDetails accessDetails = new PatronAccessDetails();
            accessDetails.setRoles(asList(new RoleAssignment(PUBLIC_PRINC, none), new RoleAssignment(AUTHENTICATED_PRINC, none)));
            patronService.updatePatronAccess(new PatronAccessAssignmentRequest(agent, containerPid, accessDetails).withFolderCreation(true));
        } else if (ResourceType.Collection.equals(containerType)) {
            PatronAccessDetails accessDetails = new PatronAccessDetails();
            accessDetails.setRoles(asList(new RoleAssignment(PUBLIC_PRINC, canViewOriginals), new RoleAssignment(AUTHENTICATED_PRINC, canViewOriginals)));
            patronService.updatePatronAccess(new PatronAccessAssignmentRequest(agent, containerPid, accessDetails));
        }
        storeDescription(containerPid, addRequest);
        premisLoggerFactory.createPremisLogger(child).buildEvent(Premis.Creation).addImplementorAgent(AgentPids.forPerson(agent)).addEventDetail("Container added at destination " + parentPid).writeAndClose();
    } catch (Exception e) {
        tx.cancel(e);
    } finally {
        tx.close();
    }
    // Send message that the action completed
    operationsMessageSender.sendAddOperation(agent.getUsername(), Arrays.asList(parentPid), Arrays.asList(child.getPid()), null, null);
}

Example 3 with RoleAssignment

use of edu.unc.lib.boxc.auth.api.models.RoleAssignment in project box-c by UNC-Libraries.

the class InheritedAclFactoryTest method patronAccessActiveEmbargo.

@Test
public void patronAccessActiveEmbargo() {
    addPidToAncestors();
    addPrincipalRoles(pid, PUBLIC_PRINC, canViewOriginals);
    addPrincipalRoles(pid, AUTHENTICATED_PRINC, canViewOriginals);
    when(objectAclFactory.getEmbargoUntil(pid)).thenReturn(getNextYear());
    List<RoleAssignment> assignments = aclFactory.getPatronAccess(pid);
    assertEquals(2, assignments.size());
    RoleAssignment assignment1 = getAssignmentByPrincipal(assignments, PUBLIC_PRINC);
    assertEquals(canViewMetadata, assignment1.getRole());
    RoleAssignment assignment2 = getAssignmentByPrincipal(assignments, AUTHENTICATED_PRINC);
    assertEquals(canViewMetadata, assignment2.getRole());
}

Example 4 with RoleAssignment

use of edu.unc.lib.boxc.auth.api.models.RoleAssignment in project box-c by UNC-Libraries.

the class ObjectACLFactoryTest method testGetStaffRolesSingleRoleValid.

@Test
public void testGetStaffRolesSingleRoleValid() {
    objResc.addLiteral(CdrAcl.canManage, MANAGE_GRP);
    List<RoleAssignment> assignments = aclFactory.getStaffRoleAssignments(pid);
    assertEquals(1, assignments.size());
    RoleAssignment assignment = assignments.get(0);
    assertEquals(pid.getId(), assignment.getAssignedTo());
    assertEquals(CdrAcl.canManage, assignment.getRole().getProperty());
    assertEquals(MANAGE_GRP, assignment.getPrincipal());
}

Example 5 with RoleAssignment

use of edu.unc.lib.boxc.auth.api.models.RoleAssignment in project box-c by UNC-Libraries.

the class ObjectACLFactoryTest method testGetStaffRolesMultipleSamePrincipalValid.

@Test
public void testGetStaffRolesMultipleSamePrincipalValid() {
    objResc.addLiteral(CdrAcl.canManage, MANAGE_GRP);
    objResc.addLiteral(CdrAcl.canAccess, MANAGE_GRP);
    List<RoleAssignment> assignments = aclFactory.getStaffRoleAssignments(pid);
    assertEquals(2, assignments.size());
    RoleAssignment assignment1 = getAssignmentByRole(assignments, CdrAcl.canManage);
    assertEquals(pid.getId(), assignment1.getAssignedTo());
    assertEquals(CdrAcl.canManage, assignment1.getRole().getProperty());
    assertEquals(MANAGE_GRP, assignment1.getPrincipal());
    RoleAssignment assignment2 = getAssignmentByRole(assignments, CdrAcl.canAccess);
    assertEquals(pid.getId(), assignment2.getAssignedTo());
    assertEquals(CdrAcl.canAccess, assignment2.getRole().getProperty());
    assertEquals(MANAGE_GRP, assignment2.getPrincipal());
}