From ee1e06af9b6e781ff3b48671f95bb9a31e647874 Mon Sep 17 00:00:00 2001 From: Georgy Litvinov Date: Thu, 12 Dec 2024 13:12:01 +0100 Subject: [PATCH] Created policy data sets for publish operations on properties by users with public role --- .../vedit/controller/BaseEditController.java | 10 --- .../vedit/controller/OperationController.java | 3 - .../template_access_allowed_property.n3 | 72 +++++++++++++++++++ 3 files changed, 72 insertions(+), 13 deletions(-) diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java index 93a27e0e97..2bd19cd68e 100644 --- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java +++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java @@ -246,12 +246,6 @@ protected static void addAccessAttributes(HttpServletRequest req, String entityU for (RoleInfo role : roles) { RoleInfo roleCopy = role.clone(); roleInfos.add(roleCopy); - if (isPublicForbiddenOperation(operation)) { - if (roleCopy.isPublic) { - roleCopy.setEnabled(false); - roleCopy.setGranted(false); - } - } } getRolePolicyInformation(entityURI, aot, namedKeys, operation, roleInfos); } @@ -359,10 +353,6 @@ protected static void addNotRelatedPropertySuppressions(HttpServletRequest req, req.setAttribute(PROPERTY_SUPPRESSIONS_NOT_RELATED, propertySuppressionsToRoles); } - static boolean isPublicForbiddenOperation(AccessOperation operation) { - return operation.equals(AccessOperation.PUBLISH); - } - public static class RoleInfo { String uri; String label; diff --git a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java index db98ba2a97..e7266b608c 100644 --- a/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java +++ b/api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java @@ -244,9 +244,6 @@ private void updateEntityPermissions(HttpServletRequest request, String entityUr String operationGroupName = ao.toString().toLowerCase(); Set selectedRoles = getSelectedRoles(request, operationGroupName); for (RoleInfo role : roles) { - if (role.isPublic() && isPublicForbiddenOperation(ao)) { - continue; - } if (selectedRoles.contains(role.getUri())) { EntityPolicyController.grantAccess(entityUri, aot, ao, role.getUri()); } else { diff --git a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 index a4f4be4415..9fd8953162 100644 --- a/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 +++ b/home/src/main/resources/rdf/accessControl/firsttime/template_access_allowed_property.n3 @@ -30,18 +30,22 @@ access:hasDataSet :CuratorDisplayFauxDataPropertyDataSet ; access:hasDataSet :AdminDisplayFauxDataPropertyDataSet ; + access:hasDataSet :PublicPublishObjectPropertyDataSet ; access:hasDataSet :EditorPublishObjectPropertyDataSet ; access:hasDataSet :CuratorPublishObjectPropertyDataSet ; access:hasDataSet :AdminPublishObjectPropertyDataSet ; + access:hasDataSet :PublicPublishDataPropertyDataSet ; access:hasDataSet :EditorPublishDataPropertyDataSet ; access:hasDataSet :CuratorPublishDataPropertyDataSet ; access:hasDataSet :AdminPublishDataPropertyDataSet ; + access:hasDataSet :PublicPublishFauxObjectPropertyDataSet ; access:hasDataSet :EditorPublishFauxObjectPropertyDataSet ; access:hasDataSet :CuratorPublishFauxObjectPropertyDataSet ; access:hasDataSet :AdminPublishFauxObjectPropertyDataSet ; + access:hasDataSet :PublicPublishFauxDataPropertyDataSet ; access:hasDataSet :EditorPublishFauxDataPropertyDataSet ; access:hasDataSet :CuratorPublishFauxDataPropertyDataSet ; access:hasDataSet :AdminPublishFauxDataPropertyDataSet ; @@ -1583,6 +1587,19 @@ ### Publish object property data sets +:PublicPublishObjectPropertyDataSet a access:DataSet ; + access:hasDataSetKey :PublicPublishObjectPropertyDataSetKey ; + access:hasRelatedValueSet access-individual:PublicRoleValueSet ; + access:hasRelatedValueSet access-individual:ObjectPropertyValueSet ; + access:hasRelatedValueSet access-individual:ObjectPropertyStatementValueSet ; + access:hasRelatedValueSet access-individual:PublishOperationValueSet ; + access:hasRelatedValueSet :PublicPublishObjectPropertyValueSet . + +:PublicPublishObjectPropertyDataSetKey a access:DataSetKey ; + access:hasKeyComponent access-individual:ObjectProperty ; + access:hasKeyComponent access-individual:PublicRoleUri ; + access:hasKeyComponent access-individual:PublishOperation . + :EditorPublishObjectPropertyDataSet a access:DataSet ; access:hasDataSetKey :EditorPublishObjectPropertyDataSetKey ; access:hasRelatedValueSet access-individual:EditorRoleValueSet ; @@ -1624,6 +1641,19 @@ ### Publish data property data sets +:PublicPublishDataPropertyDataSet a access:DataSet ; + access:hasDataSetKey :PublicPublishDataPropertyDataSetKey ; + access:hasRelatedValueSet access-individual:PublicRoleValueSet ; + access:hasRelatedValueSet access-individual:DataPropertyValueSet ; + access:hasRelatedValueSet access-individual:DataPropertyStatementValueSet ; + access:hasRelatedValueSet access-individual:PublishOperationValueSet ; + access:hasRelatedValueSet :PublicPublishDataPropertyValueSet . + +:PublicPublishDataPropertyDataSetKey a access:DataSetKey ; + access:hasKeyComponent access-individual:DataProperty ; + access:hasKeyComponent access-individual:PublicRoleUri ; + access:hasKeyComponent access-individual:PublishOperation . + :EditorPublishDataPropertyDataSet a access:DataSet ; access:hasDataSetKey :EditorPublishDataPropertyDataSetKey ; access:hasRelatedValueSet access-individual:EditorRoleValueSet ; @@ -1665,6 +1695,19 @@ ### Publish faux object property data sets +:PublicPublishFauxObjectPropertyDataSet a access:DataSet ; + access:hasDataSetKey :PublicPublishFauxObjectPropertyDataSetKey ; + access:hasRelatedValueSet access-individual:PublicRoleValueSet ; + access:hasRelatedValueSet access-individual:FauxObjectPropertyValueSet ; + access:hasRelatedValueSet access-individual:FauxObjectPropertyStatementValueSet ; + access:hasRelatedValueSet access-individual:PublishOperationValueSet ; + access:hasRelatedValueSet :PublicPublishFauxObjectPropertyValueSet . + +:PublicPublishFauxObjectPropertyDataSetKey a access:DataSetKey ; + access:hasKeyComponent access-individual:FauxObjectProperty ; + access:hasKeyComponent access-individual:PublicRoleUri ; + access:hasKeyComponent access-individual:PublishOperation . + :EditorPublishFauxObjectPropertyDataSet a access:DataSet ; access:hasDataSetKey :EditorPublishFauxObjectPropertyDataSetKey ; access:hasRelatedValueSet access-individual:EditorRoleValueSet ; @@ -1706,6 +1749,19 @@ ### Publish faux data property data sets +:PublicPublishFauxDataPropertyDataSet a access:DataSet ; + access:hasDataSetKey :PublicPublishFauxDataPropertyDataSetKey ; + access:hasRelatedValueSet access-individual:PublicRoleValueSet ; + access:hasRelatedValueSet access-individual:FauxDataPropertyValueSet ; + access:hasRelatedValueSet access-individual:FauxDataPropertyStatementValueSet ; + access:hasRelatedValueSet access-individual:PublishOperationValueSet ; + access:hasRelatedValueSet :PublicPublishFauxDataPropertyValueSet . + +:PublicPublishFauxDataPropertyDataSetKey a access:DataSetKey ; + access:hasKeyComponent access-individual:FauxDataProperty ; + access:hasKeyComponent access-individual:PublicRoleUri ; + access:hasKeyComponent access-individual:PublishOperation . + :EditorPublishFauxDataPropertyDataSet a access:DataSet ; access:hasDataSetKey :EditorPublishFauxDataPropertyDataSetKey ; access:hasRelatedValueSet access-individual:EditorRoleValueSet ; @@ -1817,18 +1873,22 @@ access:values :CuratorDisplayFauxDataPropertyValueSet ; access:values :AdminDisplayFauxDataPropertyValueSet ; + access:values :PublicPublishObjectPropertyValueSet ; access:values :EditorPublishObjectPropertyValueSet ; access:values :CuratorPublishObjectPropertyValueSet ; access:values :AdminPublishObjectPropertyValueSet ; + access:values :PublicPublishDataPropertyValueSet ; access:values :EditorPublishDataPropertyValueSet ; access:values :CuratorPublishDataPropertyValueSet ; access:values :AdminPublishDataPropertyValueSet ; + access:values :PublicPublishFauxObjectPropertyValueSet ; access:values :EditorPublishFauxObjectPropertyValueSet ; access:values :CuratorPublishFauxObjectPropertyValueSet ; access:values :AdminPublishFauxObjectPropertyValueSet ; + access:values :PublicPublishFauxDataPropertyValueSet ; access:values :EditorPublishFauxDataPropertyValueSet ; access:values :CuratorPublishFauxDataPropertyValueSet ; access:values :AdminPublishFauxDataPropertyValueSet ; @@ -1917,18 +1977,22 @@ access:values :CuratorDisplayFauxDataPropertyValueSet ; access:values :AdminDisplayFauxDataPropertyValueSet ; + access:values :PublicPublishObjectPropertyValueSet ; access:values :EditorPublishObjectPropertyValueSet ; access:values :CuratorPublishObjectPropertyValueSet ; access:values :AdminPublishObjectPropertyValueSet ; + access:values :PublicPublishDataPropertyValueSet ; access:values :EditorPublishDataPropertyValueSet ; access:values :CuratorPublishDataPropertyValueSet ; access:values :AdminPublishDataPropertyValueSet ; + access:values :PublicPublishFauxObjectPropertyValueSet ; access:values :EditorPublishFauxObjectPropertyValueSet ; access:values :CuratorPublishFauxObjectPropertyValueSet ; access:values :AdminPublishFauxObjectPropertyValueSet ; + access:values :PublicPublishFauxDataPropertyValueSet ; access:values :EditorPublishFauxDataPropertyValueSet ; access:values :CuratorPublishFauxDataPropertyValueSet ; access:values :AdminPublishFauxDataPropertyValueSet ; @@ -2139,6 +2203,8 @@ :AdminDisplayFauxDataPropertyValueSet a access:ValueSet ; access:containsElementsOfType access-individual:FauxDataProperty . +:PublicPublishObjectPropertyValueSet a access:ValueSet ; + access:containsElementsOfType access-individual:ObjectProperty . :EditorPublishObjectPropertyValueSet a access:ValueSet ; access:containsElementsOfType access-individual:ObjectProperty . :CuratorPublishObjectPropertyValueSet a access:ValueSet ; @@ -2146,6 +2212,8 @@ :AdminPublishObjectPropertyValueSet a access:ValueSet ; access:containsElementsOfType access-individual:ObjectProperty . +:PublicPublishDataPropertyValueSet a access:ValueSet ; + access:containsElementsOfType access-individual:DataProperty . :EditorPublishDataPropertyValueSet a access:ValueSet ; access:containsElementsOfType access-individual:DataProperty . :CuratorPublishDataPropertyValueSet a access:ValueSet ; @@ -2153,6 +2221,8 @@ :AdminPublishDataPropertyValueSet a access:ValueSet ; access:containsElementsOfType access-individual:DataProperty . +:PublicPublishFauxObjectPropertyValueSet a access:ValueSet ; + access:containsElementsOfType access-individual:FauxObjectProperty . :EditorPublishFauxObjectPropertyValueSet a access:ValueSet ; access:containsElementsOfType access-individual:FauxObjectProperty . :CuratorPublishFauxObjectPropertyValueSet a access:ValueSet ; @@ -2160,6 +2230,8 @@ :AdminPublishFauxObjectPropertyValueSet a access:ValueSet ; access:containsElementsOfType access-individual:FauxObjectProperty . +:PublicPublishFauxDataPropertyValueSet a access:ValueSet ; + access:containsElementsOfType access-individual:FauxDataProperty . :EditorPublishFauxDataPropertyValueSet a access:ValueSet ; access:containsElementsOfType access-individual:FauxDataProperty . :CuratorPublishFauxDataPropertyValueSet a access:ValueSet ;