org.dspace.authorize
Class AuthorizeManager

java.lang.Object
  extended by org.dspace.authorize.AuthorizeManager

public class AuthorizeManager
extends Object

AuthorizeManager handles all authorization checks for DSpace. For better security, DSpace assumes that you do not have the right to do something unless that permission is spelled out somewhere. That "somewhere" is the ResourcePolicy table. The AuthorizeManager is given a user, an object, and an action, and it then does a lookup in the ResourcePolicy table to see if there are any policies giving the user permission to do that action.

ResourcePolicies now apply to single objects (such as submit (ADD) permission to a collection.)

Note: If an eperson is a member of the administrator group (id 1), then they are automatically given permission for all requests another special group is group 0, which is anonymous - all EPeople are members of group 0.


Constructor Summary
AuthorizeManager()
           
 
Method Summary
static void addPolicies(Context c, List<ResourcePolicy> policies, DSpaceObject dest)
          Copies policies from a list of resource policies to a given DSpaceObject
static void addPolicy(Context c, DSpaceObject o, int actionID, EPerson e)
          Add a policy for an individual eperson
static void addPolicy(Context c, DSpaceObject o, int actionID, Group g)
          Add a policy for a group
static void authorizeAction(Context c, DSpaceObject o, int action)
          Checks that the context's current user can perform the given action on the given object.
static void authorizeAction(Context c, DSpaceObject o, int action, boolean useInheritance)
          Checks that the context's current user can perform the given action on the given object.
static boolean authorizeActionBoolean(Context c, DSpaceObject o, int a)
          same authorize, returns boolean for those who don't want to deal with catching exceptions.
static boolean authorizeActionBoolean(Context c, DSpaceObject o, int a, boolean useInheritance)
          same authorize, returns boolean for those who don't want to deal with catching exceptions.
static void authorizeAnyOf(Context c, DSpaceObject o, int[] actions)
          Utility method, checks that the current user of the given context can perform all of the specified actions on the given object.
static Group[] getAuthorizedGroups(Context c, DSpaceObject o, int actionID)
          Returns all groups authorized to perform an action on an object.
static List<ResourcePolicy> getPolicies(Context c, DSpaceObject o)
          Return a List of the policies for an object
static List<ResourcePolicy> getPoliciesActionFilter(Context c, DSpaceObject o, int actionID)
          Return a list of policies for an object that match the action
static List<ResourcePolicy> getPoliciesForGroup(Context c, Group g)
          Return a List of the policies for a group
static void inheritPolicies(Context c, DSpaceObject src, DSpaceObject dest)
          Add policies to an object to match those from a previous object
static boolean isAdmin(Context c)
          Check to see if the current user is a System Admin.
static boolean isAdmin(Context c, DSpaceObject o)
          Check to see if the current user is an Administrator of a given object within DSpace.
static void removeAllPolicies(Context c, DSpaceObject o)
          removes ALL policies for an object.
static void removeGroupPolicies(Context c, DSpaceObject o, Group g)
          Removes all policies from a group for a particular object that belong to a Group.
static void removeGroupPolicies(Context c, int groupID)
          Removes all policies relating to a particular group.
static void removePoliciesActionFilter(Context context, DSpaceObject dso, int actionID)
          Remove all policies from an object that match a given action.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AuthorizeManager

public AuthorizeManager()
Method Detail

authorizeAnyOf

public static void authorizeAnyOf(Context c,
                                  DSpaceObject o,
                                  int[] actions)
                           throws AuthorizeException,
                                  SQLException
Utility method, checks that the current user of the given context can perform all of the specified actions on the given object. An AuthorizeException if all the authorizations fail.

Parameters:
c - context with the current user
o - DSpace object user is attempting to perform action on
actions - array of action IDs from org.dspace.core.Constants
Throws:
AuthorizeException - if any one of the specified actions cannot be performed by the current user on the given object.
SQLException - if there's a database problem

authorizeAction

public static void authorizeAction(Context c,
                                   DSpaceObject o,
                                   int action)
                            throws AuthorizeException,
                                   SQLException
Checks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.

Parameters:
c - context
o - a DSpaceObject
action - action to perform from org.dspace.core.Constants
Throws:
AuthorizeException - if the user is denied
SQLException

authorizeAction

public static void authorizeAction(Context c,
                                   DSpaceObject o,
                                   int action,
                                   boolean useInheritance)
                            throws AuthorizeException,
                                   SQLException
Checks that the context's current user can perform the given action on the given object. Throws an exception if the user is not authorized, otherwise the method call does nothing.

Parameters:
c - context
o - a DSpaceObject
useInheritance - flag to say if ADMIN action on the current object or parent object can be used
action - action to perform from org.dspace.core.Constants
Throws:
AuthorizeException - if the user is denied
SQLException

authorizeActionBoolean

public static boolean authorizeActionBoolean(Context c,
                                             DSpaceObject o,
                                             int a)
                                      throws SQLException
same authorize, returns boolean for those who don't want to deal with catching exceptions.

Parameters:
c - DSpace context, containing current user
o - DSpaceObject
a - action being attempted, from org.dspace.core.Constants
Returns:
true if the current user in the context is authorized to perform the given action on the given object
Throws:
SQLException

authorizeActionBoolean

public static boolean authorizeActionBoolean(Context c,
                                             DSpaceObject o,
                                             int a,
                                             boolean useInheritance)
                                      throws SQLException
same authorize, returns boolean for those who don't want to deal with catching exceptions.

Parameters:
c - DSpace context, containing current user
o - DSpaceObject
a - action being attempted, from org.dspace.core.Constants
useInheritance - flag to say if ADMIN action on the current object or parent object can be used
Returns:
true if the current user in the context is authorized to perform the given action on the given object
Throws:
SQLException

isAdmin

public static boolean isAdmin(Context c,
                              DSpaceObject o)
                       throws SQLException
Check to see if the current user is an Administrator of a given object within DSpace. Always return true if the user is a System Admin

Parameters:
c - current context
o - current DSpace Object, if null the call will be equivalent to a call to the isAdmin(Context c) method
Returns:
true if user has administrative privileges on the given DSpace object
Throws:
SQLException

isAdmin

public static boolean isAdmin(Context c)
                       throws SQLException
Check to see if the current user is a System Admin. Always return true if c.ignoreAuthorization is set. Anonymous users can't be Admins (EPerson set to NULL)

Parameters:
c - current context
Returns:
true if user is an admin or ignore authorization flag set
Throws:
SQLException

addPolicy

public static void addPolicy(Context c,
                             DSpaceObject o,
                             int actionID,
                             EPerson e)
                      throws SQLException,
                             AuthorizeException
Add a policy for an individual eperson

Parameters:
c - context. Current user irrelevant
o - DSpaceObject to add policy to
actionID - ID of action from org.dspace.core.Constants
e - eperson who can perform the action
Throws:
AuthorizeException - if current user in context is not authorized to add policies
SQLException

addPolicy

public static void addPolicy(Context c,
                             DSpaceObject o,
                             int actionID,
                             Group g)
                      throws SQLException,
                             AuthorizeException
Add a policy for a group

Parameters:
c - current context
o - object to add policy for
actionID - ID of action from org.dspace.core.Constants
g - group to add policy for
Throws:
SQLException - if there's a database problem
AuthorizeException - if the current user is not authorized to add this policy

getPolicies

public static List<ResourcePolicy> getPolicies(Context c,
                                               DSpaceObject o)
                                        throws SQLException
Return a List of the policies for an object

Parameters:
c - current context
o - object to retrieve policies for
Returns:
List of ResourcePolicy objects
Throws:
SQLException

getPoliciesForGroup

public static List<ResourcePolicy> getPoliciesForGroup(Context c,
                                                       Group g)
                                                throws SQLException
Return a List of the policies for a group

Parameters:
c - current context
g - group to retrieve policies for
Returns:
List of ResourcePolicy objects
Throws:
SQLException

getPoliciesActionFilter

public static List<ResourcePolicy> getPoliciesActionFilter(Context c,
                                                           DSpaceObject o,
                                                           int actionID)
                                                    throws SQLException
Return a list of policies for an object that match the action

Parameters:
c - context
o - DSpaceObject policies relate to
actionID - action (defined in class Constants)
Throws:
SQLException - if there's a database problem

inheritPolicies

public static void inheritPolicies(Context c,
                                   DSpaceObject src,
                                   DSpaceObject dest)
                            throws SQLException,
                                   AuthorizeException
Add policies to an object to match those from a previous object

Parameters:
c - context
src - source of policies
dest - destination of inherited policies
Throws:
SQLException - if there's a database problem
AuthorizeException - if the current user is not authorized to add these policies

addPolicies

public static void addPolicies(Context c,
                               List<ResourcePolicy> policies,
                               DSpaceObject dest)
                        throws SQLException,
                               AuthorizeException
Copies policies from a list of resource policies to a given DSpaceObject

Parameters:
c - DSpace context
policies - List of ResourcePolicy objects
dest - object to have policies added
Throws:
SQLException - if there's a database problem
AuthorizeException - if the current user is not authorized to add these policies

removeAllPolicies

public static void removeAllPolicies(Context c,
                                     DSpaceObject o)
                              throws SQLException
removes ALL policies for an object. FIXME doesn't check authorization

Parameters:
c - DSpace context
o - object to remove policies for
Throws:
SQLException - if there's a database problem

removePoliciesActionFilter

public static void removePoliciesActionFilter(Context context,
                                              DSpaceObject dso,
                                              int actionID)
                                       throws SQLException
Remove all policies from an object that match a given action. FIXME doesn't check authorization

Parameters:
context - current context
dso - object to remove policies from
actionID - ID of action to match from org.dspace.core.Constants, or -1=all
Throws:
SQLException - if there's a database problem

removeGroupPolicies

public static void removeGroupPolicies(Context c,
                                       int groupID)
                                throws SQLException
Removes all policies relating to a particular group. FIXME doesn't check authorization

Parameters:
c - current context
groupID - ID of the group
Throws:
SQLException - if there's a database problem

removeGroupPolicies

public static void removeGroupPolicies(Context c,
                                       DSpaceObject o,
                                       Group g)
                                throws SQLException
Removes all policies from a group for a particular object that belong to a Group. FIXME doesn't check authorization

Parameters:
c - current context
o - the object
g - the group
Throws:
SQLException - if there's a database problem

getAuthorizedGroups

public static Group[] getAuthorizedGroups(Context c,
                                          DSpaceObject o,
                                          int actionID)
                                   throws SQLException
Returns all groups authorized to perform an action on an object. Returns empty array if no matches.

Parameters:
c - current context
o - object
actionID - ID of action frm org.dspace.core.Constants
Returns:
array of Groups that can perform the specified action on the specified object
Throws:
SQLException - if there's a database problem


Copyright © 2010 DuraSpace. All Rights Reserved.