Skip to content

Commit

Permalink
Merge pull request DSpace#9502 from atmire/w2p-106812_enforce-resourc…
Browse files Browse the repository at this point in the history 
…e-policies-to-have-group-or-eperson_dspace-8.0

Enforce resource policies to have group or eperson (DSpace 8)
  • Loading branch information
@tdonohue
tdonohue authored May 3, 2024
2 parents a0b59b7 + 8906f25 commit ff36610
Show file tree
Hide file tree
Showing 41 changed files with 702 additions and 680 deletions.
3 changes: 1 addition & 2 deletions dspace-api/src/main/java/org/dspace/app/itemimport/ItemImportServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1816,11 +1816,10 @@ protected void setPermission(Context c, Group g, String rpType, int actionID, Bi
authorizeService.removeAllPolicies(c, bs);

// add the policy
ResourcePolicy rp = resourcePolicyService.create(c);
ResourcePolicy rp = resourcePolicyService.create(c, null, g);

rp.setdSpaceObject(bs);
rp.setAction(actionID);
rp.setGroup(g);
rp.setRpType(rpType);

resourcePolicyService.update(c, rp);
Expand Down
8 changes: 2 additions & 6 deletions dspace-api/src/main/java/org/dspace/authorize/AuthorizeServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -550,13 +550,11 @@ public void addPolicies(Context c, List<ResourcePolicy> policies, DSpaceObject d
List<ResourcePolicy> newPolicies = new ArrayList<>(policies.size());

for (ResourcePolicy srp : policies) {
ResourcePolicy rp = resourcePolicyService.create(c);
ResourcePolicy rp = resourcePolicyService.create(c, srp.getEPerson(), srp.getGroup());

// copy over values
rp.setdSpaceObject(dest);
rp.setAction(srp.getAction());
rp.setEPerson(srp.getEPerson());
rp.setGroup(srp.getGroup());
rp.setStartDate(srp.getStartDate());
rp.setEndDate(srp.getEndDate());
rp.setRpName(srp.getRpName());
Expand Down Expand Up @@ -670,11 +668,9 @@ public ResourcePolicy createResourcePolicy(Context context, DSpaceObject dso, Gr
"We need at least an eperson or a group in order to create a resource policy.");
}

ResourcePolicy myPolicy = resourcePolicyService.create(context);
ResourcePolicy myPolicy = resourcePolicyService.create(context, eperson, group);
myPolicy.setdSpaceObject(dso);
myPolicy.setAction(type);
myPolicy.setGroup(group);
myPolicy.setEPerson(eperson);
myPolicy.setRpType(rpType);
myPolicy.setRpName(rpName);
myPolicy.setRpDescription(rpDescription);
Expand Down
3 changes: 1 addition & 2 deletions dspace-api/src/main/java/org/dspace/authorize/FixDefaultPolicies.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,10 +126,9 @@ private static void addAnonymousPolicy(Context c, DSpaceObject t,

// now create the default policies for submitted items
ResourcePolicyService resourcePolicyService = AuthorizeServiceFactory.getInstance().getResourcePolicyService();
ResourcePolicy myPolicy = resourcePolicyService.create(c);
ResourcePolicy myPolicy = resourcePolicyService.create(c, null, anonymousGroup);
myPolicy.setdSpaceObject(t);
myPolicy.setAction(myaction);
myPolicy.setGroup(anonymousGroup);
resourcePolicyService.update(c, myPolicy);
}
}
9 changes: 3 additions & 6 deletions dspace-api/src/main/java/org/dspace/authorize/PolicySet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -229,11 +229,10 @@ public static void setPoliciesFilter(Context c, int containerType,
// before create a new policy check if an identical policy is already in place
if (!authorizeService.isAnIdenticalPolicyAlreadyInPlace(c, myitem, group, actionID, -1)) {
// now add the policy
ResourcePolicy rp = resourcePolicyService.create(c);
ResourcePolicy rp = resourcePolicyService.create(c, null, group);

rp.setdSpaceObject(myitem);
rp.setAction(actionID);
rp.setGroup(group);

rp.setRpName(name);
rp.setRpDescription(description);
Expand Down Expand Up @@ -262,11 +261,10 @@ public static void setPoliciesFilter(Context c, int containerType,
// before create a new policy check if an identical policy is already in place
if (!authorizeService.isAnIdenticalPolicyAlreadyInPlace(c, bundle, group, actionID, -1)) {
// now add the policy
ResourcePolicy rp = resourcePolicyService.create(c);
ResourcePolicy rp = resourcePolicyService.create(c, null, group);

rp.setdSpaceObject(bundle);
rp.setAction(actionID);
rp.setGroup(group);

rp.setRpName(name);
rp.setRpDescription(description);
Expand Down Expand Up @@ -305,11 +303,10 @@ public static void setPoliciesFilter(Context c, int containerType,
if (!authorizeService
.isAnIdenticalPolicyAlreadyInPlace(c, bitstream, group, actionID, -1)) {
// now add the policy
ResourcePolicy rp = resourcePolicyService.create(c);
ResourcePolicy rp = resourcePolicyService.create(c, null, group);

rp.setdSpaceObject(bitstream);
rp.setAction(actionID);
rp.setGroup(group);

rp.setRpName(name);
rp.setRpDescription(description);
Expand Down
16 changes: 11 additions & 5 deletions dspace-api/src/main/java/org/dspace/authorize/ResourcePolicyServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,14 +71,22 @@ public ResourcePolicy find(Context context, int id) throws SQLException {
* Create a new ResourcePolicy
*
* @param context DSpace context object
* @param ePerson
* @param group
* @return ResourcePolicy
* @throws SQLException if database error
*/
@Override
public ResourcePolicy create(Context context) throws SQLException {
public ResourcePolicy create(Context context, EPerson ePerson, Group group) throws SQLException {
// FIXME: Check authorisation
// Create a table row
ResourcePolicy resourcePolicy = resourcePolicyDAO.create(context, new ResourcePolicy());
ResourcePolicy policyToBeCreated = new ResourcePolicy();
if (ePerson == null && group == null) {
throw new IllegalArgumentException("A resource policy must contain a valid eperson or group");
}
policyToBeCreated.setEPerson(ePerson);
policyToBeCreated.setGroup(group);
ResourcePolicy resourcePolicy = resourcePolicyDAO.create(context, policyToBeCreated);
return resourcePolicy;
}

Expand Down Expand Up @@ -205,9 +213,7 @@ public boolean isDateValid(ResourcePolicy resourcePolicy) {
@Override
public ResourcePolicy clone(Context context, ResourcePolicy resourcePolicy)
throws SQLException, AuthorizeException {
ResourcePolicy clone = create(context);
clone.setGroup(resourcePolicy.getGroup());
clone.setEPerson(resourcePolicy.getEPerson());
ResourcePolicy clone = create(context, resourcePolicy.getEPerson(), resourcePolicy.getGroup());
clone.setStartDate((Date) ObjectUtils.clone(resourcePolicy.getStartDate()));
clone.setEndDate((Date) ObjectUtils.clone(resourcePolicy.getEndDate()));
clone.setRpType((String) ObjectUtils.clone(resourcePolicy.getRpType()));
Expand Down
30 changes: 28 additions & 2 deletions dspace-api/src/main/java/org/dspace/authorize/service/ResourcePolicyService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
import org.dspace.service.DSpaceCRUDService;

/**
* Service interface class for the ResourcePolicy object.
Expand All @@ -26,7 +25,34 @@
*
* @author kevinvandevelde at atmire.com
*/
public interface ResourcePolicyService extends DSpaceCRUDService<ResourcePolicy> {
public interface ResourcePolicyService {

public ResourcePolicy create(Context context, EPerson eperson, Group group) throws SQLException, AuthorizeException;

public ResourcePolicy find(Context context, int id) throws SQLException;

/**
* Persist a model object.
*
* @param context
* @param resourcePolicy object to be persisted.
* @throws SQLException passed through.
* @throws AuthorizeException passed through.
*/
public void update(Context context, ResourcePolicy resourcePolicy) throws SQLException, AuthorizeException;


/**
* Persist a collection of model objects.
*
* @param context
* @param resourcePolicies object to be persisted.
* @throws SQLException passed through.
* @throws AuthorizeException passed through.
*/
public void update(Context context, List<ResourcePolicy> resourcePolicies) throws SQLException, AuthorizeException;

public void delete(Context context, ResourcePolicy resourcePolicy) throws SQLException, AuthorizeException;


public List<ResourcePolicy> find(Context c, DSpaceObject o) throws SQLException;
Expand Down
108 changes: 55 additions & 53 deletions dspace-api/src/main/java/org/dspace/content/crosswalk/METSRightsCrosswalk.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -432,54 +432,31 @@ public void ingest(Context context, DSpaceObject dso, List<Element> ml, boolean
//get what class of context this is
String contextClass = element.getAttributeValue("CONTEXTCLASS");

ResourcePolicy rp = resourcePolicyService.create(context);
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");

// get reference to the <Permissions> element
// Note: we are assuming here that there will only ever be ONE <Permissions>
// element. Currently there are no known use cases for multiple.
Element permsElement = element.getChild("Permissions", METSRights_NS);
if (permsElement == null) {
log.error("No <Permissions> element was found. Skipping this <Context> element.");
continue;
}

if (element.getAttributeValue("rpName") != null) {
rp.setRpName(element.getAttributeValue("rpName"));
}
try {
if (element.getAttributeValue("start-date") != null) {
rp.setStartDate(sdf.parse(element.getAttributeValue("start-date")));
}
if (element.getAttributeValue("end-date") != null) {
rp.setEndDate(sdf.parse(element.getAttributeValue("end-date")));
}
} catch (ParseException ex) {
log.error("Failed to parse embargo date. The date needs to be in the format 'yyyy-MM-dd'.", ex);
}
ResourcePolicy rp = null;

//Check if this permission pertains to Anonymous users
if (ANONYMOUS_CONTEXTCLASS.equals(contextClass)) {
//get DSpace Anonymous group, ID=0
Group anonGroup = groupService.findByName(context, Group.ANONYMOUS);
if (anonGroup == null) {
throw new CrosswalkInternalException(
"The DSpace database has not been properly initialized. The Anonymous Group is " +
"missing from the database.");
"The DSpace database has not been properly initialized. The Anonymous Group is " +
"missing from the database.");
}

rp.setGroup(anonGroup);
rp = resourcePolicyService.create(context, null, anonGroup);
} else if (ADMIN_CONTEXTCLASS.equals(contextClass)) {
// else if this permission declaration pertains to Administrators
// get DSpace Administrator group
Group adminGroup = groupService.findByName(context, Group.ADMIN);
if (adminGroup == null) {
throw new CrosswalkInternalException(
"The DSpace database has not been properly initialized. The Administrator Group is " +
"missing from the database.");
"The DSpace database has not been properly initialized. " +
"The Administrator Group is " +
"missing from the database.");
}

rp.setGroup(adminGroup);
rp = resourcePolicyService.create(context, null, adminGroup);
} else if (GROUP_CONTEXTCLASS.equals(contextClass)) {
// else if this permission pertains to another DSpace group
try {
Expand All @@ -498,18 +475,17 @@ public void ingest(Context context, DSpaceObject dso, List<Element> ml, boolean
//if not found, throw an error -- user should restore group from the SITE AIP
if (group == null) {
throw new CrosswalkInternalException("Cannot restore Group permissions on object ("
+ "type=" + Constants.typeText[dso
.getType()] + ", "
+ "handle=" + dso.getHandle() + ", "
+ "ID=" + dso.getID()
+ "). The Group named '" + groupName + "' is" +
" missing from DSpace. "
+ "Please restore this group using the SITE " +
"AIP, or recreate it.");
+ "type=" + Constants.typeText[dso.getType()] + ", "
+ "handle=" + dso.getHandle() + ", "
+ "ID=" + dso.getID()
+ "). The Group named '" + groupName + "' is" +
" missing from DSpace. "
+ "Please restore this group using the SITE " +
"AIP, or recreate it.");
}

//assign group to policy
rp.setGroup(group);
rp = resourcePolicyService.create(context, null, group);
} catch (PackageException pe) {
//A PackageException will only be thrown if translateDefaultGroupName() fails
//We'll just wrap it as a CrosswalkException and throw it upwards
Expand All @@ -535,25 +511,51 @@ public void ingest(Context context, DSpaceObject dso, List<Element> ml, boolean
//if not found, throw an error -- user should restore person from the SITE AIP
if (person == null) {
throw new CrosswalkInternalException("Cannot restore Person permissions on object ("
+ "type=" + Constants.typeText[dso
.getType()] + ", "
+ "handle=" + dso.getHandle() + ", "
+ "ID=" + dso.getID()
+ "). The Person with email/netid '" +
personEmail + "' is missing from DSpace. "
+ "Please restore this Person object using the " +
"SITE AIP, or recreate it.");
+ "type=" + Constants.typeText[dso.getType()] + ", "
+ "handle=" + dso.getHandle() + ", "
+ "ID=" + dso.getID()
+ "). The Person with email/netid '" +
personEmail + "' is missing from DSpace. "
+ "Please restore this Person object using the " +
"SITE AIP, or recreate it.");
}

//assign person to the policy
rp.setEPerson(person);
//create rp with the person
rp = resourcePolicyService.create(context, person, null);
} else {
log.error("Unrecognized CONTEXTCLASS: " + contextClass);
}
if (rp != null) {
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");

// get reference to the <Permissions> element
// Note: we are assuming here that there will only ever be ONE <Permissions>
// element. Currently there are no known use cases for multiple.
Element permsElement = element.getChild("Permissions", METSRights_NS);
if (permsElement == null) {
log.error("No <Permissions> element was found. Skipping this <Context> element.");
continue;
}

if (element.getAttributeValue("rpName") != null) {
rp.setRpName(element.getAttributeValue("rpName"));
}
try {
if (element.getAttributeValue("start-date") != null) {
rp.setStartDate(sdf.parse(element.getAttributeValue("start-date")));
}
if (element.getAttributeValue("end-date") != null) {
rp.setEndDate(sdf.parse(element.getAttributeValue("end-date")));
}
} catch (ParseException ex) {
log.error("Failed to parse embargo date. The date needs to be in the format 'yyyy-MM-dd'.",
ex);
}

//set permissions on policy add to list of policies
rp.setAction(parsePermissions(permsElement));
policies.add(rp);
//set permissions on policy add to list of policies
rp.setAction(parsePermissions(permsElement));
policies.add(rp);
}
} //end if "Context" element
} //end for loop

Expand Down
12 changes: 12 additions & 0 deletions ...ge/rdbms/sqlmigration/h2/V7.6_2023.09.28__enforce_group_or_eperson_for_resourcepolicy.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
--
-- The contents of this file are subject to the license and copyright
-- detailed in the LICENSE and NOTICE files at the root of the source
-- tree and available online at
--
-- http://www.dspace.org/license/
--

DELETE FROM ResourcePolicy WHERE eperson_id is null and epersongroup_id is null;

ALTER TABLE ResourcePolicy ADD CONSTRAINT resourcepolicy_eperson_and_epersongroup_not_nullobject_chk
CHECK (eperson_id is not null or epersongroup_id is not null) ;
12 changes: 12 additions & 0 deletions ...ms/sqlmigration/postgres/V7.6_2023.09.28__enforce_group_or_eperson_for_resourcepolicy.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
--
-- The contents of this file are subject to the license and copyright
-- detailed in the LICENSE and NOTICE files at the root of the source
-- tree and available online at
--
-- http://www.dspace.org/license/
--

DELETE FROM ResourcePolicy WHERE eperson_id is null and epersongroup_id is null;

ALTER TABLE ResourcePolicy ADD CONSTRAINT resourcepolicy_eperson_and_epersongroup_not_nullobject_chk
CHECK (eperson_id is not null or epersongroup_id is not null) ;
Loading

0 comments on commit ff36610

Please sign in to comment.