Class STAuthorizationEvaluator
java.lang.Object
it.uniroma2.art.semanticturkey.security.STAuthorizationEvaluator
- Author:
- Tiziano
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
evaluatePrologGoal
(String prologGoal, Collection<Role> userRoles, Project targetForRBAC) boolean
isAdmin()
Allows request only to system administrator To use like follow:@PreAuthorize("@auth.isAdmin())
boolean
isAuthorized
(String prologCapability, String crudv) To use like follow:@PreAuthorize("@auth.isAuthorized('rdf(concept, taxonomy)', 'R')")
For complete documentation seeisAuthorized(String, String, String)
boolean
isAuthorized
(String prologCapability, String userResponsibility, String crudv) boolean
isAuthorized
(String prologCapability, String userResponsibility, String crudv, String projectName) To use like follow:@PreAuthorize("@auth.isAuthorized('rdf(concept, taxonomy)', '{key1: ''value1'', key2: true}', 'R')")
boolean
isAuthorizedInProject
(String prologCapability, String crudv, String projectName) This is useful for evaluating authorization for a project different from the one indicated in the contextboolean
Allows request only when the contextual project is public (i.e.boolean
isDefaultSettingsActionAuthorized
(Scope scope, Scope defaultScope, String crud) Tells if an action on default settings is authorizedboolean
isFileActionAuthorized
(String dir, String crud) Useful for authorizing file operation (read/create file)boolean
isLoggedUser
(String email) Check if the user that is performing the request has the given email.boolean
Allows request only when the given project is public (i.e.boolean
isSettingsActionAuthorized
(Scope scope, String crud) boolean
isSuperUser
(boolean strict) Returns true if the logged user is a SuperUser.langof
(SpecialValue value) langof
(org.eclipse.rdf4j.model.Literal literal) To use at support of isAuthorized like @PreAuthorize("@auth.isAuthorized('rdf(concept)', '{lang: ''' +@auth.langof(#label)+ '''}', 'C')") the three ''' are required because '' represents the double quotes surrounding the map value, the third ' closes (or open) the string to evaluate in isAuthorized() where literal is a method parameter name of type Literallangof
(org.eclipse.rdf4j.model.Resource xLabel) Same oflangof(Literal)
to use with xLabeltypeof
(org.eclipse.rdf4j.model.Resource resource) To use at support of isAuthorized like @PreAuthorize("@auth.isAuthorized('rdf(' +@auth.typeof(#individual)+ ')', 'R')") where individual is a method parameter name
-
Constructor Details
-
STAuthorizationEvaluator
public STAuthorizationEvaluator()
-
-
Method Details
-
isAdmin
public boolean isAdmin()Allows request only to system administrator To use like follow:@PreAuthorize("@auth.isAdmin())
- Returns:
-
isSuperUser
public boolean isSuperUser(boolean strict) Returns true if the logged user is a SuperUser. Argument strict determines if the user needs to be only SuperUser (strict=true), or "at least" SuperUser, namely even Admin is ok (strict=false).- Parameters:
strict
-- Returns:
-
isCtxProjectPublic
Allows request only when the contextual project is public (i.e.ShowVocConstants.SHOWVOC_VISITOR_EMAIL
has roleShowVocConstants.ShowVocRole.PUBLIC
. To use like the following:@PreAuthorize("@auth.isCtxProjectPublic()")
- Returns:
- Throws:
UserException
-
isProjectPublic
public boolean isProjectPublic(String id) throws UserException, InvalidProjectNameException, ProjectInexistentException, ProjectAccessException Allows request only when the given project is public (i.e.ShowVocConstants.SHOWVOC_VISITOR_EMAIL
has roleShowVocConstants.ShowVocRole.PUBLIC
. To use like the following:@PreAuthorize("@auth.isProjectPublic(#projectNameParam"))
-
isAuthorizedInProject
public boolean isAuthorizedInProject(String prologCapability, String crudv, String projectName) throws alice.tuprolog.MalformedGoalException, HaltedEngineException, HarmingGoalException, STPropertyAccessException, org.json.JSONException, ProjectAccessException, ProjectInexistentException, InvalidProjectNameException This is useful for evaluating authorization for a project different from the one indicated in the context- Parameters:
prologCapability
-crudv
-projectName
-- Returns:
- Throws:
alice.tuprolog.MalformedGoalException
HaltedEngineException
HarmingGoalException
STPropertyAccessException
org.json.JSONException
ProjectAccessException
ProjectInexistentException
InvalidProjectNameException
-
isSettingsActionAuthorized
public boolean isSettingsActionAuthorized(Scope scope, String crud) throws ProjectAccessException, ProjectInexistentException, InvalidProjectNameException, HarmingGoalException, org.json.JSONException, HaltedEngineException, alice.tuprolog.MalformedGoalException, STPropertyAccessException - Throws:
ProjectAccessException
ProjectInexistentException
InvalidProjectNameException
HarmingGoalException
org.json.JSONException
HaltedEngineException
alice.tuprolog.MalformedGoalException
STPropertyAccessException
-
isDefaultSettingsActionAuthorized
public boolean isDefaultSettingsActionAuthorized(Scope scope, Scope defaultScope, String crud) throws ProjectAccessException, ProjectInexistentException, InvalidProjectNameException, HarmingGoalException, org.json.JSONException, HaltedEngineException, alice.tuprolog.MalformedGoalException, STPropertyAccessException Tells if an action on default settings is authorized- Parameters:
scope
-defaultScope
-crud
-- Returns:
- Throws:
ProjectAccessException
ProjectInexistentException
InvalidProjectNameException
HarmingGoalException
org.json.JSONException
HaltedEngineException
alice.tuprolog.MalformedGoalException
STPropertyAccessException
-
isFileActionAuthorized
public boolean isFileActionAuthorized(String dir, String crud) throws ProjectAccessException, ProjectInexistentException, InvalidProjectNameException, HarmingGoalException, org.json.JSONException, HaltedEngineException, alice.tuprolog.MalformedGoalException, STPropertyAccessException Useful for authorizing file operation (read/create file)- Parameters:
dir
-crud
-- Returns:
- Throws:
ProjectAccessException
ProjectInexistentException
InvalidProjectNameException
HarmingGoalException
org.json.JSONException
HaltedEngineException
alice.tuprolog.MalformedGoalException
STPropertyAccessException
-
isAuthorized
public boolean isAuthorized(String prologCapability, String crudv) throws alice.tuprolog.MalformedGoalException, HaltedEngineException, HarmingGoalException, STPropertyAccessException, org.json.JSONException, ProjectAccessException, ProjectInexistentException, InvalidProjectNameException To use like follow:@PreAuthorize("@auth.isAuthorized('rdf(concept, taxonomy)', 'R')")
For complete documentation seeisAuthorized(String, String, String)
- Parameters:
prologCapability
-crudv
-- Returns:
- Throws:
HarmingGoalException
HaltedEngineException
TheoryNotFoundException
alice.tuprolog.MalformedGoalException
alice.tuprolog.InvalidTheoryException
STPropertyAccessException
org.json.JSONException
ProjectAccessException
ProjectInexistentException
InvalidProjectNameException
-
isAuthorized
public boolean isAuthorized(String prologCapability, String userResponsibility, String crudv) throws HarmingGoalException, org.json.JSONException, HaltedEngineException, alice.tuprolog.MalformedGoalException, STPropertyAccessException, ProjectAccessException, ProjectInexistentException, InvalidProjectNameException - Throws:
HarmingGoalException
org.json.JSONException
HaltedEngineException
alice.tuprolog.MalformedGoalException
STPropertyAccessException
ProjectAccessException
ProjectInexistentException
InvalidProjectNameException
-
isAuthorized
public boolean isAuthorized(String prologCapability, String userResponsibility, String crudv, String projectName) throws alice.tuprolog.MalformedGoalException, HaltedEngineException, HarmingGoalException, STPropertyAccessException, org.json.JSONException, ProjectAccessException, ProjectInexistentException, InvalidProjectNameException To use like follow:@PreAuthorize("@auth.isAuthorized('rdf(concept, taxonomy)', '{key1: ''value1'', key2: true}', 'R')")
- Parameters:
prologCapability
- Expressed in this way<area>(<subject>, <scope>)
.userResponsibility
- A String representing a JSON map serialization like{key1: "value1", key2: "value2"}
currently the only handled key is 'lang'crudv
- Following the CRUD paradigma, it could be any ofC (create)
R (read)
U (update)
D (delete)
, plusV (validation)
.projectName
- Name of the project where the capability will be evaluated. If null is provided, it will be considered the context project- Returns:
- Throws:
TheoryNotFoundException
alice.tuprolog.InvalidTheoryException
HarmingGoalException
HaltedEngineException
alice.tuprolog.MalformedGoalException
STPropertyAccessException
org.json.JSONException
ProjectAccessException
ProjectInexistentException
InvalidProjectNameException
-
evaluatePrologGoal
protected boolean evaluatePrologGoal(String prologGoal, Collection<Role> userRoles, Project targetForRBAC) throws alice.tuprolog.MalformedGoalException, HaltedEngineException, HarmingGoalException - Throws:
alice.tuprolog.MalformedGoalException
HaltedEngineException
HarmingGoalException
-
typeof
To use at support of isAuthorized like @PreAuthorize("@auth.isAuthorized('rdf(' +@auth.typeof(#individual)+ ')', 'R')") where individual is a method parameter name- Parameters:
resource
-- Returns:
-
langof
To use at support of isAuthorized like @PreAuthorize("@auth.isAuthorized('rdf(concept)', '{lang: ''' +@auth.langof(#label)+ '''}', 'C')") the three ''' are required because '' represents the double quotes surrounding the map value, the third ' closes (or open) the string to evaluate in isAuthorized() where literal is a method parameter name of type Literal- Parameters:
literal
-- Returns:
-
langof
Same oflangof(Literal)
to use with xLabel- Parameters:
xLabel
-- Returns:
-
langof
-
isLoggedUser
Check if the user that is performing the request has the given email. Useful to the Preauthorize annotation in those services that allow to edit user related staff. This check so is exploited in order to check that the user provided as parameter (which is the subject of the changes), is the logged one- Parameters:
email
-- Returns:
-