finished policy to template conversion

api/src/main/java/edu/cornell/mannlib/vedit/controller/BaseEditController.java

@@ -35,6 +35,7 @@
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelAccess;
 import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 
 public class BaseEditController extends VitroHttpServlet {
 
@@ -218,15 +219,15 @@ protected static void addAccessAttributes(HttpServletRequest req, String entityU
         }  
         req.setAttribute("roles", permissionSets);
         // If the namespace is empty (e.e. we are creating a new record)
-        for (OperationGroup og : OperationGroup.values()){
-            String groupName = og.toString().toLowerCase().split("_")[0];
+        for (AccessOperation ao : AccessOperation.getUserInterfaceSet()){
+            String groupName = ao.toString().toLowerCase().split("_")[0];
             final String attributeName = groupName + "Roles";
             if (StringUtils.isEmpty(entityURI)) {
                 // predefined values
                 req.setAttribute(attributeName, roleUris);
             } else {
                 // Get the permission sets that are granted permission for this entity
-                req.setAttribute(attributeName, EntityPolicyController.getGrantedRoles(entityURI, og, aot, roleUris));
+                req.setAttribute(attributeName, EntityPolicyController.getGrantedRoles(entityURI, ao, aot, roleUris));
             }
         }
 

api/src/main/java/edu/cornell/mannlib/vedit/controller/OperationController.java

@@ -18,6 +18,7 @@
 import javax.servlet.http.HttpServletResponse;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.EntityPolicyController;
 import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
@@ -149,8 +150,8 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
                     roleUris.add(permissionSet.getUri());
                 }  
                 // Get the granted permissions from the request object
-                for (OperationGroup og : OperationGroup.values()) {
-                    String operationGroupName = og.toString().toLowerCase().split("_")[0];
+                for (AccessOperation ao : AccessOperation.getUserInterfaceSet()) {
+                    String operationGroupName = ao.toString().toLowerCase().split("_")[0];
                     String[] selectedRoles = request.getParameterValues(operationGroupName + "Roles");
                     if(StringUtils.isBlank(entityUri)) {
                         log.error("EntityUri is blank");
@@ -160,7 +161,7 @@ public void doPost (HttpServletRequest request, HttpServletResponse response) {
                         if (selectedRoles == null) {
                             selectedRoles = new String[0];
                         }
-                        EntityPolicyController.updateEntityPolicyDataSet(entityUri, AccessObjectType.valueOf(entityType), og, Arrays.asList(selectedRoles), roleUris);
+                        EntityPolicyController.updateEntityPolicyDataSet(entityUri, AccessObjectType.valueOf(entityType), ao, Arrays.asList(selectedRoles), roleUris);
                     }
                 }
             }

api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/attributes/AccessOperation.java

@@ -2,12 +2,20 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.attributes;
 
+import java.util.EnumSet;
+import java.util.Set;
+
 public enum AccessOperation {
     EXECUTE,
     PUBLISH,
     UPDATE,
     DISPLAY,
     ADD,
     DROP,
-    EDIT
+    EDIT;
+
+    public static Set<AccessOperation> getUserInterfaceSet() {
+        return EnumSet.of(AccessOperation.DISPLAY, AccessOperation.ADD, AccessOperation.DROP, AccessOperation.EDIT,
+                AccessOperation.PUBLISH);
+    }
 }

api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java

@@ -11,7 +11,7 @@
 import java.util.Set;
 
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
-import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.beans.Property;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
@@ -29,7 +29,7 @@ public class EntityPolicyController {
      * @param selectedRoles - list of roles to assign
      * @param allRoles - list of all available roles
      */
-    public static void updateEntityPolicyDataSet(String entityUri, AccessObjectType aot, OperationGroup og,
+    public static void updateEntityPolicyDataSet(String entityUri, AccessObjectType aot, AccessOperation og,
             List<String> selectedRoles, List<String> allRoles) {
         if (StringUtils.isBlank(entityUri)) {
             return;
@@ -58,7 +58,7 @@ public static void updateEntityPolicyDataSet(String entityUri, AccessObjectType
         }
     }
 
-    public static List<String> getGrantedRoles(String entityUri, OperationGroup og, AccessObjectType aot,
+    public static List<String> getGrantedRoles(String entityUri, AccessOperation og, AccessObjectType aot,
             List<String> allRoles) {
         if (StringUtils.isBlank(entityUri)) {
             return Collections.emptyList();
@@ -72,15 +72,15 @@ public static List<String> getGrantedRoles(String entityUri, OperationGroup og,
         return grantedRoles;
     }
 
-    public static void getDataValueStatements(String entityUri, AccessObjectType aot, OperationGroup og,
+    public static void getDataValueStatements(String entityUri, AccessObjectType aot, AccessOperation ao,
             Set<String> selectedRoles, StringBuilder sb) {
         if (StringUtils.isBlank(entityUri)) {
             return;
         }
         for (String role : selectedRoles) {
-            String testDataUri = getPolicyTestDataUri(aot, og, role);
+            String testDataUri = getPolicyTestDataUri(aot, ao, role);
             if (testDataUri == null) {
-                log.error(String.format("Policy test data wasn't found by key:\n%s\n%s\n%s", og, aot, role));
+                log.error(String.format("Policy test data wasn't found by key:\n%s\n%s\n%s", ao, aot, role));
                 continue;
             }
             sb.append("<").append(testDataUri)
@@ -103,12 +103,12 @@ public static void insertedEntityEvent(Property newObj) {
         log.debug("Nothing to do " + newObj);
     }
 
-    private static boolean isUriInTestDataset(String entityUri, OperationGroup og, AccessObjectType aot, String role) {
+    private static boolean isUriInTestDataset(String entityUri, AccessOperation og, AccessObjectType aot, String role) {
         Set<String> values = PolicyLoader.getInstance().getDataSetValues(og, aot, role);
         return values.contains(entityUri);
     }
 
-    private static String getPolicyTestDataUri(AccessObjectType aot, OperationGroup og, String role) {
+    private static String getPolicyTestDataUri(AccessObjectType aot, AccessOperation og, String role) {
         String key = aot.toString() + "." + og.toString() + "." + role;
         if (policyKeyToDataValueMap.containsKey(key)) {
             return policyKeyToDataValueMap.get(key);

api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java

@@ -12,8 +12,8 @@
 import java.util.List;
 import java.util.Set;
 
-import arq.query;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.AttributeFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.attributes.OperationGroup;
 import edu.cornell.mannlib.vitro.webapp.auth.rules.AccessRule;
@@ -359,7 +359,7 @@ protected void processQuerySolution(QuerySolution qs) {
         return priority[0];
     }
 
-    public Set<String> getDataSetValues(OperationGroup og, AccessObjectType aot, String role) {
+    public Set<String> getDataSetValues(AccessOperation og, AccessObjectType aot, String role) {
         Set<String> values = new HashSet<>();
         long expectedSize = 3;
         String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
@@ -424,7 +424,7 @@ protected void processQuerySolution(QuerySolution qs) {
         return uri[0];
     }
 
-    public String getEntityPolicyTestDataValue(OperationGroup og, AccessObjectType aot, String role) {
+    public String getEntityPolicyTestDataValue(AccessOperation og, AccessObjectType aot, String role) {
         String[] valueUri = new String[1];
         long expectedSize = 3;
         final String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
@@ -452,7 +452,7 @@ protected void processQuerySolution(QuerySolution qs) {
         return valueUri[0];
     }
 
-    public void modifyPolicyDataSetValue(String entityUri, OperationGroup og, AccessObjectType aot, String role,
+    public void modifyPolicyDataSetValue(String entityUri, AccessOperation og, AccessObjectType aot, String role,
             boolean isAdd) {
         String queryText = getPolicyDataSetValueStatementByKeyQuery(entityUri, new String[] { role },
                 new String[] { og.toString(), aot.toString() });
@@ -732,11 +732,11 @@ private static void debug(String template, Object... objects) {
         }
     }
 
-    public void addEntityToPolicyDataSet(String entityUri, AccessObjectType aot, OperationGroup og, String role) {
+    public void addEntityToPolicyDataSet(String entityUri, AccessObjectType aot, AccessOperation og, String role) {
         modifyPolicyDataSetValue(entityUri, og, aot, role, true);
     }
 
-    public void removeEntityFromPolicyDataSet(String entityUri, AccessObjectType aot, OperationGroup og, String role) {
+    public void removeEntityFromPolicyDataSet(String entityUri, AccessObjectType aot, AccessOperation og, String role) {
         modifyPolicyDataSetValue(entityUri, og, aot, role, false);
     }
 
@@ -747,7 +747,7 @@ private ChangeSet makeChangeSet() {
         return cs;
     }
 
-    public String getDataSetUriByKey(OperationGroup og, AccessObjectType aot, String role) {
+    public String getDataSetUriByKey(AccessOperation og, AccessObjectType aot, String role) {
         long expectedSize = 3;
         final String queryText = getPolicyTestValuesByKeyQuery(new String[] { role },
                 new String[] { og.toString(), aot.toString() });

api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java

@@ -92,11 +92,11 @@ protected StringBuilder getStatementsToRemove() {
             for (String operation : armOperations) {
                 OperationGroup og = operationMap.get(operation);
                 for (AccessObjectType aot : entityTypes) {
-                    Set<String> entityUris = PolicyLoader.getInstance().getDataSetValues(og, aot, newRole);
-                    for (String entityUri : entityUris) {
-                        EntityPolicyController.getDataValueStatements(entityUri, aot, og,
-                                Collections.singleton(newRole), removals);
-                    }
+               //     Set<String> entityUris = PolicyLoader.getInstance().getDataSetValues(og, aot, newRole);
+               //     for (String entityUri : entityUris) {
+               //         EntityPolicyController.getDataValueStatements(entityUri, aot, og,
+               //                 Collections.singleton(newRole), removals);
+               //     }
                 }
             }
         }
@@ -162,8 +162,8 @@ protected void collectAdditions(Map<AccessObjectType, Set<String>> entityTypeMap
                         intersectionEntities.addAll(addFauxDP);
                     }
                     for (String entityUri : intersectionEntities) {
-                        EntityPolicyController.getDataValueStatements(entityUri, type, og,
-                                Collections.singleton(newRole), additions);
+                       // EntityPolicyController.getDataValueStatements(entityUri, type, og,
+                       //         Collections.singleton(newRole), additions);
                     }
                 }
             }

api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java

@@ -92,15 +92,15 @@ static Long[] updatePolicyDatasets(AccessObjectType aot, Map<String, Map<Operati
             Map<OperationGroup, Set<String>> groupMap = configs.get(entityUri);
             for (OperationGroup og : groupMap.keySet()) {
                 Set<String> rolesToAdd = groupMap.get(og);
-                EntityPolicyController.getDataValueStatements(entityUri, aot, og, rolesToAdd, additions);
+               // EntityPolicyController.getDataValueStatements(entityUri, aot, og, rolesToAdd, additions);
                 Set<String> rolesToRemove = new HashSet<>(ALL_ROLES);
                 rolesToRemove.removeAll(rolesToAdd);
                 // Don't remove public publish and update data sets, as there are no public policies for that operation
                 // groups
                 if (OperationGroup.PUBLISH_GROUP.equals(og) || OperationGroup.UPDATE_GROUP.equals(og)) {
                     rolesToRemove.remove(ROLE_PUBLIC_URI);
                 }
-                EntityPolicyController.getDataValueStatements(entityUri, aot, og, rolesToRemove, removals);
+               // EntityPolicyController.getDataValueStatements(entityUri, aot, og, rolesToRemove, removals);
                 log.debug(
                         String.format("Updated entity %s dataset for operation group %s access object type %s roles %s",
                                 entityUri, og, aot, rolesToAdd));

api/src/test/java/edu/cornell/mannlib/vitro/webapp/auth/policy/AccessAllowedClassesPolicyTemplateTest.java

@@ -0,0 +1,76 @@
+package edu.cornell.mannlib.vitro.webapp.auth.policy;
+
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType.CLASS;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.DISPLAY;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.PUBLISH;
+import static edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation.UPDATE;
+import static org.junit.Assert.assertFalse;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessObjectType;
+import edu.cornell.mannlib.vitro.webapp.auth.attributes.AccessOperation;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+@RunWith(Parameterized.class)
+public class AccessAllowedClassesPolicyTemplateTest extends PolicyTest {
+    private static final String TEMPLATE_CLASS_PREFIX =
+            "https://vivoweb.org/ontology/vitro-application/auth/individual/template/access-allowed-class/";
+
+    public static final String POLICY_TEMPLATE_MATCH_CLASS_PATH =
+            USER_ACCOUNTS_HOME_FIRSTTIME + "template_access_allowed_class.n3";
+
+    @org.junit.runners.Parameterized.Parameter(0)
+    public String dataSetUri;
+
+    @org.junit.runners.Parameterized.Parameter(1)
+    public AccessOperation group;
+
+    @org.junit.runners.Parameterized.Parameter(2)
+    public AccessObjectType type;
+
+    @org.junit.runners.Parameterized.Parameter(3)
+    public String roleUri;
+
+    @org.junit.runners.Parameterized.Parameter(4)
+    public int rulesCount;
+
+    @org.junit.runners.Parameterized.Parameter(5)
+    public Set<Integer> attrCount;
+
+    @Test
+    public void testPolicy() {
+        load(POLICY_TEMPLATE_MATCH_CLASS_PATH);
+        EntityPolicyController.updateEntityPolicyDataSet("test:entity", type, group, Arrays.asList(roleUri), ROLE_LIST);
+        DynamicPolicy policy = null;
+        policy = loader.loadPolicyFromTemplateDataSet(TEMPLATE_CLASS_PREFIX + dataSetUri);
+        countRulesAndAttributes(policy, rulesCount, attrCount);
+        Set<String> values = loader.getDataSetValues(group, type, roleUri);
+        assertFalse(values.isEmpty());
+    }
+
+    @Parameterized.Parameters
+    public static Collection<Object[]> requests() {
+        return Arrays.asList(new Object[][] {
+                { "EditorDisplayClassUriDataSet", DISPLAY, CLASS, EDITOR, 1, Collections.singleton(4) },
+                { "PublicDisplayClassUriDataSet", DISPLAY, CLASS, PUBLIC, 1, Collections.singleton(4) },
+                { "EditorUpdateClassUriDataSet", UPDATE, CLASS, EDITOR, 1, Collections.singleton(4) },
+                { "SelfEditorDisplayClassUriDataSet", DISPLAY, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
+                { "CuratorDisplayClassUriDataSet", DISPLAY, CLASS, CURATOR, 1, Collections.singleton(4) },
+                { "AdminDisplayClassUriDataSet", DISPLAY, CLASS, ADMIN, 1, Collections.singleton(4) },
+                { "EditorPublishClassUriDataSet", PUBLISH, CLASS, EDITOR, 1, Collections.singleton(4) },
+                { "SelfEditorPublishClassUriDataSet", PUBLISH, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
+                { "CuratorPublishClassUriDataSet", PUBLISH, CLASS, CURATOR, 1, Collections.singleton(4) },
+                { "AdminPublishClassUriDataSet", PUBLISH, CLASS, ADMIN, 1, Collections.singleton(4) },
+                { "SelfEditorUpdateClassUriDataSet", UPDATE, CLASS, SELF_EDITOR, 1, Collections.singleton(4) },
+                { "PublicUpdateClassUriDataSet", UPDATE, CLASS, PUBLIC, 1, Collections.singleton(4) },
+                { "CuratorUpdateClassUriDataSet", UPDATE, CLASS, CURATOR, 1, Collections.singleton(4) },
+                { "AdminUpdateClassUriDataSet", UPDATE, CLASS, ADMIN, 1, Collections.singleton(4) }, });
+    }
+
+}