Skip to content

Commit

Permalink
simple permission migration. Query user accounts model via OntModelSe…
Browse files Browse the repository at this point in the history 
…lector
  • Loading branch information
@litvinovg
litvinovg committed Oct 26, 2023
1 parent 9d112c5 commit 126c2cd
Show file tree
Hide file tree
Showing 11 changed files with 337 additions and 65 deletions.
8 changes: 7 additions & 1 deletion api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,16 @@ public class SimplePermission {


public SimpleAuthorizationRequest ACTION;
private String uri;

public String getUri() {
return uri;
}

public static final String NS = "java:edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission#";

private SimplePermission(String uri) {
uri = SimplePermission.NS + uri;
this.uri = SimplePermission.NS + uri;
AccessObjectImpl ao = new AccessObjectImpl(uri, AccessObjectType.NAMED_OBJECT);
this.ACTION = new SimpleAuthorizationRequest(ao, AccessOperation.EXECUTE);
}
Expand Down
4 changes: 2 additions & 2 deletions api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/EntityPolicyController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,8 +107,8 @@ public static void insertedEntityEvent(Property newObj) {
log.debug("Nothing to do " + newObj);
}

private static boolean isUriInTestDataset(String entityUri, AccessOperation og, AccessObjectType aot, String role) {
Set<String> values = PolicyLoader.getInstance().getDataSetValues(og, aot, role);
private static boolean isUriInTestDataset(String entityUri, AccessOperation ao, AccessObjectType aot, String role) {
Set<String> values = PolicyLoader.getInstance().getDataSetValues(ao, aot, role);
return values.contains(entityUri);
}

Expand Down
8 changes: 4 additions & 4 deletions api/src/main/java/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyLoader.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -797,12 +797,12 @@ private static void debug(String template, Object... objects) {
}
}

public void addEntityToPolicyDataSet(String entityUri, AccessObjectType aot, AccessOperation og, String role) {
modifyPolicyDataSetValue(entityUri, og, aot, role, true);
public void addEntityToPolicyDataSet(String entityUri, AccessObjectType aot, AccessOperation ao, String role) {
modifyPolicyDataSetValue(entityUri, ao, aot, role, true);
}

public void removeEntityFromPolicyDataSet(String entityUri, AccessObjectType aot, AccessOperation og, String role) {
modifyPolicyDataSetValue(entityUri, og, aot, role, false);
public void removeEntityFromPolicyDataSet(String entityUri, AccessObjectType aot, AccessOperation ao, String role) {
modifyPolicyDataSetValue(entityUri, ao, aot, role, false);
}

private ChangeSet makeChangeSet() {
Expand Down
9 changes: 6 additions & 3 deletions api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,10 +206,13 @@ private static Long[] updatePolicyDatasets(AccessObjectType aot,
}

private static String getAnnotationQuery(String typeSpecificPatterns) {
return "" + "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
return ""
+ "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
+ "PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+ "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n" + "SELECT ?base ?uri ?update ?display ?publish\n"
+ "WHERE {\n" + typeSpecificPatterns
+ "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n"
+ "SELECT ?base ?uri ?update ?display ?publish\n"
+ "WHERE {\n"
+ typeSpecificPatterns
+ "{OPTIONAL { ?uri vitro:hiddenFromDisplayBelowRoleLevelAnnot ?displayAssigned . }\n"
+ "BIND (COALESCE(?displayAssigned, <http://vitro.mannlib.cornell.edu/ns/vitro/role#public>) AS ?display)\n"
+ "OPTIONAL { ?uri vitro:prohibitedFromUpdateBelowRoleLevelAnnot ?updateAssigned . }\n"
Expand Down
78 changes: 49 additions & 29 deletions api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/ArmMigrator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,13 @@
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyTemplateController;
import edu.cornell.mannlib.vitro.webapp.modelaccess.ModelNames;
import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFServiceException;
import edu.cornell.mannlib.vitro.webapp.rdfservice.impl.RDFServiceUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jena.ontology.OntModel;
import org.apache.jena.query.ParameterizedSparqlString;
import org.apache.jena.query.QueryExecution;
import org.apache.jena.query.QueryExecutionFactory;
import org.apache.jena.query.QuerySolution;
import org.apache.jena.query.ResultSet;

Expand All @@ -46,30 +48,28 @@ public class ArmMigrator {

private RDFService contentRdfService;
private RDFService configurationRdfService;
private OntModel userAccountsModel;

private String VALUE_QUERY = ""
+ "SELECT ?uri \n"
+ "WHERE {\n"
+ " GRAPH <" + ModelNames.USER_ACCOUNTS + "> {\n"
+ " ?permission <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#forEntity> ?uri . \n"
+ " }\n"
+ "}";

private String PERMISSION_SETS_QUERY = ""
+ "prefix auth: <http://vitro.mannlib.cornell.edu/ns/vitro/authorization#>\n"
+ "SELECT ?uri \n"
+ "WHERE {\n"
+ " GRAPH <" + ModelNames.USER_ACCOUNTS + "> {\n"
+ " ?uri a auth:PermissionSet . \n"
+ " }\n"
+ "}";

private static Map<String, String> roleMap;
private static Map<String, OperationGroup> operationMap;

public ArmMigrator(RDFService contentRdfService, RDFService configurationRdfService) {
public ArmMigrator(RDFService contentRdfService, RDFService configurationRdfService, OntModel userAccountsModel) {
this.contentRdfService = contentRdfService;
this.configurationRdfService = configurationRdfService;
this.userAccountsModel = userAccountsModel;
operationMap = new HashMap<>();
operationMap.put(DISPLAY, OperationGroup.DISPLAY_GROUP);
operationMap.put(UPDATE, OperationGroup.UPDATE_GROUP);
Expand Down Expand Up @@ -263,9 +263,12 @@ private String getQueryText(AccessObjectType type) {
}

private static String getQuery(String typePatterns) {
return "" + "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
return ""
+ "PREFIX vitro: <http://vitro.mannlib.cornell.edu/ns/vitro/0.7#> \n"
+ "PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+ "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n" + "SELECT ?base ?uri \n" + "WHERE {\n"
+ "PREFIX owl: <http://www.w3.org/2002/07/owl#> \n"
+ "SELECT ?base ?uri \n"
+ "WHERE {\n"
+ typePatterns + "} \n";
}

Expand All @@ -281,15 +284,21 @@ private Set<String> getArmEntites(String permissionUri) {
ParameterizedSparqlString pss = new ParameterizedSparqlString(VALUE_QUERY);
pss.setIri("permission", permissionUri);
String queryText = pss.toString();
userAccountsModel.enterCriticalSection(false);
try {
ResultSet rs = RDFServiceUtils.sparqlSelectQuery(queryText, configurationRdfService);
while (rs.hasNext()) {
QuerySolution qs = rs.next();
String entity = qs.getResource("uri").getURI();
entities.add(entity);
QueryExecution qexec = QueryExecutionFactory.create(queryText, userAccountsModel);
try {
ResultSet results = qexec.execSelect();
while (results.hasNext()) {
QuerySolution qs = results.next();
String entity = qs.getResource("uri").getURI();
entities.add(entity);
}
} finally {
qexec.close();
}
} catch (Exception e) {
log.error(e, e);
} finally {
userAccountsModel.leaveCriticalSection();
}
return entities;
}
Expand All @@ -300,32 +309,43 @@ public boolean isArmConfiguation() {

private boolean containsAdminDisplayPermission() {
boolean result = false;
String query = ""
String queryText = ""
+ "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+ "ASK WHERE {\n"
+ " GRAPH <http://vitro.mannlib.cornell.edu/default/vitro-kb-userAccounts> {\n"
+ " <"
+ getArmPermissionSubject(DISPLAY, ARM_ADMIN) + "> ?p ?o .\n" + " }\n" + "}";
+ " <"
+ getArmPermissionSubject(DISPLAY, ARM_ADMIN) + "> ?p ?o .\n" + "}";
userAccountsModel.enterCriticalSection(false);
try {
result = configurationRdfService.sparqlAskQuery(query);
} catch (RDFServiceException e) {
log.error(e, e);
QueryExecution qexec = QueryExecutionFactory.create(queryText, userAccountsModel);
try {
result = qexec.execAsk();
} finally {
qexec.close();
}
} finally {
userAccountsModel.leaveCriticalSection();
}
return result;
}

private Set<String> getPermissionSets() {
Set<String> permissionSets = new HashSet<>();
String queryText = PERMISSION_SETS_QUERY;
userAccountsModel.enterCriticalSection(false);
try {
ResultSet rs = RDFServiceUtils.sparqlSelectQuery(queryText, configurationRdfService);
while (rs.hasNext()) {
QuerySolution qs = rs.next();
String entity = qs.getResource("uri").getURI();
permissionSets.add(entity);
QueryExecution qexec = QueryExecutionFactory.create(queryText, userAccountsModel);
try {
ResultSet results = qexec.execSelect();
while (results.hasNext()) {
QuerySolution qs = results.next();
String entity = qs.getResource("uri").getURI();
permissionSets.add(entity);
}
} finally {
qexec.close();
}
} catch (Exception e) {
log.error(e, e);
} finally {
userAccountsModel.leaveCriticalSection();
}
return permissionSets;
}
Expand Down
58 changes: 37 additions & 21 deletions api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import edu.cornell.mannlib.vitro.webapp.startup.StartupStatus;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jena.ontology.OntModel;
import org.apache.jena.query.ParameterizedSparqlString;
import org.apache.jena.query.QuerySolution;
import org.apache.jena.query.ResultSet;
Expand All @@ -34,13 +35,37 @@ public class AuthMigrator implements ServletContextListener {
protected static final Set<String> ALL_ROLES = new HashSet<String>(
Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI));

private static final String SET_VERSION_TEMPLATE = ""
+ "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
+ "@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .\n"
+ "<https://vivoweb.org/ontology/vitro-application/auth/individual/Configuration> "
+ "rdf:type ao:Configuration ;\n"
+ "ao:version ?version .";

private static final String REMOVE_VERSION_TEMPLATE = ""
+ "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
+ "<https://vivoweb.org/ontology/vitro-application/auth/individual/Configuration> "
+ "<https://vivoweb.org/ontology/vitro-application/auth/vocabulary/version> ?version .";

private static String VERSION_QUERY = ""
+ "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+ "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+ "SELECT ?version \n"
+ "WHERE {\n"
+ " GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+ " ?configuration rdf:type ao:Configuration .\n"
+ " ?configuration ao:version ?version .\n"
+ " }\n"
+ "}";

private RDFService contentRdfService;
private RDFService configurationRdfService;
private ContextModelAccess modelAccess;

@Override
public void contextInitialized(ServletContextEvent sce) {
long begin = System.currentTimeMillis();
ContextModelAccess modelAccess = ModelAccess.getInstance();
modelAccess = ModelAccess.getInstance();
initialize(modelAccess.getRDFService(WhichService.CONTENT),
modelAccess.getRDFService(WhichService.CONFIGURATION));
if (!isMigrationRequired()) {
Expand Down Expand Up @@ -71,12 +96,14 @@ protected void convertAuthorizationConfiguration() {
}

private void migrateSimplePermissions() {
// TODO Auto-generated method stub

OntModel userAccountsModel = modelAccess.getOntModelSelector().getUserAccountsModel();
SimplePermissionMigrator spm = new SimplePermissionMigrator(userAccountsModel);
spm.migrateConfiguration();
}

private void migrateArmConfiguration() {
ArmMigrator armMigrator = new ArmMigrator(contentRdfService, configurationRdfService);
OntModel userAccountsModel = modelAccess.getOntModelSelector().getUserAccountsModel();
ArmMigrator armMigrator = new ArmMigrator(contentRdfService, configurationRdfService, userAccountsModel);
armMigrator.migrateConfiguration();
}

Expand All @@ -93,20 +120,16 @@ private boolean isMigrationRequired() {
}

private boolean isArmConfiguration() {
ArmMigrator armMigrator = new ArmMigrator(contentRdfService, configurationRdfService);
OntModel userAccountsModel = modelAccess.getOntModelSelector().getUserAccountsModel();
ArmMigrator armMigrator = new ArmMigrator(contentRdfService, configurationRdfService, userAccountsModel);
return armMigrator.isArmConfiguation();
}

protected long getVersion() {
long version = 0L;
String query = "" + "prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"
+ "prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/>\n"
+ "SELECT ?version \n" + "WHERE {\n"
+ " GRAPH <http://vitro.mannlib.cornell.edu/default/access-control> {\n"
+ " ?configuration rdf:type ao:Configuration .\n"
+ " ?configuration ao:version ?version .\n" + " }\n" + "}";

try {
ResultSet rs = RDFServiceUtils.sparqlSelectQuery(query, configurationRdfService);
ResultSet rs = RDFServiceUtils.sparqlSelectQuery(VERSION_QUERY, configurationRdfService);
while (rs.hasNext()) {
QuerySolution qs = rs.next();
if (!qs.contains("version") || !qs.get("version").isLiteral()) {
Expand All @@ -121,20 +144,13 @@ protected long getVersion() {
}

protected void removeVersion(long version) {
String template = "" + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
+ "<https://vivoweb.org/ontology/vitro-application/auth/individual/Configuration> "
+ "<https://vivoweb.org/ontology/vitro-application/auth/vocabulary/version> " + "?version .";
ParameterizedSparqlString pss = new ParameterizedSparqlString(template);
ParameterizedSparqlString pss = new ParameterizedSparqlString(REMOVE_VERSION_TEMPLATE);
pss.setLiteral("version", version);
PolicyLoader.getInstance().updateAccessControlModel(pss.toString(), false);
}

protected void setVersion(long version) {
String template = "" + "@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\n"
+ "@prefix ao: <https://vivoweb.org/ontology/vitro-application/auth/vocabulary/> .\n"
+ "<https://vivoweb.org/ontology/vitro-application/auth/individual/Configuration> "
+ "rdf:type ao:Configuration ;\n" + "ao:version ?version .";
ParameterizedSparqlString pss = new ParameterizedSparqlString(template);
ParameterizedSparqlString pss = new ParameterizedSparqlString(SET_VERSION_TEMPLATE);
pss.setLiteral("version", version);
PolicyLoader.getInstance().updateAccessControlModel(pss.toString(), true);
}
Expand Down
Loading

0 comments on commit 126c2cd

Please sign in to comment.