added accessToClass stubs and use of acl:accessControl property

fcrepo4 · Aug 28, 2015 · 37c40d8 · 37c40d8
1 parent 79156f5
commit 37c40d8
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 7 deletions.
diff --git a/src/main/java/org/fcrepo/auth/webac/URIConstants.java b/src/main/java/org/fcrepo/auth/webac/URIConstants.java
@@ -103,7 +103,14 @@ public class URIConstants {
     public static final String WEBAC_ACCESSTO_CLASS_VALUE = WEBAC_NAMESPACE_VALUE + "accessToClass";
     public static final URI WEBAC_ACCESSTO_CLASS = URI.create(WEBAC_ACCESSTO_CLASS_VALUE);
 
+    /**
+     * WebAC accessControl
+     */
+    public static final String WEBAC_ACCESS_CONTROL_VALUE = WEBAC_NAMESPACE_VALUE + "accessControl";
+    public static final URI WEBAC_ACCESS_CONTROL = URI.create(WEBAC_ACCESS_CONTROL_VALUE);
+
     private URIConstants() {
+        // prevent instantiation
     }
 
 }
diff --git a/src/main/java/org/fcrepo/auth/webac/WebACAuthorizationDelegate.java b/src/main/java/org/fcrepo/auth/webac/WebACAuthorizationDelegate.java
@@ -15,8 +15,7 @@
  */
 package org.fcrepo.auth.webac;
 
-// The WEBAC_HAS_ACL variable does not exist (we don't even have a namespace for it yet).
-import static org.fcrepo.auth.webac.URIConstants.WEBAC_HAS_ACL;
+import static org.fcrepo.auth.webac.URIConstants.WEBAC_ACCESS_CONTROL;
 import static org.fcrepo.auth.webac.URIConstants.WEBAC_MODE_APPEND;
 import static org.fcrepo.auth.webac.URIConstants.WEBAC_MODE_READ;
 import static org.fcrepo.auth.webac.URIConstants.WEBAC_MODE_WRITE;
@@ -70,8 +69,8 @@ public boolean rolesHavePermission(final Session userSession, final String absPa
         final String agent = userSession.getUserID();
 
         final List<URI> actionURIs = actionsAsURIs(actions);
-
-        final Optional<URI> effectiveACL = getEffectiveAcl(new FedoraResourceImpl(userSession.getNode(absPath)));
+        final FedoraResource resource = new FedoraResourceImpl(userSession.getNode(absPath));
+        final Optional<URI> effectiveACL = getEffectiveAcl(resource);
 
         final AuthorizationHandler authHandler = new AuthorizationHandlerImpl();
 
@@ -85,8 +84,17 @@ public boolean rolesHavePermission(final Session userSession, final String absPa
                     .map(x -> authHandler.getAuthorizations(x, absPath, roles))
                     .map(x -> isPermitted(actionURIs, x));
 
+        // The getAuthorizationClasses(URI, String, Set<URI>) signature doesn't exist
+        // The FedoraResource.getTypes() method doesn't exist -- it's just here as a stub
+        // I assume we'd need some sort of resource.getProperty(RDF_TYPE) call.
+        final Optional<boolean> classPermission = effectiveACL
+                    .map(x -> authHandler.getAuthorizationClasses(x, absPath, resource.getTypes()))
+                    .map(x -> isPermitted(actionURIs, x));
+
         final boolean permit = userPermission
-                                .orElse(groupPermission.orElse(false));
+                                 .orElse(groupPermission
+                                     .orElse(classPermission
+                                         .orElse(false)));
 
         LOGGER.debug("Request for actions: {}, on path: {}, with roles: {}. Permission={}",
                 actions,
@@ -127,8 +135,9 @@ private List<URI> actionsAsUris(final String[] actions) {
      * not be a fedora resource.
      */
     private Optional<URI> getEffectiveAcl(final FedoraResource resource) {
-        if (resource.hasProperty(WEBAC_HAS_ACL)) {
-            return Optional<URI>.of(new URI(resource.getProperty(WEBAC_HAS_ACL).getString()));
+        if (resource.hasProperty(WEBAC_ACCESS_CONTROL)) {
+            // what happens if this property is multi-valued?
+            return Optional<URI>.of(new URI(resource.getProperty(WEBAC_ACCESS_CONTROL).getString()));
         } else if (resource.getNode().getDepth() == 0) {
             return Optional<URI>.empty();
         } else {