Package io.goobi.viewer.model.security
Class AccessConditionUtils
java.lang.Object
io.goobi.viewer.model.security.AccessConditionUtils
AccessConditionUtils class.
-
Method Summary
Modifier and TypeMethodDescriptionstatic booleanaddDownloadTicketToSession(String pi, jakarta.servlet.http.HttpSession session) static booleanaddSessionPermission(String attributeName, Object attributeValue, jakarta.servlet.http.HttpSession session) static AccessPermissioncheckAccess(jakarta.servlet.http.HttpSession session, String action, String pi, String contentFileName, String ipAddress, boolean isThumbnail) checkAccess.static AccessPermissioncheckAccessPermission(List<LicenseType> allLicenseTypes, Set<String> requiredAccessConditions, String privilegeName, User user, String remoteAddress, Optional<ClientApplication> client, String query) Base method for checking access permissions of various types.static AccessPermissioncheckAccessPermission(Set<String> requiredAccessConditions, String privilegeName, String query, jakarta.servlet.http.HttpServletRequest request) checkAccessPermission.static Map<String, AccessPermission> checkAccessPermissionByIdentiferForAllLogids(String identifier, String privilegeName, jakarta.servlet.http.HttpServletRequest request) Checks whether the current users has the given access permissions each element of the record with the given identifier.static AccessPermissioncheckAccessPermissionByIdentifierAndFileNameWithSessionMap(jakarta.servlet.http.HttpSession session, String pi, String contentFileName, String privilegeType, String ipAddress) Checks access permission of the given privilege type for the given image and puts the permission status into the corresponding session map.static AccessPermissioncheckAccessPermissionByIdentifierAndFilePathWithSessionMap(jakarta.servlet.http.HttpServletRequest request, String filePath, String privilegeType) checkAccessPermissionByIdentifierAndFilePathWithSessionMap.static AccessPermissioncheckAccessPermissionByIdentifierAndLogId(String identifier, String logId, String privilegeName, jakarta.servlet.http.HttpServletRequest request) Checks whether the current users has the given access permissions to the element with the given identifier and LOGID.static AccessPermissioncheckAccessPermissionByIdentifierAndPageOrder(PhysicalElement page, String privilegeName, jakarta.servlet.http.HttpServletRequest request) Checks whether the client may access an image (by PI + file name).static AccessPermissioncheckAccessPermissionByImageUrn(String imageUrn, String privilegeName, jakarta.servlet.http.HttpServletRequest request) Checks whether the client may access an image (by image URN).static AccessPermissioncheckAccessPermissionBySolrDoc(org.apache.solr.common.SolrDocument doc, String originalQuery, String privilegeName, jakarta.servlet.http.HttpServletRequest request) static AccessPermissioncheckAccessPermissionForCmsPage(jakarta.servlet.http.HttpServletRequest request, CMSPage page) static AccessPermissioncheckAccessPermissionForImage(jakarta.servlet.http.HttpSession session, String pi, String contentFileName, String ipAddress) Checks access permission for the given image and puts the permission status into the corresponding session map.static AccessPermissioncheckAccessPermissionForPagePdf(jakarta.servlet.http.HttpServletRequest request, PhysicalElement page) Checks access permission for the given image and puts the permission status into the corresponding session map.static AccessPermissioncheckAccessPermissionForThumbnail(jakarta.servlet.http.HttpSession session, String pi, String contentFileName, String ipAddress) Checks access permission for the given thumbnail and puts the permission status into the corresponding session map.static AccessPermissioncheckContentFileAccessPermission(String identifier, jakarta.servlet.http.HttpServletRequest request) Checks if the record with the given identifier should allow access to the given requeststatic intclearSessionPermissions(jakarta.servlet.http.HttpSession session) Removes privileges saved in the user session.static AccessPermissiongetAccessPermission(String pi, String fileName, String privilegeName) getApplyingLicenses(Optional<User> user, String ipAddress, LicenseType type, IDAO dao) List all licenses ("rights") that the given user and ipAddress is entitled to, either because they are directly given to the user, a group the user belongs to or to the given ipAddress, whether or not the given user existsstatic intstatic ObjectgetSessionPermission(String attributeName, jakarta.servlet.http.HttpSession session) static booleanisConcurrentViewsLimitEnabledForAnyAccessCondition(List<String> accessConditions) static booleanisFreeOpenAccess(Set<String> requiredAccessConditions, Collection<LicenseType> allLicenseTypes) Check whether the requiredAccessConditions consist only of theOPENACCESScondition and OPENACCESS is not contained in allLicenseTypes.static booleanisHasDownloadTicket(String pi, jakarta.servlet.http.HttpSession session) static booleanisPrivilegeGrantedForDoc(org.apache.solr.common.SolrDocument doc, String privilegeName, jakarta.servlet.http.HttpServletRequest request)
-
Method Details
-
checkAccess
public static AccessPermission checkAccess(jakarta.servlet.http.HttpSession session, String action, String pi, String contentFileName, String ipAddress, boolean isThumbnail) throws IndexUnreachableException, DAOException checkAccess.
- Parameters:
session- aHttpSessionobject.action- aStringobject.pi- aStringobject.contentFileName- aStringobject.ipAddress-isThumbnail- a boolean.- Returns:
AccessPermission- Throws:
IndexUnreachableException- if any.DAOException- if any.
-
checkAccessPermissionByIdentifierAndPageOrder
public static AccessPermission checkAccessPermissionByIdentifierAndPageOrder(PhysicalElement page, String privilegeName, jakarta.servlet.http.HttpServletRequest request) throws IndexUnreachableException, DAOException Checks whether the client may access an image (by PI + file name).- Parameters:
page- aPhysicalElementobject.privilegeName- aStringobject.request- Calling HttpServiceRequest.- Returns:
AccessPermission- Throws:
IndexUnreachableException- if any.DAOException- if any.
-
checkAccessPermissionByIdentifierAndLogId
public static AccessPermission checkAccessPermissionByIdentifierAndLogId(String identifier, String logId, String privilegeName, jakarta.servlet.http.HttpServletRequest request) throws IndexUnreachableException, DAOException, RecordNotFoundException Checks whether the current users has the given access permissions to the element with the given identifier and LOGID.- Parameters:
identifier- The PI to check.logId- The LOGID to check (optional).privilegeName- Particular privilege for which to check the permission.request- aHttpServletRequestobject.- Returns:
AccessPermission- Throws:
IndexUnreachableException- if any.DAOException- if any.RecordNotFoundException
-
checkAccessPermissionBySolrDoc
public static AccessPermission checkAccessPermissionBySolrDoc(org.apache.solr.common.SolrDocument doc, String originalQuery, String privilegeName, jakarta.servlet.http.HttpServletRequest request) throws IndexUnreachableException, DAOException - Parameters:
doc-originalQuery-privilegeName-request-- Returns:
AccessPermission- Throws:
IndexUnreachableExceptionDAOException
-
checkAccessPermissionByIdentiferForAllLogids
public static Map<String,AccessPermission> checkAccessPermissionByIdentiferForAllLogids(String identifier, String privilegeName, jakarta.servlet.http.HttpServletRequest request) throws IndexUnreachableException, DAOException Checks whether the current users has the given access permissions each element of the record with the given identifier.- Parameters:
identifier- aStringobject.privilegeName- aStringobject.request- aHttpServletRequestobject.- Returns:
- Map with true/false for each LOGID
- Throws:
IndexUnreachableException- if any.DAOException- if any.
-
checkContentFileAccessPermission
public static AccessPermission checkContentFileAccessPermission(String identifier, jakarta.servlet.http.HttpServletRequest request) throws IndexUnreachableException, DAOException Checks if the record with the given identifier should allow access to the given request- Parameters:
identifier- The PI of the work to checkrequest- The HttpRequest which may provide aHttpSessionto store the access map- Returns:
AccessPermission- Throws:
IndexUnreachableException- if any.DAOException- if any.
-
checkAccessPermissionByImageUrn
public static AccessPermission checkAccessPermissionByImageUrn(String imageUrn, String privilegeName, jakarta.servlet.http.HttpServletRequest request) throws IndexUnreachableException, DAOException Checks whether the client may access an image (by image URN).- Parameters:
imageUrn- Image URN.privilegeName- aStringobject.request- Calling HttpServiceRequest.- Returns:
AccessPermission- Throws:
IndexUnreachableException- if any.DAOException- if any.
-
checkAccessPermission
public static AccessPermission checkAccessPermission(Set<String> requiredAccessConditions, String privilegeName, String query, jakarta.servlet.http.HttpServletRequest request) throws IndexUnreachableException, PresentationException, DAOException checkAccessPermission.
- Parameters:
requiredAccessConditions- aSetobject.privilegeName- aStringobject.query- aStringobject.request- aHttpServletRequestobject.- Returns:
AccessPermission- Throws:
IndexUnreachableException- if any.PresentationException- if any.DAOException- if any.
-
checkAccessPermissionForImage
public static AccessPermission checkAccessPermissionForImage(jakarta.servlet.http.HttpSession session, String pi, String contentFileName, String ipAddress) throws IndexUnreachableException, DAOException Checks access permission for the given image and puts the permission status into the corresponding session map.- Parameters:
session- aHttpSessionobject.pi- aStringobject.contentFileName- aStringobject.ipAddress-- Returns:
AccessPermission- Throws:
IndexUnreachableException- if any.DAOException- if any.
-
checkAccessPermissionForThumbnail
public static AccessPermission checkAccessPermissionForThumbnail(jakarta.servlet.http.HttpSession session, String pi, String contentFileName, String ipAddress) throws IndexUnreachableException, DAOException Checks access permission for the given thumbnail and puts the permission status into the corresponding session map.- Parameters:
session- aHttpSessionobject.pi- aStringobject.contentFileName- aStringobject.ipAddress-- Returns:
AccessPermission- Throws:
IndexUnreachableException- if any.DAOException- if any.
-
checkAccessPermissionForPagePdf
public static AccessPermission checkAccessPermissionForPagePdf(jakarta.servlet.http.HttpServletRequest request, PhysicalElement page) throws IndexUnreachableException, DAOException Checks access permission for the given image and puts the permission status into the corresponding session map.- Parameters:
request- aHttpServletRequestobject.page- aPhysicalElementobject.- Returns:
AccessPermission- Throws:
IndexUnreachableException- if any.DAOException- if any.
-
checkAccessPermissionByIdentifierAndFilePathWithSessionMap
public static AccessPermission checkAccessPermissionByIdentifierAndFilePathWithSessionMap(jakarta.servlet.http.HttpServletRequest request, String filePath, String privilegeType) throws IndexUnreachableException, DAOException checkAccessPermissionByIdentifierAndFilePathWithSessionMap.
- Parameters:
request- aHttpServletRequestobject.filePath- FILENAME_ALTO or FILENAME_FULLTEXT valueprivilegeType- aStringobject.- Returns:
AccessPermission- Throws:
IndexUnreachableException- if any.DAOException- if any.
-
checkAccessPermissionByIdentifierAndFileNameWithSessionMap
public static AccessPermission checkAccessPermissionByIdentifierAndFileNameWithSessionMap(jakarta.servlet.http.HttpSession session, String pi, String contentFileName, String privilegeType, String ipAddress) throws IndexUnreachableException, DAOException Checks access permission of the given privilege type for the given image and puts the permission status into the corresponding session map.- Parameters:
session-HttpSessionpi- aStringobject.contentFileName- aStringobject.privilegeType- aStringobject.ipAddress-- Returns:
AccessPermission- Throws:
IndexUnreachableException- if any.DAOException- if any.
-
checkAccessPermissionForCmsPage
public static AccessPermission checkAccessPermissionForCmsPage(jakarta.servlet.http.HttpServletRequest request, CMSPage page) throws DAOException, IndexUnreachableException, PresentationException - Parameters:
request-page-CMSPageto check- Returns:
AccessPermission- Throws:
DAOExceptionIndexUnreachableExceptionPresentationException
-
checkAccessPermission
public static AccessPermission checkAccessPermission(List<LicenseType> allLicenseTypes, Set<String> requiredAccessConditions, String privilegeName, User user, String remoteAddress, Optional<ClientApplication> client, String query) throws IndexUnreachableException, PresentationException, DAOException Base method for checking access permissions of various types.
- Parameters:
allLicenseTypes- aListobject.requiredAccessConditions- Set of access condition names to satisfy (one suffices).privilegeName- The particular privilege to check.user- Logged in user.remoteAddress- aStringobject.client-query- Solr query describing the resource in question.- Returns:
AccessPermission- Throws:
IndexUnreachableException- if any.PresentationException- if any.DAOException- if any.
-
isFreeOpenAccess
public static boolean isFreeOpenAccess(Set<String> requiredAccessConditions, Collection<LicenseType> allLicenseTypes) throws DAOException Check whether the requiredAccessConditions consist only of theOPENACCESScondition and OPENACCESS is not contained in allLicenseTypes. In this and only this case can we safe1y assume that everything is permitted. If OPENACCESS is in the database then it likely contains some access restrictions which need to be checked- Parameters:
requiredAccessConditions- aSetobject.allLicenseTypes- all license types relevant for access. If null, the DAO is checked if it contains the OPENACCESS condition- Returns:
- true if we can savely assume that we have entirely open access
- Throws:
DAOException- if any.
-
getPdfDownloadQuotaForRecord
public static int getPdfDownloadQuotaForRecord(String pi) throws PresentationException, IndexUnreachableException, DAOException, RecordNotFoundException - Parameters:
pi-- Returns:
- Number of allowed downloads for given pi; 100 of no value set
- Throws:
PresentationExceptionIndexUnreachableExceptionDAOExceptionRecordNotFoundException
-
isConcurrentViewsLimitEnabledForAnyAccessCondition
public static boolean isConcurrentViewsLimitEnabledForAnyAccessCondition(List<String> accessConditions) throws DAOException - Parameters:
accessConditions-- Returns:
- true if any license type for the given list of access conditions has concurrent views limit enabled; false otherwise
- Throws:
DAOException
-
isPrivilegeGrantedForDoc
public static boolean isPrivilegeGrantedForDoc(org.apache.solr.common.SolrDocument doc, String privilegeName, jakarta.servlet.http.HttpServletRequest request) - Parameters:
doc- The document containing access condition metadataprivilegeName- The privilege to checkrequest- The request trying to access the resource- Returns:
- true if granted; false otherwise
-
getApplyingLicenses
public static List<License> getApplyingLicenses(Optional<User> user, String ipAddress, LicenseType type, IDAO dao) throws DAOException List all licenses ("rights") that the given user and ipAddress is entitled to, either because they are directly given to the user, a group the user belongs to or to the given ipAddress, whether or not the given user exists- Parameters:
user-ipAddress-type-dao-- Returns:
- List
- Throws:
DAOException
-
isHasDownloadTicket
- Parameters:
pi- Record identifiersession-HttpSessionthat contains permission attributes- Returns:
- true if given
sessioncontains permission forpi; false otherwise
-
addDownloadTicketToSession
public static boolean addDownloadTicketToSession(String pi, jakarta.servlet.http.HttpSession session) -
getSessionPermission
public static Object getSessionPermission(String attributeName, jakarta.servlet.http.HttpSession session) - Parameters:
attributeName-session-- Returns:
- Object found in session; null otherwise
-
addSessionPermission
public static boolean addSessionPermission(String attributeName, Object attributeValue, jakarta.servlet.http.HttpSession session) - Parameters:
attributeName-attributeValue-session-- Returns:
- true if successful; false otherwise
-
clearSessionPermissions
public static int clearSessionPermissions(jakarta.servlet.http.HttpSession session) Removes privileges saved in the user session.- Parameters:
session-- Returns:
- Number of removed session attributes
-
getAccessPermission
public static AccessPermission getAccessPermission(String pi, String fileName, String privilegeName) throws IndexUnreachableException, DAOException - Parameters:
pi-fileName-privilegeName-- Returns:
AccessPermission- Throws:
DAOExceptionIndexUnreachableException
-