Package io.goobi.viewer.model.security

Class AccessConditionUtils

java.lang.Object

io.goobi.viewer.model.security.AccessConditionUtils

public final class AccessConditionUtils
extends Object

AccessConditionUtils class.

Method Summary

Modifier and Type	Method	Description
static boolean	addDownloadTicketToSession(String pi, javax.servlet.http.HttpSession session)
static boolean	addSessionPermission(String attributeName, Object attributeValue, javax.servlet.http.HttpServletRequest request)
static AccessPermission	checkAccess(javax.servlet.http.HttpServletRequest request, String action, String pi, String contentFileName, boolean isThumbnail)	checkAccess.
static AccessPermission	checkAccessPermission(List<LicenseType> allLicenseTypes, Set<String> requiredAccessConditions, String privilegeName, User user, String remoteAddress, Optional<ClientApplication> client, String query)	Base method for checking access permissions of various types.
static AccessPermission	checkAccessPermission(Set<String> requiredAccessConditions, String privilegeName, String query, javax.servlet.http.HttpServletRequest request)	checkAccessPermission.
static Map<String,AccessPermission>	checkAccessPermissionByIdentiferForAllLogids(String identifier, String privilegeName, javax.servlet.http.HttpServletRequest request)	Checks whether the current users has the given access permissions each element of the record with the given identifier.
static AccessPermission	checkAccessPermissionByIdentifierAndFileNameWithSessionMap(javax.servlet.http.HttpServletRequest request, String pi, String contentFileName, String privilegeType)	Checks access permission of the given privilege type for the given image and puts the permission status into the corresponding session map.
static AccessPermission	checkAccessPermissionByIdentifierAndFilePathWithSessionMap(javax.servlet.http.HttpServletRequest request, String filePath, String privilegeType)	checkAccessPermissionByIdentifierAndFilePathWithSessionMap.
static AccessPermission	checkAccessPermissionByIdentifierAndLogId(String identifier, String logId, String privilegeName, javax.servlet.http.HttpServletRequest request)	Checks whether the current users has the given access permissions to the element with the given identifier and LOGID.
static AccessPermission	checkAccessPermissionByImageUrn(String imageUrn, String privilegeName, javax.servlet.http.HttpServletRequest request)	Checks whether the client may access an image (by image URN).
static AccessPermission	checkAccessPermissionBySolrDoc(org.apache.solr.common.SolrDocument doc, String originalQuery, String privilegeName, javax.servlet.http.HttpServletRequest request)
static AccessPermission	checkAccessPermissionForImage(javax.servlet.http.HttpServletRequest request, String pi, String contentFileName)	Checks access permission for the given image and puts the permission status into the corresponding session map.
static AccessPermission	checkAccessPermissionForPagePdf(javax.servlet.http.HttpServletRequest request, PhysicalElement page)	Checks access permission for the given image and puts the permission status into the corresponding session map.
static AccessPermission	checkAccessPermissionForThumbnail(javax.servlet.http.HttpServletRequest request, String pi, String contentFileName)	Checks access permission for the given thumbnail and puts the permission status into the corresponding session map.
static AccessPermission	checkContentFileAccessPermission(String identifier, javax.servlet.http.HttpServletRequest request)	Checks if the record with the given identifier should allow access to the given request
static int	clearSessionPermissions(javax.servlet.http.HttpSession session)	Removes privileges saved in the user session.
static List<License>	getApplyingLicenses(Optional<User> user, String ipAddress, LicenseType type, IDAO dao)	List all licenses ("rights") that the given user and ipAddress is entitled to, either because they are directly given to the user, a group the user belongs to or to the given ipAddress, whether or not the given user exists
static int	getPdfDownloadQuotaForRecord(String pi)
static Object	getSessionPermission(String attributeName, javax.servlet.http.HttpServletRequest request)
static boolean	isConcurrentViewsLimitEnabledForAnyAccessCondition(List<String> accessConditions)
static boolean	isFreeOpenAccess(Set<String> requiredAccessConditions, Collection<LicenseType> allLicenseTypes)	Check whether the requiredAccessConditions consist only of the OPENACCESS condition and OPENACCESS is not contained in allLicenseTypes.
static boolean	isHasDownloadTicket(String pi, javax.servlet.http.HttpSession session)
static boolean	isPrivilegeGrantedForDoc(org.apache.solr.common.SolrDocument doc, String privilegeName, javax.servlet.http.HttpServletRequest request)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

checkAccess

public static AccessPermission checkAccess(javax.servlet.http.HttpServletRequest request,
 String action,
 String pi,
 String contentFileName,
 boolean isThumbnail)
                                    throws IndexUnreachableException,
DAOException

checkAccess.

Parameters:

request - a HttpServletRequest object.

action - a String object.

pi - a String object.

contentFileName - a String object.

isThumbnail - a boolean.

Returns:

AccessPermission

Throws:

IndexUnreachableException - if any.

DAOException - if any.

checkAccessPermissionByIdentifierAndLogId

public static AccessPermission checkAccessPermissionByIdentifierAndLogId(String identifier,
 String logId,
 String privilegeName,
 javax.servlet.http.HttpServletRequest request)
                                                                  throws IndexUnreachableException,
DAOException,
RecordNotFoundException

Checks whether the current users has the given access permissions to the element with the given identifier and LOGID.

Parameters:

identifier - The PI to check.

logId - The LOGID to check (optional).

privilegeName - Particular privilege for which to check the permission.

request - a HttpServletRequest object.

Returns:

AccessPermission

Throws:

IndexUnreachableException - if any.

DAOException - if any.

RecordNotFoundException

checkAccessPermissionBySolrDoc

public static AccessPermission checkAccessPermissionBySolrDoc(org.apache.solr.common.SolrDocument doc,
 String originalQuery,
 String privilegeName,
 javax.servlet.http.HttpServletRequest request)
                                                       throws IndexUnreachableException,
DAOException

Parameters:

doc -

originalQuery -

privilegeName -

request -

Returns:

AccessPermission

Throws:

IndexUnreachableException

DAOException

checkAccessPermissionByIdentiferForAllLogids

public static Map<String,AccessPermission> checkAccessPermissionByIdentiferForAllLogids(String identifier,
 String privilegeName,
 javax.servlet.http.HttpServletRequest request)
                                                                                 throws IndexUnreachableException,
DAOException

Checks whether the current users has the given access permissions each element of the record with the given identifier.

Parameters:

identifier - a String object.

privilegeName - a String object.

request - a HttpServletRequest object.

Returns:

Map with true/false for each LOGID

Throws:

IndexUnreachableException - if any.

DAOException - if any.

checkContentFileAccessPermission

public static AccessPermission checkContentFileAccessPermission(String identifier,
 javax.servlet.http.HttpServletRequest request)
                                                         throws IndexUnreachableException,
DAOException

Checks if the record with the given identifier should allow access to the given request

Parameters:

identifier - The PI of the work to check

request - The HttpRequest which may provide a HttpSession to store the access map

Returns:

AccessPermission

Throws:

IndexUnreachableException - if any.

DAOException - if any.

checkAccessPermissionByImageUrn

public static AccessPermission checkAccessPermissionByImageUrn(String imageUrn,
 String privilegeName,
 javax.servlet.http.HttpServletRequest request)
                                                        throws IndexUnreachableException,
DAOException

Checks whether the client may access an image (by image URN).

Parameters:

imageUrn - Image URN.

request - Calling HttpServiceRequest.

privilegeName - a String object.

Returns:

AccessPermission

Throws:

IndexUnreachableException - if any.

DAOException - if any.

checkAccessPermission

public static AccessPermission checkAccessPermission(Set<String> requiredAccessConditions,
 String privilegeName,
 String query,
 javax.servlet.http.HttpServletRequest request)
                                              throws IndexUnreachableException,
PresentationException,
DAOException

checkAccessPermission.

Parameters:

requiredAccessConditions - a Set object.

privilegeName - a String object.

request - a HttpServletRequest object.

query - a String object.

Returns:

AccessPermission

Throws:

IndexUnreachableException - if any.

PresentationException - if any.

DAOException - if any.

checkAccessPermissionForImage

public static AccessPermission checkAccessPermissionForImage(javax.servlet.http.HttpServletRequest request,
 String pi,
 String contentFileName)
                                                      throws IndexUnreachableException,
DAOException

Checks access permission for the given image and puts the permission status into the corresponding session map.

Parameters:

request - a HttpServletRequest object.

pi - a String object.

contentFileName - a String object.

Returns:

AccessPermission

Throws:

IndexUnreachableException - if any.

DAOException - if any.

checkAccessPermissionForThumbnail

public static AccessPermission checkAccessPermissionForThumbnail(javax.servlet.http.HttpServletRequest request,
 String pi,
 String contentFileName)
                                                          throws IndexUnreachableException,
DAOException

Checks access permission for the given thumbnail and puts the permission status into the corresponding session map.

Parameters:

request - a HttpServletRequest object.

pi - a String object.

contentFileName - a String object.

Returns:

AccessPermission

Throws:

IndexUnreachableException - if any.

DAOException - if any.

checkAccessPermissionForPagePdf

public static AccessPermission checkAccessPermissionForPagePdf(javax.servlet.http.HttpServletRequest request,
 PhysicalElement page)
                                                        throws IndexUnreachableException,
DAOException

Checks access permission for the given image and puts the permission status into the corresponding session map.

Parameters:

request - a HttpServletRequest object.

page - a PhysicalElement object.

Returns:

AccessPermission

Throws:

IndexUnreachableException - if any.

DAOException - if any.

checkAccessPermissionByIdentifierAndFilePathWithSessionMap

public static AccessPermission checkAccessPermissionByIdentifierAndFilePathWithSessionMap(javax.servlet.http.HttpServletRequest request,
 String filePath,
 String privilegeType)
                                                                                   throws IndexUnreachableException,
DAOException

checkAccessPermissionByIdentifierAndFilePathWithSessionMap.

Parameters:

request - a HttpServletRequest object.

filePath - FILENAME_ALTO or FILENAME_FULLTEXT value

privilegeType - a String object.

Returns:

AccessPermission

Throws:

IndexUnreachableException - if any.

DAOException - if any.

checkAccessPermissionByIdentifierAndFileNameWithSessionMap

public static AccessPermission checkAccessPermissionByIdentifierAndFileNameWithSessionMap(javax.servlet.http.HttpServletRequest request,
 String pi,
 String contentFileName,
 String privilegeType)
                                                                                   throws IndexUnreachableException,
DAOException

Checks access permission of the given privilege type for the given image and puts the permission status into the corresponding session map.

Parameters:

request - a HttpServletRequest object.

pi - a String object.

contentFileName - a String object.

privilegeType - a String object.

Returns:

AccessPermission

Throws:

IndexUnreachableException - if any.

DAOException - if any.

checkAccessPermission

public static AccessPermission checkAccessPermission(List<LicenseType> allLicenseTypes,
 Set<String> requiredAccessConditions,
 String privilegeName,
 User user,
 String remoteAddress,
 Optional<ClientApplication> client,
 String query)
                                              throws IndexUnreachableException,
PresentationException,
DAOException

Base method for checking access permissions of various types.

Parameters:

allLicenseTypes - a List object.

requiredAccessConditions - Set of access condition names to satisfy (one suffices).

privilegeName - The particular privilege to check.

user - Logged in user.

remoteAddress - a String object.

client -

query - Solr query describing the resource in question.

Returns:

Map<String, AccessPermission>

Throws:

IndexUnreachableException - if any.

PresentationException - if any.

DAOException - if any.

isFreeOpenAccess

public static boolean isFreeOpenAccess(Set<String> requiredAccessConditions,
 Collection<LicenseType> allLicenseTypes)
                                throws DAOException

Check whether the requiredAccessConditions consist only of the OPENACCESS condition and OPENACCESS is not contained in allLicenseTypes. In this and only this case can we savely assume that everything is permitted. If OPENACCESS is in the database then it likely contains some access restrictions which need to be checked

Parameters:

requiredAccessConditions - a Set object.

allLicenseTypes - all license types relevant for access. If null, the DAO is checked if it contains the OPENACCESS condition

Returns:

true if we can savely assume that we have entirely open access

Throws:

DAOException - if any.

getPdfDownloadQuotaForRecord

public static int getPdfDownloadQuotaForRecord(String pi)
                                        throws PresentationException,
IndexUnreachableException,
DAOException,
RecordNotFoundException

Parameters:

pi -

Returns:

Number of allowed downloads for given pi; 100 of no value set

Throws:

PresentationException

IndexUnreachableException

DAOException

RecordNotFoundException

isConcurrentViewsLimitEnabledForAnyAccessCondition

public static boolean isConcurrentViewsLimitEnabledForAnyAccessCondition(List<String> accessConditions)
                                                                  throws DAOException

Parameters:

accessConditions -

Returns:

true if any license type for the given list of access conditions has concurrent views limit enabled; false otherwise

Throws:

DAOException

isPrivilegeGrantedForDoc

public static boolean isPrivilegeGrantedForDoc(org.apache.solr.common.SolrDocument doc,
 String privilegeName,
 javax.servlet.http.HttpServletRequest request)

Parameters:

doc - The document containing access condition metadata

privilegeName - The privilege to check

request - The request trying to access the resource

Returns:

true if granted; false otherwise

getApplyingLicenses

public static List<License> getApplyingLicenses(Optional<User> user,
 String ipAddress,
 LicenseType type,
 IDAO dao)
                                         throws DAOException

List all licenses ("rights") that the given user and ipAddress is entitled to, either because they are directly given to the user, a group the user belongs to or to the given ipAddress, whether or not the given user exists

Parameters:

user -

ipAddress -

type -

dao -

Returns:

List

Throws:

DAOException

isHasDownloadTicket

public static boolean isHasDownloadTicket(String pi,
 javax.servlet.http.HttpSession session)

Parameters:

pi - Record identifier

session - HttpSession that contains permission attributes

Returns:

true if given session contains permission for pi; false otherwise

addDownloadTicketToSession

public static boolean addDownloadTicketToSession(String pi,
 javax.servlet.http.HttpSession session)

getSessionPermission

public static Object getSessionPermission(String attributeName,
 javax.servlet.http.HttpServletRequest request)

Parameters:

attributeName -

request -

Returns:

Object found in session; null otherwise

addSessionPermission

public static boolean addSessionPermission(String attributeName,
 Object attributeValue,
 javax.servlet.http.HttpServletRequest request)

Parameters:

attributeName -

attributeValue -

request -

Returns:

true if successful; false otherwise

clearSessionPermissions

public static int clearSessionPermissions(javax.servlet.http.HttpSession session)

Removes privileges saved in the user session.

Parameters:

session -

Returns:

Number of removed session attributes