Versions Compared

Old Version 2

changes.mady.by.user Tim Donohue

Saved on

compared with

New Version 3

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The type of expressions we use are:

  1. hasPermission(#uuid, 'DSO-TYPE', 'ACTION'): Check if the current user is allowed to execute the listed action on the specified DSpace Object (for example downloading a bitstream).

    Code Block
    # Example:  Only allows you to access this "findOne()" method, if your have READ permissions on the Bitstream identified by the "id" parameter
@PreAuthorize("hasPermission(#id, 'BITSTREAM', 'READ')")
public BitstreamRest findOne(Context context, UUID id) {
...
}


  2. hasAuthority('VALUE'): Check if the current user has a specific Spring authority. Currently there are only three authority values: ADMIN, EPERSON and ANONYMOUS. (for example when querying all items).

    Code Block
    # Example #1: Only allows you to access this method if you are logged in as a system Administrator
@PreAuthorize("hasAuthority('ADMIN')")
public Page<BitstreamRest> findAll(Context context, Pageable pageable) {
...
}

# Example #2: Only allows you to access this method if you are currently logged in to the system
@PreAuthorize("hasAuthority('AUTHENTICATED')")
public AuthorityRest findOne(Context context, String name) {
...
}


# Example #3: Only allows you to access this method if you are anonymous (not logged in)
@PreAuthorize("hasAuthority('ANONYMOUS')")
public someMethod() {
...
}


For the evaluation of the hasPermission expressions, we wrote a custom "permission evaluator" DSpacePermissionEvaluator that uses a plug-in system. If one of the available plug-ins approves the requested permission, the current user is allowed to execute the action. Plugins are dynamically "discovered" using the Spring auto-wiring functionality. The plug-ins we implemented are:

...