Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Access control] Private individual page #433

Merged
merged 33 commits into from
Feb 13, 2024
Merged

[Access control] Private individual page #433

merged 33 commits into from
Feb 13, 2024

Conversation

litvinovg
Copy link
Member

@litvinovg litvinovg commented Dec 14, 2023
edited
Loading

VIVO PR

What does this pull request do?

Created individual access object to check access permission to display individual pages.
Created policy templates to restrict access to individual pages:
Created useConfiguration object property to provide sparql query when sparql query results tested against provided values.
Suppress display of individual by uri (has priority 5000 )
template_suppress_display_individual_page_by_uri.n3
On individual editing form added checkboxes to suppress display of individual for roles
image
Suppress individual page display for a role by type (has priority 1500 )
template_suppress_display_individual_page_by_type.n3
Suppress display of individual by type if individual is not related to self editor profile (has priority 1500 )
template_suppress_display_not_related_individual_page_by_type.n3
On Class Editing Form added checkboxes to suppress display of individual in this class for roles
image

Allow display of page individual (if access wasn't denied by policies with higher priority, this policy has priority 1000) policy_allow_display_individual_page.n3
Suppress display of properties not related to self editor profiles
template_suppress_display_not_related_property_by_uri.n3
On property editing form page added checkbox to suppress display of property in not related individuals
image

Added tests to for new policy templates.

Removed duplicate authorization checks without statement details and graph.
Added named key components to access data sets and value sets by keys
named_key_components.n3
Refactoring:
Store model in AccessObject instead of AccessObjectStatement
Renamed sparql variable personUri to profileUri as it better suits related profiles and leaving it the same could cause confusion in future.
Removed uris String array parameter in PolicyLoader.getDataSetUriByKey method as it is not used anymore, use varargs for literal identifiers. Refactored all related methods.
Replaced ProximityChecker with more abstract SparqlSelectQueryResultsChecker.
Added safety check to AttributeValueSetFactory to avoid reusing not related value set returned by key.
Improved logging in PolicyLoader.

How to test

Policy templates are tested in automatic tests.
Build Vitro and VIVO, try using checkboxes to suppress display of individual pages and properties.

Interested parties

@chenejac

@chenejac chenejac linked an issue Dec 15, 2023 that may be closed by this pull request
Private individual page vivo-project/VIVO#3929
Closed
@litvinovg litvinovg force-pushed the individual_access_object branch 7 times, most recently from dc5bdcf to 3f1c088 Compare December 21, 2023 11:26
@litvinovg litvinovg marked this pull request as ready for review December 21, 2023 11:26
@litvinovg litvinovg changed the title [Access control] Indivudal access object [Access control] Private individual page Dec 21, 2023
@litvinovg litvinovg mentioned this pull request Dec 21, 2023
Merged
@litvinovg litvinovg force-pushed the individual_access_object branch from 734712b to 7090a4b Compare January 8, 2024 17:22
@litvinovg litvinovg requested a review from chenejac January 9, 2024 13:56
@litvinovg
created Individual access object
ae26d5b
@litvinovg
refact: removed not needed type constructor from NamedAccessObject, r…
9cd75ca 
…euse it for IndividualAccessObject
@litvinovg
fix: support values object property in SPARQL query to load acess pol…
fe5d501 
…icy.
@litvinovg
check authorization for rdfs:label property on individual page
1416ac6
@litvinovg
fix: removed duplicate authorization check without statement details …
1bb5e4a 
…and graph
@litvinovg
Added policy to allow access to individual pages
259d8bc
@litvinovg
Added policy template to hide some properties not related to self edi…
6a9dcc2 
…tor profile
@litvinovg
Added named key component class, refactored PolicyLoader and EntityPo…
a052dd7 
…licyLoader code to support named key components
@litvinovg
Added policy and test to exclude individual page from display by uri
f802361
@litvinovg
fixes: store model in AccessObject, renamed sparql variable personUri…
53cbfff 
… to profileUri, created useConfiguration object property to provide sparql query when sparql query results tested against provided values. Replaced ProximityChecker with more abstract SparqlSelectQueryResultsChecker. Added safety check to AttributeValueSetFactory. Improved logging in PolicyLoader.
@litvinovg
added template to exclude individual page from display by type
8984e8d
@litvinovg
fix: use objectUri as part of query map key in QueryResultsMapCache
c7cdf81
@litvinovg
Added NOT_RELATED key component
0f850c8
@litvinovg
fix for proximity query
f9745b7
@litvinovg
renamed operator
f4e8014
@litvinovg
fix: use named key components in getEntityValueSetUri query
8c7c107
@litvinovg
implemented getResourceUris in IndividualAccessObject
1bdcfe1
@litvinovg litvinovg force-pushed the individual_access_object branch from 3d2c640 to bfb5bdd Compare January 12, 2024 13:51
@litvinovg
Copy link
Member Author

@chenejac Added translations for different languages. We need reviews/corrections from native speakers.

bkampe
bkampe approved these changes Jan 12, 2024
View reviewed changes
Copy link
Contributor

@bkampe bkampe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked the German translations and think they are fine. Maybe a better wording would be possible, but it's not that easy to build well formed german sentences with these more or less complex statements.

@hauschke
Copy link
Member

Thanks for the changes in German translation, @litvinovg, looks good now.

chenejac
chenejac requested changes Jan 16, 2024
View reviewed changes
Copy link
Contributor

@chenejac chenejac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@litvinovg great work. Can you please check a couple of my comments?

litvinovg and others added 3 commits January 18, 2024 10:25
@litvinovg @chenejac
Apply suggestions from code review
f9d876e 
Serbian label fixes.

Co-authored-by: Dragan Ivanovic <chenejac@uns.ac.rs>
@litvinovg
refact:renamed test
ac59f44
@litvinovg
Converted parameters to constants
b1360a2
@litvinovg litvinovg requested a review from chenejac January 18, 2024 12:31
@chenejac chenejac requested a review from ivanmrsulja January 19, 2024 10:01
chenejac
chenejac previously approved these changes Jan 19, 2024
View reviewed changes
Copy link
Contributor

@chenejac chenejac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well done

ivanmrsulja
ivanmrsulja suggested changes Jan 22, 2024
View reviewed changes
Copy link
Member

@ivanmrsulja ivanmrsulja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, but I have left some comments that you may find helpfull 🙂

@litvinovg @ivanmrsulja
Serbian translation template improvements
5f2c22a 
Co-authored-by: Ivan R. Mršulja <nighteliteace@gmail.com>
@chenejac chenejac merged commit 03517df into vivo-project:main Feb 13, 2024
1 check passed
@litvinovg litvinovg mentioned this pull request Feb 13, 2024
Merged
@litvinovg litvinovg mentioned this pull request May 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hauschke hauschke hauschke left review comments

@brianjlowe brianjlowe brianjlowe left review comments

@ivanmrsulja ivanmrsulja ivanmrsulja requested changes

@chenejac chenejac chenejac approved these changes

@bkampe bkampe bkampe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Private individual page
6 participants
@litvinovg @hauschke @brianjlowe @chenejac @bkampe @ivanmrsulja