Modified: trunk/app/models/ontology.rb (2697 => 2698)
--- trunk/app/models/ontology.rb 2011-09-12 09:10:56 UTC (rev 2697)
+++ trunk/app/models/ontology.rb 2011-09-12 13:16:15 UTC (rev 2698)
@@ -11,5 +11,6 @@
validates_presence_of(:uri, :title, :prefix)
+ validates_uniqueness_of(:uri, :prefix)
end
Modified: trunk/lib/authorization.rb (2697 => 2698)
--- trunk/lib/authorization.rb 2011-09-12 09:10:56 UTC (rev 2697)
+++ trunk/lib/authorization.rb 2011-09-12 13:16:15 UTC (rev 2698)
@@ -219,6 +219,30 @@
return true
end
+ # Ontology permissions
+
+ if (object_type == 'Ontology') && (action == 'create')
+
+ # Ontologies can only be created by authenticated users
+ return !user.nil?
+ end
+
+ # Predicate permissions
+
+ if (object_type == 'Predicate') && (action == 'create')
+
+ # Predicates can only be added by users that can edit its ontology
+ return Authorization.is_authorized?('edit', nil, context, user)
+ end
+
+ # Relationship permissions
+
+ if (object_type == 'Relationship') && (action == 'create')
+
+ # Relationships can only be added by users that can edit its context
+ return Authorization.is_authorized?('edit', nil, context, user)
+ end
+
return false
end
@@ -298,8 +322,8 @@
#
# this is required to get "policy_id" for policy-based aurhorized objects (like workflows / blobs / packs / contributions)
# and to get objects themself for other object types (networks, experiments, jobs, tavernaenactors, runners)
- if (thing_contribution.nil? && ["Workflow", "Blog", "Blob", "Pack", "Contribution"].include?(thing_type)) ||
- (thing_instance.nil? && ["Network", "Comment", "Bookmark", "Experiment", "Job", "TavernaEnactor", "Runner", "Picture", "ClientApplication"].include?(thing_type))
+ if (thing_contribution.nil? && ["Workflow", "Blog", "Blob", "Pack", "Ontology", "Contribution"].include?(thing_type)) ||
+ (thing_instance.nil? && ["Network", "Comment", "Bookmark", "Experiment", "Job", "TavernaEnactor", "Runner", "Picture", "ClientApplication", "Predicate", "Relationship"].include?(thing_type))
found_thing = find_thing(thing_type, thing_id)
@@ -524,6 +548,49 @@
is_authorized = is_owner?(user_id, thing_instance)
+ when "Ontology"
+
+ case action
+
+ when "destroy"
+ # Users can delete their own ontologies
+ is_authorized = Authorization.is_owner?(user_id, thing_instance)
+
+ when "view"
+ # All users can view
+ is_authorized = true
+
+ when "edit"
+ # Users can edit their own ontologies
+ is_authorized = Authorization.is_owner?(user_id, thing_instance)
+ end
+
+ when "Predicate"
+
+ case action
+
+ when "view"
+ # All users can view predicates
+ is_authorized = true
+
+ else
+ # All other predicate permissions are inherited from the ontology
+ is_authorized = Authorization.is_authorized?('edit', nil, thing_instance.ontology, user_id)
+ end
+
+ when "Relationship"
+
+ case action
+
+ when "view"
+ # Users that can view the context can view the relationship
+ is_authorized = Authorization.is_authorized?('view', nil, thing_instance.context, user_id)
+
+ else
+ # All other relationship permissions depend on edit access to the context
+ is_authorized = Authorization.is_authorized?('edit', nil, thing_instance.context, user_id)
+ end
+
else
# don't recognise the kind of "thing" that is being authorized, so
# we don't specifically know that it needs to be blocked;
@@ -531,8 +598,7 @@
is_authorized = true
end
- return is_authorized
-
+ is_authorized
end
@@ -595,6 +661,12 @@
found_instance = Picture.find(thing_id)
when "ClientApplication"
found_instance = ClientApplication.find(thing_id)
+ when "Ontology"
+ found_instance = Ontology.find(thing_id)
+ when "Predicate"
+ found_instance = Predicate.find(thing_id)
+ when "Relationship"
+ found_instance = Relationship.find(thing_id)
end
rescue ActiveRecord::RecordNotFound
# do nothing; makes sure that app won't crash when the required object is not found;
Modified: trunk/lib/rest.rb (2697 => 2698)
--- trunk/lib/rest.rb 2011-09-12 09:10:56 UTC (rev 2697)
+++ trunk/lib/rest.rb 2011-09-12 13:16:15 UTC (rev 2698)
@@ -555,7 +555,7 @@
def rest_resource_uri(ob)
- case ob.class.to_s
+ case ob.class.name
when 'Workflow'; return workflow_url(ob)
when 'Blob'; return file_url(ob)
when 'Network'; return group_url(ob)
@@ -580,6 +580,9 @@
when 'ContentType'; return content_type_url(ob)
when 'License'; return license_url(ob)
when 'CurationEvent'; return nil
+ when 'Ontology'; return nil
+ when 'Predicate'; return nil
+ when 'Relationship'; return nil
when 'Creditation'; return nil
when 'Attribution'; return nil
@@ -595,7 +598,7 @@
base = "#{request.protocol}#{request.host_with_port}"
- case ob.class.to_s
+ case ob.class.name
when 'Workflow'; return "#{base}/workflow.xml?id=#{ob.id}"
when 'Blob'; return "#{base}/file.xml?id=#{ob.id}"
when 'Network'; return "#{base}/group.xml?id=#{ob.id}"
@@ -622,6 +625,9 @@
when 'ContentType'; return "#{base}/type.xml?id=#{ob.id}"
when 'License'; return "#{base}/license.xml?id=#{ob.id}"
when 'CurationEvent'; return "#{base}/curation-event.xml?id=#{ob.id}"
+ when 'Ontology'; return "#{base}/ontology.xml?id=#{ob.id}"
+ when 'Predicate'; return "#{base}/predicate.xml?id=#{ob.id}"
+ when 'Relationship'; return "#{base}/relationship.xml?id=#{ob.id}"
when 'Creditation'; return "#{base}/credit.xml?id=#{ob.id}"
when 'Attribution'; return nil
@@ -634,7 +640,7 @@
def rest_object_tag_text(ob)
- case ob.class.to_s
+ case ob.class.name
when 'User'; return 'user'
when 'Workflow'; return 'workflow'
when 'Blob'; return 'file'
@@ -656,6 +662,9 @@
when 'ContentType'; return 'type'
when 'License'; return 'license'
when 'CurationEvent'; return 'curation-event'
+ when 'Ontology'; return 'ontology'
+ when 'Predicate'; return 'predicate'
+ when 'Relationship'; return 'relationship'
end
return 'object'
@@ -663,7 +672,7 @@
def rest_object_label_text(ob)
- case ob.class.to_s
+ case ob.class.name
when 'User'; return ob.name
when 'Workflow'; return ob.title
when 'Blob'; return ob.title
@@ -683,6 +692,9 @@
when 'ContentType'; return ob.title
when 'License'; return ob.title
when 'CurationEvent'; return ob.category
+ when 'Ontology'; return ob.title
+ when 'Predicate'; return ob.title
+ when 'Relationship'; return ''
end
return ''