jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContext.java - jena - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.jena.fuseki.access;

 import static java.util.stream.Collectors.toList;

 import java.util.Collection;
 import java.util.function.Predicate;

 import org.apache.jena.atlas.iterator.Iter;
 import org.apache.jena.graph.Node;
 import org.apache.jena.graph.NodeFactory;
 import org.apache.jena.query.Query;
 import org.apache.jena.query.QueryExecution;
 import org.apache.jena.query.QueryFactory;
 import org.apache.jena.sparql.core.DatasetGraph;
 import org.apache.jena.sparql.core.Quad;
 import org.apache.jena.sparql.util.Context;

 /** A {@link SecurityContext} is the things actor (user, role) is allowed to do.
  * Currently version: the set of graphs, by graph name, they can access.
  * It can be inverted into a "deny" policy with {@link Predicate#negate()}.
  */
 public interface SecurityContext {
     public static final SecurityContext NONE = new SecurityContextAllowNone();
     public static final SecurityContext ALL = new SecurityContextAllowAll();
     public static SecurityContext ALL_NG(DatasetGraph dsg) {
         Collection<Node> names = Iter.toList(dsg.listGraphNodes());
         //return new SecurityContextAllowNamedGraphs(dsg);
         return new SecurityContextView(names);
     }

     public static final Node allGraphs = NodeFactory.createURI("urn:jena:accessAllGraphs");
     public static final Node allNamedGraphs = NodeFactory.createURI("urn:jena:accessAllNamedGraphs");
     public static final Node allNamedGraphsStr = NodeFactory.createLiteral("*");
     public static final Node allGraphsStr = NodeFactory.createLiteral("**");

     /**
      * Collection of visible graph names.
      * <p>
      * This method returns null for "all" to avoid needing to calculate the current
      * set of named graph names. A collection of no elements means no named graphs
      * are visible.
      */
     public Collection<Node> visibleGraphs();

     /**
      * Collection of visible graph URI names.
      * <p>
      * This method returns null for "all" to avoid needing to calculate the current
      * set of named graph names. A collection of no elements means no named graphs
      * are visible.
      */
     public default Collection<String> visibleGraphNames() {
         if ( visibleGraphs() == null )
             return null;
         return visibleGraphs().stream()
                 .filter(Node::isURI)
                 .map(Node::getURI)
                 .collect(toList());
     }

     public boolean visableDefaultGraph();

     public default QueryExecution createQueryExecution(String queryString, DatasetGraph dsg) {
         return createQueryExecution(QueryFactory.create(queryString), dsg);
     }

     public QueryExecution createQueryExecution(Query query, DatasetGraph dsg);

     /**
      * Quad filter to reflect the security policy of this {@link SecurityContext}. It is
      * better to call {@link #createQueryExecution(Query, DatasetGraph)} which may be more
      * efficient.
      */
     public Predicate<Quad> predicateQuad();

     /**
      * Apply a filter suitable for the TDB-backed {@link DatasetGraph}, to the {@link Context} of the
      * {@link QueryExecution}. This does not modify the {@link DatasetGraph}.
      * Throws {@link IllegalArgumentException} if {@link DatasetGraph} is not a TDB1 or TDB2 backed dataset.
      * May throw {@link UnsupportedOperationException}.
      */
     public default void filterTDB(DatasetGraph dsg, QueryExecution qExec) {
         if ( ! org.apache.jena.tdb.sys.TDBInternal.isTDB1(dsg) || ! org.apache.jena.tdb2.sys.TDBInternal.isTDB2(dsg) )
             throw new IllegalArgumentException("Not a TDB database");
         throw new UnsupportedOperationException();
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.jena.fuseki.access;

	import static java.util.stream.Collectors.toList;

	import java.util.Collection;
	import java.util.function.Predicate;

	import org.apache.jena.atlas.iterator.Iter;
	import org.apache.jena.graph.Node;
	import org.apache.jena.graph.NodeFactory;
	import org.apache.jena.query.Query;
	import org.apache.jena.query.QueryExecution;
	import org.apache.jena.query.QueryFactory;
	import org.apache.jena.sparql.core.DatasetGraph;
	import org.apache.jena.sparql.core.Quad;
	import org.apache.jena.sparql.util.Context;

	/** A {@link SecurityContext} is the things actor (user, role) is allowed to do.
	* Currently version: the set of graphs, by graph name, they can access.
	* It can be inverted into a "deny" policy with {@link Predicate#negate()}.
	*/
	public interface SecurityContext {
	public static final SecurityContext NONE = new SecurityContextAllowNone();
	public static final SecurityContext ALL = new SecurityContextAllowAll();
	public static SecurityContext ALL_NG(DatasetGraph dsg) {
	Collection<Node> names = Iter.toList(dsg.listGraphNodes());
	//return new SecurityContextAllowNamedGraphs(dsg);
	return new SecurityContextView(names);
	}

	public static final Node allGraphs = NodeFactory.createURI("urn:jena:accessAllGraphs");
	public static final Node allNamedGraphs = NodeFactory.createURI("urn:jena:accessAllNamedGraphs");
	public static final Node allNamedGraphsStr = NodeFactory.createLiteral("*");
	public static final Node allGraphsStr = NodeFactory.createLiteral("**");

	/**
	* Collection of visible graph names.
	* <p>
	* This method returns null for "all" to avoid needing to calculate the current
	* set of named graph names. A collection of no elements means no named graphs
	* are visible.
	*/
	public Collection<Node> visibleGraphs();

	/**
	* Collection of visible graph URI names.
	* <p>
	* This method returns null for "all" to avoid needing to calculate the current
	* set of named graph names. A collection of no elements means no named graphs
	* are visible.
	*/
	public default Collection<String> visibleGraphNames() {
	if ( visibleGraphs() == null )
	return null;
	return visibleGraphs().stream()
	.filter(Node::isURI)
	.map(Node::getURI)
	.collect(toList());
	}

	public boolean visableDefaultGraph();

	public default QueryExecution createQueryExecution(String queryString, DatasetGraph dsg) {
	return createQueryExecution(QueryFactory.create(queryString), dsg);
	}

	public QueryExecution createQueryExecution(Query query, DatasetGraph dsg);

	/**
	* Quad filter to reflect the security policy of this {@link SecurityContext}. It is
	* better to call {@link #createQueryExecution(Query, DatasetGraph)} which may be more
	* efficient.
	*/
	public Predicate<Quad> predicateQuad();

	/**
	* Apply a filter suitable for the TDB-backed {@link DatasetGraph}, to the {@link Context} of the
	* {@link QueryExecution}. This does not modify the {@link DatasetGraph}.
	* Throws {@link IllegalArgumentException} if {@link DatasetGraph} is not a TDB1 or TDB2 backed dataset.
	* May throw {@link UnsupportedOperationException}.
	*/
	public default void filterTDB(DatasetGraph dsg, QueryExecution qExec) {
	if ( ! org.apache.jena.tdb.sys.TDBInternal.isTDB1(dsg) \|\| ! org.apache.jena.tdb2.sys.TDBInternal.isTDB2(dsg) )
	throw new IllegalArgumentException("Not a TDB database");
	throw new UnsupportedOperationException();
	}
	}