From 0b3db349e94c89e98057f7825ecff829e7e8d90e Mon Sep 17 00:00:00 2001 From: Martynas Date: Mon, 25 Nov 2024 00:12:22 +0100 Subject: [PATCH] Further optimization of the authorization query --- .../filter/request/AuthorizationFilter.java | 2 +- src/main/webapp/WEB-INF/web.xml | 89 +++++++++---------- 2 files changed, 45 insertions(+), 46 deletions(-) diff --git a/src/main/java/com/atomgraph/linkeddatahub/server/filter/request/AuthorizationFilter.java b/src/main/java/com/atomgraph/linkeddatahub/server/filter/request/AuthorizationFilter.java index af0fca4e2..0948cfe3c 100644 --- a/src/main/java/com/atomgraph/linkeddatahub/server/filter/request/AuthorizationFilter.java +++ b/src/main/java/com/atomgraph/linkeddatahub/server/filter/request/AuthorizationFilter.java @@ -158,7 +158,7 @@ public void filter(ContainerRequestContext request) throws IOException public QuerySolutionMap getAuthorizationParams(Resource absolutePath, Resource agent, Resource accessMode) { QuerySolutionMap qsm = new QuerySolutionMap(); - qsm.add(SPIN.THIS_VAR_NAME, absolutePath); + qsm.add("thisValue", absolutePath); // ?this is now assigned using VALUES qsm.add("Mode", accessMode); qsm.add(LDT.Ontology.getLocalName(), getApplication().getOntology()); qsm.add(LDT.base.getLocalName(), getApplication().getBase()); diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml index 27c714494..76abb4fe8 100644 --- a/src/main/webapp/WEB-INF/web.xml +++ b/src/main/webapp/WEB-INF/web.xml @@ -29,41 +29,37 @@ DESCRIBE ?auth FROM WHERE { - { ?auth acl:agent $agent} - UNION - { ?auth acl:agentGroup ?Group . - ?Group foaf:member $agent - } - UNION - { ?auth acl:agentClass foaf:Agent } - UNION - { ?auth acl:agentClass $AuthenticatedAgentClass } + VALUES ?this { $thisValue } + { + SELECT ?auth ?this ?Type + { + { ?auth acl:agent $agent} + UNION + { ?auth acl:agentGroup ?Group . + ?Group foaf:member $agent + } + UNION + { ?auth acl:agentClass foaf:Agent } + UNION + { ?auth acl:agentClass $AuthenticatedAgentClass } - ?auth acl:mode $Mode . + ?auth acl:mode $Mode . - { ?auth acl:accessTo $this } - UNION - { ?auth acl:accessTo $Container - SERVICE $endpoint - { GRAPH $Container - { { $Container a def:Root } - UNION - { $Container a dh:Container } - } - FILTER NOT EXISTS { GRAPH $this - { $this ?thisP ?thisO } - } - } - } - UNION - { { ?auth acl:accessToClass ?Type } - UNION - { ?auth acl:accessToClass ?Class . - ?Type (rdfs:subClassOf)* ?Class - } - SERVICE $endpoint - { { GRAPH $this - { $this a ?Type } + { ?auth acl:accessTo ?this } + UNION + { ?auth acl:accessToClass ?Type } + UNION + { ?auth acl:accessToClass ?Class . + ?Type (rdfs:subClassOf)* ?Class + } + } + } + SERVICE $endpoint + { + SELECT ?this ?Type + { + { GRAPH ?this + { ?this a ?Type } } UNION { GRAPH $Container @@ -72,18 +68,18 @@ WHERE { $Container a dh:Container } $Container a ?Type } - FILTER NOT EXISTS { GRAPH $this - { $this ?thisP ?thisO } + FILTER NOT EXISTS { GRAPH ?this + { ?this ?thisP ?thisO } } } UNION { GRAPH ?g - { $this a ; + { ?this a ; a ?Type } } } - } + } } ]]> @@ -98,7 +94,10 @@ PREFIX sioc: DESCRIBE ?auth FROM WHERE - { { ?auth acl:mode acl:Control . + { + VALUES ?this { $thisValue } + + { ?auth acl:mode acl:Control . ?doc foaf:primaryTopic ?auth { ?auth acl:agent $agent } UNION @@ -109,12 +108,12 @@ WHERE UNION { ?auth acl:agentClass $AuthenticatedAgentClass ; acl:mode $Mode - { ?auth acl:accessTo $this + { ?auth acl:accessTo ?this OPTIONAL - { $this a ?Type } + { ?this a ?Type } } UNION - { $this a ?Type + { ?this a ?Type { ?auth acl:accessToClass ?Type } UNION { ?auth acl:accessToClass ?Class . @@ -125,12 +124,12 @@ WHERE UNION { ?auth acl:agentClass foaf:Agent ; acl:mode acl:Read - { ?auth acl:accessTo $this + { ?auth acl:accessTo ?this OPTIONAL - { $this a ?Type } + { ?this a ?Type } } UNION - { $this a ?Type + { ?this a ?Type { ?auth acl:accessToClass ?Type } UNION { ?auth acl:accessToClass ?Class . @@ -138,7 +137,7 @@ WHERE } } # only namespace, signup, OAuth2 login and WebID profiles can be public in admin app, nothing else - FILTER ( $this IN (uri(concat(str($base), "ns")), uri(concat(str($base), "sign%20up")), uri(concat(str($base), "oauth2/login")), uri(concat(str($base), "oauth2/authorize/google"))) || strstarts(str($this), concat(str($base), "acl/agents/")) || strstarts(str($this), concat(str($base), "acl/public-keys/"))) + FILTER ( ?this IN (uri(concat(str($base), "ns")), uri(concat(str($base), "sign%20up")), uri(concat(str($base), "oauth2/login")), uri(concat(str($base), "oauth2/authorize/google"))) || strstarts(str(?this), concat(str($base), "acl/agents/")) || strstarts(str(?this), concat(str($base), "acl/public-keys/"))) } } ]]>