Changeset 11940 for trunk/gsdl/cgi-bin/gliserver.pl

Timestamp:

2006-06-20T09:49:13+12:00 (18 years ago)

Author:

mdewsnip

Message:

New authentication system: users with group "personal-collections-editor" can edit any collection starting with their username, users with group "all-collections-editor" can edit any collection, users with group "<collection>-collection-editor" can edit the <collection> collection.

File:

• trunk/gsdl/cgi-bin/gliserver.pl (modified) (1 diff)

trunk/gsdl/cgi-bin/gliserver.pl

@@ -151 +151 @@
     my ($user_groups) = ($user_data =~ /\<groups\>(.*)/);
     foreach my $user_group (split(/\,/, $user_groups)) {
-    if ($user_group eq "$collection-maintainer" || $user_group eq "remote-superuser") {
-        # Authentication successful!
-        return;
+    # Does this user have access to all collections?
+    if ($user_group eq "all-collections-editor") {
+        return;  # Authentication successful
+    }
+    # Does this user have access to personal collections, and is this one?
+    if ($user_group eq "personal-collections-editor" && $collection =~ /^$username\-/) {
+        return;  # Authentication successful
+    }
+    # Does this user have access to this collection
+    if ($user_group eq "$collection-collection-editor") {
+        return;  # Authentication successful
     }
     }