Changeset 27076

Show
Ignore:
Timestamp:
13.03.2013 14:14:41 (7 years ago)
Author:
sjm84
Message:

Debug service calls now require the user to be an administrator

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/DebugService.java

    r27054 r27076  
    1313import org.apache.log4j.Logger; 
    1414import org.greenstone.gsdl3.util.GSXML; 
     15import org.greenstone.gsdl3.util.UserContext; 
    1516import org.greenstone.gsdl3.util.XMLConverter; 
    1617import org.greenstone.util.GlobalProperties; 
     
    8283        } 
    8384 
    84         String lang = request.getAttribute(GSXML.LANG_ATT); 
    85         String uid = request.getAttribute(GSXML.USER_ID_ATT); 
     85        UserContext context = new UserContext(request); 
     86        boolean found = false; 
     87        for (String group : context.getGroups()) 
     88        { 
     89            if (group.equals("administrator")) 
     90            { 
     91                found = true; 
     92            } 
     93        } 
     94 
     95        if (!found) 
     96        { 
     97            GSXML.addError(this.doc, result, "This user does not have the required permissions to perform this action."); 
     98            return result; 
     99        } 
    86100 
    87101        // Get the parameters of the request 
     
    190204        } 
    191205 
    192         String lang = request.getAttribute(GSXML.LANG_ATT); 
    193         String uid = request.getAttribute(GSXML.USER_ID_ATT); 
     206        UserContext context = new UserContext(request); 
     207        boolean foundGroup = false; 
     208        for (String group : context.getGroups()) 
     209        { 
     210            if (group.equals("administrator")) 
     211            { 
     212                foundGroup = true; 
     213            } 
     214        } 
     215 
     216        if (!foundGroup) 
     217        { 
     218            GSXML.addError(this.doc, result, "This user does not have the required permissions to perform this action."); 
     219            return result; 
     220        } 
    194221 
    195222        // Get the parameters of the request 
     
    307334        } 
    308335 
    309         String lang = request.getAttribute(GSXML.LANG_ATT); 
    310         String uid = request.getAttribute(GSXML.USER_ID_ATT); 
     336        UserContext context = new UserContext(request); 
     337        boolean found = false; 
     338        for (String group : context.getGroups()) 
     339        { 
     340            if (group.equals("administrator")) 
     341            { 
     342                found = true; 
     343            } 
     344        } 
     345 
     346        if (!found) 
     347        { 
     348            GSXML.addError(this.doc, result, "This user does not have the required permissions to perform this action."); 
     349            return result; 
     350        } 
    311351 
    312352        // Get the parameters of the request