Changeset 27076 for main


Ignore:
Timestamp:
2013-03-13T14:14:41+13:00 (11 years ago)
Author:
sjm84
Message:

Debug service calls now require the user to be an administrator

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/DebugService.java

    r27054 r27076  
    1313import org.apache.log4j.Logger;
    1414import org.greenstone.gsdl3.util.GSXML;
     15import org.greenstone.gsdl3.util.UserContext;
    1516import org.greenstone.gsdl3.util.XMLConverter;
    1617import org.greenstone.util.GlobalProperties;
     
    8283        }
    8384
    84         String lang = request.getAttribute(GSXML.LANG_ATT);
    85         String uid = request.getAttribute(GSXML.USER_ID_ATT);
     85        UserContext context = new UserContext(request);
     86        boolean found = false;
     87        for (String group : context.getGroups())
     88        {
     89            if (group.equals("administrator"))
     90            {
     91                found = true;
     92            }
     93        }
     94
     95        if (!found)
     96        {
     97            GSXML.addError(this.doc, result, "This user does not have the required permissions to perform this action.");
     98            return result;
     99        }
    86100
    87101        // Get the parameters of the request
     
    190204        }
    191205
    192         String lang = request.getAttribute(GSXML.LANG_ATT);
    193         String uid = request.getAttribute(GSXML.USER_ID_ATT);
     206        UserContext context = new UserContext(request);
     207        boolean foundGroup = false;
     208        for (String group : context.getGroups())
     209        {
     210            if (group.equals("administrator"))
     211            {
     212                foundGroup = true;
     213            }
     214        }
     215
     216        if (!foundGroup)
     217        {
     218            GSXML.addError(this.doc, result, "This user does not have the required permissions to perform this action.");
     219            return result;
     220        }
    194221
    195222        // Get the parameters of the request
     
    307334        }
    308335
    309         String lang = request.getAttribute(GSXML.LANG_ATT);
    310         String uid = request.getAttribute(GSXML.USER_ID_ATT);
     336        UserContext context = new UserContext(request);
     337        boolean found = false;
     338        for (String group : context.getGroups())
     339        {
     340            if (group.equals("administrator"))
     341            {
     342                found = true;
     343            }
     344        }
     345
     346        if (!found)
     347        {
     348            GSXML.addError(this.doc, result, "This user does not have the required permissions to perform this action.");
     349            return result;
     350        }
    311351
    312352        // Get the parameters of the request
Note: See TracChangeset for help on using the changeset viewer.