Changeset 27164

Show
Ignore:
Timestamp:
10.04.2013 13:22:45 (7 years ago)
Author:
sjm84
Message:

Check and make sure a user is authenticated before allowing changes to be made

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java

    r27075 r27164  
    1717import org.greenstone.gsdl3.util.DerbyWrapper; 
    1818import org.greenstone.gsdl3.util.GSXML; 
     19import org.greenstone.gsdl3.util.UserContext; 
    1920import org.greenstone.gsdl3.util.UserQueryResult; 
    2021import org.greenstone.gsdl3.util.UserTermInfo; 
     
    331332        result.setAttribute(GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_PROCESS); 
    332333 
     334        String[] userGroups = (new UserContext(request)).getGroups(); 
     335 
     336        boolean found = false; 
     337        for (String group : userGroups) 
     338        { 
     339            if (group.equals("administrator")) 
     340            { 
     341                found = true; 
     342            } 
     343        } 
     344 
     345        if (!found) 
     346        { 
     347            GSXML.addError(this.doc, result, "This user does not have the required permissions to perform this action."); 
     348            return result; 
     349        } 
     350 
    333351        // Create an Authentication node put into the result 
    334352        Element authenNode = this.doc.createElement(GSXML.AUTHEN_NODE_ELEM);