Changeset 27172

Show
Ignore:
Timestamp:
11.04.2013 12:43:36 (7 years ago)
Author:
kjdon
Message:

For diego: when doing cross collection searching, now it takes into account authentication directives for the collections in the list. If a user has authenticated to get into the top collection, then his user groups are checked against the groups for all the collections. If he matches any, then they will be searched. But if he is not a member of the right group they will not be searched. If there was no authentication needed to get into top colleciton, then any collections with collection-level authentication will not be searched.

Location:
main/trunk/greenstone2/runtime-src/src/recpt
Files:
3 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/runtime-src/src/recpt/cgiwrapper.cpp

    r25560 r27172  
    544544 
    545545  queryaction *aqueryaction = new queryaction(); 
     546  aqueryaction->set_userdb(udb); 
    546547  aqueryaction->set_receptionist (&recpt); 
    547548  recpt.add_action (aqueryaction); 
  • main/trunk/greenstone2/runtime-src/src/recpt/queryaction.cpp

    r23420 r27172  
    831831} 
    832832 
     833bool queryaction::user_groups_match(const text_t &collection_groups, const text_t &user_groups) { 
     834 
     835      text_tset splitgrps; 
     836      text_t::const_iterator split_here = collection_groups.begin(); 
     837      text_t::const_iterator split_end = collection_groups.end(); 
     838 
     839      splitchar(split_here,split_end,',',splitgrps); 
     840 
     841     text_t::const_iterator ugroup_here = user_groups.begin(); 
     842     text_t::const_iterator ugroup_end = user_groups.end(); 
     843     text_t thisugroup; 
     844    while (ugroup_here != ugroup_end) { 
     845       ugroup_here = getdelimitstr (ugroup_here, ugroup_end, ',', thisugroup); 
     846       if (splitgrps.find(thisugroup) != splitgrps.end() ) 
     847         { // we have permission! 
     848           return true; 
     849         } 
     850    } 
     851    return false; 
     852} 
     853 
     854// If we are currently authenticated to be in this collection, then check all 
     855// collections in the list against the groups of the current user - if there is an overlap of groups, then add the collection into ccs list 
     856// If there had been no authentication needed to get to this collection, then 
     857// we'll ignore any collections that have collection level authentication 
     858void queryaction::validate_ccs_collection_list(cgiargsclass &args, recptprotolistclass *protos, ostream &logout) { 
     859 
     860  text_tarray collections; 
     861  text_t arg_cc = args["cc"]; 
     862  text_t arg_c = args["c"]; 
     863  decode_cgi_arg (arg_cc); 
     864  splitchar (arg_cc.begin(), arg_cc.end(), ',', collections); 
     865  bool currently_authenticated = false; 
     866  if (!args["uan"].empty()) { 
     867    // uan=1 means needs authentication. We'll only get here if we have passed authentication, otherwise the page would have been redirected to login page 
     868    currently_authenticated = true; 
     869  } 
     870  args["cc"] = ""; // we will add colls in one by one if they are valid 
     871  text_tarray::iterator col_here = collections.begin(); 
     872  text_tarray::iterator col_end = collections.end(); 
     873  bool first = true; 
     874  text_t current_user_name = args["un"]; 
     875  userinfo_t thisuser; 
     876  if (currently_authenticated) { 
     877    int status = user_database->get_user_info (current_user_name, thisuser); 
     878    if (status != ERRNO_SUCCEED) { // something has gone wrong, so assume not 
     879      // authenticated 
     880      currently_authenticated = false; 
     881    } 
     882  } 
     883   
     884  while (col_here != col_end) { 
     885    bool include_coll = false; 
     886    if (*col_here == arg_c) { 
     887      // current collection must be accessible otherwise we wouldn't be here. 
     888      include_coll = true; 
     889    } else { 
     890      recptproto *collectproto = protos->getrecptproto (*col_here, logout); 
     891      if (collectproto != NULL) { 
     892    ColInfoResponse_t *cinfo = recpt->get_collectinfo_ptr (collectproto, *col_here, logout); 
     893    text_t authenticate = cinfo->authenticate; 
     894    if (authenticate == "collection") { 
     895      if (currently_authenticated) { 
     896        text_t collection_groups = cinfo->auth_group; 
     897        if (user_groups_match(collection_groups, thisuser.groups)) { 
     898          include_coll = true; 
     899        } 
     900      } // else we'll not include it 
     901    } else { // not authenticated, or document level authentication - can include in the list 
     902      include_coll = true; 
     903    } 
     904      } 
     905    } 
     906    if (include_coll) { 
     907      if (!first) args["cc"].push_back (','); 
     908      args["cc"] += *col_here; 
     909      first = false; 
     910    } 
     911         
     912    ++col_here; 
     913  } 
     914 
     915} 
     916 
    833917bool queryaction::do_action (cgiargsclass &args, recptprotolistclass *protos,  
    834918                 browsermapclass *browsers, displayclass &disp,  
     
    845929  if (args["ccs"] == "1") { 
    846930    if (!args["cc"].empty()) { 
     931      validate_ccs_collection_list(args, protos, logout); // include only those which current user has access to 
    847932      // query the selected collections 
    848933      text_t::const_iterator b = args["cc"].begin(); 
  • main/trunk/greenstone2/runtime-src/src/recpt/queryaction.h

    r23378 r27172  
    3030#include "gsdlconf.h" 
    3131#include "basequeryaction.h" 
     32#include "userdb.h" 
    3233#include "receptionist.h" 
    3334 
     
    4142  int num_phrases; 
    4243 
     44  userdbclass *user_database; // for checking user groups in ccs 
    4345  virtual text_t query_filter_name () {return "QueryFilter";} 
    4446 
     
    9193  virtual bool save_search_history(cgiargsclass &args, int numdocs,  
    9294                   isapprox isApprox); 
    93  
     95  bool user_groups_match(const text_t &collection_groups, const text_t &user_groups); 
     96  void validate_ccs_collection_list(cgiargsclass &args, recptprotolistclass *protos, ostream &logout); 
    9497public: 
    9598  queryaction (); 
     
    99102  bool init (ostream &logout); 
    100103   
     104  void set_userdb(userdbclass *udb) {user_database = udb;} 
    101105  virtual text_t get_action_name () {return "q";} 
    102106   
    103107  virtual bool check_cgiargs (cgiargsinfoclass &argsinfo, cgiargsclass &args,  
    104108                  recptprotolistclass *protos, ostream &logout); 
    105  
    106109  virtual void define_internal_macros (displayclass &disp, cgiargsclass &args,  
    107110                   recptprotolistclass *protos, ostream &logout);