- Timestamp:
- 2014-11-10T14:47:05+13:00 (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/DebugService.java
r28966 r29421 89 89 } 90 90 91 UserContext context = new UserContext(request);92 boolean found = false;93 for (String group : context.getGroups())94 {95 if (group.equals("administrator"))96 {97 found = true;98 }99 }100 101 if (!found)102 {103 GSXML.addError(result, "This user does not have the required permissions to perform this action.");104 return result;105 }106 107 91 // Get the parameters of the request 108 92 Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); … … 116 100 HashMap<String, Serializable> params = GSXML.extractParams(param_list, false); 117 101 102 String collectionName = (String) params.get("collectionName"); 103 104 // check permissions 105 if (!userHasEditPermissions(collectionName, request)) { 106 GSXML.addError(result, "This user does not have the required permissions to perform this action."); 107 return result; 108 } 118 109 String interfaceName = (String) params.get("interfaceName"); 119 110 String siteName = (String) params.get("siteName"); 120 String collectionName = (String) params.get("collectionName");121 111 String fileName = (String) params.get("fileName"); 122 112 String nameToGet = (String) params.get("templateName"); … … 164 154 } 165 155 166 UserContext context = new UserContext(request);167 boolean found = false;168 for (String group : context.getGroups())169 {170 if (group.equals("administrator"))171 {172 found = true;173 }174 }175 176 if (!found)177 {178 GSXML.addError(result, "This user does not have the required permissions to perform this action.");179 return result;180 }181 182 156 // Get the parameters of the request 183 157 Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); … … 190 164 191 165 HashMap<String, Serializable> params = GSXML.extractParams(param_list, false); 166 167 168 String collectionName = (String) params.get("collectionName"); 169 // check permissions 170 if (!userHasEditPermissions(collectionName, request)) { 171 GSXML.addError(result, "This user does not have the required permissions to perform this action."); 172 return result; 173 } 192 174 193 175 String locationName = (String) params.get("locationName"); 194 176 String interfaceName = (String) params.get("interfaceName"); 195 177 String siteName = (String) params.get("siteName"); 196 String collectionName = (String) params.get("collectionName");197 178 String fileName = (String) params.get("fileName"); 198 179 String namespace = (String) params.get("namespace"); … … 202 183 String xPath = (String) params.get("xpath"); 203 184 185 186 204 187 String fullNamespace; 205 188 if (namespace.toLowerCase().equals("gsf")) … … 318 301 } 319 302 320 UserContext context = new UserContext(request);321 boolean foundGroup = false;322 for (String group : context.getGroups())323 {324 if (group.equals("administrator"))325 {326 foundGroup = true;327 }328 }329 330 if (!foundGroup)331 {332 GSXML.addError(result, "This user does not have the required permissions to perform this action.");333 return result;334 }335 336 303 // Get the parameters of the request 337 304 Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); … … 344 311 345 312 HashMap<String, Serializable> params = GSXML.extractParams(param_list, false); 313 314 String collectionName = (String) params.get("collectionName"); 315 // check permissions 316 if (!userHasEditPermissions(collectionName, request)) { 317 GSXML.addError(result, "This user does not have the required permissions to perform this action."); 318 return result; 319 } 346 320 347 321 String locationName = (String) params.get("locationName"); … … 349 323 String interfaceName = (String) params.get("interfaceName"); 350 324 String siteName = (String) params.get("siteName"); 351 String collectionName = (String) params.get("collectionName");352 325 String namespace = (String) params.get("namespace"); 353 326 String nodeName = (String) params.get("nodename"); … … 485 458 } 486 459 487 UserContext context = new UserContext(request);488 boolean found = false;489 for (String group : context.getGroups())490 {491 if (group.equals("administrator"))492 {493 found = true;494 }495 }496 497 if (!found)498 {499 GSXML.addError(result, "This user does not have the required permissions to perform this action.");500 return result;501 }502 503 460 // Get the parameters of the request 504 461 Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); … … 512 469 HashMap<String, Serializable> params = GSXML.extractParams(param_list, false); 513 470 471 String collectionName = (String) params.get("collectionName"); 472 // check permissions 473 if (!userHasEditPermissions(collectionName, request)) { 474 GSXML.addError(result, "This user does not have the required permissions to perform this action."); 475 return result; 476 } 514 477 String locationName = (String) params.get("locationName"); 515 478 String siteName = (String) params.get("siteName"); 516 String collectionName = (String) params.get("collectionName");517 479 String interfaceName = (String) params.get("interfaceName"); 518 480 String fileName = (String) params.get("fileName"); … … 597 559 } 598 560 599 UserContext context = new UserContext(request);600 boolean found = false;601 for (String group : context.getGroups())602 {603 if (group.equals("administrator"))604 {605 found = true;606 }607 }608 609 if (!found)610 {611 GSXML.addError(result, "This user does not have the required permissions to perform this action.");612 return result;613 }614 615 561 // Get the parameters of the request 616 562 Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); … … 624 570 HashMap<String, Serializable> params = GSXML.extractParams(param_list, false); 625 571 572 String collectionName = (String) params.get("collectionName"); 573 // check permissions 574 if (!userHasEditPermissions(collectionName, request)) { 575 GSXML.addError(result, "This user does not have the required permissions to perform this action."); 576 return result; 577 } 626 578 String interfaceName = (String) params.get("interfaceName"); 627 579 String siteName = (String) params.get("siteName"); 628 String collectionName = (String) params.get("collectionName");629 580 630 581 Element fileList = result_doc.createElement("fileListJSON"); … … 700 651 return result; 701 652 } 653 654 protected boolean userHasEditPermissions(String collection, Element request) { 655 UserContext context = new UserContext(request); 656 for (String group : context.getGroups()) { 657 // administrator always has permission 658 if (group.equals("administrator")) { 659 return true; 660 } 661 // all-collections-editor can edit any collection 662 if (!collection.equals("")) { 663 if (group.equals("all-collections-editor")) { 664 return true; 665 } 666 if (group.equals(collection+"-collection-editor")) { 667 return true; 668 } 669 } 670 } 671 // haven't found a group with edit permissions 672 return false; 673 674 } 702 675 } 676
Note:
See TracChangeset
for help on using the changeset viewer.