Changeset 29869 for main

Timestamp:

2015-05-12T21:47:35+12:00 (9 years ago)

Author:

ak19

Message:

First part of commit for ensuring the user is authenticated when running the scripts used by the online metadata editor. Running metaserver, BuildAndActivate and other GS2Construct.java commands should not be possible from a web browser.

Location:

main/trunk/greenstone3

Files:

• src/java/org/greenstone/gsdl3/build/CollectionConstructor.java (modified) (2 diffs)
• src/java/org/greenstone/gsdl3/build/GS2PerlConstructor.java (modified) (8 diffs)
• src/java/org/greenstone/gsdl3/service/GS2Construct.java (modified) (14 diffs)
• web/interfaces/default/js/javascript-global-functions.js (modified) (1 diff)

main/trunk/greenstone3/src/java/org/greenstone/gsdl3/build/CollectionConstructor.java

@@ -28 +28 @@
     /** Stores the name of the manifest file (if one is needed) */
     protected String manifest_file = null;
+    /** The URL params constructed as a query string, representing the CGI QUERY_STRING to */
+    protected String query_string = null;
 
     public CollectionConstructor(String name)
@@ -64 +66 @@
     {
         this.collection_name = coll_name;
+    }
+
+        public void setQueryString(String querystring)
+    {
+        this.query_string = querystring;
     }
 

main/trunk/greenstone3/src/java/org/greenstone/gsdl3/build/GS2PerlConstructor.java

@@ -33 +33 @@
     public static final int BUILD = 2;
     public static final int ACTIVATE = 3;
+    public static final int SET_METADATA_SERVER = 4;
 
     /**
@@ -118 +119 @@
         case ACTIVATE:
             activateCollection();
+            break;
+        case SET_METADATA_SERVER:
+            setMetadataForCollection();
             break;
         default:
@@ -202 +206 @@
         command.add("-collectdir");
         command.add(GSFile.collectDir(this.site_home));
+        command.add("-removeold"); // saves some seconds processing time when this flag's added in explicitly
         command.addAll(extractParameters(this.process_params));
         command.add(this.collection_name);
@@ -272 +277 @@
         command.add("-collectdir");
         command.add(GSFile.collectDir(this.site_home));
+        command.add("-removeold"); // saves some seconds processing time when this flag's added in explicitly
         command.addAll(extractParameters(this.process_params));
         command.add(this.collection_name);
@@ -279 +285 @@
 
         if (runPerlCommand(command_str))
+        {
+            // success!! - need to send the final completed message
+            sendProcessComplete(new ConstructionEvent(this, GSStatus.COMPLETED, ""));
+        }// else an error message has already been sent, do nothing     
+
+    }
+
+
+    protected void setMetadataForCollection()
+    {
+        sendMessage(new ConstructionEvent(this, GSStatus.INFO, "Collection metadata: setMetadata for collection."));
+
+        Vector<String> command = new Vector<String>();
+
+        String perlPath = GlobalProperties.getProperty("perl.path", "perl");
+        if (perlPath.charAt(perlPath.length() - 1) != File.separatorChar)
+        {
+            perlPath = perlPath + File.separator;
+        }
+
+        String cgi_directory = GlobalProperties.getGSDL3Home() + File.separator + "WEB-INF" + File.separator + "cgi";
+        command.add(perlPath + "perl");
+        command.add("-S");
+        //command.add(GlobalProperties.getGSDL3Home() + File.separator + "WEB-INF" + File.separator + "cgi" + File.separator + "metadata-server.pl");
+        command.add(cgi_directory + File.separator + "metadata-server.pl");
+        
+        // Need to set QUERY_STRING and REQUEST_METHOD=GET in environment
+        // http://www.cgi101.com/class/ch3/text.html
+        String[] envvars = {
+            "QUERY_STRING=" + this.query_string,
+            "REQUEST_METHOD=GET"
+        };
+
+        String[] command_str = {};
+        command_str = command.toArray(command_str);
+
+        // http://www.cgi101.com/class/ch3/text.html
+        // setenv QUERY_STRING and REQUEST_METHOD = GET.
+        if (runPerlCommand(command_str, envvars, new File(cgi_directory)))
+                   //new File(GlobalProperties.getGSDL3Home() + File.separator + "WEB-INF" + File.separator + "cgi")))
         {
             // success!! - need to send the final completed message
@@ -316 +362 @@
 
     /** returns true if completed correctly, false otherwise */
-    protected boolean runPerlCommand(String[] command)
+    protected boolean runPerlCommand(String[] command) {
+    return runPerlCommand(command, null, null);
+    }
+
+    protected boolean runPerlCommand(String[] command, String[] envvars, File dir)
     {
         int sepIndex = this.gsdl3home.lastIndexOf(File.separator);
@@ -329 +379 @@
         args.add("PERL_PERTURB_KEYS=0");
 
+        if(envvars != null) {
+            for(int i = 0; i < envvars.length; i++) {
+            args.add(envvars[i]);
+            }
+        }
+
         for (String a : System.getenv().keySet())
         {
@@ -345 +401 @@
             Runtime rt = Runtime.getRuntime();
             sendProcessBegun(new ConstructionEvent(this, GSStatus.ACCEPTED, "starting"));
-            Process prcs = rt.exec(command, args.toArray(new String[args.size()]));
+            Process prcs = (dir == null) 
+                ? rt.exec(command, args.toArray(new String[args.size()]))
+                : rt.exec(command, args.toArray(new String[args.size()]), dir);
 
             InputStreamReader eisr = new InputStreamReader(prcs.getErrorStream());

main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/GS2Construct.java

@@ -24 +24 @@
 import java.io.Serializable;
 import java.util.Collections;
+import java.util.Iterator;
+import java.util.Map.Entry;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Set;
 
 import org.apache.log4j.Logger;
@@ -63 +66 @@
     private static final String DELETE_SERVICE = "DeleteCollection";
     private static final String RELOAD_SERVICE = "ReloadCollection";
+    private static final String SET_METADATA_SERVICE = "SetMetadata";
 
     // params used
@@ -120 +124 @@
                 param_list.appendChild(param);
             }
-            else if (service.equals(ACTIVATE_SERVICE) || service.equals(IMPORT_SERVICE) || service.equals(BUILD_SERVICE) || service.equals(RELOAD_SERVICE) || service.equals(DELETE_SERVICE))
+            else if (service.equals(ACTIVATE_SERVICE) || service.equals(IMPORT_SERVICE) || service.equals(BUILD_SERVICE) || service.equals(RELOAD_SERVICE) || service.equals(DELETE_SERVICE) || service.equals(SET_METADATA_SERVICE))
             {
 
@@ -140 +144 @@
     protected Element processNewCollection(Element request)
     {
-        return runCommand(request, GS2PerlConstructor.NEW);
+        if (!userHasCollectionEditPermissions(request)) {
+        Document result_doc = XMLConverter.newDOM();
+        Element result = GSXML.createBasicResponse(result_doc, "processNewCollection");
+        GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+        return result;
+        }
+        return runCommand(request, GS2PerlConstructor.NEW);
     }
 
@@ -146 +156 @@
     protected Element processAddDocument(Element request)
     {
+        if (!userHasCollectionEditPermissions(request)) {
+        Document result_doc = XMLConverter.newDOM();
+        Element result = GSXML.createBasicResponse(result_doc, "processAddDocument");
+        GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+        return result;
+        }
+
       Document result_doc = XMLConverter.newDOM();
         // decode the file name, add it to the import directory
@@ -163 +180 @@
     protected Element processBuildAndActivateCollection(Element request)
     {
-      
+        // check permissions
+        if (!userHasCollectionEditPermissions(request)) {
+            Document result_doc = XMLConverter.newDOM();
+            Element result = GSXML.createBasicResponse(result_doc, "processBuildAndActivateCollection");
+            GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+            return result;
+        }
+
         waitUntilReady(request);
         Element buildResponse = processBuildCollection(request);
@@ -197 +221 @@
     protected Element processImportCollection(Element request)
     {
+        if (!userHasCollectionEditPermissions(request)) {
+        Document result_doc = XMLConverter.newDOM();
+        Element result = GSXML.createBasicResponse(result_doc, "processImportCollection");
+        GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+        return result;
+        }
+
         Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
         HashMap<String, Serializable> params = GSXML.extractParams(param_list, false);
@@ -260 +291 @@
     protected Element processBuildCollection(Element request)
     {
+        if (!userHasCollectionEditPermissions(request)) {
+        Document result_doc = XMLConverter.newDOM();
+        Element result = GSXML.createBasicResponse(result_doc, "processBuildCollection");
+        GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+        return result;
+        }
+
         return runCommand(request, GS2PerlConstructor.BUILD);
     }
 
+    protected Element processSetMetadata(Element request)
+    {
+        if (!userHasCollectionEditPermissions(request)) {
+        Document result_doc = XMLConverter.newDOM();
+        Element result = GSXML.createBasicResponse(result_doc, "processSetMetadata");
+        GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+        return result;
+        }
+
+        return runCommand(request, GS2PerlConstructor.SET_METADATA_SERVER);
+    }
+
     protected Element processActivateCollection(Element request)
     {
+
+        if (!userHasCollectionEditPermissions(request)) {
+        Document result_doc = XMLConverter.newDOM();
+        Element result = GSXML.createBasicResponse(result_doc, "processActivateCollection");
+        GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+        return result;
+        }
+
         // this activates the collection on disk. but now we need to tell
         // the MR about it. but we have to wait until the process is finished.
@@ -334 +392 @@
     protected Element processDeleteCollection(Element request)
     {
+        if (!userHasCollectionEditPermissions(request)) {
+        Document result_doc = XMLConverter.newDOM();
+        Element result = GSXML.createBasicResponse(result_doc, "processDeleteCollection");
+        GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+        return result;
+        }
+
       Document result_doc = XMLConverter.newDOM();
         // the response to send back
@@ -391 +456 @@
     protected Element processReloadCollection(Element request)
     {
+        if (!userHasCollectionEditPermissions(request)) {
+        Document result_doc = XMLConverter.newDOM();
+        Element result = GSXML.createBasicResponse(result_doc, "processReloadCollection");
+        GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+        return result;
+        }
+
       Document result_doc = XMLConverter.newDOM();
         // the response to send back
@@ -539 +611 @@
         //this.short_service_info.appendChild(e);
 
+        e = this.desc_doc.createElement(GSXML.SERVICE_ELEM);
+        e.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS);
+        e.setAttribute(GSXML.NAME_ATT, SET_METADATA_SERVICE);
+        this.short_service_info.appendChild(e);
+
         return true;
     }
@@ -592 +669 @@
         }
 
-        // do teh actual command
+        // do the actual command
         String coll_name = null;
         if (type == GS2PerlConstructor.NEW)
@@ -624 +701 @@
         {
             constructor.setManifestFile(this.site_home + File.separator + "collect" + File.separator + params.get(COL_PARAM) + File.separator + "manifests" + File.separator + "tempManifest.xml");
+        }
+        else if (type == GS2PerlConstructor.SET_METADATA_SERVER) {
+            StringBuffer querystring = new StringBuffer();
+            
+            // convert params into a single string again?
+            Set<Map.Entry<String, Serializable>> entries = params.entrySet();
+            Iterator<Map.Entry<String, Serializable>> i = entries.iterator();
+            while(i.hasNext()) {
+            
+            Map.Entry<String, Serializable> entry = i.next();
+            String paramname = entry.getKey();
+            paramname = paramname.replace("s1.", ""); // replaces all occurrences
+            if(paramname.equals("collection")) {
+                paramname = "c";
+            }
+            String paramvalue = (String)entry.getValue();
+
+            querystring.append(paramname + "=" + paramvalue);
+            if(i.hasNext()) {
+                querystring.append("&");
+            }
+            }
+            constructor.setQueryString(querystring.toString());
         }
 
@@ -805 +905 @@
         return false;
     }
+
+
+    /** Copy from DebugService.userHasEditPermissions
+     This function checks that the user is logged in and that the user 
+     is in the right group to edit the collection */
+    protected boolean userHasCollectionEditPermissions(Element request) {
+    Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
+    HashMap<String, Serializable> params = GSXML.extractParams(param_list, false);
+    String collection = (String) params.get(COL_PARAM); // could be null on newcoll operation
+
+    UserContext context = new UserContext(request);
+    if(collection == null) {
+    return !context.getUsername().equals("");
+    }
+    for (String group : context.getGroups()) {
+      // administrator always has permission
+      if (group.equals("administrator")) {
+    return true;
+      }
+      // all-collections-editor can edit any collection
+      if (!collection.equals("")) {
+    if (group.equals("all-collections-editor")) {
+      return true;
+    }
+    if (group.equals(collection+"-collection-editor")) {
+      return true;
+    }
+      }
+    }
+    // haven't found a group with edit permissions
+    return false;
+    
+  }
 }

main/trunk/greenstone3/web/interfaces/default/js/javascript-global-functions.js

@@ -424 +424 @@
 function callMetadataServer(callingFunction, url, responseFunction)
 {
+    // rewrite URLs to call GS2Construct's SetMetadata service instead
+    url = url.replace("&c=",  "&collection="); // c is a special param name for GS2Construct
+    url = url.replace(/(&|\?)([^=]*=)/g, "$1"+"s1.$2"); // prefix param names with "s1."
+    url = url.replace("cgi-bin/metadata-server.pl?",  gs.xsltParams.library_name + "?a=g&rt=r&ro=1&s=SetMetadata&");
+
+
     $.ajax(url)
     .success(function(response)