Changeset 29869 for main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/GS2Construct.java

Timestamp:

2015-05-12T21:47:35+12:00 (9 years ago)

Author:

ak19

Message:

First part of commit for ensuring the user is authenticated when running the scripts used by the online metadata editor. Running metaserver, BuildAndActivate and other GS2Construct.java commands should not be possible from a web browser.

File:

• main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/GS2Construct.java (modified) (14 diffs)

main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/GS2Construct.java

@@ -24 +24 @@
 import java.io.Serializable;
 import java.util.Collections;
+import java.util.Iterator;
+import java.util.Map.Entry;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Set;
 
 import org.apache.log4j.Logger;
@@ -63 +66 @@
     private static final String DELETE_SERVICE = "DeleteCollection";
     private static final String RELOAD_SERVICE = "ReloadCollection";
+    private static final String SET_METADATA_SERVICE = "SetMetadata";
 
     // params used
@@ -120 +124 @@
                 param_list.appendChild(param);
             }
-            else if (service.equals(ACTIVATE_SERVICE) || service.equals(IMPORT_SERVICE) || service.equals(BUILD_SERVICE) || service.equals(RELOAD_SERVICE) || service.equals(DELETE_SERVICE))
+            else if (service.equals(ACTIVATE_SERVICE) || service.equals(IMPORT_SERVICE) || service.equals(BUILD_SERVICE) || service.equals(RELOAD_SERVICE) || service.equals(DELETE_SERVICE) || service.equals(SET_METADATA_SERVICE))
             {
 
@@ -140 +144 @@
     protected Element processNewCollection(Element request)
     {
-        return runCommand(request, GS2PerlConstructor.NEW);
+        if (!userHasCollectionEditPermissions(request)) {
+        Document result_doc = XMLConverter.newDOM();
+        Element result = GSXML.createBasicResponse(result_doc, "processNewCollection");
+        GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+        return result;
+        }
+        return runCommand(request, GS2PerlConstructor.NEW);
     }
 
@@ -146 +156 @@
     protected Element processAddDocument(Element request)
     {
+        if (!userHasCollectionEditPermissions(request)) {
+        Document result_doc = XMLConverter.newDOM();
+        Element result = GSXML.createBasicResponse(result_doc, "processAddDocument");
+        GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+        return result;
+        }
+
       Document result_doc = XMLConverter.newDOM();
         // decode the file name, add it to the import directory
@@ -163 +180 @@
     protected Element processBuildAndActivateCollection(Element request)
     {
-      
+        // check permissions
+        if (!userHasCollectionEditPermissions(request)) {
+            Document result_doc = XMLConverter.newDOM();
+            Element result = GSXML.createBasicResponse(result_doc, "processBuildAndActivateCollection");
+            GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+            return result;
+        }
+
         waitUntilReady(request);
         Element buildResponse = processBuildCollection(request);
@@ -197 +221 @@
     protected Element processImportCollection(Element request)
     {
+        if (!userHasCollectionEditPermissions(request)) {
+        Document result_doc = XMLConverter.newDOM();
+        Element result = GSXML.createBasicResponse(result_doc, "processImportCollection");
+        GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+        return result;
+        }
+
         Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
         HashMap<String, Serializable> params = GSXML.extractParams(param_list, false);
@@ -260 +291 @@
     protected Element processBuildCollection(Element request)
     {
+        if (!userHasCollectionEditPermissions(request)) {
+        Document result_doc = XMLConverter.newDOM();
+        Element result = GSXML.createBasicResponse(result_doc, "processBuildCollection");
+        GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+        return result;
+        }
+
         return runCommand(request, GS2PerlConstructor.BUILD);
     }
 
+    protected Element processSetMetadata(Element request)
+    {
+        if (!userHasCollectionEditPermissions(request)) {
+        Document result_doc = XMLConverter.newDOM();
+        Element result = GSXML.createBasicResponse(result_doc, "processSetMetadata");
+        GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+        return result;
+        }
+
+        return runCommand(request, GS2PerlConstructor.SET_METADATA_SERVER);
+    }
+
     protected Element processActivateCollection(Element request)
     {
+
+        if (!userHasCollectionEditPermissions(request)) {
+        Document result_doc = XMLConverter.newDOM();
+        Element result = GSXML.createBasicResponse(result_doc, "processActivateCollection");
+        GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+        return result;
+        }
+
         // this activates the collection on disk. but now we need to tell
         // the MR about it. but we have to wait until the process is finished.
@@ -334 +392 @@
     protected Element processDeleteCollection(Element request)
     {
+        if (!userHasCollectionEditPermissions(request)) {
+        Document result_doc = XMLConverter.newDOM();
+        Element result = GSXML.createBasicResponse(result_doc, "processDeleteCollection");
+        GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+        return result;
+        }
+
       Document result_doc = XMLConverter.newDOM();
         // the response to send back
@@ -391 +456 @@
     protected Element processReloadCollection(Element request)
     {
+        if (!userHasCollectionEditPermissions(request)) {
+        Document result_doc = XMLConverter.newDOM();
+        Element result = GSXML.createBasicResponse(result_doc, "processReloadCollection");
+        GSXML.addError(result, "This user does not have the required permissions to perform this action.");
+        return result;
+        }
+
       Document result_doc = XMLConverter.newDOM();
         // the response to send back
@@ -539 +611 @@
         //this.short_service_info.appendChild(e);
 
+        e = this.desc_doc.createElement(GSXML.SERVICE_ELEM);
+        e.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS);
+        e.setAttribute(GSXML.NAME_ATT, SET_METADATA_SERVICE);
+        this.short_service_info.appendChild(e);
+
         return true;
     }
@@ -592 +669 @@
         }
 
-        // do teh actual command
+        // do the actual command
         String coll_name = null;
         if (type == GS2PerlConstructor.NEW)
@@ -624 +701 @@
         {
             constructor.setManifestFile(this.site_home + File.separator + "collect" + File.separator + params.get(COL_PARAM) + File.separator + "manifests" + File.separator + "tempManifest.xml");
+        }
+        else if (type == GS2PerlConstructor.SET_METADATA_SERVER) {
+            StringBuffer querystring = new StringBuffer();
+            
+            // convert params into a single string again?
+            Set<Map.Entry<String, Serializable>> entries = params.entrySet();
+            Iterator<Map.Entry<String, Serializable>> i = entries.iterator();
+            while(i.hasNext()) {
+            
+            Map.Entry<String, Serializable> entry = i.next();
+            String paramname = entry.getKey();
+            paramname = paramname.replace("s1.", ""); // replaces all occurrences
+            if(paramname.equals("collection")) {
+                paramname = "c";
+            }
+            String paramvalue = (String)entry.getValue();
+
+            querystring.append(paramname + "=" + paramvalue);
+            if(i.hasNext()) {
+                querystring.append("&");
+            }
+            }
+            constructor.setQueryString(querystring.toString());
         }
 
@@ -805 +905 @@
         return false;
     }
+
+
+    /** Copy from DebugService.userHasEditPermissions
+     This function checks that the user is logged in and that the user 
+     is in the right group to edit the collection */
+    protected boolean userHasCollectionEditPermissions(Element request) {
+    Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
+    HashMap<String, Serializable> params = GSXML.extractParams(param_list, false);
+    String collection = (String) params.get(COL_PARAM); // could be null on newcoll operation
+
+    UserContext context = new UserContext(request);
+    if(collection == null) {
+    return !context.getUsername().equals("");
+    }
+    for (String group : context.getGroups()) {
+      // administrator always has permission
+      if (group.equals("administrator")) {
+    return true;
+      }
+      // all-collections-editor can edit any collection
+      if (!collection.equals("")) {
+    if (group.equals("all-collections-editor")) {
+      return true;
+    }
+    if (group.equals(collection+"-collection-editor")) {
+      return true;
+    }
+      }
+    }
+    // haven't found a group with edit permissions
+    return false;
+    
+  }
 }