Changeset 31541

Show
Ignore:
Timestamp:
27.03.2017 21:35:40 (2 years ago)
Author:
ak19
Message:

1. GS2Construct.modifyMetadata() now calls a more generic method to obtain docIDs of a set-metadata-array operation, close to the manner suggested by Dr Bainbridge (few minor differences because circumstances were different). The new method is not tied specifically to allowing user comments, which is rather a special case. 2. Refactored repetitive code for generating XML error responses into a function.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/GS2Construct.java

    r31540 r31541  
    6868    static Logger logger = Logger.getLogger(org.greenstone.gsdl3.service.GS2Construct.class.getName()); 
    6969 
     70    // default error message 
     71    private static final String NO_PERMISSIONS_ERROR = "This user does not have the required permissions to perform this action."; 
     72 
    7073    // services offered 
    7174    private static final String NEW_SERVICE = "NewCollection"; 
     
    160163    { 
    161164        if (!userHasCollectionEditPermissions(request)) { 
    162         Document result_doc = XMLConverter.newDOM(); 
    163         Element result = GSXML.createBasicResponse(result_doc, "processNewCollection"); 
    164         GSXML.addError(result, "This user does not have the required permissions to perform this action."); 
    165         return result; 
     165        return errorResponse("processNewCollection", NO_PERMISSIONS_ERROR); 
    166166        } 
    167167        return runCommand(request, GS2PerlConstructor.NEW); 
     
    172172    { 
    173173        if (!userHasCollectionEditPermissions(request)) { 
    174         Document result_doc = XMLConverter.newDOM(); 
    175         Element result = GSXML.createBasicResponse(result_doc, "processAddDocument"); 
    176         GSXML.addError(result, "This user does not have the required permissions to perform this action."); 
    177         return result; 
     174        return errorResponse("processAddDocument", NO_PERMISSIONS_ERROR); 
    178175        } 
    179176 
     
    197194        // check permissions 
    198195        if (!userHasCollectionEditPermissions(request)) { 
    199             Document result_doc = XMLConverter.newDOM(); 
    200             Element result = GSXML.createBasicResponse(result_doc, "processBuildAndActivateCollection"); 
    201             GSXML.addError(result, "This user does not have the required permissions to perform this action."); 
    202             return result; 
     196        return errorResponse("processBuildAndActivateCollection", NO_PERMISSIONS_ERROR); 
    203197        } 
    204198 
     
    239233    { 
    240234        if (!userHasCollectionEditPermissions(request)) { 
    241         Document result_doc = XMLConverter.newDOM(); 
    242         Element result = GSXML.createBasicResponse(result_doc, "processImportCollection"); 
    243         GSXML.addError(result, "This user does not have the required permissions to perform this action."); 
    244         return result; 
     235        return errorResponse("processImportCollection", NO_PERMISSIONS_ERROR); 
    245236        } 
    246237 
     
    309300    { 
    310301        if (!userHasCollectionEditPermissions(request)) { 
    311         Document result_doc = XMLConverter.newDOM(); 
    312         Element result = GSXML.createBasicResponse(result_doc, "processBuildCollection"); 
    313         GSXML.addError(result, "This user does not have the required permissions to perform this action."); 
    314         return result; 
     302        return errorResponse("processBuildCollection", NO_PERMISSIONS_ERROR); 
    315303        } 
    316304 
     
    328316        Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 
    329317        HashMap<String, Serializable> params = GSXML.extractParams(param_list, false); 
    330  
    331         // If a user is only adding comments, they don't need to have editing powers over a collection 
    332         // but they need to be logged in 
    333         String[] docids = getDocIDsifAddingUserComments(params); //isAddingUserComments(request, params); 
    334         boolean isAddingUserComments = (docids == null) ? false : true; 
    335  
    336         if(isAddingUserComments) { // adding user comments, check if user logged in 
     318         
     319        String metaserver_command = (String) params.get("a"); // e.g. set-archives-metadata or set-metadata-array 
     320        boolean supportsSettingMultipleMeta = metaserver_command.equals("set-metadata-array") ? true : false; 
     321        String json_str = (String) params.get("json"); // String or null if no param named "json" 
     322 
     323        String[] docids = null; 
     324         
     325 
     326        if (userHasCollectionEditPermissions(request, params)) { // means user can modify ANY metadata 
     327 
     328        // if dealing with an array of meta, then parse out the docids from the json 
     329        if(supportsSettingMultipleMeta) { 
     330            docids = getDocIdsWithOptFilter(json_str, null); 
     331        } // else set-meta operation on single metadata field of single doc,  
     332          // and docid will be obtained in runCommand() where it's needed 
     333 
     334        } else { 
     335        // check if user logged in 
     336        // shouldn't be able to do any meta modification if not logged in 
     337 
    337338        UserContext context = new UserContext(request); 
    338  
    339         // A restricted set of metadata is modifiable when adding user comments: 
    340         // only the username, usertimestamp and usercomment metadata fields. 
    341         // If that's all that's being modified, isAddingUserComments() would have returned true, 
    342         // so finally check if the caller is logged in as a user. 
    343         if (context.getUsername().equals("")) {  
    344             Document result_doc = XMLConverter.newDOM(); 
    345             Element result = GSXML.createBasicResponse(result_doc, "processModifyMetadata"); 
    346             GSXML.addError(result, "Cannot add user comments if not logged in."); // or if attempting to set meta not related to user comments. 
    347             return result; // not logged in 
    348         } 
    349  
    350         } 
    351         else if (!userHasCollectionEditPermissions(request, params)) { 
    352         Document result_doc = XMLConverter.newDOM(); 
    353         Element result = GSXML.createBasicResponse(result_doc, "processModifyMetadata"); 
    354         GSXML.addError(result, "This user does not have the required permissions to perform this action."); // also get here if user was attempting to set meta not related to user comments. 
    355         return result; 
     339        if (context.getUsername().equals("")) { 
     340             
     341            return errorResponse("processModifyMetadata", "Cannot modify any metadata when not logged in."); 
     342        } else { // User is logged in at least, see whether they can do any restricted set-meta ops 
     343            // that are open to regular users (those without permissions to edit this collection). 
     344            // For now, there's only one restricted set-meta operation open to any logged in users 
     345            // who don't otherwise have editing permissions for the collection: adding user comments. 
     346             
     347            boolean isAddingUserComments = false; 
     348            Pattern allowedMetaFieldsPattern = Pattern.compile("^(username|usertimestamp|usercomment)$"); 
     349            if(supportsSettingMultipleMeta) { 
     350             
     351            docids = getDocIdsWithOptFilter(json_str, allowedMetaFieldsPattern); 
     352            if(docids != null) { 
     353                isAddingUserComments = true; 
     354            } 
     355            } else { 
     356            String metaname = (String) params.get("metaname"); 
     357            if(isAllowedToSetMeta(metaname, allowedMetaFieldsPattern)) { 
     358                isAddingUserComments = true; 
     359            } 
     360            } 
     361         
     362            if(!isAddingUserComments) { // logged in user is attempting to set meta outside restricted set, 
     363                 // In this case, they're attempting to set meta not related to user comments 
     364            return errorResponse("processModifyMetadata", NO_PERMISSIONS_ERROR); 
     365            } 
     366        } 
    356367        } 
    357368         
     
    400411 
    401412        if (!userHasCollectionEditPermissions(request)) { 
    402         Document result_doc = XMLConverter.newDOM(); 
    403         Element result = GSXML.createBasicResponse(result_doc, "processActivateCollection"); 
    404         GSXML.addError(result, "This user does not have the required permissions to perform this action."); 
    405         return result; 
     413        return errorResponse("processActivateCollection", NO_PERMISSIONS_ERROR); 
    406414        } 
    407415 
     
    478486    { 
    479487        if (!userHasCollectionEditPermissions(request)) { 
    480         Document result_doc = XMLConverter.newDOM(); 
    481         Element result = GSXML.createBasicResponse(result_doc, "processDeleteCollection"); 
    482         GSXML.addError(result, "This user does not have the required permissions to perform this action."); 
    483         return result; 
     488        return errorResponse("processDeleteCollection", NO_PERMISSIONS_ERROR); 
    484489        } 
    485490 
     
    542547    { 
    543548        if (!userHasCollectionEditPermissions(request)) { 
    544         Document result_doc = XMLConverter.newDOM(); 
    545         Element result = GSXML.createBasicResponse(result_doc, "processReloadCollection"); 
    546         GSXML.addError(result, "This user does not have the required permissions to perform this action."); 
    547         return result; 
     549        return errorResponse("processReloadCollection", NO_PERMISSIONS_ERROR); 
    548550        } 
    549551 
     
    10211023    } 
    10221024 
    1023     // getDocIdsWithOptFilter(JSONArray json, Pattern filterFields, boolean strictOrPermissible) 
    1024     protected String[] getDocIDsifAddingUserComments(HashMap<String, Serializable> params) { 
    1025  
    1026     String metaserver_command = (String) params.get("a"); // e.g. set-archives-metadata or set-metadata-array 
    1027     // quickest test: 
    1028     // if not calling set-metadata-array, then it definitely won't be a set-usercomments operation 
    1029     if(!metaserver_command.equals("set-metadata-array")) { 
     1025    protected boolean isAllowedToSetMeta(String metaname, Pattern allowedMetaFieldsPattern)  
     1026    { 
     1027    if(metaname == null) { 
     1028        logger.info("### Can't check null metaname against pattern"); 
     1029        return false; 
     1030    } 
     1031     
     1032    Matcher m = allowedMetaFieldsPattern.matcher(metaname); 
     1033    if(!m.matches()) { 
     1034        logger.info("### metaname: " + metaname + " doesn't match allowed allowed fields: " + allowedMetaFieldsPattern.toString()); 
     1035        return false; 
     1036    } else { 
     1037        return true; 
     1038    } 
     1039    } 
     1040     
     1041    protected String[] getDocIdsWithOptFilter(String json_str, Pattern filterFields) // boolean strictOrPermissible 
     1042    { 
     1043    if(json_str == null) { 
     1044        logger.error("### Shouldn't be happening: null json string"); 
    10301045        return null; 
    10311046    } 
    10321047 
    1033     // Confirm that the set-meta-array operation is only attempting to modify user comments metadata 
    1034  
    10351048    String[] docids = null; 
    1036     String json_str = (String) params.get("json"); // will have a "json" field if doing set-meta-array 
    1037     Pattern p = Pattern.compile("^(username|usertimestamp|usercomment)$"); 
    1038  
    1039     // check that the name of each that's metadata to be set is one of username|usercomment|usertimestamp 
    1040     // Anything else means something more than adding user comments is being attempted, which is invalid 
     1049 
     1050    // check that the name of each metadata being set matches the pattern filterFields. 
     1051    // The presence of any other meta means something other than adding user comments is being attempted, 
     1052    // which is invalid 
    10411053    try { 
    10421054         
     
    10571069            String metaname = meta.getString("metaname"); 
    10581070            logger.info("### metaname: " + metaname); 
    1059             Matcher m = p.matcher(metaname); 
    1060             if(!m.matches()) { 
    1061                 logger.info("### metaname: " + metaname + " doesn't match"); 
     1071             
     1072            if(!isAllowedToSetMeta(metaname, filterFields)) { 
    10621073                return null; 
    10631074            } 
     
    10791090    return docids; 
    10801091 
     1092    } 
     1093 
     1094    protected Element errorResponse(String serviceName, String errorMsg) { 
     1095    Document result_doc = XMLConverter.newDOM(); 
     1096    Element result = GSXML.createBasicResponse(result_doc, serviceName); 
     1097    GSXML.addError(result, errorMsg); 
     1098    return result; 
    10811099    } 
    10821100