Changeset 33699

Show
Ignore:
Timestamp:
19.11.2019 13:53:59 (3 weeks ago)
Author:
kjdon
Message:

first stab at requiring a user to be logged in to use the depositor, and they must have the correct permissions to access a collection. TODO - for the collection list, only display the collections the user has access to??

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/action/DepositorAction.java

    r32448 r33699  
    2525import org.greenstone.gsdl3.util.GSXSLT; 
    2626import org.greenstone.gsdl3.util.UserContext; 
     27import org.greenstone.gsdl3.util.XMLConverter; 
    2728import org.greenstone.util.GlobalProperties; 
    2829import org.w3c.dom.Document; 
     
    5051        Element request = (Element) GSXML.getChildByTagName(message, GSXML.REQUEST_ELEM); 
    5152        Document doc = request.getOwnerDocument(); 
     53 
     54        UserContext uc = new UserContext((Element) request); 
    5255         
    53         UserContext uc = new UserContext((Element) request); 
    54         String currentUsername = uc.getUsername(); 
    55  
    5656        Element responseMessage = doc.createElement(GSXML.MESSAGE_ELEM); 
    5757        Element response = GSXML.createBasicResponse(doc, this.getClass().getSimpleName()); 
    5858        responseMessage.appendChild(response); 
    5959 
     60        addSiteMetadata(response, uc); 
     61        addInterfaceOptions(response); 
     62 
     63        // currently uc might have the wrong username. 
     64        // TODO - fix this once that is fixed 
     65        Element userInformation = (Element) GSXML.getChildByTagName(request, GSXML.USER_INFORMATION_ELEM);       
     66        if (userInformation != null) 
     67         { 
     68            String username = userInformation.getAttribute(GSXML.USERNAME_ATT); 
     69            if (!username.equals("")) { 
     70              uc.setUsername(username); 
     71            } 
     72            String groups = userInformation.getAttribute(GSXML.GROUPS_ATT); 
     73            if (!groups.equals("")) { 
     74              uc.setGroups(groups.split(",")); 
     75            } 
     76         } 
     77 
     78        String currentUsername = uc.getUsername(); 
     79         
     80        // logger.debug("username="+username+", groups = "+groups); 
     81        if (currentUsername == null || currentUsername.equals(""))  
     82        { 
     83         
     84          // TODO if user is not logged in, push to login page 
     85          request.setAttribute("subaction", ""); 
     86          GSXML.addError(response, "You need to be logged in to use the depositor"); 
     87          return responseMessage; 
     88        } 
     89         
    6090        Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 
    6191        HashMap<String, Serializable> params = GSXML.extractParams(param_list, false); 
     
    6393        String collection = (String) params.get(GSParams.COLLECTION); 
    6494 
     95        if (collection !=null && !collection.equals("")) { 
     96          if (!userHasCollectionEditPermissions(collection, uc)) { 
     97            // we need to reset back to empty subaction here             
     98            request.setAttribute("subaction", ""); 
     99            logger.error("found collection "+collection+", need to check user groups"); 
     100            GSXML.addError(response, "You are not in the right group to access this collection. Please log in as a different user."); 
     101          return responseMessage; 
     102           
     103          } 
     104        } 
    65105        int pageNum = -1; 
    66106        boolean pageNumParseFail = false; 
     
    393433        return collectionList; 
    394434    } 
     435 
     436  // collection must be non-null and non-empty 
     437  protected boolean userHasCollectionEditPermissions(String collection, UserContext user_context) { 
     438 
     439    for (String group : user_context.getGroups()) { 
     440      // administrator always has permission 
     441      if (group.equals("administrator")) { 
     442    return true; 
     443      } 
     444      // all-collections-editor can edit any collection 
     445       
     446      if (group.equals("all-collections-editor")) { 
     447    return true; 
     448      } 
     449      if (group.equals(collection+"-collection-editor")) { 
     450      return true; 
     451      } 
     452    } 
     453     
     454    // haven't found a group with edit permissions 
     455    return false; 
     456     
     457  } 
    395458}