- Timestamp:
- 2019-11-19T13:53:59+13:00 (4 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone3/src/java/org/greenstone/gsdl3/action/DepositorAction.java
r32448 r33699 25 25 import org.greenstone.gsdl3.util.GSXSLT; 26 26 import org.greenstone.gsdl3.util.UserContext; 27 import org.greenstone.gsdl3.util.XMLConverter; 27 28 import org.greenstone.util.GlobalProperties; 28 29 import org.w3c.dom.Document; … … 50 51 Element request = (Element) GSXML.getChildByTagName(message, GSXML.REQUEST_ELEM); 51 52 Document doc = request.getOwnerDocument(); 53 54 UserContext uc = new UserContext((Element) request); 52 55 53 UserContext uc = new UserContext((Element) request);54 String currentUsername = uc.getUsername();55 56 56 Element responseMessage = doc.createElement(GSXML.MESSAGE_ELEM); 57 57 Element response = GSXML.createBasicResponse(doc, this.getClass().getSimpleName()); 58 58 responseMessage.appendChild(response); 59 59 60 addSiteMetadata(response, uc); 61 addInterfaceOptions(response); 62 63 // currently uc might have the wrong username. 64 // TODO - fix this once that is fixed 65 Element userInformation = (Element) GSXML.getChildByTagName(request, GSXML.USER_INFORMATION_ELEM); 66 if (userInformation != null) 67 { 68 String username = userInformation.getAttribute(GSXML.USERNAME_ATT); 69 if (!username.equals("")) { 70 uc.setUsername(username); 71 } 72 String groups = userInformation.getAttribute(GSXML.GROUPS_ATT); 73 if (!groups.equals("")) { 74 uc.setGroups(groups.split(",")); 75 } 76 } 77 78 String currentUsername = uc.getUsername(); 79 80 // logger.debug("username="+username+", groups = "+groups); 81 if (currentUsername == null || currentUsername.equals("")) 82 { 83 84 // TODO if user is not logged in, push to login page 85 request.setAttribute("subaction", ""); 86 GSXML.addError(response, "You need to be logged in to use the depositor"); 87 return responseMessage; 88 } 89 60 90 Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 61 91 HashMap<String, Serializable> params = GSXML.extractParams(param_list, false); … … 63 93 String collection = (String) params.get(GSParams.COLLECTION); 64 94 95 if (collection !=null && !collection.equals("")) { 96 if (!userHasCollectionEditPermissions(collection, uc)) { 97 // we need to reset back to empty subaction here 98 request.setAttribute("subaction", ""); 99 logger.error("found collection "+collection+", need to check user groups"); 100 GSXML.addError(response, "You are not in the right group to access this collection. Please log in as a different user."); 101 return responseMessage; 102 103 } 104 } 65 105 int pageNum = -1; 66 106 boolean pageNumParseFail = false; … … 393 433 return collectionList; 394 434 } 435 436 // collection must be non-null and non-empty 437 protected boolean userHasCollectionEditPermissions(String collection, UserContext user_context) { 438 439 for (String group : user_context.getGroups()) { 440 // administrator always has permission 441 if (group.equals("administrator")) { 442 return true; 443 } 444 // all-collections-editor can edit any collection 445 446 if (group.equals("all-collections-editor")) { 447 return true; 448 } 449 if (group.equals(collection+"-collection-editor")) { 450 return true; 451 } 452 } 453 454 // haven't found a group with edit permissions 455 return false; 456 457 } 395 458 }
Note:
See TracChangeset
for help on using the changeset viewer.