Changeset 38219 for main/trunk/greenstone3/src
- Timestamp:
- 2023-09-25T23:16:31+13:00 (8 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/GS2Construct.java
r37585 r38219 320 320 { 321 321 322 // There are twotypes of operations whereby metadata gets modified:322 // There are now 3 types of operations whereby metadata gets modified: 323 323 // - document including document-meta editing: user needs document editing powers 324 324 // - adding user comments: user just needs an account and needs to be logged in 325 // We handle both cases in this service. 325 // - removing user comments: user needs to be in administrator group 326 // We handle all 3 cases in this service. 326 327 327 328 Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); … … 333 334 334 335 String[] docids = null; 336 337 // For user comments (setting or removing), these are the allowed metadata fields 338 Pattern allowedMetaFieldsPattern = Pattern.compile("^(username|usertimestamp|usercomment)$"); 339 String lang = request.getAttribute(GSXML.LANG_ATT); 335 340 336 337 if (userHasCollectionEditPermissions(request, params)) { // means user can modify ANY metadata 341 boolean isAdminRemovingUserComments = false; 342 343 // Have to be admin to do remove-metadata-array for user comments meta fields 344 if (metaserver_command.equals("remove-metadata-array")) { 345 // check if only removing user comments metadata fields 346 docids = getDocIdsWithOptFilter(json_str, allowedMetaFieldsPattern); 347 if(docids != null) { 348 isAdminRemovingUserComments = true; 349 } 350 351 if(!userIsAdministrator(request, params)) { 352 isAdminRemovingUserComments = false; 353 return errorResponse("processModifyMetadata", NO_PERMISSIONS_ERROR, lang); 354 } 355 } 356 357 if(isAdminRemovingUserComments) { 358 // everything is set up already now for admin to remove user comments 359 } 360 else if (userHasCollectionEditPermissions(request, params)) { // means user can modify ANY metadata 338 361 339 362 // if dealing with an array of meta, then parse out the docids from the json 340 363 if(supportsSettingMultipleMeta) { 341 364 docids = getDocIdsWithOptFilter(json_str, null); 365 } else if (metaserver_command.equals("remove-metadata-array")) { 366 // removing multiple metadata that are Not user comments 367 // can be done by any user with collection edit permissions 368 docids = getDocIdsWithOptFilter(json_str, null); 342 369 } // else set-meta operation on single metadata field of single doc, 343 370 // and docid will be obtained in runCommand() where it's needed … … 348 375 349 376 UserContext context = new UserContext(request); 350 String lang = request.getAttribute(GSXML.LANG_ATT);351 377 if (context.getUsername().equals("")) { 352 378 … … 358 384 359 385 boolean isAddingUserComments = false; 360 Pattern allowedMetaFieldsPattern = Pattern.compile("^(username|usertimestamp|usercomment)$");386 361 387 if(supportsSettingMultipleMeta) { 362 388 … … 367 393 } else { 368 394 String metaname = (String) params.get("metaname"); 369 if(isAllowedTo SetMeta(metaname, allowedMetaFieldsPattern)) {395 if(isAllowedToModifyMeta(metaname, allowedMetaFieldsPattern)) { 370 396 isAddingUserComments = true; 371 397 } … … 743 769 744 770 protected Element runCommand(Element request, int type) { 745 771 return runCommand(request, type, null); 746 772 } 747 773 748 774 /** returns a response element */ 749 775 protected Element runCommand(Element request, int type, String[] docids) 750 { 776 { 751 777 Document result_doc = XMLConverter.newDOM(); 752 778 // the response to send back … … 869 895 } 870 896 } 897 898 // Mark files for reindexing (e.g. if set-meta or remove-meta was called) 899 // Note that remove-meta doesn't mean the document should be marked for 900 // Deletion: only meta was removed. 871 901 872 902 if (oid != null) { // if we have only one oid … … 1102 1132 } 1103 1133 1104 protected boolean isAllowedTo SetMeta(String metaname, Pattern allowedMetaFieldsPattern)1134 protected boolean isAllowedToModifyMeta(String metaname, Pattern allowedMetaFieldsPattern) 1105 1135 { 1106 1136 if(allowedMetaFieldsPattern == null) { // null when user has edit permissions, so they can set any meta … … 1153 1183 ///logger.info("### metaname: " + metaname); 1154 1184 1155 if(!isAllowedTo SetMeta(metaname, filterFields)) {1185 if(!isAllowedToModifyMeta(metaname, filterFields)) { 1156 1186 return null; 1157 1187 } … … 1192 1222 return userHasCollectionEditPermissions(request, params); 1193 1223 1224 } 1225 1226 protected boolean userIsAdministrator(Element request, HashMap<String, Serializable> params) { 1227 1228 UserContext context = new UserContext(request); 1229 1230 for (String group : context.getGroups()) { 1231 // administrator always has permission 1232 if (group.equals("administrator")) { 1233 return true; 1234 } 1235 } 1236 1237 return false; 1194 1238 } 1195 1239
Note:
See TracChangeset
for help on using the changeset viewer.