Changeset 27164 for main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java

Timestamp:

2013-04-10T13:22:45+12:00 (11 years ago)

Author:

sjm84

Message:

Check and make sure a user is authenticated before allowing changes to be made

File:

• main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java (modified) (2 diffs)

main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java

@@ -17 +17 @@
 import org.greenstone.gsdl3.util.DerbyWrapper;
 import org.greenstone.gsdl3.util.GSXML;
+import org.greenstone.gsdl3.util.UserContext;
 import org.greenstone.gsdl3.util.UserQueryResult;
 import org.greenstone.gsdl3.util.UserTermInfo;
@@ -331 +332 @@
         result.setAttribute(GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_PROCESS);
 
+        String[] userGroups = (new UserContext(request)).getGroups();
+
+        boolean found = false;
+        for (String group : userGroups)
+        {
+            if (group.equals("administrator"))
+            {
+                found = true;
+            }
+        }
+
+        if (!found)
+        {
+            GSXML.addError(this.doc, result, "This user does not have the required permissions to perform this action.");
+            return result;
+        }
+
         // Create an Authentication node put into the result
         Element authenNode = this.doc.createElement(GSXML.AUTHEN_NODE_ELEM);