Changeset 27172


Ignore:
Timestamp:
04/11/13 12:43:36 (8 years ago)
Author:
kjdon
Message:

For diego: when doing cross collection searching, now it takes into account authentication directives for the collections in the list. If a user has authenticated to get into the top collection, then his user groups are checked against the groups for all the collections. If he matches any, then they will be searched. But if he is not a member of the right group they will not be searched. If there was no authentication needed to get into top colleciton, then any collections with collection-level authentication will not be searched.

Location:
main/trunk/greenstone2/runtime-src/src/recpt
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/runtime-src/src/recpt/cgiwrapper.cpp

    r25560 r27172  
    544544
    545545  queryaction *aqueryaction = new queryaction();
     546  aqueryaction->set_userdb(udb);
    546547  aqueryaction->set_receptionist (&recpt);
    547548  recpt.add_action (aqueryaction);
  • main/trunk/greenstone2/runtime-src/src/recpt/queryaction.cpp

    r23420 r27172  
    831831}
    832832
     833bool queryaction::user_groups_match(const text_t &collection_groups, const text_t &user_groups) {
     834
     835      text_tset splitgrps;
     836      text_t::const_iterator split_here = collection_groups.begin();
     837      text_t::const_iterator split_end = collection_groups.end();
     838
     839      splitchar(split_here,split_end,',',splitgrps);
     840
     841     text_t::const_iterator ugroup_here = user_groups.begin();
     842     text_t::const_iterator ugroup_end = user_groups.end();
     843     text_t thisugroup;
     844    while (ugroup_here != ugroup_end) {
     845       ugroup_here = getdelimitstr (ugroup_here, ugroup_end, ',', thisugroup);
     846       if (splitgrps.find(thisugroup) != splitgrps.end() )
     847         { // we have permission!
     848           return true;
     849         }
     850    }
     851    return false;
     852}
     853
     854// If we are currently authenticated to be in this collection, then check all
     855// collections in the list against the groups of the current user - if there is an overlap of groups, then add the collection into ccs list
     856// If there had been no authentication needed to get to this collection, then
     857// we'll ignore any collections that have collection level authentication
     858void queryaction::validate_ccs_collection_list(cgiargsclass &args, recptprotolistclass *protos, ostream &logout) {
     859
     860  text_tarray collections;
     861  text_t arg_cc = args["cc"];
     862  text_t arg_c = args["c"];
     863  decode_cgi_arg (arg_cc);
     864  splitchar (arg_cc.begin(), arg_cc.end(), ',', collections);
     865  bool currently_authenticated = false;
     866  if (!args["uan"].empty()) {
     867    // uan=1 means needs authentication. We'll only get here if we have passed authentication, otherwise the page would have been redirected to login page
     868    currently_authenticated = true;
     869  }
     870  args["cc"] = ""; // we will add colls in one by one if they are valid
     871  text_tarray::iterator col_here = collections.begin();
     872  text_tarray::iterator col_end = collections.end();
     873  bool first = true;
     874  text_t current_user_name = args["un"];
     875  userinfo_t thisuser;
     876  if (currently_authenticated) {
     877    int status = user_database->get_user_info (current_user_name, thisuser);
     878    if (status != ERRNO_SUCCEED) { // something has gone wrong, so assume not
     879      // authenticated
     880      currently_authenticated = false;
     881    }
     882  }
     883 
     884  while (col_here != col_end) {
     885    bool include_coll = false;
     886    if (*col_here == arg_c) {
     887      // current collection must be accessible otherwise we wouldn't be here.
     888      include_coll = true;
     889    } else {
     890      recptproto *collectproto = protos->getrecptproto (*col_here, logout);
     891      if (collectproto != NULL) {
     892    ColInfoResponse_t *cinfo = recpt->get_collectinfo_ptr (collectproto, *col_here, logout);
     893    text_t authenticate = cinfo->authenticate;
     894    if (authenticate == "collection") {
     895      if (currently_authenticated) {
     896        text_t collection_groups = cinfo->auth_group;
     897        if (user_groups_match(collection_groups, thisuser.groups)) {
     898          include_coll = true;
     899        }
     900      } // else we'll not include it
     901    } else { // not authenticated, or document level authentication - can include in the list
     902      include_coll = true;
     903    }
     904      }
     905    }
     906    if (include_coll) {
     907      if (!first) args["cc"].push_back (',');
     908      args["cc"] += *col_here;
     909      first = false;
     910    }
     911       
     912    ++col_here;
     913  }
     914
     915}
     916
    833917bool queryaction::do_action (cgiargsclass &args, recptprotolistclass *protos,
    834918                 browsermapclass *browsers, displayclass &disp,
     
    845929  if (args["ccs"] == "1") {
    846930    if (!args["cc"].empty()) {
     931      validate_ccs_collection_list(args, protos, logout); // include only those which current user has access to
    847932      // query the selected collections
    848933      text_t::const_iterator b = args["cc"].begin();
  • main/trunk/greenstone2/runtime-src/src/recpt/queryaction.h

    r23378 r27172  
    3030#include "gsdlconf.h"
    3131#include "basequeryaction.h"
     32#include "userdb.h"
    3233#include "receptionist.h"
    3334
     
    4142  int num_phrases;
    4243
     44  userdbclass *user_database; // for checking user groups in ccs
    4345  virtual text_t query_filter_name () {return "QueryFilter";}
    4446
     
    9193  virtual bool save_search_history(cgiargsclass &args, int numdocs,
    9294                   isapprox isApprox);
    93 
     95  bool user_groups_match(const text_t &collection_groups, const text_t &user_groups);
     96  void validate_ccs_collection_list(cgiargsclass &args, recptprotolistclass *protos, ostream &logout);
    9497public:
    9598  queryaction ();
     
    99102  bool init (ostream &logout);
    100103 
     104  void set_userdb(userdbclass *udb) {user_database = udb;}
    101105  virtual text_t get_action_name () {return "q";}
    102106 
    103107  virtual bool check_cgiargs (cgiargsinfoclass &argsinfo, cgiargsclass &args,
    104108                  recptprotolistclass *protos, ostream &logout);
    105 
    106109  virtual void define_internal_macros (displayclass &disp, cgiargsclass &args,
    107110                   recptprotolistclass *protos, ostream &logout);
Note: See TracChangeset for help on using the changeset viewer.