Changeset 27295 for main/trunk


Ignore:
Timestamp:
2013-05-03T18:25:10+12:00 (11 years ago)
Author:
ak19
Message:

This commit contains bugfixes for authentication within metadata-server.pl and related perl code, and is committed separately before changes in gsajaxapi.js start to make use of it. Another important change is that for adding user comments, a user need not be in the collection's group, so checking the group shouldn't be performed. The bugfixes are to get the authentication to work and are in addition to an earlier commit that corrected the name of the authentication_enable variable in baseaction.pm. The bugfixes are: users.gdb instead of users.db, metadata-server.pl needs to call gsdlCGI's encrypt_password otherwise the password check will fail because it won't match with what's in the db. Also, the calls to authenticate_user had to be through the self variable, since its a method not a function and failed to work correctly otherwise.

Location:
main/trunk/greenstone2
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone2/common-src/cgi-bin/metadata-server.pl

    r24872 r27295  
    5555    $gsdl_cgi->checked_chdir($gsdlhome);
    5656
     57    # Encrypt the password
     58    $gsdl_cgi->encrypt_password();
     59
    5760    require cgiactions::metadataaction;
    5861   

  • main/trunk/greenstone2/perllib/cgiactions/baseaction.pm

    r27277 r27295  
    3131use inexport;
    3232
    33 our $authentication_enabled = 0;
     33our $authentication_enabled = 0; # debugging flag (can debug without authentication when set to 0)
    3434our $mail_enabled = 0;
    3535
     
    237237    my $gsdlhome = $ENV{'GSDLHOME'};
    238238    my $etc_directory = &util::filename_cat($gsdlhome, "etc");
    239     my $users_db_file_path = &util::filename_cat($etc_directory, "users.db");
     239    my $users_db_file_path = &util::filename_cat($etc_directory, "users.gdb");
    240240
    241241    # Use db2txt to get the user accounts information
     
    246246    }
    247247
    248     # Get the user account information from the users.db database
     248    # Get the user account information from the users.gdb database
    249249    my %users_db_data = ();
    250250    foreach my $users_db_entry (split(/-{70}/, $users_db_content)) {
     
    266266    }
    267267
     268    # The following code which tests whether the user is in the required group
     269    # seems to have been copied over from gliserver.pl.
     270    # But for metadata-server.pl, when user comments are added through the set-metadata functions,
     271    # the user doesn't need to be a specific collection's editor in order to add comments to that collection.
     272    # So we no longer check the user is in the group here.
     273
    268274    # Check group
    269     my ($user_groups) = ($user_data =~ /\<groups\>(.*)/);
    270     if ($collection eq "") {
    271     # If we're not editing a collection then the user doesn't need to be in a particular group
    272     return $user_groups;  # Authentication successful
    273     }
    274     foreach my $user_group (split(/\,/, $user_groups)) {
     275#    my ($user_groups) = ($user_data =~ /\<groups\>(.*)/);
     276#    if ($collection eq "") {
     277#   # If we're not editing a collection then the user doesn't need to be in a particular group
     278#   return $user_groups;  # Authentication successful
     279#    }
     280#    foreach my $user_group (split(/\,/, $user_groups)) {
    275281    # Does this user have access to all collections?
    276     if ($user_group eq "all-collections-editor") {
    277         return $user_groups;  # Authentication successful
    278     }
     282#   if ($user_group eq "all-collections-editor") {
     283#       return $user_groups;  # Authentication successful
     284#   }
    279285    # Does this user have access to personal collections, and is this one?
    280     if ($user_group eq "personal-collections-editor" && $collection =~ /^$username\-/) {
    281         return $user_groups;  # Authentication successful
    282     }
     286#   if ($user_group eq "personal-collections-editor" && $collection =~ /^$username\-/) {
     287#       return $user_groups;  # Authentication successful
     288#   }
    283289    # Does this user have access to this collection
    284     if ($user_group eq "$collection-collection-editor") {
    285         return $user_groups;  # Authentication successful
    286     }
    287     }
    288 
    289     $gsdl_cgi->generate_error("Authentication failed: user is not in the required group.");
     290#   if ($user_group eq "$collection-collection-editor") {
     291#       return $user_groups;  # Authentication successful
     292#   }
     293#    }
     294#
     295#    $gsdl_cgi->generate_error("Authentication failed: user is not in the required group.");
    290296}
    291297

  • main/trunk/greenstone2/perllib/cgiactions/metadataaction.pm

    r27261 r27295  
    250250    # Authenticate user if it is enabled
    251251    if ($baseaction::authentication_enabled) {
    252     # Ensure the user is allowed to edit this collection
    253     &authenticate_user($gsdl_cgi, $username, $collect);
     252    # Ensure the user is allowed to edit this collection   
     253    $self->authenticate_user($username, $collect); #&authenticate_user($gsdl_cgi, $username, $collect);
    254254    }
    255255
     
    309309    # Authenticate user if it is enabled
    310310    if ($baseaction::authentication_enabled) {
    311         # Ensure the user is allowed to edit this collection
    312         &authenticate_user($gsdl_cgi, $username, $collect);
     311        # Ensure the user is allowed to edit this collection
     312        $self->authenticate_user($username, $collect); #&authenticate_user($gsdl_cgi, $username, $collect);
    313313    }
    314314
     
    444444    # Authenticate user if it is enabled
    445445    if ($baseaction::authentication_enabled) {
    446         # Ensure the user is allowed to edit this collection
    447         &authenticate_user($gsdl_cgi, $username, $collect);
     446        # Ensure the user is allowed to edit this collection       
     447        $self->authenticate_user($username, $collect); #&authenticate_user($gsdl_cgi, $username, $collect);
    448448    }
    449449
     
    614614 
    615615    if ($baseaction::authentication_enabled) {
    616     # Ensure the user is allowed to edit this collection
    617     &authenticate_user($gsdl_cgi, $username, $collect);
     616    # Ensure the user is allowed to edit this collection   
     617    $self->authenticate_user($username, $collect); #&authenticate_user($gsdl_cgi, $username, $collect);
    618618    }
    619619
     
    847847
    848848    if ($baseaction::authentication_enabled) {
    849     # Ensure the user is allowed to edit this collection
    850     &authenticate_user($gsdl_cgi, $username, $collect);
     849    # Ensure the user is allowed to edit this collection   
     850    $self->authenticate_user($username, $collect); #&authenticate_user($gsdl_cgi, $username, $collect);
    851851    }
    852852
     
    889889   
    890890    if ($baseaction::authentication_enabled) {
    891     # Ensure the user is allowed to edit this collection
    892     #&authenticate_user($gsdl_cgi, $username, $collect);
    893     $self->authenticate_user($username, $collect);
     891    # Ensure the user is allowed to edit this collection   
     892    $self->authenticate_user($username, $collect); #&authenticate_user($gsdl_cgi, $username, $collect);
    894893    }
    895894   
     
    963962    if ($baseaction::authentication_enabled) {
    964963    # Ensure the user is allowed to edit this collection
    965     &authenticate_user($gsdl_cgi, $username, $collect);
     964    $self->authenticate_user($username, $collect); #&authenticate_user($gsdl_cgi, $username, $collect);
    966965    }
    967966
     
    10791078
    10801079    if ($baseaction::authentication_enabled) {
    1081     # Ensure the user is allowed to edit this collection
    1082     &authenticate_user($gsdl_cgi, $username, $collect);
     1080    # Ensure the user is allowed to edit this collection   
     1081    $self->authenticate_user($username, $collect); #&authenticate_user($gsdl_cgi, $username, $collect);
    10831082    }
    10841083
     
    11921191
    11931192    if ($baseaction::authentication_enabled) {
    1194     # Ensure the user is allowed to edit this collection
    1195     &authenticate_user($gsdl_cgi, $username, $collect);
     1193    # Ensure the user is allowed to edit this collection   
     1194    $self->authenticate_user($username, $collect); #&authenticate_user($gsdl_cgi, $username, $collect);
    11961195    }
    11971196
     
    16851684
    16861685    if ($baseaction::authentication_enabled) {
    1687     # Ensure the user is allowed to edit this collection
    1688     &authenticate_user($gsdl_cgi, $username, $collect);
     1686    # Ensure the user is allowed to edit this collection   
     1687    $self->authenticate_user($username, $collect); #&authenticate_user($gsdl_cgi, $username, $collect);
    16891688    }
    16901689
     
    17821781    if ($baseaction::authentication_enabled)
    17831782    {
    1784         # Ensure the user is allowed to edit this collection
    1785         &authenticate_user($gsdl_cgi, $username, $collect);
     1783        # Ensure the user is allowed to edit this collection       
     1784        $self->authenticate_user($username, $collect); #&authenticate_user($gsdl_cgi, $username, $collect);
    17861785    }
    17871786
     
    22202219   
    22212220    if ($baseaction::authentication_enabled) {
    2222         # Ensure the user is allowed to edit this collection
    2223         $self->authenticate_user($username, $collect);
     2221    # Ensure the user is allowed to edit this collection
     2222    $self->authenticate_user($username, $collect);
    22242223    }
    22252224
     
    22442243
    22452244    if ($baseaction::authentication_enabled) {
    2246     # Ensure the user is allowed to edit this collection
    2247     &authenticate_user($gsdl_cgi, $username, $collect);
     2245    # Ensure the user is allowed to edit this collection   
     2246    $self->authenticate_user($username, $collect); #&authenticate_user($gsdl_cgi, $username, $collect);
    22482247    }
    22492248
     
    25272526   
    25282527    if ($baseaction::authentication_enabled) {
    2529         # Ensure the user is allowed to edit this collection
    2530         &authenticate_user($gsdl_cgi, $username, $collect);
     2528        # Ensure the user is allowed to edit this collection       
     2529        $self->authenticate_user($username, $collect); #&authenticate_user($gsdl_cgi, $username, $collect);
    25312530    }
    25322531
     
    26952694   
    26962695    if ($baseaction::authentication_enabled) {
    2697     # Ensure the user is allowed to edit this collection
    2698     &authenticate_user($gsdl_cgi, $username, $collect);
     2696    # Ensure the user is allowed to edit this collection   
     2697    $self->authenticate_user($username, $collect); #&authenticate_user($gsdl_cgi, $username, $collect);
    26992698    }
    27002699
     
    27222721
    27232722    if ($baseaction::authentication_enabled) {
    2724     # Ensure the user is allowed to edit this collection
    2725     &authenticate_user($gsdl_cgi, $username, $collect);
     2723    # Ensure the user is allowed to edit this collection   
     2724    $self->authenticate_user($username, $collect); #&authenticate_user($gsdl_cgi, $username, $collect);
    27262725    }
    27272726
     
    28422841   
    28432842    if ($baseaction::authentication_enabled) {
    2844     # Ensure the user is allowed to edit this collection
    2845     &authenticate_user($gsdl_cgi, $username, $collect);
     2843    # Ensure the user is allowed to edit this collection   
     2844    $self->authenticate_user($username, $collect); #&authenticate_user($gsdl_cgi, $username, $collect);
    28462845    }
    28472846
Note: See TracChangeset for help on using the changeset viewer.