Ignore:
Timestamp:
2013-05-03T18:25:10+12:00 (11 years ago)
Author:
ak19
Message:

This commit contains bugfixes for authentication within metadata-server.pl and related perl code, and is committed separately before changes in gsajaxapi.js start to make use of it. Another important change is that for adding user comments, a user need not be in the collection's group, so checking the group shouldn't be performed. The bugfixes are to get the authentication to work and are in addition to an earlier commit that corrected the name of the authentication_enable variable in baseaction.pm. The bugfixes are: users.gdb instead of users.db, metadata-server.pl needs to call gsdlCGI's encrypt_password otherwise the password check will fail because it won't match with what's in the db. Also, the calls to authenticate_user had to be through the self variable, since its a method not a function and failed to work correctly otherwise.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone2/perllib/cgiactions/baseaction.pm

    r27277 r27295  
    3131use inexport;
    3232
    33 our $authentication_enabled = 0;
     33our $authentication_enabled = 0; # debugging flag (can debug without authentication when set to 0)
    3434our $mail_enabled = 0;
    3535
     
    237237    my $gsdlhome = $ENV{'GSDLHOME'};
    238238    my $etc_directory = &util::filename_cat($gsdlhome, "etc");
    239     my $users_db_file_path = &util::filename_cat($etc_directory, "users.db");
     239    my $users_db_file_path = &util::filename_cat($etc_directory, "users.gdb");
    240240
    241241    # Use db2txt to get the user accounts information
     
    246246    }
    247247
    248     # Get the user account information from the users.db database
     248    # Get the user account information from the users.gdb database
    249249    my %users_db_data = ();
    250250    foreach my $users_db_entry (split(/-{70}/, $users_db_content)) {
     
    266266    }
    267267
     268    # The following code which tests whether the user is in the required group
     269    # seems to have been copied over from gliserver.pl.
     270    # But for metadata-server.pl, when user comments are added through the set-metadata functions,
     271    # the user doesn't need to be a specific collection's editor in order to add comments to that collection.
     272    # So we no longer check the user is in the group here.
     273
    268274    # Check group
    269     my ($user_groups) = ($user_data =~ /\<groups\>(.*)/);
    270     if ($collection eq "") {
    271     # If we're not editing a collection then the user doesn't need to be in a particular group
    272     return $user_groups;  # Authentication successful
    273     }
    274     foreach my $user_group (split(/\,/, $user_groups)) {
     275#    my ($user_groups) = ($user_data =~ /\<groups\>(.*)/);
     276#    if ($collection eq "") {
     277#   # If we're not editing a collection then the user doesn't need to be in a particular group
     278#   return $user_groups;  # Authentication successful
     279#    }
     280#    foreach my $user_group (split(/\,/, $user_groups)) {
    275281    # Does this user have access to all collections?
    276     if ($user_group eq "all-collections-editor") {
    277         return $user_groups;  # Authentication successful
    278     }
     282#   if ($user_group eq "all-collections-editor") {
     283#       return $user_groups;  # Authentication successful
     284#   }
    279285    # Does this user have access to personal collections, and is this one?
    280     if ($user_group eq "personal-collections-editor" && $collection =~ /^$username\-/) {
    281         return $user_groups;  # Authentication successful
    282     }
     286#   if ($user_group eq "personal-collections-editor" && $collection =~ /^$username\-/) {
     287#       return $user_groups;  # Authentication successful
     288#   }
    283289    # Does this user have access to this collection
    284     if ($user_group eq "$collection-collection-editor") {
    285         return $user_groups;  # Authentication successful
    286     }
    287     }
    288 
    289     $gsdl_cgi->generate_error("Authentication failed: user is not in the required group.");
     290#   if ($user_group eq "$collection-collection-editor") {
     291#       return $user_groups;  # Authentication successful
     292#   }
     293#    }
     294#
     295#    $gsdl_cgi->generate_error("Authentication failed: user is not in the required group.");
    290296}
    291297
Note: See TracChangeset for help on using the changeset viewer.