Changeset 33733

Timestamp:

2019-12-02T13:43:01+13:00 (4 years ago)

Author:

kjdon

Message:

on the first page of depositor, only show the list of collections the logged in user has edit access for.

File:

• main/trunk/greenstone3/src/java/org/greenstone/gsdl3/action/DepositorAction.java (modified) (4 diffs)

main/trunk/greenstone3/src/java/org/greenstone/gsdl3/action/DepositorAction.java

@@ -30 +30 @@
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
 
 import com.google.gson.Gson;
@@ -79 +80 @@
 
         if (collection !=null && !collection.equals("")) {
-          if (!userHasCollectionEditPermissions(collection, uc)) {
+          if (!userHasCollectionEditPermission(collection, uc)) {
             // we need to reset back to empty subaction here            
             request.setAttribute("subaction", "");
-            logger.error("found collection "+collection+", need to check user groups");
             GSXML.addError(response, "You are not in the right group to access this collection. Please log in as a different user.");
-          return responseMessage;
+            return responseMessage;
           
           }
@@ -399 +399 @@
             response.appendChild(depositorPage);
 
-            Element collList = getCollectionsInSite(doc);
+            Element collList = getCollectionsInSiteForUser(uc);
             depositorPage.appendChild(doc.importNode(collList, true));
         }
@@ -406 +406 @@
     }
 
-    public Element getCollectionsInSite(Document doc) 
-    {
-        Element message = doc.createElement(GSXML.MESSAGE_ELEM);
-        Element request = GSXML.createBasicRequest(doc, GSXML.REQUEST_TYPE_DESCRIBE, "", new UserContext());
-        message.appendChild(request);
-        Element responseMessage = (Element) this.mr.process(message);
-
-        Element response = (Element) GSXML.getChildByTagName(responseMessage, GSXML.RESPONSE_ELEM);
-        Element collectionList = (Element) GSXML.getChildByTagName(response, GSXML.COLLECTION_ELEM + GSXML.LIST_MODIFIER);
-
-        return collectionList;
+    
+    public Element getCollectionsInSiteForUser(UserContext uc) 
+    {
+    Document doc = XMLConverter.newDOM();
+    Element message = doc.createElement(GSXML.MESSAGE_ELEM);
+    Element request = GSXML.createBasicRequest(doc, GSXML.REQUEST_TYPE_DESCRIBE, "", new UserContext());
+    message.appendChild(request);
+    Element responseMessage = (Element) this.mr.process(message);
+    
+    Element response = (Element) GSXML.getChildByTagName(responseMessage, GSXML.RESPONSE_ELEM);
+    Element collectionList = (Element) GSXML.getChildByTagName(response, GSXML.COLLECTION_ELEM + GSXML.LIST_MODIFIER);
+    
+    Element validCollectionList = doc.createElement(GSXML.COLLECTION_ELEM + GSXML.LIST_MODIFIER);
+
+    NodeList collections = GSXML.getChildrenByTagName(collectionList, GSXML.COLLECTION_ELEM);
+    for (int i = 0; i < collections.getLength(); i++) {
+        String coll_name = ((Element)collections.item(i)).getAttribute(GSXML.NAME_ATT);
+        if (userHasCollectionEditPermission(coll_name, uc)) {
+        // only add to the new list if the user has edit permission
+        validCollectionList.appendChild(doc.importNode(collections.item(i), true));
+        
+        }
     }
+    
+    return validCollectionList;
+    }
 
   // collection must be non-null and non-empty
-  protected boolean userHasCollectionEditPermissions(String collection, UserContext user_context) {
+  protected boolean userHasCollectionEditPermission(String collection, UserContext user_context) {
 
     for (String group : user_context.getGroups()) {