Ignore:
Timestamp:
2021-08-13T20:04:19+12:00 (3 years ago)
Author:
anupama
Message:
  1. Use of groups local variable name in LibServlet method is confusing, as it's easy to read it as the list of groups a user member belongs to. Rather, it's any groups mentioned for a collection in its collConfig.xml's security elements and which security element groups will be checked against a (logged in) user's actual list of groups. 2. While working on updating DerbyWrapper to support extra table called ORIGROLES (extra column of origrole in ROLES table was the wrong idea), realised this was a long, roundabout and errorprone way as it requires lots of code changes to go about making the roles table's role column store the expanded groups instead of original user-entered groups. Instead, what we need is the reverse function of expandGroups(), contractExpandedgroups(), which will return any comma-separated list of groups to its most condense form that is probably closest to what the user entered, albeit with alphabetic reordering. This method can be called to do lazy evaluation to set UserTermInfo.origgroups when getOrigGroups() is called. The getOrigGroups() method will then be used as before by the GS3 admin/user account interface methods of Authentication.java (mainly Authentication.processAuthentication()), but Txt2UsersDB.java and ModifyUsersDB.java files will need to call getExpandedGroups() to store/retrieve these in the ROLES table. This will automatically be backwards compatible with earlier GS3 installation's userDBs.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/LibraryServlet.java

    r35266 r35290  
    10971097        return false;
    10981098    }
    1099    
    1100     ArrayList<String> groups = GSXML.getGroupsFromSecurityResponse(securityResponse);
     1099
     1100    // Groups mentioned in collectionConfig.xml's Security element, se_groups
     1101    ArrayList<String> se_groups = GSXML.getGroupsFromSecurityResponse(securityResponse);
    11011102
    11021103    //If guests are not allowed to access this page then check to see if the user is in a group that is allowed to access the page
    1103     if (!groups.contains(""))
     1104    if (!se_groups.contains(""))
    11041105    {
    11051106        boolean found = false;
    1106         for (String group : groups)
     1107        for (String se_group : se_groups)
    11071108        {
    1108         if (request.isUserInRole(group))
     1109        if (request.isUserInRole(se_group))
    11091110        {
    11101111            found = true;
Note: See TracChangeset for help on using the changeset viewer.