Project

General

Profile

« Previous | Next » 

Revision 2576

Added by sgarg over 19 years ago

Modified MetaCatUtil to read metacat access control lists from metacat.properties. Also coded various methods which can be used to find out if a user is an admin, moderator or on allowed/denied submitter list.

Modified MetaCatServlet to check if a user is allowed to insert/update before insert and update is done.

View differences:

src/edu/ucsb/nceas/metacat/MetaCatUtil.java
56 56
    
57 57
    private static String[] moderators;
58 58

  
59
    private static String[] allowedSubmitters;
60

  
61
    private static String[] deniedSubmitters;
62

  
59 63
    static {
60 64
        // Determine our db adapter class and create an instance of that class
61 65
        try {
......
66 70
        }
67 71

  
68 72
        // read administrator and moderator lists from metacat.properties
69
        getAdminInfo();
73
        getUserAccessControlLists();
70 74
    }
71 75

  
72 76
    /**
......
786 790
    /** 
787 791
     * A method to read administrators and moderators list from the metacat.properties 
788 792
     **/
789
    public static void getAdminInfo(){
790
    	String adminList = MetaCatUtil.getOption("administrators");
793
    public static void getUserAccessControlLists(){
794
    	administrators = getListFromOption("administrators");
795
    	moderators = getListFromOption("moderators");
796
    	allowedSubmitters = getListFromOption("allowedSubmitters");
797
    	deniedSubmitters = getListFromOption("deniedSubmitters");
798
    }
799

  
800
    /** 
801
     * A method to read value of a given option from the metacat.properties 
802
     * into specified String array
803
     **/
804
    private static String[] getListFromOption(String optionName){
805
    	String[] list = null;
806
    	String listString = MetaCatUtil.getOption(optionName);
807
      
791 808
        try {
792
            if (adminList != null)
793
            {
794
              administrators = adminList.split(":");
809
            if ( listString != null && !listString.trim().equals("")) {
810
            	list = listString.split(":");
811
            } else {
812
            	list = null;
795 813
            }
796
            else
797
            {
798
               administrators = null;
799
            }
800
        } catch (PatternSyntaxException pse) {
801
            administrators = null;
802
            MetaCatUtil.debugMessage("Error in MetacatServlet.init: "
803
                + pse.getMessage(), 20);
804
        }
805
        
806
    	String modList = MetaCatUtil.getOption("moderators");
807
        try {
808
            if ( modList != null)
809
            {
810
                moderators = modList.split(":");
811
            }
812
            else
813
            {
814
                moderators = null;
815
            }
816 814
            
817 815
        } catch (PatternSyntaxException pse) {
818
            moderators = null;
816
        	list = null;
819 817
            MetaCatUtil.debugMessage("Error in MetacatServlet.init: "
820 818
                + pse.getMessage(), 20);
821 819
        }
820
        return list;
822 821
    }
823

  
822
    
824 823
    /** 
825
     * A method to check if the specified user is part of the administrators list 
824
     * A method to check if the specified user is part of the moderators list 
826 825
     **/
827
    public static boolean isAdministrator(String username, String[] groups){
828
        // Check that the user is authenticated as an administrator account
829
    	for (int i = 0; i < administrators.length; i++) {
826
    private static boolean onList(String list[], String username, String[] groups){
827

  
828
    	if(list == null){
829
    		return false;
830
    	}
831

  
832
    	// Check that the user is authenticated as an administrator account
833
        for (int i = 0; i < list.length; i++) {
830 834
            // check the given admin dn is a group dn...
831
        	if(administrators[i].startsWith("cn=")){
832
        		// is a group dn
835
        	if(list[i].startsWith("cn=")){
836
            	// is a group dn
833 837
        		for (int j = 0; j < groups.length; j++) {
834
        			if (groups[j].equals(administrators[i])) {
838
        			if (groups[j].equals(list[i])) {
835 839
                		return true;
836 840
                	}	
837 841
        		}   		
838 842
            } else { 
839 843
            	// is a user dn
840
            	if (username.equals(administrators[i])) {
841
            		return true;
844
            	if (username.equals(list[i])) {
845
    	    		return true;
842 846
            	}	
843 847
            }
844 848
        }
845
                
846 849
        return false;
847 850
    }
851

  
852
    /** 
853
     * A method to check if the specified user is part of the administrators list 
854
     **/
855
    public static boolean isAdministrator(String username, String[] groups){
856
    	return (onList(administrators, username, groups));
857
    }
848 858
    
849 859
    /** 
850 860
     * A method to check if the specified user is part of the moderators list 
851 861
     **/
852 862
    public static boolean isModerator(String username, String[] groups){
853
        // Check that the user is authenticated as an administrator account
854
        for (int i = 0; i < moderators.length; i++) {
855
            // check the given admin dn is a group dn...
856
        	if(moderators[i].startsWith("cn=")){
857
            	// is a group dn
858
        		for (int j = 0; j < groups.length; j++) {
859
        			if (groups[j].equals(moderators[i])) {
860
                		return true;
861
                	}	
862
        		}   		
863
            } else { 
864
            	// is a user dn
865
            	if (username.equals(moderators[i])) {
866
            		return true;
867
            	}	
868
            }
869
        }
870
        
871
        return false;
863
    	return (onList(moderators, username, groups));
872 864
    }
865

  
866
    /** 
867
     * A method to check if the specified user is part of the moderators list 
868
     **/
869
    public static boolean isAllowedSubmitter(String username, String[] groups){
870
    	if(allowedSubmitters != null){
871
    		return (onList(allowedSubmitters, username, groups));
872
    	} else {
873
    		// no allowedSubmitters list specified - 
874
    		// hence everyone should be allowed
875
    		return true;
876
    	}
877
   }
878

  
879
    /** 
880
     * A method to check if the specified user is part of the moderators list 
881
     **/
882
    public static boolean isDeniedSubmitter(String username, String[] groups){
883
		return (onList(deniedSubmitters, username, groups));
884
    }
885
    
886
    /** 
887
     * A method to check if the specified user can insert the document 
888
     **/
889
    public static boolean canInsertOrUpdate(String username, String[] groups){
890
    	return (isAllowedSubmitter(username, groups) 
891
    			&& !isDeniedSubmitter(username, groups));
892
    }
873 893
}
src/edu/ucsb/nceas/metacat/MetaCatServlet.java
1623 1623
            out.println("<error>");
1624 1624
            out.println("Docid not specified");
1625 1625
            out.println("</error>");
1626
            MetaCatUtil.debugMessage("Docid not specified",10);
1626 1627
            return;
1627 1628
        }
1629
        
1630
        if(!MetaCatUtil.canInsertOrUpdate(user, groups)){
1631
        	out.println("<?xml version=\"1.0\"?>");
1632
            out.println("<error>");
1633
            out.println("User '" + user + "' not allowed to insert and update");
1634
            out.println("</error>");
1635
            MetaCatUtil.debugMessage("User '" + user + "' not allowed to insert and update",10);
1636
            return;
1637
        }
1628 1638

  
1629 1639
        try {
1630 1640
            // Get the document indicated

Also available in: Unified diff