| 56 |
56 |
|
| 57 |
57 |
private static String[] moderators;
|
| 58 |
58 |
|
|
59 |
private static String[] allowedSubmitters;
|
|
60 |
|
|
61 |
private static String[] deniedSubmitters;
|
|
62 |
|
| 59 |
63 |
static {
|
| 60 |
64 |
// Determine our db adapter class and create an instance of that class
|
| 61 |
65 |
try {
|
| ... | ... | |
| 66 |
70 |
}
|
| 67 |
71 |
|
| 68 |
72 |
// read administrator and moderator lists from metacat.properties
|
| 69 |
|
getAdminInfo();
|
|
73 |
getUserAccessControlLists();
|
| 70 |
74 |
}
|
| 71 |
75 |
|
| 72 |
76 |
/**
|
| ... | ... | |
| 786 |
790 |
/**
|
| 787 |
791 |
* A method to read administrators and moderators list from the metacat.properties
|
| 788 |
792 |
**/
|
| 789 |
|
public static void getAdminInfo(){
|
| 790 |
|
String adminList = MetaCatUtil.getOption("administrators");
|
|
793 |
public static void getUserAccessControlLists(){
|
|
794 |
administrators = getListFromOption("administrators");
|
|
795 |
moderators = getListFromOption("moderators");
|
|
796 |
allowedSubmitters = getListFromOption("allowedSubmitters");
|
|
797 |
deniedSubmitters = getListFromOption("deniedSubmitters");
|
|
798 |
}
|
|
799 |
|
|
800 |
/**
|
|
801 |
* A method to read value of a given option from the metacat.properties
|
|
802 |
* into specified String array
|
|
803 |
**/
|
|
804 |
private static String[] getListFromOption(String optionName){
|
|
805 |
String[] list = null;
|
|
806 |
String listString = MetaCatUtil.getOption(optionName);
|
|
807 |
|
| 791 |
808 |
try {
|
| 792 |
|
if (adminList != null)
|
| 793 |
|
{
|
| 794 |
|
administrators = adminList.split(":");
|
|
809 |
if ( listString != null && !listString.trim().equals("")) {
|
|
810 |
list = listString.split(":");
|
|
811 |
} else {
|
|
812 |
list = null;
|
| 795 |
813 |
}
|
| 796 |
|
else
|
| 797 |
|
{
|
| 798 |
|
administrators = null;
|
| 799 |
|
}
|
| 800 |
|
} catch (PatternSyntaxException pse) {
|
| 801 |
|
administrators = null;
|
| 802 |
|
MetaCatUtil.debugMessage("Error in MetacatServlet.init: "
|
| 803 |
|
+ pse.getMessage(), 20);
|
| 804 |
|
}
|
| 805 |
|
|
| 806 |
|
String modList = MetaCatUtil.getOption("moderators");
|
| 807 |
|
try {
|
| 808 |
|
if ( modList != null)
|
| 809 |
|
{
|
| 810 |
|
moderators = modList.split(":");
|
| 811 |
|
}
|
| 812 |
|
else
|
| 813 |
|
{
|
| 814 |
|
moderators = null;
|
| 815 |
|
}
|
| 816 |
814 |
|
| 817 |
815 |
} catch (PatternSyntaxException pse) {
|
| 818 |
|
moderators = null;
|
|
816 |
list = null;
|
| 819 |
817 |
MetaCatUtil.debugMessage("Error in MetacatServlet.init: "
|
| 820 |
818 |
+ pse.getMessage(), 20);
|
| 821 |
819 |
}
|
|
820 |
return list;
|
| 822 |
821 |
}
|
| 823 |
|
|
|
822 |
|
| 824 |
823 |
/**
|
| 825 |
|
* A method to check if the specified user is part of the administrators list
|
|
824 |
* A method to check if the specified user is part of the moderators list
|
| 826 |
825 |
**/
|
| 827 |
|
public static boolean isAdministrator(String username, String[] groups){
|
| 828 |
|
// Check that the user is authenticated as an administrator account
|
| 829 |
|
for (int i = 0; i < administrators.length; i++) {
|
|
826 |
private static boolean onList(String list[], String username, String[] groups){
|
|
827 |
|
|
828 |
if(list == null){
|
|
829 |
return false;
|
|
830 |
}
|
|
831 |
|
|
832 |
// Check that the user is authenticated as an administrator account
|
|
833 |
for (int i = 0; i < list.length; i++) {
|
| 830 |
834 |
// check the given admin dn is a group dn...
|
| 831 |
|
if(administrators[i].startsWith("cn=")){
|
| 832 |
|
// is a group dn
|
|
835 |
if(list[i].startsWith("cn=")){
|
|
836 |
// is a group dn
|
| 833 |
837 |
for (int j = 0; j < groups.length; j++) {
|
| 834 |
|
if (groups[j].equals(administrators[i])) {
|
|
838 |
if (groups[j].equals(list[i])) {
|
| 835 |
839 |
return true;
|
| 836 |
840 |
}
|
| 837 |
841 |
}
|
| 838 |
842 |
} else {
|
| 839 |
843 |
// is a user dn
|
| 840 |
|
if (username.equals(administrators[i])) {
|
| 841 |
|
return true;
|
|
844 |
if (username.equals(list[i])) {
|
|
845 |
return true;
|
| 842 |
846 |
}
|
| 843 |
847 |
}
|
| 844 |
848 |
}
|
| 845 |
|
|
| 846 |
849 |
return false;
|
| 847 |
850 |
}
|
|
851 |
|
|
852 |
/**
|
|
853 |
* A method to check if the specified user is part of the administrators list
|
|
854 |
**/
|
|
855 |
public static boolean isAdministrator(String username, String[] groups){
|
|
856 |
return (onList(administrators, username, groups));
|
|
857 |
}
|
| 848 |
858 |
|
| 849 |
859 |
/**
|
| 850 |
860 |
* A method to check if the specified user is part of the moderators list
|
| 851 |
861 |
**/
|
| 852 |
862 |
public static boolean isModerator(String username, String[] groups){
|
| 853 |
|
// Check that the user is authenticated as an administrator account
|
| 854 |
|
for (int i = 0; i < moderators.length; i++) {
|
| 855 |
|
// check the given admin dn is a group dn...
|
| 856 |
|
if(moderators[i].startsWith("cn=")){
|
| 857 |
|
// is a group dn
|
| 858 |
|
for (int j = 0; j < groups.length; j++) {
|
| 859 |
|
if (groups[j].equals(moderators[i])) {
|
| 860 |
|
return true;
|
| 861 |
|
}
|
| 862 |
|
}
|
| 863 |
|
} else {
|
| 864 |
|
// is a user dn
|
| 865 |
|
if (username.equals(moderators[i])) {
|
| 866 |
|
return true;
|
| 867 |
|
}
|
| 868 |
|
}
|
| 869 |
|
}
|
| 870 |
|
|
| 871 |
|
return false;
|
|
863 |
return (onList(moderators, username, groups));
|
| 872 |
864 |
}
|
|
865 |
|
|
866 |
/**
|
|
867 |
* A method to check if the specified user is part of the moderators list
|
|
868 |
**/
|
|
869 |
public static boolean isAllowedSubmitter(String username, String[] groups){
|
|
870 |
if(allowedSubmitters != null){
|
|
871 |
return (onList(allowedSubmitters, username, groups));
|
|
872 |
} else {
|
|
873 |
// no allowedSubmitters list specified -
|
|
874 |
// hence everyone should be allowed
|
|
875 |
return true;
|
|
876 |
}
|
|
877 |
}
|
|
878 |
|
|
879 |
/**
|
|
880 |
* A method to check if the specified user is part of the moderators list
|
|
881 |
**/
|
|
882 |
public static boolean isDeniedSubmitter(String username, String[] groups){
|
|
883 |
return (onList(deniedSubmitters, username, groups));
|
|
884 |
}
|
|
885 |
|
|
886 |
/**
|
|
887 |
* A method to check if the specified user can insert the document
|
|
888 |
**/
|
|
889 |
public static boolean canInsertOrUpdate(String username, String[] groups){
|
|
890 |
return (isAllowedSubmitter(username, groups)
|
|
891 |
&& !isDeniedSubmitter(username, groups));
|
|
892 |
}
|
| 873 |
893 |
}
|
Modified MetaCatUtil to read metacat access control lists from metacat.properties. Also coded various methods which can be used to find out if a user is an admin, moderator or on allowed/denied submitter list.
Modified MetaCatServlet to check if a user is allowed to insert/update before insert and update is done.