Revision 2576
Added by sgarg over 18 years ago
MetaCatUtil.java | ||
---|---|---|
56 | 56 |
|
57 | 57 |
private static String[] moderators; |
58 | 58 |
|
59 |
private static String[] allowedSubmitters; |
|
60 |
|
|
61 |
private static String[] deniedSubmitters; |
|
62 |
|
|
59 | 63 |
static { |
60 | 64 |
// Determine our db adapter class and create an instance of that class |
61 | 65 |
try { |
... | ... | |
66 | 70 |
} |
67 | 71 |
|
68 | 72 |
// read administrator and moderator lists from metacat.properties |
69 |
getAdminInfo();
|
|
73 |
getUserAccessControlLists();
|
|
70 | 74 |
} |
71 | 75 |
|
72 | 76 |
/** |
... | ... | |
786 | 790 |
/** |
787 | 791 |
* A method to read administrators and moderators list from the metacat.properties |
788 | 792 |
**/ |
789 |
public static void getAdminInfo(){ |
|
790 |
String adminList = MetaCatUtil.getOption("administrators"); |
|
793 |
public static void getUserAccessControlLists(){ |
|
794 |
administrators = getListFromOption("administrators"); |
|
795 |
moderators = getListFromOption("moderators"); |
|
796 |
allowedSubmitters = getListFromOption("allowedSubmitters"); |
|
797 |
deniedSubmitters = getListFromOption("deniedSubmitters"); |
|
798 |
} |
|
799 |
|
|
800 |
/** |
|
801 |
* A method to read value of a given option from the metacat.properties |
|
802 |
* into specified String array |
|
803 |
**/ |
|
804 |
private static String[] getListFromOption(String optionName){ |
|
805 |
String[] list = null; |
|
806 |
String listString = MetaCatUtil.getOption(optionName); |
|
807 |
|
|
791 | 808 |
try { |
792 |
if (adminList != null) |
|
793 |
{ |
|
794 |
administrators = adminList.split(":"); |
|
809 |
if ( listString != null && !listString.trim().equals("")) { |
|
810 |
list = listString.split(":"); |
|
811 |
} else { |
|
812 |
list = null; |
|
795 | 813 |
} |
796 |
else |
|
797 |
{ |
|
798 |
administrators = null; |
|
799 |
} |
|
800 |
} catch (PatternSyntaxException pse) { |
|
801 |
administrators = null; |
|
802 |
MetaCatUtil.debugMessage("Error in MetacatServlet.init: " |
|
803 |
+ pse.getMessage(), 20); |
|
804 |
} |
|
805 |
|
|
806 |
String modList = MetaCatUtil.getOption("moderators"); |
|
807 |
try { |
|
808 |
if ( modList != null) |
|
809 |
{ |
|
810 |
moderators = modList.split(":"); |
|
811 |
} |
|
812 |
else |
|
813 |
{ |
|
814 |
moderators = null; |
|
815 |
} |
|
816 | 814 |
|
817 | 815 |
} catch (PatternSyntaxException pse) { |
818 |
moderators = null;
|
|
816 |
list = null;
|
|
819 | 817 |
MetaCatUtil.debugMessage("Error in MetacatServlet.init: " |
820 | 818 |
+ pse.getMessage(), 20); |
821 | 819 |
} |
820 |
return list; |
|
822 | 821 |
} |
823 |
|
|
822 |
|
|
824 | 823 |
/** |
825 |
* A method to check if the specified user is part of the administrators list
|
|
824 |
* A method to check if the specified user is part of the moderators list
|
|
826 | 825 |
**/ |
827 |
public static boolean isAdministrator(String username, String[] groups){ |
|
828 |
// Check that the user is authenticated as an administrator account |
|
829 |
for (int i = 0; i < administrators.length; i++) { |
|
826 |
private static boolean onList(String list[], String username, String[] groups){ |
|
827 |
|
|
828 |
if(list == null){ |
|
829 |
return false; |
|
830 |
} |
|
831 |
|
|
832 |
// Check that the user is authenticated as an administrator account |
|
833 |
for (int i = 0; i < list.length; i++) { |
|
830 | 834 |
// check the given admin dn is a group dn... |
831 |
if(administrators[i].startsWith("cn=")){
|
|
832 |
// is a group dn
|
|
835 |
if(list[i].startsWith("cn=")){
|
|
836 |
// is a group dn
|
|
833 | 837 |
for (int j = 0; j < groups.length; j++) { |
834 |
if (groups[j].equals(administrators[i])) {
|
|
838 |
if (groups[j].equals(list[i])) {
|
|
835 | 839 |
return true; |
836 | 840 |
} |
837 | 841 |
} |
838 | 842 |
} else { |
839 | 843 |
// is a user dn |
840 |
if (username.equals(administrators[i])) {
|
|
841 |
return true;
|
|
844 |
if (username.equals(list[i])) {
|
|
845 |
return true;
|
|
842 | 846 |
} |
843 | 847 |
} |
844 | 848 |
} |
845 |
|
|
846 | 849 |
return false; |
847 | 850 |
} |
851 |
|
|
852 |
/** |
|
853 |
* A method to check if the specified user is part of the administrators list |
|
854 |
**/ |
|
855 |
public static boolean isAdministrator(String username, String[] groups){ |
|
856 |
return (onList(administrators, username, groups)); |
|
857 |
} |
|
848 | 858 |
|
849 | 859 |
/** |
850 | 860 |
* A method to check if the specified user is part of the moderators list |
851 | 861 |
**/ |
852 | 862 |
public static boolean isModerator(String username, String[] groups){ |
853 |
// Check that the user is authenticated as an administrator account |
|
854 |
for (int i = 0; i < moderators.length; i++) { |
|
855 |
// check the given admin dn is a group dn... |
|
856 |
if(moderators[i].startsWith("cn=")){ |
|
857 |
// is a group dn |
|
858 |
for (int j = 0; j < groups.length; j++) { |
|
859 |
if (groups[j].equals(moderators[i])) { |
|
860 |
return true; |
|
861 |
} |
|
862 |
} |
|
863 |
} else { |
|
864 |
// is a user dn |
|
865 |
if (username.equals(moderators[i])) { |
|
866 |
return true; |
|
867 |
} |
|
868 |
} |
|
869 |
} |
|
870 |
|
|
871 |
return false; |
|
863 |
return (onList(moderators, username, groups)); |
|
872 | 864 |
} |
865 |
|
|
866 |
/** |
|
867 |
* A method to check if the specified user is part of the moderators list |
|
868 |
**/ |
|
869 |
public static boolean isAllowedSubmitter(String username, String[] groups){ |
|
870 |
if(allowedSubmitters != null){ |
|
871 |
return (onList(allowedSubmitters, username, groups)); |
|
872 |
} else { |
|
873 |
// no allowedSubmitters list specified - |
|
874 |
// hence everyone should be allowed |
|
875 |
return true; |
|
876 |
} |
|
877 |
} |
|
878 |
|
|
879 |
/** |
|
880 |
* A method to check if the specified user is part of the moderators list |
|
881 |
**/ |
|
882 |
public static boolean isDeniedSubmitter(String username, String[] groups){ |
|
883 |
return (onList(deniedSubmitters, username, groups)); |
|
884 |
} |
|
885 |
|
|
886 |
/** |
|
887 |
* A method to check if the specified user can insert the document |
|
888 |
**/ |
|
889 |
public static boolean canInsertOrUpdate(String username, String[] groups){ |
|
890 |
return (isAllowedSubmitter(username, groups) |
|
891 |
&& !isDeniedSubmitter(username, groups)); |
|
892 |
} |
|
873 | 893 |
} |
Also available in: Unified diff
Modified MetaCatUtil to read metacat access control lists from metacat.properties. Also coded various methods which can be used to find out if a user is an admin, moderator or on allowed/denied submitter list.
Modified MetaCatServlet to check if a user is allowed to insert/update before insert and update is done.