Revision 2576
Added by sgarg over 18 years ago
| MetaCatUtil.java | ||
|---|---|---|
| 56 | 56 |
|
| 57 | 57 |
private static String[] moderators; |
| 58 | 58 |
|
| 59 |
private static String[] allowedSubmitters; |
|
| 60 |
|
|
| 61 |
private static String[] deniedSubmitters; |
|
| 62 |
|
|
| 59 | 63 |
static {
|
| 60 | 64 |
// Determine our db adapter class and create an instance of that class |
| 61 | 65 |
try {
|
| ... | ... | |
| 66 | 70 |
} |
| 67 | 71 |
|
| 68 | 72 |
// read administrator and moderator lists from metacat.properties |
| 69 |
getAdminInfo();
|
|
| 73 |
getUserAccessControlLists();
|
|
| 70 | 74 |
} |
| 71 | 75 |
|
| 72 | 76 |
/** |
| ... | ... | |
| 786 | 790 |
/** |
| 787 | 791 |
* A method to read administrators and moderators list from the metacat.properties |
| 788 | 792 |
**/ |
| 789 |
public static void getAdminInfo(){
|
|
| 790 |
String adminList = MetaCatUtil.getOption("administrators");
|
|
| 793 |
public static void getUserAccessControlLists(){
|
|
| 794 |
administrators = getListFromOption("administrators");
|
|
| 795 |
moderators = getListFromOption("moderators");
|
|
| 796 |
allowedSubmitters = getListFromOption("allowedSubmitters");
|
|
| 797 |
deniedSubmitters = getListFromOption("deniedSubmitters");
|
|
| 798 |
} |
|
| 799 |
|
|
| 800 |
/** |
|
| 801 |
* A method to read value of a given option from the metacat.properties |
|
| 802 |
* into specified String array |
|
| 803 |
**/ |
|
| 804 |
private static String[] getListFromOption(String optionName){
|
|
| 805 |
String[] list = null; |
|
| 806 |
String listString = MetaCatUtil.getOption(optionName); |
|
| 807 |
|
|
| 791 | 808 |
try {
|
| 792 |
if (adminList != null) |
|
| 793 |
{
|
|
| 794 |
administrators = adminList.split(":");
|
|
| 809 |
if ( listString != null && !listString.trim().equals("")) {
|
|
| 810 |
list = listString.split(":");
|
|
| 811 |
} else {
|
|
| 812 |
list = null; |
|
| 795 | 813 |
} |
| 796 |
else |
|
| 797 |
{
|
|
| 798 |
administrators = null; |
|
| 799 |
} |
|
| 800 |
} catch (PatternSyntaxException pse) {
|
|
| 801 |
administrators = null; |
|
| 802 |
MetaCatUtil.debugMessage("Error in MetacatServlet.init: "
|
|
| 803 |
+ pse.getMessage(), 20); |
|
| 804 |
} |
|
| 805 |
|
|
| 806 |
String modList = MetaCatUtil.getOption("moderators");
|
|
| 807 |
try {
|
|
| 808 |
if ( modList != null) |
|
| 809 |
{
|
|
| 810 |
moderators = modList.split(":");
|
|
| 811 |
} |
|
| 812 |
else |
|
| 813 |
{
|
|
| 814 |
moderators = null; |
|
| 815 |
} |
|
| 816 | 814 |
|
| 817 | 815 |
} catch (PatternSyntaxException pse) {
|
| 818 |
moderators = null;
|
|
| 816 |
list = null;
|
|
| 819 | 817 |
MetaCatUtil.debugMessage("Error in MetacatServlet.init: "
|
| 820 | 818 |
+ pse.getMessage(), 20); |
| 821 | 819 |
} |
| 820 |
return list; |
|
| 822 | 821 |
} |
| 823 |
|
|
| 822 |
|
|
| 824 | 823 |
/** |
| 825 |
* A method to check if the specified user is part of the administrators list
|
|
| 824 |
* A method to check if the specified user is part of the moderators list
|
|
| 826 | 825 |
**/ |
| 827 |
public static boolean isAdministrator(String username, String[] groups){
|
|
| 828 |
// Check that the user is authenticated as an administrator account |
|
| 829 |
for (int i = 0; i < administrators.length; i++) {
|
|
| 826 |
private static boolean onList(String list[], String username, String[] groups){
|
|
| 827 |
|
|
| 828 |
if(list == null){
|
|
| 829 |
return false; |
|
| 830 |
} |
|
| 831 |
|
|
| 832 |
// Check that the user is authenticated as an administrator account |
|
| 833 |
for (int i = 0; i < list.length; i++) {
|
|
| 830 | 834 |
// check the given admin dn is a group dn... |
| 831 |
if(administrators[i].startsWith("cn=")){
|
|
| 832 |
// is a group dn
|
|
| 835 |
if(list[i].startsWith("cn=")){
|
|
| 836 |
// is a group dn
|
|
| 833 | 837 |
for (int j = 0; j < groups.length; j++) {
|
| 834 |
if (groups[j].equals(administrators[i])) {
|
|
| 838 |
if (groups[j].equals(list[i])) {
|
|
| 835 | 839 |
return true; |
| 836 | 840 |
} |
| 837 | 841 |
} |
| 838 | 842 |
} else {
|
| 839 | 843 |
// is a user dn |
| 840 |
if (username.equals(administrators[i])) {
|
|
| 841 |
return true;
|
|
| 844 |
if (username.equals(list[i])) {
|
|
| 845 |
return true;
|
|
| 842 | 846 |
} |
| 843 | 847 |
} |
| 844 | 848 |
} |
| 845 |
|
|
| 846 | 849 |
return false; |
| 847 | 850 |
} |
| 851 |
|
|
| 852 |
/** |
|
| 853 |
* A method to check if the specified user is part of the administrators list |
|
| 854 |
**/ |
|
| 855 |
public static boolean isAdministrator(String username, String[] groups){
|
|
| 856 |
return (onList(administrators, username, groups)); |
|
| 857 |
} |
|
| 848 | 858 |
|
| 849 | 859 |
/** |
| 850 | 860 |
* A method to check if the specified user is part of the moderators list |
| 851 | 861 |
**/ |
| 852 | 862 |
public static boolean isModerator(String username, String[] groups){
|
| 853 |
// Check that the user is authenticated as an administrator account |
|
| 854 |
for (int i = 0; i < moderators.length; i++) {
|
|
| 855 |
// check the given admin dn is a group dn... |
|
| 856 |
if(moderators[i].startsWith("cn=")){
|
|
| 857 |
// is a group dn |
|
| 858 |
for (int j = 0; j < groups.length; j++) {
|
|
| 859 |
if (groups[j].equals(moderators[i])) {
|
|
| 860 |
return true; |
|
| 861 |
} |
|
| 862 |
} |
|
| 863 |
} else {
|
|
| 864 |
// is a user dn |
|
| 865 |
if (username.equals(moderators[i])) {
|
|
| 866 |
return true; |
|
| 867 |
} |
|
| 868 |
} |
|
| 869 |
} |
|
| 870 |
|
|
| 871 |
return false; |
|
| 863 |
return (onList(moderators, username, groups)); |
|
| 872 | 864 |
} |
| 865 |
|
|
| 866 |
/** |
|
| 867 |
* A method to check if the specified user is part of the moderators list |
|
| 868 |
**/ |
|
| 869 |
public static boolean isAllowedSubmitter(String username, String[] groups){
|
|
| 870 |
if(allowedSubmitters != null){
|
|
| 871 |
return (onList(allowedSubmitters, username, groups)); |
|
| 872 |
} else {
|
|
| 873 |
// no allowedSubmitters list specified - |
|
| 874 |
// hence everyone should be allowed |
|
| 875 |
return true; |
|
| 876 |
} |
|
| 877 |
} |
|
| 878 |
|
|
| 879 |
/** |
|
| 880 |
* A method to check if the specified user is part of the moderators list |
|
| 881 |
**/ |
|
| 882 |
public static boolean isDeniedSubmitter(String username, String[] groups){
|
|
| 883 |
return (onList(deniedSubmitters, username, groups)); |
|
| 884 |
} |
|
| 885 |
|
|
| 886 |
/** |
|
| 887 |
* A method to check if the specified user can insert the document |
|
| 888 |
**/ |
|
| 889 |
public static boolean canInsertOrUpdate(String username, String[] groups){
|
|
| 890 |
return (isAllowedSubmitter(username, groups) |
|
| 891 |
&& !isDeniedSubmitter(username, groups)); |
|
| 892 |
} |
|
| 873 | 893 |
} |
Also available in: Unified diff
Modified MetaCatUtil to read metacat access control lists from metacat.properties. Also coded various methods which can be used to find out if a user is an admin, moderator or on allowed/denied submitter list.
Modified MetaCatServlet to check if a user is allowed to insert/update before insert and update is done.