Revision 3475
Added by walbridge almost 17 years ago
| src/perl/register-dataset.cgi | ||
|---|---|---|
| 42 | 42 |
use strict; |
| 43 | 43 |
|
| 44 | 44 |
# Global configuration paramters |
| 45 |
#my $cfgdir = "@install-dir@"; |
|
| 46 | 45 |
#my $cfgdir = "/usr/local/devtools/tomcat/webapps/knb/style/skins"; |
| 47 | 46 |
my $cfgdir = "@install-dir@@style-skins-relpath@"; |
| 48 | 47 |
my $tmpdir = "@temp-dir@"; |
| ... | ... | |
| 1355 | 1354 |
sub addMetaElement() {
|
| 1356 | 1355 |
my $entityObjects = shift; |
| 1357 | 1356 |
my %entityObjects = %$entityObjects; |
| 1357 |
my $userAccess = allowElement(getUsername(), 'all'); |
|
| 1358 |
my $skinAccess = allowElement($username, 'all'); |
|
| 1359 |
|
|
| 1358 | 1360 |
my $accessList = ""; |
| 1359 | 1361 |
|
| 1360 | 1362 |
while ( my ($docid, $data) = each(%entityObjects) ) {
|
| 1361 | 1363 |
my $accessStub = qq|<additionalMetadata> |
| 1362 | 1364 |
<describes>$data->{'distribid'}</describes>
|
| 1363 | 1365 |
<access authSystem="knb" order="allowFirst"> |
| 1366 |
$skinAccess |
|
| 1367 |
$userAccess |
|
| 1364 | 1368 |
<deny> |
| 1365 | 1369 |
<principal>public</principal> |
| 1366 | 1370 |
<permission>read</permission> |
| ... | ... | |
| 1828 | 1832 |
return $dist; |
| 1829 | 1833 |
} |
| 1830 | 1834 |
|
| 1831 |
# |
|
| 1832 | 1835 |
sub accessElement {
|
| 1833 | 1836 |
my $access = ""; |
| 1834 | 1837 |
|
| 1835 | 1838 |
$access .= "<access authSystem=\"knb\" order=\"denyFirst\">\n"; |
| 1836 |
$access .= "<allow>\n"; |
|
| 1837 |
$access .= "<principal>$username</principal>\n"; |
|
| 1838 |
$access .= "<permission>all</permission>\n"; |
|
| 1839 |
$access .= "</allow>\n"; |
|
| 1839 |
$access .= allowElement($username, 'all'); |
|
| 1840 | 1840 |
|
| 1841 |
if($moderators eq ''){
|
|
| 1842 |
if($FORM::username ne ''){
|
|
| 1843 |
$access .= "<allow>\n"; |
|
| 1844 |
$access .= "<principal>uid=$FORM::username,o=$FORM::organization,dc=ecoinformatics,dc=org</principal>\n"; |
|
| 1845 |
$access .= "<permission>all</permission>\n"; |
|
| 1846 |
$access .= "</allow>\n"; |
|
| 1841 |
if($moderators eq '') {
|
|
| 1842 |
$access .= allowElement(getUsername(), 'all'); |
|
| 1847 | 1843 |
} else {
|
| 1848 |
my $session = CGI::Session->load(); |
|
| 1849 |
if ( !$session->is_empty ) {
|
|
| 1850 |
my $username = $session->param("username");
|
|
| 1851 |
$access .= "<allow>\n"; |
|
| 1852 |
$access .= "<principal>$username</principal>\n"; |
|
| 1853 |
$access .= "<permission>all</permission>\n"; |
|
| 1854 |
$access .= "</allow>\n"; |
|
| 1844 |
foreach(split(":", $moderators)) {
|
|
| 1845 |
$access .= allowElement($_, 'all'); |
|
| 1855 | 1846 |
} |
| 1856 |
} |
|
| 1857 |
} else {
|
|
| 1858 |
foreach(split(":",$moderators)) {
|
|
| 1859 |
$access .= "<allow>\n"; |
|
| 1860 |
$access .= "<principal>".$_."</principal>\n"; |
|
| 1861 |
$access .= "<permission>all</permission>\n"; |
|
| 1862 |
$access .= "</allow>\n"; |
|
| 1863 |
} |
|
| 1864 | 1847 |
|
| 1865 |
if($FORM::username ne '') {
|
|
| 1866 |
$access .= "<allow>\n"; |
|
| 1867 |
$access .= "<principal>uid=$FORM::username,o=$FORM::organization,dc=ecoinformatics,dc=org</principal>\n"; |
|
| 1868 |
$access .= "<permission>read</permission>\n"; |
|
| 1869 |
$access .= "<permission>write</permission>\n"; |
|
| 1870 |
$access .= "</allow>\n"; |
|
| 1871 |
} else {
|
|
| 1872 |
my $session = CGI::Session->load(); |
|
| 1873 |
if ( !$session->is_empty ) {
|
|
| 1874 |
my $username = $session->param("username");
|
|
| 1875 |
$access .= "<allow>\n"; |
|
| 1876 |
$access .= "<principal>$username</principal>\n"; |
|
| 1877 |
$access .= "<permission>read</permission>\n"; |
|
| 1878 |
$access .= "<permission>write</permission>\n"; |
|
| 1879 |
$access .= "</allow>\n"; |
|
| 1880 |
} |
|
| 1881 |
} |
|
| 1848 |
$access .= allowElement(getUsername(), 'read', 'write'); |
|
| 1882 | 1849 |
} |
| 1883 | 1850 |
|
| 1884 | 1851 |
if($publicReadable eq "true"){
|
| 1885 |
$access .= "<allow>\n"; |
|
| 1886 |
$access .= "<principal>public</principal>\n"; |
|
| 1887 |
$access .= "<permission>read</permission>\n"; |
|
| 1888 |
$access .= "</allow>\n"; |
|
| 1852 |
$access .= allowElement('public', 'read');
|
|
| 1889 | 1853 |
} |
| 1890 | 1854 |
$access .= "</access>\n"; |
| 1891 | 1855 |
return $access; |
| 1892 | 1856 |
} |
| 1893 | 1857 |
|
| 1858 |
sub allowElement {
|
|
| 1859 |
my $principal = shift; |
|
| 1860 |
my @permissions = @_; |
|
| 1894 | 1861 |
|
| 1862 |
my $allowElem = "<allow>\n" . |
|
| 1863 |
" <principal>$principal</principal>"; |
|
| 1864 |
foreach my $perm (@permissions) {
|
|
| 1865 |
$allowElem .= "<permission>$perm</permission>\n"; |
|
| 1866 |
} |
|
| 1867 |
$allowElem .= "</allow>\n"; |
|
| 1868 |
return $allowElem; |
|
| 1869 |
} |
|
| 1870 |
|
|
| 1871 |
sub getUsername() {
|
|
| 1872 |
my $username = ''; |
|
| 1873 |
|
|
| 1874 |
if ($FORM::username ne '') {
|
|
| 1875 |
$username = "uid=$FORM::username,o=$FORM::organization,dc=ecoinformatics,dc=org"; |
|
| 1876 |
} else {
|
|
| 1877 |
my $session = CGI::Session->load(); |
|
| 1878 |
if ( !$session->is_empty ) {
|
|
| 1879 |
$username = $session->param("username");
|
|
| 1880 |
} |
|
| 1881 |
} |
|
| 1882 |
|
|
| 1883 |
return $username; |
|
| 1884 |
} |
|
| 1885 |
|
|
| 1895 | 1886 |
sub readDocumentFromMetacat(){
|
| 1896 | 1887 |
|
| 1897 | 1888 |
my $docid = $FORM::docid; |
Also available in: Unified diff
refactored <access> and <allow> element creation. Added logic to give both owner and skin admin privilages to access uploaded data objects.