Revision 3475
Added by walbridge about 17 years ago
register-dataset.cgi | ||
---|---|---|
42 | 42 |
use strict; |
43 | 43 |
|
44 | 44 |
# Global configuration paramters |
45 |
#my $cfgdir = "@install-dir@"; |
|
46 | 45 |
#my $cfgdir = "/usr/local/devtools/tomcat/webapps/knb/style/skins"; |
47 | 46 |
my $cfgdir = "@install-dir@@style-skins-relpath@"; |
48 | 47 |
my $tmpdir = "@temp-dir@"; |
... | ... | |
1355 | 1354 |
sub addMetaElement() { |
1356 | 1355 |
my $entityObjects = shift; |
1357 | 1356 |
my %entityObjects = %$entityObjects; |
1357 |
my $userAccess = allowElement(getUsername(), 'all'); |
|
1358 |
my $skinAccess = allowElement($username, 'all'); |
|
1359 |
|
|
1358 | 1360 |
my $accessList = ""; |
1359 | 1361 |
|
1360 | 1362 |
while ( my ($docid, $data) = each(%entityObjects) ) { |
1361 | 1363 |
my $accessStub = qq|<additionalMetadata> |
1362 | 1364 |
<describes>$data->{'distribid'}</describes> |
1363 | 1365 |
<access authSystem="knb" order="allowFirst"> |
1366 |
$skinAccess |
|
1367 |
$userAccess |
|
1364 | 1368 |
<deny> |
1365 | 1369 |
<principal>public</principal> |
1366 | 1370 |
<permission>read</permission> |
... | ... | |
1828 | 1832 |
return $dist; |
1829 | 1833 |
} |
1830 | 1834 |
|
1831 |
# |
|
1832 | 1835 |
sub accessElement { |
1833 | 1836 |
my $access = ""; |
1834 | 1837 |
|
1835 | 1838 |
$access .= "<access authSystem=\"knb\" order=\"denyFirst\">\n"; |
1836 |
$access .= "<allow>\n"; |
|
1837 |
$access .= "<principal>$username</principal>\n"; |
|
1838 |
$access .= "<permission>all</permission>\n"; |
|
1839 |
$access .= "</allow>\n"; |
|
1839 |
$access .= allowElement($username, 'all'); |
|
1840 | 1840 |
|
1841 |
if($moderators eq ''){ |
|
1842 |
if($FORM::username ne ''){ |
|
1843 |
$access .= "<allow>\n"; |
|
1844 |
$access .= "<principal>uid=$FORM::username,o=$FORM::organization,dc=ecoinformatics,dc=org</principal>\n"; |
|
1845 |
$access .= "<permission>all</permission>\n"; |
|
1846 |
$access .= "</allow>\n"; |
|
1841 |
if($moderators eq '') { |
|
1842 |
$access .= allowElement(getUsername(), 'all'); |
|
1847 | 1843 |
} else { |
1848 |
my $session = CGI::Session->load(); |
|
1849 |
if ( !$session->is_empty ) { |
|
1850 |
my $username = $session->param("username"); |
|
1851 |
$access .= "<allow>\n"; |
|
1852 |
$access .= "<principal>$username</principal>\n"; |
|
1853 |
$access .= "<permission>all</permission>\n"; |
|
1854 |
$access .= "</allow>\n"; |
|
1844 |
foreach(split(":", $moderators)) { |
|
1845 |
$access .= allowElement($_, 'all'); |
|
1855 | 1846 |
} |
1856 |
} |
|
1857 |
} else { |
|
1858 |
foreach(split(":",$moderators)) { |
|
1859 |
$access .= "<allow>\n"; |
|
1860 |
$access .= "<principal>".$_."</principal>\n"; |
|
1861 |
$access .= "<permission>all</permission>\n"; |
|
1862 |
$access .= "</allow>\n"; |
|
1863 |
} |
|
1864 | 1847 |
|
1865 |
if($FORM::username ne '') { |
|
1866 |
$access .= "<allow>\n"; |
|
1867 |
$access .= "<principal>uid=$FORM::username,o=$FORM::organization,dc=ecoinformatics,dc=org</principal>\n"; |
|
1868 |
$access .= "<permission>read</permission>\n"; |
|
1869 |
$access .= "<permission>write</permission>\n"; |
|
1870 |
$access .= "</allow>\n"; |
|
1871 |
} else { |
|
1872 |
my $session = CGI::Session->load(); |
|
1873 |
if ( !$session->is_empty ) { |
|
1874 |
my $username = $session->param("username"); |
|
1875 |
$access .= "<allow>\n"; |
|
1876 |
$access .= "<principal>$username</principal>\n"; |
|
1877 |
$access .= "<permission>read</permission>\n"; |
|
1878 |
$access .= "<permission>write</permission>\n"; |
|
1879 |
$access .= "</allow>\n"; |
|
1880 |
} |
|
1881 |
} |
|
1848 |
$access .= allowElement(getUsername(), 'read', 'write'); |
|
1882 | 1849 |
} |
1883 | 1850 |
|
1884 | 1851 |
if($publicReadable eq "true"){ |
1885 |
$access .= "<allow>\n"; |
|
1886 |
$access .= "<principal>public</principal>\n"; |
|
1887 |
$access .= "<permission>read</permission>\n"; |
|
1888 |
$access .= "</allow>\n"; |
|
1852 |
$access .= allowElement('public', 'read'); |
|
1889 | 1853 |
} |
1890 | 1854 |
$access .= "</access>\n"; |
1891 | 1855 |
return $access; |
1892 | 1856 |
} |
1893 | 1857 |
|
1858 |
sub allowElement { |
|
1859 |
my $principal = shift; |
|
1860 |
my @permissions = @_; |
|
1894 | 1861 |
|
1862 |
my $allowElem = "<allow>\n" . |
|
1863 |
" <principal>$principal</principal>"; |
|
1864 |
foreach my $perm (@permissions) { |
|
1865 |
$allowElem .= "<permission>$perm</permission>\n"; |
|
1866 |
} |
|
1867 |
$allowElem .= "</allow>\n"; |
|
1868 |
return $allowElem; |
|
1869 |
} |
|
1870 |
|
|
1871 |
sub getUsername() { |
|
1872 |
my $username = ''; |
|
1873 |
|
|
1874 |
if ($FORM::username ne '') { |
|
1875 |
$username = "uid=$FORM::username,o=$FORM::organization,dc=ecoinformatics,dc=org"; |
|
1876 |
} else { |
|
1877 |
my $session = CGI::Session->load(); |
|
1878 |
if ( !$session->is_empty ) { |
|
1879 |
$username = $session->param("username"); |
|
1880 |
} |
|
1881 |
} |
|
1882 |
|
|
1883 |
return $username; |
|
1884 |
} |
|
1885 |
|
|
1895 | 1886 |
sub readDocumentFromMetacat(){ |
1896 | 1887 |
|
1897 | 1888 |
my $docid = $FORM::docid; |
Also available in: Unified diff
refactored <access> and <allow> element creation. Added logic to give both owner and skin admin privilages to access uploaded data objects.