Project

General

Profile

« Previous | Next » 

Revision 3475

Added by walbridge about 17 years ago

refactored <access> and <allow> element creation. Added logic to give both owner and skin admin privilages to access uploaded data objects.

View differences:

register-dataset.cgi
42 42
use strict;
43 43

  
44 44
# Global configuration paramters
45
#my $cfgdir = "@install-dir@";
46 45
#my $cfgdir = "/usr/local/devtools/tomcat/webapps/knb/style/skins";
47 46
my $cfgdir = "@install-dir@@style-skins-relpath@";
48 47
my $tmpdir = "@temp-dir@";
......
1355 1354
sub addMetaElement() {
1356 1355
    my $entityObjects = shift;
1357 1356
    my %entityObjects = %$entityObjects;
1357
    my $userAccess = allowElement(getUsername(), 'all');
1358
    my $skinAccess = allowElement($username, 'all');
1359

  
1358 1360
    my $accessList = "";
1359 1361

  
1360 1362
    while ( my ($docid, $data) = each(%entityObjects) ) {
1361 1363
        my $accessStub = qq|<additionalMetadata>
1362 1364
            <describes>$data->{'distribid'}</describes>
1363 1365
                <access authSystem="knb" order="allowFirst">
1366
                    $skinAccess
1367
                    $userAccess 
1364 1368
                    <deny>
1365 1369
                        <principal>public</principal>
1366 1370
                        <permission>read</permission>
......
1828 1832
    return $dist;
1829 1833
}
1830 1834

  
1831
#
1832 1835
sub accessElement {
1833 1836
    my $access = "";
1834 1837

  
1835 1838
    $access .= "<access authSystem=\"knb\" order=\"denyFirst\">\n";
1836
    $access .= "<allow>\n";
1837
    $access .= "<principal>$username</principal>\n";
1838
    $access .= "<permission>all</permission>\n";
1839
    $access .= "</allow>\n";
1839
    $access .= allowElement($username, 'all');
1840 1840

  
1841
    if($moderators eq ''){
1842
    if($FORM::username ne ''){
1843
            $access .= "<allow>\n";
1844
            $access .= "<principal>uid=$FORM::username,o=$FORM::organization,dc=ecoinformatics,dc=org</principal>\n";
1845
            $access .= "<permission>all</permission>\n";
1846
            $access .= "</allow>\n";
1841
    if($moderators eq '') {
1842
        $access .= allowElement(getUsername(), 'all');
1847 1843
    } else {
1848
        my $session = CGI::Session->load();
1849
            if ( !$session->is_empty ) {
1850
                my $username = $session->param("username");
1851
                $access .= "<allow>\n";
1852
                $access .= "<principal>$username</principal>\n";
1853
                $access .= "<permission>all</permission>\n";
1854
                $access .= "</allow>\n";
1844
        foreach(split(":", $moderators)) {
1845
            $access .= allowElement($_, 'all');
1855 1846
        }
1856
    }
1857
    } else {
1858
        foreach(split(":",$moderators)) {
1859
            $access .= "<allow>\n";
1860
            $access .= "<principal>".$_."</principal>\n";
1861
            $access .= "<permission>all</permission>\n";
1862
            $access .= "</allow>\n";
1863
        }
1864 1847

  
1865
    if($FORM::username ne '') {
1866
                $access .= "<allow>\n";
1867
                $access .= "<principal>uid=$FORM::username,o=$FORM::organization,dc=ecoinformatics,dc=org</principal>\n";
1868
                $access .= "<permission>read</permission>\n";
1869
                $access .= "<permission>write</permission>\n";
1870
                $access .= "</allow>\n";
1871
        } else {
1872
                my $session = CGI::Session->load();
1873
                if ( !$session->is_empty ) {
1874
                        my $username = $session->param("username");
1875
                    $access .= "<allow>\n";
1876
                    $access .= "<principal>$username</principal>\n";
1877
                    $access .= "<permission>read</permission>\n";
1878
                    $access .= "<permission>write</permission>\n";
1879
                    $access .= "</allow>\n";
1880
                }
1881
        }
1848
        $access .= allowElement(getUsername(), 'read', 'write'); 
1882 1849
    }
1883 1850

  
1884 1851
    if($publicReadable eq "true"){
1885
        $access .= "<allow>\n";
1886
        $access .= "<principal>public</principal>\n";
1887
        $access .= "<permission>read</permission>\n";
1888
        $access .= "</allow>\n";
1852
        $access .= allowElement('public', 'read');
1889 1853
    }
1890 1854
    $access .= "</access>\n";
1891 1855
    return $access;
1892 1856
}
1893 1857

  
1858
sub allowElement {
1859
    my $principal = shift;
1860
    my @permissions = @_;
1894 1861

  
1862
    my $allowElem = "<allow>\n" .
1863
                 "  <principal>$principal</principal>";
1864
    foreach my $perm (@permissions) {
1865
        $allowElem .= "<permission>$perm</permission>\n";
1866
    }
1867
    $allowElem .= "</allow>\n";
1868
    return $allowElem;
1869
}
1870

  
1871
sub getUsername() {
1872
    my $username = '';
1873
     
1874
    if ($FORM::username ne '') {
1875
        $username = "uid=$FORM::username,o=$FORM::organization,dc=ecoinformatics,dc=org";
1876
    } else {
1877
        my $session = CGI::Session->load();
1878
        if ( !$session->is_empty ) {
1879
            $username = $session->param("username");
1880
        }
1881
    }
1882
  
1883
    return $username;
1884
}
1885

  
1895 1886
sub readDocumentFromMetacat(){
1896 1887

  
1897 1888
    my $docid = $FORM::docid;

Also available in: Unified diff