Project

General

Profile

« Previous | Next » 

Revision 4553

Added by walbridge about 16 years ago

Editing documents should check for ACL elements under //access now instead of //dataset/access

View differences:

src/perl/register-dataset.cgi
2474 2474 
    dontOccur($doc, "./project", "project");
2475 2475
2476 2476 
    ############ Code for checking ACL #####################
2477 
    dontOccur($doc, "//dataset/access/deny", "dataset/access/deny");
2477 
    dontOccur($doc, "//access/deny", "access/deny");
2478 2478 

  		




  2479
  
  
    
    $results = $doc->findnodes('//dataset/access/allow');


  		




  
  2479
  
    
    $results = $doc->findnodes('//access/allow');


  		




  2480
  2480
  
    
    my $accessError = 0;


  		




  2481
  
  
    
        foreach $node ($results->get_nodelist) {


  		




  2482
  
  
    
            my @children = $node->childNodes;


  		




  2483
  
  
    
	    my $principal = "";


  		




  2484
  
  
    
	    my $permission = "";


  		




  2485
  
  
    
            for (my $i = 0; $i < scalar(@children); $i++) {


  		




  2486
  
  
    
                my $child = $children[$i];


  		




  2487
  
  
    
                if ($child->nodeName eq 'principal') {


  		




  2488
  
  
    
                    $principal = $child->textContent();


  		




  2489
  
  
    
                } elsif ($child->nodeName eq 'permission') {


  		




  2490
  
  
    
                    $permission = $child->textContent();


  		




  2491
  
  
    
                }


  		




  
  2481
  
    
    foreach $node ($results->get_nodelist) {


  		




  
  2482
  
    
        my @children = $node->childNodes;


  		




  
  2483
  
    
        my $principal = "";


  		




  
  2484
  
    
        my $permission = "";


  		




  
  2485
  
    
        for (my $i = 0; $i < scalar(@children); $i++) {


  		




  
  2486
  
    
            my $child = $children[$i];


  		




  
  2487
  
    
            if ($child->nodeName eq 'principal') {


  		




  
  2488
  
    
                $principal = $child->textContent();


  		




  
  2489
  
    
            } elsif ($child->nodeName eq 'permission') {


  		




  
  2490
  
    
                $permission = $child->textContent();


  		




  2492
  2491
  
    
            }


  		




  2493
  
  
    
	


  		




  2494
  
  
    
	    if ($principal eq 'public' && $permission ne 'read') { $accessError = 1; }


  		




  2495
  
  
    
	    if ($principal eq $username && $permission ne 'all') { $accessError = 2; }


  		




  2496
  
  
    
	    if ($principal ne 'public' && $principal ne $username && $principal ne $moderators && $permission ne 'all') { $accessError = 3; }


  		




  2497
  
  
    
            if ($accessError == 3){


  		




  2498
  
  
    
                my $session = CGI::Session->load();


  		




  2499
  
  
    
                if ( !$session->is_empty ) {


  		




  2500
  
  
    
                        my $username = $session->param("username");


  		




  2501
  
  
    
                        my $password = $session->param("password");


  		




  2502
  
  
    
                        if($principal eq $username){


  		




  2503
  
  
    
                                $accessError = 0;


  		




  2504
  
  
    
                        }


  		




  
  2492
  
    
        }


  		




  
  2493
  
    

  		




  
  2494
  
    
        if ($principal eq 'public' && $permission ne 'read') { $accessError = 1; }


  		




  
  2495
  
    
        if ($principal eq $username && $permission ne 'all') { $accessError = 2; }


  		




  
  2496
  
    
        if ($principal ne 'public' && $principal ne $username && $principal ne $moderators && $permission ne 'all') { $accessError = 3; }


  		




  
  2497
  
    
        if ($accessError == 3){


  		




  
  2498
  
    
            my $session = CGI::Session->load();


  		




  
  2499
  
    
            if ( !$session->is_empty ) {


  		




  
  2500
  
    
                my $username = $session->param("username");


  		




  
  2501
  
    
                my $password = $session->param("password");


  		




  
  2502
  
    
                if($principal eq $username){


  		




  
  2503
  
    
                    $accessError = 0;


  		




  2505
  2504
  
    
                }


  		




  2506
  2505
  
    
            }


  		




  2507
  
  
    
	}


  		




  2508
  
  
    
 


  		




  2509
  
  
    
	if ($accessError != 0) {


  		




  2510
  
  
    
	    my $error ="The ACL for this document has been changed outside the registry. Please use Morpho to edit this document";


  		




  2511
  
  
    
            push(@errorMessages, $error."\n");


  		




  2512
  
  
    
	}     


  		




  2513
  
  
    
   


  		




  
  2506
  
    
        }


  		




  
  2507
  
    
    }


  		




  
  2508
  
    

  		




  
  2509
  
    
    if ($accessError != 0) {


  		




  
  2510
  
    
        my $error ="The ACL for this document has been changed outside the registry. Please use Morpho to edit this document";


  		




  
  2511
  
    
        push(@errorMessages, $error."\n");


  		




  
  2512
  
    
    }


  		




  
  2513
  
    

  		




  2514
  2514
  
    
    ########################################################


  		




  2515
  2515
  
    

  		




  2516
  2516
  
    

  		




  ......




  2896
  2896
  
    
    if($isMod < 0){


  		




  2897
  2897
  
    
    	return;


  		




  2898
  2898
  
    
    }


  		




  2899
  
  
    
    # change the access rules	


  		




  
  2899
  
    
    # change the access rules


  		




  2900
  2900
  
    
    ## create the access block


  		




  2901
  2901
  
    
    my $accessblock = '';


  		




  2902
  2902
  
    
    $accessblock .= "<access authSystem=\"knb\" order=\"denyFirst\">\n";


  		




  ......




  2906
  2906
  
    
    $accessblock .= "</allow>\n";


  		




  2907
  2907
  
    

  		




  2908
  2908
  
    
    foreach(split(":",$moderators)){


  		




  2909
  
  
    
   	$accessblock .= "<allow>\n";


  		




  2910
  
  
    
   	$accessblock .= "<principal>".$_."</principal>\n";


  		




  2911
  
  
    
   	$accessblock .= "<permission>all</permission>\n";


  		




  2912
  
  
    
   	$accessblock .= "</allow>\n";


  		




  
  2909
  
    
        $accessblock .= "<allow>\n";


  		




  
  2910
  
    
        $accessblock .= "<principal>".$_."</principal>\n";


  		




  
  2911
  
    
        $accessblock .= "<permission>all</permission>\n";


  		




  
  2912
  
    
        $accessblock .= "</allow>\n";


  		




  2913
  2913
  
    
    }


  		




  2914
  
  
    
	


  		




  
  2914
  
    

  		




  2915
  2915
  
    
    $accessblock .= "<allow>\n";


  		




  2916
  2916
  
    
    $accessblock .= "<principal>public</principal>\n";


  		




  2917
  2917
  
    
    $accessblock .= "<permission>read</permission>\n";


  		












Also available in:  Unified diff