Project

General

Profile

« Previous | Next » 

Revision 4553

Added by walbridge about 16 years ago

Editing documents should check for ACL elements under //access now instead of //dataset/access

View differences:

register-dataset.cgi
2474 2474
    dontOccur($doc, "./project", "project");
2475 2475
    
2476 2476
    ############ Code for checking ACL #####################
2477
    dontOccur($doc, "//dataset/access/deny", "dataset/access/deny");
2477
    dontOccur($doc, "//access/deny", "access/deny");
2478 2478

  
2479
    $results = $doc->findnodes('//dataset/access/allow');
2479
    $results = $doc->findnodes('//access/allow');
2480 2480
    my $accessError = 0;
2481
        foreach $node ($results->get_nodelist) {
2482
            my @children = $node->childNodes;
2483
	    my $principal = "";
2484
	    my $permission = "";
2485
            for (my $i = 0; $i < scalar(@children); $i++) {
2486
                my $child = $children[$i];
2487
                if ($child->nodeName eq 'principal') {
2488
                    $principal = $child->textContent();
2489
                } elsif ($child->nodeName eq 'permission') {
2490
                    $permission = $child->textContent();
2491
                }
2481
    foreach $node ($results->get_nodelist) {
2482
        my @children = $node->childNodes;
2483
        my $principal = "";
2484
        my $permission = "";
2485
        for (my $i = 0; $i < scalar(@children); $i++) {
2486
            my $child = $children[$i];
2487
            if ($child->nodeName eq 'principal') {
2488
                $principal = $child->textContent();
2489
            } elsif ($child->nodeName eq 'permission') {
2490
                $permission = $child->textContent();
2492 2491
            }
2493
	
2494
	    if ($principal eq 'public' && $permission ne 'read') { $accessError = 1; }
2495
	    if ($principal eq $username && $permission ne 'all') { $accessError = 2; }
2496
	    if ($principal ne 'public' && $principal ne $username && $principal ne $moderators && $permission ne 'all') { $accessError = 3; }
2497
            if ($accessError == 3){
2498
                my $session = CGI::Session->load();
2499
                if ( !$session->is_empty ) {
2500
                        my $username = $session->param("username");
2501
                        my $password = $session->param("password");
2502
                        if($principal eq $username){
2503
                                $accessError = 0;
2504
                        }
2492
        }
2493

  
2494
        if ($principal eq 'public' && $permission ne 'read') { $accessError = 1; }
2495
        if ($principal eq $username && $permission ne 'all') { $accessError = 2; }
2496
        if ($principal ne 'public' && $principal ne $username && $principal ne $moderators && $permission ne 'all') { $accessError = 3; }
2497
        if ($accessError == 3){
2498
            my $session = CGI::Session->load();
2499
            if ( !$session->is_empty ) {
2500
                my $username = $session->param("username");
2501
                my $password = $session->param("password");
2502
                if($principal eq $username){
2503
                    $accessError = 0;
2505 2504
                }
2506 2505
            }
2507
	}
2508
 
2509
	if ($accessError != 0) {
2510
	    my $error ="The ACL for this document has been changed outside the registry. Please use Morpho to edit this document";
2511
            push(@errorMessages, $error."\n");
2512
	}     
2513
   
2506
        }
2507
    }
2508

  
2509
    if ($accessError != 0) {
2510
        my $error ="The ACL for this document has been changed outside the registry. Please use Morpho to edit this document";
2511
        push(@errorMessages, $error."\n");
2512
    }
2513

  
2514 2514
    ########################################################
2515 2515

  
2516 2516

  
......
2896 2896
    if($isMod < 0){
2897 2897
    	return;
2898 2898
    }
2899
    # change the access rules	
2899
    # change the access rules
2900 2900
    ## create the access block
2901 2901
    my $accessblock = '';
2902 2902
    $accessblock .= "<access authSystem=\"knb\" order=\"denyFirst\">\n";
......
2906 2906
    $accessblock .= "</allow>\n";
2907 2907

  
2908 2908
    foreach(split(":",$moderators)){
2909
   	$accessblock .= "<allow>\n";
2910
   	$accessblock .= "<principal>".$_."</principal>\n";
2911
   	$accessblock .= "<permission>all</permission>\n";
2912
   	$accessblock .= "</allow>\n";
2909
        $accessblock .= "<allow>\n";
2910
        $accessblock .= "<principal>".$_."</principal>\n";
2911
        $accessblock .= "<permission>all</permission>\n";
2912
        $accessblock .= "</allow>\n";
2913 2913
    }
2914
	
2914

  
2915 2915
    $accessblock .= "<allow>\n";
2916 2916
    $accessblock .= "<principal>public</principal>\n";
2917 2917
    $accessblock .= "<permission>read</permission>\n";

Also available in: Unified diff