Project

General

Profile

Revision 2558

Added by sgarg almost 15 years ago

Added new methods to MetaCatUtil: isAdministrator and isModerator.

These methods are used to check if a given username is part of the admin and moderator list specified in metacat.properties

Modified DocumentImpl and MetaCatServlet to use these functions.

View differences:

src/edu/ucsb/nceas/metacat/MetaCatUtil.java
33 33
import java.util.Hashtable;
34 34
import java.util.Stack;
35 35
import java.util.Vector;
36
import java.util.regex.PatternSyntaxException;
36 37

  
37 38
import edu.ucsb.nceas.dbadapter.AbstractDatabase;
38 39
import edu.ucsb.nceas.utilities.Options;
......
50 51
    private static Options options = null;
51 52

  
52 53
    private static boolean debug = true;
54
    
55
    private static String[] administrators;
56
    
57
    private static String[] moderators;
53 58

  
54

  
55
    /**
56
     * Determine our db adapter class and create an instance of that class
57
     */
58 59
    static {
60
        // Determine our db adapter class and create an instance of that class
59 61
        try {
60 62
            dbAdapter = (AbstractDatabase) createObject(getOption("dbAdapter"));
61 63
        } catch (Exception e) {
62 64
            System.err.println("Error in MetaCatUtil static block:"
63 65
                    + e.getMessage());
64 66
        }
67

  
68
        // read administrator and moderator lists from metacat.properties
69
        getAdminInfo();
65 70
    }
66 71

  
67 72
    /**
......
778 783

  
779 784
    }// replaceWhiteSpaceForUR
780 785

  
786
    /** 
787
     * A method to read administrators and moderators list from the metacat.properties 
788
     **/
789
    public static void getAdminInfo(){
790
    	String adminList = MetaCatUtil.getOption("administrators");
791
        try {
792
            administrators = adminList.split(":");
793
        } catch (PatternSyntaxException pse) {
794
            administrators = null;
795
            MetaCatUtil.debugMessage("Error in MetacatServlet.init: "
796
                + pse.getMessage(), 20);
797
        }
798
        
799
    	String modList = MetaCatUtil.getOption("moderators");
800
        try {
801
            moderators = modList.split(":");
802
        } catch (PatternSyntaxException pse) {
803
            moderators = null;
804
            MetaCatUtil.debugMessage("Error in MetacatServlet.init: "
805
                + pse.getMessage(), 20);
806
        }
807
    }
808

  
809
    /** 
810
     * A method to check if the specified user is part of the administrators list 
811
     **/
812
    public static boolean isAdministrator(String username, String[] groups){
813
        // Check that the user is authenticated as an administrator account
814
    	for (int i = 0; i < administrators.length; i++) {
815
            // check the given admin dn is a group dn...
816
        	if(administrators[i].startsWith("cn=")){
817
        		// is a group dn
818
        		for (int j = 0; j < groups.length; j++) {
819
        			if (groups[j].equals(administrators[i])) {
820
                		return true;
821
                	}	
822
        		}   		
823
            } else { 
824
            	// is a user dn
825
            	if (username.equals(administrators[i])) {
826
            		return true;
827
            	}	
828
            }
829
        }
830
                
831
        return false;
832
    }
833
    
834
    /** 
835
     * A method to check if the specified user is part of the moderators list 
836
     **/
837
    public static boolean isModerator(String username, String[] groups){
838
        // Check that the user is authenticated as an administrator account
839
        for (int i = 0; i < moderators.length; i++) {
840
            // check the given admin dn is a group dn...
841
        	if(moderators[i].startsWith("cn=")){
842
            	// is a group dn
843
        		for (int j = 0; j < groups.length; j++) {
844
        			if (groups[j].equals(moderators[i])) {
845
                		return true;
846
                	}	
847
        		}   		
848
            } else { 
849
            	// is a user dn
850
            	if (username.equals(moderators[i])) {
851
            		return true;
852
            	}	
853
            }
854
        }
855
        
856
        return false;
857
    }
781 858
}
src/edu/ucsb/nceas/metacat/MetaCatServlet.java
133 133

  
134 134
    private String htmlpath = null;
135 135

  
136
    private String[] administrators = null;
137

  
138 136
    private PropertyResourceBundle options = null;
139 137

  
140 138
    private MetaCatUtil util = null;
......
201 199
            dataDirectory = new File(datafilepath);
202 200
            servletpath = MetaCatUtil.getOption("servletpath");
203 201
            htmlpath = MetaCatUtil.getOption("htmlpath");
204
            String adminList = MetaCatUtil.getOption("administrators");
205
            try {
206
                administrators = adminList.split(":");
207
            } catch (PatternSyntaxException pse) {
208
                administrators = null;
209
                MetaCatUtil.debugMessage("Error in MetacatServlet.init: "
210
                    + pse.getMessage(), 20);
211
            }
212 202

  
213 203
            // Index the paths specified in the metacat.properties
214 204
            checkIndexPaths();
......
645 635
                out.println(Version.getVersionAsXml());
646 636
                out.close();
647 637
            } else if (action.equals("getlog")) {
648
                handleGetLogAction(params, request, response, username);
638
                handleGetLogAction(params, request, response, username, groupnames);
649 639
            } else if (action.equals("buildindex")) {
650
                handleBuildIndexAction(params, request, response, username);
640
                handleBuildIndexAction(params, request, response, username, groupnames);
651 641
            } else if (action.equals("login") || action.equals("logout")) {
652 642
                /*
653 643
            } else if (action.equals("protocoltest")) {
......
2260 2250
     * @param response the http response object for writing output
2261 2251
     */
2262 2252
    private void handleGetLogAction(Hashtable params, HttpServletRequest request,
2263
            HttpServletResponse response, String username)
2253
            HttpServletResponse response, String username, String[] groups)
2264 2254
    {
2265 2255
        try {
2266 2256
            response.setContentType("text/xml");
2267 2257
            PrintWriter out = response.getWriter();
2268 2258

  
2269 2259
            // Check that the user is authenticated as an administrator account
2270
            boolean adminIsAuthenticated = false;
2271
            for (int i = 0; i < administrators.length; i++) {
2272
                if (username.equals(administrators[i])) {
2273
                        adminIsAuthenticated = true;
2274
                }
2275
            }
2276
            if (!adminIsAuthenticated) {
2260
            if (!MetaCatUtil.isAdministrator(username, groups)) {
2277 2261
                out.print("<error>");
2278 2262
                out.print("The user \"" + username +
2279 2263
                        "\" is not authorized for this action.");
......
2333 2317
     */
2334 2318
    private void handleBuildIndexAction(Hashtable params,
2335 2319
            HttpServletRequest request, HttpServletResponse response,
2336
            String username)
2320
            String username, String[] groups)
2337 2321
    {
2338 2322
        // Get all of the parameters in the correct formats
2339 2323
        String[] docid = (String[])params.get("docid");
......
2344 2328
            PrintWriter out = response.getWriter();
2345 2329

  
2346 2330
            // Check that the user is authenticated as an administrator account
2347
            boolean adminIsAuthenticated = false;
2348
            for (int i = 0; i < administrators.length; i++) {
2349
                if (username.equals(administrators[i])) {
2350
                        adminIsAuthenticated = true;
2351
                }
2352
            }
2353
            if (!adminIsAuthenticated) {
2331
            if (!MetaCatUtil.isAdministrator(username, groups)) {
2354 2332
                out.print("<error>");
2355 2333
                out.print("The user \"" + username +
2356 2334
                        "\" is not authorized for this action.");
src/edu/ucsb/nceas/metacat/DocumentImpl.java
2520 2520
            MetaCatUtil.debugMessage("Start deleting doc " + docid + "...", 20);
2521 2521
            // check for 'write' permission for 'user' to delete this document
2522 2522
            if (!hasAllPermission(user, groups, accnum)) {
2523
                boolean adminIsAuthenticated = false;
2524
                String[] administrators = null;
2525
                String adminList = MetaCatUtil.getOption("administrators");
2526
                try {
2527
                    administrators = adminList.split(":");
2528
                } catch (Exception pse) {
2529
                    administrators = null;
2530
                    MetaCatUtil.debugMessage("Error in DocumentImpl.delete: "
2531
                                             + pse.getMessage(), 20);
2532
                }
2533
                for (int i = 0; i < administrators.length; i++) {
2534
                    if (user.equals(administrators[i])) {
2535
                        adminIsAuthenticated = true;
2536
                    }
2537
                }
2538

  
2539
                if(!adminIsAuthenticated){
2523
                if(!MetaCatUtil.isAdministrator(user, groups)){
2540 2524
                    throw new Exception(
2541 2525
                        "User " + user
2542 2526
                        + " does not have permission to delete XML Document #"

Also available in: Unified diff