/**
* Check to see if the current user is a System Admin. Always return <code>true</code> if
* c.ignoreAuthorization is set. Anonymous users can't be Admins (EPerson set to NULL)
*
* @param c current context
* @return <code>true</code> if user is an admin or ignore authorization flag set
*/
public static boolean isAdmin(Context c) throws SQLException {
// if we're ignoring authorization, user is member of admin
if (c.ignoreAuthorization()) {
return true;
}
EPerson e = c.getCurrentUser();
if (e == null) {
return false; // anonymous users can't be admins....
} else {
return Group.isMember(c, 1);
}
}
/**
* Check to see if the current user is an Administrator of a given object within DSpace. Always
* return <code>true</code> if the user is a System Admin
*
* @param c current context
* @param o current DSpace Object, if <code>null</code> the call will be equivalent to a call to
* the <code>isAdmin(Context c)</code> method
* @return <code>true</code> if user has administrative privileges on the given DSpace object
*/
public static boolean isAdmin(Context c, DSpaceObject o) throws SQLException {
// return true if user is an Administrator
if (isAdmin(c)) {
return true;
}
if (o == null) {
return false;
}
// is eperson set? if not, userid = 0 (anonymous)
int userid = 0;
EPerson e = c.getCurrentUser();
if (e != null) {
userid = e.getID();
}
//
// First, check all Resource Policies directly on this object
//
List<ResourcePolicy> policies = getPoliciesActionFilter(c, o, Constants.ADMIN);
for (ResourcePolicy rp : policies) {
// check policies for date validity
if (rp.isDateValid()) {
if ((rp.getEPersonID() != -1) && (rp.getEPersonID() == userid)) {
return true; // match
}
if ((rp.getGroupID() != -1) && (Group.isMember(c, rp.getGroupID()))) {
// group was set, and eperson is a member
// of that group
return true;
}
}
}
// If user doesn't have specific Admin permissions on this object,
// check the *parent* objects of this object. This allows Admin
// permissions to be inherited automatically (e.g. Admin on Community
// is also an Admin of all Collections/Items in that Community)
DSpaceObject parent = o.getParentObject();
if (parent != null) {
return isAdmin(c, parent);
}
return false;
}
/**
* Check to see if the given user can perform the given action on the given object. Always returns
* true if the ignore authorization flat is set in the current context.
*
* @param c current context. User is irrelevant; "ignore authorization" flag is relevant
* @param o object action is being attempted on
* @param action ID of action being attempted, from <code>org.dspace.core.Constants</code>
* @param e user attempting action
* @param useInheritance flag to say if ADMIN action on the current object or parent object can be
* used
* @return <code>true</code> if user is authorized to perform the given action, <code>false</code>
* otherwise
* @throws SQLException
*/
private static boolean authorize(
Context c, DSpaceObject o, int action, EPerson e, boolean useInheritance)
throws SQLException {
// return FALSE if there is no DSpaceObject
if (o == null) {
return false;
}
// is authorization disabled for this context?
if (c.ignoreAuthorization()) {
return true;
}
// is eperson set? if not, userid = 0 (anonymous)
int userid = 0;
if (e != null) {
userid = e.getID();
// perform isAdmin check to see
// if user is an Admin on this object
DSpaceObject testObject = useInheritance ? o.getAdminObject(action) : null;
if (isAdmin(c, testObject)) {
return true;
}
}
for (ResourcePolicy rp : getPoliciesActionFilter(c, o, action)) {
// check policies for date validity
if (rp.isDateValid()) {
if ((rp.getEPersonID() != -1) && (rp.getEPersonID() == userid)) {
return true; // match
}
if ((rp.getGroupID() != -1) && (Group.isMember(c, rp.getGroupID()))) {
// group was set, and eperson is a member
// of that group
return true;
}
}
}
// default authorization is denial
return false;
}
