Esempio n. 1
0
  /**
   * Authorizes user access to a subject resource.
   *
   * @param context the assertion operation context
   * @throws CatalogIndexException indicates an I/O error with the resource index
   * @throws AsnInsufficientPrivilegeException if the user has insufficient privilege
   */
  private void authorizeResourceAccess(AsnContext context)
      throws CatalogIndexException, AsnInsufficientPrivilegeException {

    String resourceId = context.getOperation().getSystemPart().getResourceId();
    if ((resourceId == null) || (resourceId.length() == 0)) {
      return;
    }

    // ensure acl access
    RequestContext rContext = context.getRequestContext();
    AuthenticationStatus auth = rContext.getUser().getAuthenticationStatus();
    boolean bAdmin = auth.getAuthenticatedRoles().hasRole("gptAdministrator");
    if (!bAdmin) {
      MetadataAcl acl = new MetadataAcl(rContext);
      if (!acl.isPolicyUnrestricted()) {
        LuceneIndexAdapter adapter = new LuceneIndexAdapter(rContext);
        String[] resourceAcls = adapter.queryAcls(resourceId);
        if ((resourceAcls != null) && (resourceAcls.length > 0)) {

          String[] userAcls = acl.makeUserAcl();
          if ((userAcls != null) && (userAcls.length > 0)) {
            for (String resourcePrincipal : resourceAcls) {
              for (String userPrincipal : userAcls) {
                if (resourcePrincipal.equalsIgnoreCase(userPrincipal)) {
                  return;
                }
              }
            }
          }
          throw new AsnInsufficientPrivilegeException();
        }
      }
    }

    // ensure the existence of a local resource id
    if (!context.getOperation().getAuthPolicy().getAllowNonLocalResourceIds()) {
      LuceneIndexAdapter adapter = new LuceneIndexAdapter(rContext);
      Timestamp ts = adapter.queryModifiedDate(resourceId);
      if (ts == null) {
        throw new CatalogIndexException("Invalid resource id: " + resourceId);
      }
    }
  }
Esempio n. 2
0
  /**
   * Reads record data.
   *
   * @param rs result set to read from
   * @param record record to write to
   * @throws SQLException if accessing database fails
   * @throws ParserConfigurationException if unable to reach parser configuration
   * @throws IOException if unable to perform IO operation
   * @throws SAXException if unable to parse XML data
   */
  private void readRecord(ResultSet rs, MmdRecord record)
      throws SQLException, ParserConfigurationException, IOException, SAXException {
    int n = 1;

    // set the title and uuid
    record.setTitle(rs.getString(n++));
    record.setUuid(rs.getString(n++));
    record.setSiteUuid(rs.getString(n++));
    if (getActionCriteria().getSelectedRecordIdSet().contains(record.getUuid())) {
      record.setIsSelected(true);
    }

    // set the owner, approval status and publication method
    record.setOwnerName(rs.getString(n++));
    record.setApprovalStatus(rs.getString(n++));
    record.setPublicationMethod(rs.getString(n++));

    // set the update date,
    Timestamp ts = rs.getTimestamp(n++);
    if (ts != null) {
      record.setSystemUpdateDate(ts);
      record.setFormattedUpdateDate(DateProxy.formatDate(ts));
    }

    // set the ACL
    String aclXml = rs.getString(n++);
    if (aclXml != null && aclXml.trim().length() > 0) {
      record.setMetadataAccessPolicyType("Restricted");
      MetadataAcl acl = new MetadataAcl(getRequestContext());
      record.setCurrentMetadataAccessPolicy(acl.makeGroupsfromXml(allGroups, aclXml));
      record.setCurrentMetadataAccessPolicyKeys(acl.makeGroupsKeysfromXml(allGroups, aclXml));
    } else {
      record.setMetadataAccessPolicyType("Unrestricted");
      record.setCurrentMetadataAccessPolicy("Unrestricted");
      record.setCurrentMetadataAccessPolicyKeys("Unrestricted");
    }

    // set harvesting specific data
    record.setLocalId(rs.getInt(n++));
    record.setHostUrl(rs.getString(n++));
    String frequency = Val.chkStr(rs.getString(n++));
    if (frequency.length() > 0)
      record.setHarvestFrequency(HarvestFrequency.checkValueOf(frequency));
    record.setSendNotification(Val.chkBool(rs.getString(n++), false));
    String protocol = Val.chkStr(rs.getString(n++));
    if (protocol.length() > 0)
      record.setProtocol(
          getApplicationConfiguration().getProtocolFactories().parseProtocol(protocol));

    // set the editable status
    boolean isEditor =
        record.getPublicationMethod().equalsIgnoreCase(PublicationMethod.editor.name());
    boolean isSEditor =
        record.getPublicationMethod().equalsIgnoreCase(PublicationMethod.seditor.name());
    boolean isProtocol = record.getProtocol() != null;
    boolean isOwner = hmEditablePublishers.containsKey(record.getOwnerName().toLowerCase());
    record.setCanEdit(
        (isEditor || isSEditor || isProtocol) && (isOwner || (isProtocol && isGptAdministrator)));

    // TODO remove as this is a temporary fix
    boolean isOther =
        record.getPublicationMethod().equalsIgnoreCase(PublicationMethod.other.name());
    if (isOther && isProtocol) {
      record.setPublicationMethod(PublicationMethod.registration.name());
    }

    record.setFindable(Val.chkBool(rs.getString(n++), false));
    record.setSearchable(Val.chkBool(rs.getString(n++), false));
    record.setSynchronizable(Val.chkBool(rs.getString(n++), false));
  }