private boolean isUserAuthorizedForNonRolePage( PageDef pageDef, HttpServletRequest request, LoginBean loginBean, UserGroup ipUserGroup) { VDCUser user = null; if (loginBean != null) { user = loginBean.getUser(); } if (user != null && user.getNetworkRole() != null && user.getNetworkRole().getName().equals(NetworkRoleServiceLocal.ADMIN)) { // If you are network admin, you can do anything! return true; } VDC currentVDC = vdcService.getVDCFromRequest(request); if (currentVDC != null && !isTermsOfUsePage(pageDef) && isVdcRestricted(pageDef, request)) { if (currentVDC.isVDCRestrictedForUser(user, ipUserGroup)) { return false; } } else if (pageDef != null && (pageDef.getName().equals(PageDefServiceLocal.DV_OPTIONS_PAGE) || pageDef.getName().equals(PageDefServiceLocal.ACCOUNT_OPTIONS_PAGE) || pageDef.getName().equals(PageDefServiceLocal.ACCOUNT_PAGE) || pageDef.getName().equals(PageDefServiceLocal.MANAGE_STUDIES_PAGE))) { // For these pages, the only requirement is // to be logged in. if (user == null) { return false; } String userParam = request.getParameter("userId"); if (userParam != null && !userParam.equals(user.getId().toString())) { // To view other users, logged in user must be an admin or curator if (!(user.isAdmin(currentVDC) || user.isCurator(currentVDC))) { return false; } } } else if (isViewStudyPage(pageDef)) { Study study = null; StudyVersion studyVersion = null; String studyId = VDCBaseBean.getParamFromRequestOrComponent("studyId", request); String versionNumber = VDCBaseBean.getParamFromRequestOrComponent("versionNumber", request); if (studyId != null) { study = studyService.getStudy(Long.parseLong(studyId)); if (versionNumber != null) { studyVersion = studyService.getStudyVersion(Long.parseLong(studyId), new Long(versionNumber)); } } else { study = studyService.getStudyByGlobalId( VDCBaseBean.getParamFromRequestOrComponent("globalId", request)); } if (study.isStudyRestrictedForUser(user, ipUserGroup)) { return false; } if (studyVersion != null) { // If study has been deaccessioned, // only show the page if the user is authorized to edit if (study.isDeaccessioned() && (user == null || !study.isUserAuthorizedToEdit(user))) { return false; } // If this is a draft version, only show the version if the user is authorized to edit if (studyVersion.isWorkingCopy() && (user == null || !study.isUserAuthorizedToEdit(user))) { return false; } } } else if (isVersionDiffPage(pageDef)) { Study study = null; StudyVersion studyVersion1 = null; StudyVersion studyVersion2 = null; String studyId = VDCBaseBean.getParamFromRequestOrComponent("studyId", request); Long[] versionList = VDCRequestBean.parseVersionNumberList(request); studyVersion1 = studyService.getStudyVersion(Long.parseLong(studyId), versionList[0]); studyVersion2 = studyService.getStudyVersion(Long.parseLong(studyId), versionList[1]); if (studyId != null) { study = studyService.getStudy(Long.parseLong(studyId)); } else { study = studyService.getStudyByGlobalId( VDCBaseBean.getParamFromRequestOrComponent("globalId", request)); } if (study.isStudyRestrictedForUser(user, ipUserGroup)) { return false; } // If study has been deaccessioned, // only show the page if the user is authorized to edit if (study.isDeaccessioned() && (user == null || !study.isUserAuthorizedToEdit(user))) { return false; } // If this is a draft version, only show the version if the user is authorized to edit if ((studyVersion1.isWorkingCopy() || studyVersion2.isWorkingCopy()) && (user == null || !study.isUserAuthorizedToEdit(user))) { return false; } if ("confirmRelease".equals(request.getParameter("actionMode")) && !study.isUserAuthorizedToRelease(user)) { return false; } } else if (isSubsettingPage(pageDef)) { String dtId = VDCBaseBean.getParamFromRequestOrComponent("dtId", request); DataTable dataTable = variableService.getDataTable(Long.parseLong(dtId)); Study study = dataTable.getStudyFile().getStudy(); if (study.isStudyRestrictedForUser(user, ipUserGroup)) { return false; } } else if (isExploreDataPage(pageDef)) { String fileId = VDCBaseBean.getParamFromRequestOrComponent("fileId", request); StudyFile sf = studyFileService.getStudyFile(Long.parseLong(fileId)); if (sf.isFileRestrictedForUser(user, currentVDC, ipUserGroup)) { return false; } } else if (isEditAccountPage(pageDef)) { String userId = VDCBaseBean.getParamFromRequestOrComponent("userId", request); if (user == null || user.getId() != Long.parseLong(userId)) { return false; } } else if (isManifestPage(pageDef)) { LockssConfig chkLockssConfig = getLockssConfig(currentVDC); if (chkLockssConfig == null) { return false; } else if (chkLockssConfig.getserverAccess().equals(ServerAccess.GROUP)) { VDCRole userRole = null; String userVDCRoleName = null; if (user != null && currentVDC != null) { userRole = loginBean.getVDCRole(currentVDC); } if (user != null && userRole != null && user.isAdmin(currentVDC)) { return true; } if (user != null && user.getNetworkRole() != null && user.getNetworkRole().getName().equals(NetworkRoleServiceLocal.ADMIN)) { // If you are network admin, you can do anything! return true; } if (!lockssAuth.isAuthorizedLockssServer(currentVDC, request)) { return false; } } } return true; }
public String send_action() { String msg = SUCCESS_MESSAGE; boolean success = true; try { String fromAddress = "\"" + fullName + "\"<" + emailAddress.trim() + ">"; // We want to supply as much information as possible about the // user, the nature of the request, etc. We package these fields // into custom X-DVN-INFO-... mail headers. HashMap extraHeaders = new HashMap(); String userName = "******"; String institution = "unknown"; String dvOwner = "false"; String dvnNetAddress = "unknown"; String groupName = ""; // If this is a logged-in user, we'll determine their username // and, possibly, some extra information, such as affiliation // and their curator status: if (getVDCSessionBean().getLoginBean() != null) { VDCUser vdcUser = getVDCSessionBean().getLoginBean().getUser(); if (vdcUser != null && !(vdcUser.getUserName() == null || vdcUser.getUserName().equals(""))) { userName = vdcUser.getUserName(); } if (vdcUser != null) { if (vdcUser.getInstitution() != null && !vdcUser.getInstitution().equals("")) { institution = vdcUser.getInstitution(); } // Check if "dv owner"; // Note that for these purposes (extra information for more // meaningful support request statistics) "dvnowner" means a // user who has an admin role anywhere on the DVN; i.e., has // either created a DVN, or been assigned the admin role there. if (vdcUser.isAdmin()) { dvOwner = "true"; } } } // If there was no login session and no user information is // available, it is possible that they are recognized as a // member of a privileged network group: if ("anonymous".equals(userName)) { if (getVDCSessionBean().getIpUserGroup() != null) { userName = "******"; groupName = getVDCSessionBean().getIpUserGroup().getFriendlyName(); } } // finally, we'll try to determine the Net address of this DVN. // first we'll check our "dvn.inetAddress" option - it may be // preferrable to the real host name/address, in situations // like our production setup - where the physical servers are hidden // behind the publicly advertised "front", the address of the load // balancer. The latter being more valuable than the former: String netAddress = System.getProperty("dvn.inetAddress"); if (netAddress != null && !(netAddress.equals("") || netAddress.equals("localhost"))) { dvnNetAddress = netAddress; } else { // if dvn.inetAddress isn't set, we'll check the host name // property supplied by the AS: netAddress = System.getProperty(SystemPropertyConstants.HOST_NAME_PROPERTY); if (netAddress != null && !(netAddress.equals("") || netAddress.equals("localhost"))) { dvnNetAddress = netAddress; } } // Now we can populate the headers. // Note that we have fall-back placeholders for the values that // are not set or cannot be determined - "anonymous", "unknown", etc. extraHeaders.put("X-DVN-INFO-USERNAME", userName); extraHeaders.put("X-DVN-INFO-INSTITUTION", institution); extraHeaders.put("X-DVN-INFO-DVOWNER", dvOwner); extraHeaders.put("X-DVN-INFO-DVNNETADDRESS", dvnNetAddress); if (!("".equals(groupName))) { extraHeaders.put("X-DVN-INFO-GROUPNAME", groupName); } mailService.sendMail( fromAddress, getToEmailAddress(), (getVDCRequestBean().getCurrentVDCId() == null) ? getVDCRequestBean().getVdcNetwork().getName() + " Dataverse Network: " + selectedSubject.trim() : getVDCRequestBean().getCurrentVDC().getName() + " dataverse: " + selectedSubject.trim(), emailBody.trim(), extraHeaders); getVDCRenderBean().getFlash().put("successMessage", SUCCESS_MESSAGE); getVDCRenderBean().getFlash().put("fullName", fullName); getVDCRenderBean().getFlash().put("emailAddress", emailAddress); getVDCRenderBean().getFlash().put("selectedSubject", selectedSubject); getVDCRenderBean().getFlash().put("emailBody", emailBody); return "/ContactUsConfirmPage.xhtml?faces-redirect=true" + getContextSuffix(); } catch (Exception e) { getVDCRenderBean().getFlash().put("warningMessage", EMAIL_ERROR_MESSAGE); return ""; } }