// returns recently changed items, checking for accessibility
private Item[] getItems(Context context, DSpaceObject dso) throws IOException, SQLException {
try {
// new method of doing the browse:
String idx = ConfigurationManager.getProperty("recent.submissions.sort-option");
if (idx == null) {
throw new IOException(
"There is no configuration supplied for: recent.submissions.sort-option");
}
BrowseIndex bix = BrowseIndex.getItemBrowseIndex();
if (bix == null) {
throw new IOException("There is no browse index with the name: " + idx);
}
BrowserScope scope = new BrowserScope(context);
scope.setBrowseIndex(bix);
if (dso != null) {
scope.setBrowseContainer(dso);
}
for (SortOption so : SortOption.getSortOptions()) {
if (so.getName().equals(idx)) {
scope.setSortBy(so.getNumber());
}
}
scope.setOrder(SortOption.DESCENDING);
scope.setResultsPerPage(itemCount);
// gather & add items to the feed.
BrowseEngine be = new BrowseEngine(context);
BrowseInfo bi = be.browseMini(scope);
Item[] results = bi.getItemResults(context);
if (includeAll) {
return results;
} else {
// Check to see if we can include this item
// Group[] authorizedGroups = AuthorizeManager.getAuthorizedGroups(context, results[i],
// Constants.READ);
// boolean added = false;
List<Item> items = new ArrayList<Item>();
for (Item result : results) {
checkAccess:
for (Group group :
AuthorizeManager.getAuthorizedGroups(context, result, Constants.READ)) {
if ((group.getID() == Group.ANONYMOUS_ID)) {
items.add(result);
break checkAccess;
}
}
}
return items.toArray(new Item[items.size()]);
}
} catch (SortException se) {
log.error("caught exception: ", se);
throw new IOException(se.getMessage(), se);
} catch (BrowseException e) {
log.error("caught exception: ", e);
throw new IOException(e.getMessage(), e);
}
}
@RequestMapping(method = RequestMethod.GET)
protected String processGet(
@RequestAttribute Context context,
ModelMap model,
HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException, SQLException, AuthorizeException {
Group group = null;
group = checkGroup(context, request);
if (group != null) {
// unknown action, show edit page
model.addAttribute("group", group);
model.addAttribute("members", group.getMembers());
model.addAttribute("membergroups", group.getMemberGroups());
String utilsGrpName = Utils.addEntities(group.getName());
model.addAttribute("utilsGrpName", utilsGrpName);
return "pages/admin/group-edit";
} else {
return showMainPage(context, model, request, response);
}
} // end processGet
/**
* Change the default read privileges to the anonymous group.
*
* <p>If getCollectionDefaultRead() returns -1 or the anonymous group then nothing is done.
*
* @param context The current DSpace context.
* @param collectionID The collection id.
* @return A process result's object.
*/
public static FlowResult changeCollectionDefaultReadToAnonymous(Context context, int collectionID)
throws SQLException, AuthorizeException, UIException {
FlowResult result = new FlowResult();
int roleID = getCollectionDefaultRead(context, collectionID);
if (roleID < 1) {
throw new UIException(
"Unable to delete the default read role because the role is either already assigned to the anonymous group or multiple groups are assigned the default privileges.");
}
Collection collection = Collection.find(context, collectionID);
Group role = Group.find(context, roleID);
Group anonymous = Group.find(context, 0);
// Delete the old role, this will remove the default privileges.
role.delete();
// Set anonymous as the default read group.
AuthorizeManager.addPolicy(context, collection, Constants.DEFAULT_ITEM_READ, anonymous);
AuthorizeManager.addPolicy(context, collection, Constants.DEFAULT_BITSTREAM_READ, anonymous);
// Commit the changes
context.commit();
result.setContinue(true);
result.setOutcome(true);
result.setMessage(
new Message(
"default",
"All new items submitted to this collection will default to anonymous read."));
return result;
}
/**
* Delete one of a community's roles
*
* @param context The current DSpace context.
* @param communityID The community id.
* @param roleName ADMIN.
* @param groupID The id of the group associated with this role.
* @return A process result's object.
*/
public static FlowResult processDeleteCommunityRole(
Context context, int communityID, String roleName, int groupID)
throws SQLException, UIException, IOException, AuthorizeException {
FlowResult result = new FlowResult();
Community community = Community.find(context, communityID);
Group role = Group.find(context, groupID);
// First, unregister the role
if (ROLE_ADMIN.equals(roleName)) {
community.removeAdministrators();
}
// Second, remove all authorizations for this role by searching for all policies that this
// group has on the collection and remove them otherwise the delete will fail because
// there are dependencies.
@SuppressWarnings("unchecked") // the cast is correct
List<ResourcePolicy> policies = AuthorizeManager.getPolicies(context, community);
for (ResourcePolicy policy : policies) {
if (policy.getGroupID() == groupID) {
policy.delete();
}
}
// Finally, delete the role's actual group.
community.update();
role.delete();
context.commit();
result.setContinue(true);
result.setOutcome(true);
result.setMessage(new Message("default", "The role was successfully deleted."));
return result;
}
/**
* Change default privileges from the anonymous group to a new group that will be created and
* appropriate privileges assigned. The id of this new group will be returned.
*
* @param context The current DSpace context.
* @param collectionID The collection id.
* @return The group ID of the new group.
*/
public static int createCollectionDefaultReadGroup(Context context, int collectionID)
throws SQLException, AuthorizeException, UIException {
int roleID = getCollectionDefaultRead(context, collectionID);
if (roleID != 0) {
throw new UIException(
"Unable to create a new default read group because either the group already exists or multiple groups are assigned the default privileges.");
}
Collection collection = Collection.find(context, collectionID);
Group role = Group.create(context);
role.setName("COLLECTION_" + collection.getID() + "_DEFAULT_READ");
// Remove existing privileges from the anonymous group.
AuthorizeManager.removePoliciesActionFilter(context, collection, Constants.DEFAULT_ITEM_READ);
AuthorizeManager.removePoliciesActionFilter(
context, collection, Constants.DEFAULT_BITSTREAM_READ);
// Grant our new role the default privileges.
AuthorizeManager.addPolicy(context, collection, Constants.DEFAULT_ITEM_READ, role);
AuthorizeManager.addPolicy(context, collection, Constants.DEFAULT_BITSTREAM_READ, role);
// Commit the changes
role.update();
context.commit();
return role.getID();
}
/**
* Look up the id of a group authorized for one of the given roles. If no group is currently
* authorized to perform this role then a new group will be created and assigned the role.
*
* @param context The current DSpace context.
* @param collectionID The collection id.
* @return The id of the group associated with that particular role or -1
*/
public static int getCollectionDefaultRead(Context context, int collectionID)
throws SQLException, AuthorizeException {
Collection collection = Collection.find(context, collectionID);
Group[] itemGroups =
AuthorizeManager.getAuthorizedGroups(context, collection, Constants.DEFAULT_ITEM_READ);
Group[] bitstreamGroups =
AuthorizeManager.getAuthorizedGroups(context, collection, Constants.DEFAULT_BITSTREAM_READ);
int itemGroupID = -1;
// If there are more than one groups assigned either of these privileges then this role based
// method will not work.
// The user will need to go to the authorization section to manually straighten this out.
if (itemGroups.length != 1 || bitstreamGroups.length != 1) {
// do nothing the itemGroupID is already set to -1
} else {
Group itemGroup = itemGroups[0];
Group bitstreamGroup = bitstreamGroups[0];
// If the same group is not assigned both of these privileges then this role based method will
// not work. The user
// will need to go to the authorization section to manually straighten this out.
if (itemGroup.getID() != bitstreamGroup.getID()) {
// do nothing the itemGroupID is already set to -1
} else {
itemGroupID = itemGroup.getID();
}
}
return itemGroupID;
}
/**
* Look up the id of a group authorized for one of the given roles. If no group is currently
* authorized to perform this role then a new group will be created and assigned the role.
*
* @param context The current DSpace context.
* @param collectionID The collection id.
* @param roleName ADMIN, WF_STEP1, WF_STEP2, WF_STEP3, SUBMIT, DEFAULT_READ.
* @return The id of the group associated with that particular role, or -1 if the role was not
* found.
*/
public static int getCollectionRole(Context context, int collectionID, String roleName)
throws SQLException, AuthorizeException, IOException, TransformerException, SAXException,
WorkflowConfigurationException, ParserConfigurationException {
Collection collection = Collection.find(context, collectionID);
// Determine the group based upon wich role we are looking for.
Group roleGroup = null;
if (ROLE_ADMIN.equals(roleName)) {
roleGroup = collection.getAdministrators();
if (roleGroup == null) {
roleGroup = collection.createAdministrators();
}
} else if (ROLE_SUBMIT.equals(roleName)) {
roleGroup = collection.getSubmitters();
if (roleGroup == null) roleGroup = collection.createSubmitters();
} else {
if (ConfigurationManager.getProperty("workflow", "workflow.framework")
.equals("xmlworkflow")) { // Resolve our id to a role
roleGroup = getXMLWorkflowRole(context, collectionID, roleName, collection, roleGroup);
} else {
roleGroup = getOriginalWorkflowRole(roleName, collection, roleGroup);
}
}
// In case we needed to create a group, save our changes
collection.update();
context.commit();
// If the role name was valid then role should be non null,
if (roleGroup != null) return roleGroup.getID();
return -1;
}
/** Update the group - writing out group object and EPerson list if necessary */
public void update() throws SQLException, AuthorizeException {
// FIXME: Check authorisation
DatabaseManager.update(myContext, myRow);
if (modifiedMetadata) {
myContext.addEvent(new Event(Event.MODIFY_METADATA, Constants.GROUP, getID(), getDetails()));
modifiedMetadata = false;
clearDetails();
}
// Redo eperson mappings if they've changed
if (epeopleChanged) {
// Remove any existing mappings
DatabaseManager.updateQuery(
myContext, "delete from epersongroup2eperson where eperson_group_id= ? ", getID());
// Add new mappings
Iterator<EPerson> i = epeople.iterator();
while (i.hasNext()) {
EPerson e = i.next();
TableRow mappingRow = DatabaseManager.row("epersongroup2eperson");
mappingRow.setColumn("eperson_id", e.getID());
mappingRow.setColumn("eperson_group_id", getID());
DatabaseManager.insert(myContext, mappingRow);
}
epeopleChanged = false;
}
// Redo Group mappings if they've changed
if (groupsChanged) {
// Remove any existing mappings
DatabaseManager.updateQuery(
myContext, "delete from group2group where parent_id= ? ", getID());
// Add new mappings
Iterator<Group> i = groups.iterator();
while (i.hasNext()) {
Group g = i.next();
TableRow mappingRow = DatabaseManager.row("group2group");
mappingRow.setColumn("parent_id", getID());
mappingRow.setColumn("child_id", g.getID());
DatabaseManager.insert(myContext, mappingRow);
}
// groups changed, now change group cache
rethinkGroupCache();
groupsChanged = false;
}
log.info(LogManager.getHeader(myContext, "update_group", "group_id=" + getID()));
}
/**
* remove group from this group
*
* @param g
*/
public void removeMember(Group g) {
loadData(); // make sure Group has data loaded
if (groups.remove(g)) {
groupsChanged = true;
myContext.addEvent(
new Event(
Event.REMOVE, Constants.GROUP, getID(), Constants.GROUP, g.getID(), g.getName()));
}
}
/**
* Return <code>true</code> if <code>other</code> is the same Group as this object, <code>false
* </code> otherwise
*
* @param obj object to compare to
* @return <code>true</code> if object passed in represents the same group as this object
*/
@Override
public boolean equals(Object obj) {
if (obj == null) {
return false;
}
Class<?> objClass = HibernateProxyHelper.getClassWithoutInitializingProxy(obj);
if (getClass() != objClass) {
return false;
}
final Group other = (Group) obj;
return this.getID().equals(other.getID());
}
/**
* Delete one of collection's roles
*
* @param context The current DSpace context.
* @param collectionID The collection id.
* @param roleName ADMIN, WF_STEP1, WF_STEP2, WF_STEP3, SUBMIT, DEFAULT_READ.
* @param groupID The id of the group associated with this role.
* @return A process result's object.
*/
public static FlowResult processDeleteCollectionRole(
Context context, int collectionID, String roleName, int groupID)
throws SQLException, UIException, IOException, AuthorizeException,
WorkflowConfigurationException {
FlowResult result = new FlowResult();
Collection collection = Collection.find(context, collectionID);
Group role = Group.find(context, groupID);
// First, Unregister the role
if (ROLE_ADMIN.equals(roleName)) {
collection.removeAdministrators();
} else if (ROLE_SUBMIT.equals(roleName)) {
collection.removeSubmitters();
} else {
WorkflowUtils.deleteRoleGroup(context, collection, roleName);
}
// else if (ROLE_WF_STEP1.equals(roleName))
// {
// collection.setWorkflowGroup(1, null);
// }
// else if (ROLE_WF_STEP2.equals(roleName))
// {
// collection.setWorkflowGroup(2, null);
// }
// else if (ROLE_WF_STEP3.equals(roleName))
// {
// collection.setWorkflowGroup(3, null);
//
// }
// Second, remove all authorizations for this role by searching for all policies that this
// group has on the collection and remove them otherwise the delete will fail because
// there are dependencies.
@SuppressWarnings("unchecked") // the cast is correct
List<ResourcePolicy> policies = AuthorizeManager.getPolicies(context, collection);
for (ResourcePolicy policy : policies) {
if (policy.getGroupID() == groupID) {
policy.delete();
}
}
// Finally, Delete the role's actual group.
collection.update();
role.delete();
context.commit();
result.setContinue(true);
result.setOutcome(true);
result.setMessage(new Message("default", "The role was successfully deleted."));
return result;
}
/**
* Return <code>true</code> if <code>other</code> is the same Group as this object, <code>false
* </code> otherwise
*
* @param obj object to compare to
* @return <code>true</code> if object passed in represents the same group as this object
*/
@Override
public boolean equals(Object obj) {
if (obj == null) {
return false;
}
if (getClass() != obj.getClass()) {
return false;
}
final Group other = (Group) obj;
if (this.getID() != other.getID()) {
return false;
}
return true;
}
/**
* Generate Policies policies READ for the date in input adding reason. New policies are assigned
* automatically at the groups that have right on the collection. E.g., if the anonymous can
* access the collection policies are assigned to anonymous.
*
* @param context The relevant DSpace Context.
* @param embargoDate embargo end date
* @param reason embargo reason
* @param dso DSpace object
* @param owningCollection collection to get group policies from
* @throws SQLException if database error
* @throws AuthorizeException if authorization error
*/
@Override
public void generateAutomaticPolicies(
Context context,
Date embargoDate,
String reason,
DSpaceObject dso,
Collection owningCollection)
throws SQLException, AuthorizeException {
if (embargoDate != null || (embargoDate == null && dso instanceof Bitstream)) {
List<Group> authorizedGroups =
getAuthorizedGroups(context, owningCollection, Constants.DEFAULT_ITEM_READ);
removeAllPoliciesByDSOAndType(context, dso, ResourcePolicy.TYPE_CUSTOM);
// look for anonymous
boolean isAnonymousInPlace = false;
for (Group g : authorizedGroups) {
if (StringUtils.equals(g.getName(), Group.ANONYMOUS)) {
isAnonymousInPlace = true;
}
}
if (!isAnonymousInPlace) {
// add policies for all the groups
for (Group g : authorizedGroups) {
ResourcePolicy rp =
createOrModifyPolicy(
null, context, null, g, null, embargoDate, Constants.READ, reason, dso);
if (rp != null) resourcePolicyService.update(context, rp);
}
} else {
// add policy just for anonymous
ResourcePolicy rp =
createOrModifyPolicy(
null,
context,
null,
groupService.findByName(context, Group.ANONYMOUS),
null,
embargoDate,
Constants.READ,
reason,
dso);
if (rp != null) resourcePolicyService.update(context, rp);
}
}
}
/**
* add group to this group
*
* @param g
*/
public void addMember(Group g) {
loadData(); // make sure Group has data loaded
// don't add if it's already a member
// and don't add itself
if (isMember(g) || getID() == g.getID()) {
return;
}
groups.add(g);
groupsChanged = true;
myContext.addEvent(
new Event(Event.ADD, Constants.GROUP, getID(), Constants.GROUP, g.getID(), g.getName()));
}
/**
* Return a List of the policies for a group
*
* @param c current context
* @param g group to retrieve policies for
* @return List of <code>ResourcePolicy</code> objects
*/
public static List<ResourcePolicy> getPoliciesForGroup(Context c, Group g) throws SQLException {
TableRowIterator tri =
DatabaseManager.queryTable(
c,
"resourcepolicy",
"SELECT * FROM resourcepolicy WHERE epersongroup_id= ? ",
g.getID());
List<ResourcePolicy> policies = new ArrayList<ResourcePolicy>();
try {
while (tri.hasNext()) {
TableRow row = tri.next();
// first check the cache (FIXME: is this right?)
ResourcePolicy cachepolicy =
(ResourcePolicy) c.fromCache(ResourcePolicy.class, row.getIntColumn("policy_id"));
if (cachepolicy != null) {
policies.add(cachepolicy);
} else {
policies.add(new ResourcePolicy(c, row));
}
}
} finally {
if (tri != null) {
tri.close();
}
}
return policies;
}
protected void grantGroupAllItemPolicies(Context context, Item item, Group group)
throws AuthorizeException, SQLException {
if (group != null) {
// A list of policies the user has for this item
List<Integer> groupHasPolicies = new ArrayList<Integer>();
List<ResourcePolicy> itempols = authorizeService.getPolicies(context, item);
for (ResourcePolicy resourcePolicy : itempols) {
if (group.equals(resourcePolicy.getGroup())) {
// The user has already got this policy so it it to the list
groupHasPolicies.add(resourcePolicy.getAction());
}
}
// Make sure we don't add duplicate policies
if (!groupHasPolicies.contains(Constants.READ))
addGroupPolicyToItem(context, item, Constants.READ, group);
if (!groupHasPolicies.contains(Constants.WRITE))
addGroupPolicyToItem(context, item, Constants.WRITE, group);
if (!groupHasPolicies.contains(Constants.DELETE))
addGroupPolicyToItem(context, item, Constants.DELETE, group);
if (!groupHasPolicies.contains(Constants.ADD))
addGroupPolicyToItem(context, item, Constants.ADD, group);
if (!groupHasPolicies.contains(Constants.REMOVE))
addGroupPolicyToItem(context, item, Constants.REMOVE, group);
}
}
private void populateTableRowFromCollection(Collection collection, TableRow row) {
int id = collection.getID();
Bitstream logo = collection.getLogo();
Item templateItem = collection.getTemplateItem();
Group admins = collection.getAdministrators();
Group[] workflowGroups = collection.getWorkflowGroups();
if (logo == null) {
row.setColumnNull("logo_bitstream_id");
} else {
row.setColumn("logo_bitstream_id", logo.getID());
}
if (templateItem == null) {
row.setColumnNull("template_item_id");
} else {
row.setColumn("template_item_id", templateItem.getID());
}
if (admins == null) {
row.setColumnNull("admin");
} else {
row.setColumn("admin", admins.getID());
}
for (int i = 1; i <= workflowGroups.length; i++) {
Group g = workflowGroups[i - 1];
if (g == null) {
row.setColumnNull("workflow_step_" + i);
} else {
row.setColumn("workflow_step_" + i, g.getID());
}
}
// Now loop over all allowed metadata fields and set the value into the
// TableRow.
for (CollectionMetadataField field : CollectionMetadataField.values()) {
String value = collection.getMetadata(field.toString());
if (value == null) {
row.setColumnNull(field.toString());
} else {
row.setColumn(field.toString(), value);
}
}
row.setColumn("uuid", collection.getIdentifier().getUUID().toString());
}
/**
* Create a new group
*
* @param context DSpace context object
*/
public static Group create(Context context) throws SQLException, AuthorizeException {
// FIXME - authorization?
if (!AuthorizeManager.isAdmin(context)) {
throw new AuthorizeException("You must be an admin to create an EPerson Group");
}
// Create a table row
TableRow row = DatabaseManager.create(context, "epersongroup");
Group g = new Group(context, row);
log.info(LogManager.getHeader(context, "create_group", "group_id=" + g.getID()));
context.addEvent(new Event(Event.CREATE, Constants.GROUP, g.getID(), null));
return g;
}
/**
* Removes all policies from a group for a particular object that belong to a Group. FIXME doesn't
* check authorization
*
* @param c current context
* @param o the object
* @param g the group
* @throws SQLException if there's a database problem
*/
public static void removeGroupPolicies(Context c, DSpaceObject o, Group g) throws SQLException {
DatabaseManager.updateQuery(
c,
"DELETE FROM resourcepolicy WHERE "
+ "resource_type_id= ? AND resource_id= ? AND epersongroup_id= ? ",
o.getType(),
o.getID(),
g.getID());
}
/** Return true if group has no direct or indirect members */
public boolean isEmpty() {
loadData(); // make sure all data is loaded
// the only fast check available is on epeople...
boolean hasMembers = (epeople.size() != 0);
if (hasMembers) {
return false;
} else {
// well, groups is never null...
for (Group subGroup : groups) {
hasMembers = !subGroup.isEmpty();
if (hasMembers) {
return false;
}
}
return !hasMembers;
}
}
private String showMainPage(
Context context, ModelMap model, HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException, SQLException, AuthorizeException {
Group[] groups = Group.findAll(context, Group.NAME);
// if( groups == null ) { System.out.println("groups are null"); }
// else System.out.println("# of groups: " + groups.length);
model.addAttribute("groups", groups);
context.commit();
return "pages/admin/group-list";
}
/**
* Set the Permission on a Bitstream.
*
* @param c
* @param g
* @param actionID
* @param bs
* @throws SQLException
* @throws AuthorizeException
*/
private void setPermission(Context c, Group g, int actionID, Bitstream bs)
throws SQLException, AuthorizeException {
if (!isTest) {
// remove the default policy
AuthorizeManager.removeAllPolicies(c, bs);
// add the policy
ResourcePolicy rp = ResourcePolicy.create(c);
rp.setResource(bs);
rp.setAction(actionID);
rp.setGroup(g);
rp.update();
} else {
if (actionID == Constants.READ) {
System.out.println("\t\tpermissions: READ for " + g.getName());
} else if (actionID == Constants.WRITE) {
System.out.println("\t\tpermissions: WRITE for " + g.getName());
}
}
}
/**
* Get all of the groups that an eperson is a member of
*
* @param c
* @param e
* @return
* @throws SQLException
*/
public static Group[] allMemberGroups(Context c, EPerson e) throws SQLException {
List<Group> groupList = new ArrayList<Group>();
Set<Integer> myGroups = allMemberGroupIDs(c, e);
// now convert those Integers to Groups
Iterator<Integer> i = myGroups.iterator();
while (i.hasNext()) {
groupList.add(Group.find(c, (i.next()).intValue()));
}
return groupList.toArray(new Group[groupList.size()]);
}
protected Group checkGroup(Context context, HttpServletRequest request)
throws ServletException, IOException, SQLException, AuthorizeException {
// Find out if there's a group parameter
int groupID = Util.getIntParameter(request, "group_id");
Group group = null;
if (groupID >= 0) {
group = Group.find(context, groupID);
}
return group;
} // end checkGroup
@Override
public Group createAdministrators(Context context, Community community)
throws SQLException, AuthorizeException {
// Check authorisation - Must be an Admin to create more Admins
AuthorizeUtil.authorizeManageAdminGroup(context, community);
Group admins = community.getAdministrators();
if (admins == null) {
// turn off authorization so that Community Admins can create Sub-Community Admins
context.turnOffAuthorisationSystem();
admins = groupService.create(context);
context.restoreAuthSystemState();
admins.setName(context, "COMMUNITY_" + community.getID() + "_ADMIN");
groupService.update(context, admins);
}
authorizeService.addPolicy(context, community, Constants.ADMIN, admins);
// register this as the admin group
community.setAdmins(admins);
return admins;
}
/**
* Check to see if the current user is a System Admin. Always return <code>true</code> if
* c.ignoreAuthorization is set. Anonymous users can't be Admins (EPerson set to NULL)
*
* @param c current context
* @return <code>true</code> if user is an admin or ignore authorization flag set
*/
public static boolean isAdmin(Context c) throws SQLException {
// if we're ignoring authorization, user is member of admin
if (c.ignoreAuthorization()) {
return true;
}
EPerson e = c.getCurrentUser();
if (e == null) {
return false; // anonymous users can't be admins....
} else {
return Group.isMember(c, 1);
}
}
private static Group getXMLWorkflowRole(
Context context, int collectionID, String roleName, Collection collection, Group roleGroup)
throws IOException, WorkflowConfigurationException, SQLException, AuthorizeException {
Role role = WorkflowUtils.getCollectionAndRepositoryRoles(collection).get(roleName);
if (role.getScope() == Role.Scope.COLLECTION || role.getScope() == Role.Scope.REPOSITORY) {
roleGroup = WorkflowUtils.getRoleGroup(context, collectionID, role);
if (roleGroup == null) {
AuthorizeManager.authorizeAction(context, collection, Constants.WRITE);
roleGroup = Group.create(context);
if (role.getScope() == Role.Scope.COLLECTION) {
roleGroup.setName("COLLECTION_" + collection.getID() + "_WORKFLOW_ROLE_" + roleName);
} else {
roleGroup.setName(role.getName());
}
roleGroup.update();
AuthorizeManager.addPolicy(context, collection, Constants.ADD, roleGroup);
if (role.getScope() == Role.Scope.COLLECTION) {
WorkflowUtils.createCollectionWorkflowRole(context, collectionID, roleName, roleGroup);
}
}
}
return roleGroup;
}
/**
* Is the given eperson in the given group, or any of the groups that are also members of that
* group. This method recurses until it has exhausted the tree of groups or finds the given
* eperson
*
* @param group
* @param eperson
* @return true if in group, false if not
*/
public boolean isInGroup(Group group, EPerson eperson) {
EPerson[] eps = group.getMembers();
Group[] groups = group.getMemberGroups();
// is the user in the current group
for (int i = 0; i < eps.length; i++) {
if (eperson.getID() == eps[i].getID()) {
return true;
}
}
// is the eperson in the sub-groups (recurse)
if (groups != null && groups.length > 0) {
for (int j = 0; j < groups.length; j++) {
if (isInGroup(groups[j], eperson)) {
return true;
}
}
}
// ok, we didn't find you
return false;
}
/**
* Check to see if the current user is an Administrator of a given object within DSpace. Always
* return <code>true</code> if the user is a System Admin
*
* @param c current context
* @param o current DSpace Object, if <code>null</code> the call will be equivalent to a call to
* the <code>isAdmin(Context c)</code> method
* @return <code>true</code> if user has administrative privileges on the given DSpace object
*/
public static boolean isAdmin(Context c, DSpaceObject o) throws SQLException {
// return true if user is an Administrator
if (isAdmin(c)) {
return true;
}
if (o == null) {
return false;
}
// is eperson set? if not, userid = 0 (anonymous)
int userid = 0;
EPerson e = c.getCurrentUser();
if (e != null) {
userid = e.getID();
}
//
// First, check all Resource Policies directly on this object
//
List<ResourcePolicy> policies = getPoliciesActionFilter(c, o, Constants.ADMIN);
for (ResourcePolicy rp : policies) {
// check policies for date validity
if (rp.isDateValid()) {
if ((rp.getEPersonID() != -1) && (rp.getEPersonID() == userid)) {
return true; // match
}
if ((rp.getGroupID() != -1) && (Group.isMember(c, rp.getGroupID()))) {
// group was set, and eperson is a member
// of that group
return true;
}
}
}
// If user doesn't have specific Admin permissions on this object,
// check the *parent* objects of this object. This allows Admin
// permissions to be inherited automatically (e.g. Admin on Community
// is also an Admin of all Collections/Items in that Community)
DSpaceObject parent = o.getParentObject();
if (parent != null) {
return isAdmin(c, parent);
}
return false;
}
/**
* Displays the form to link groups to workspace items
*
* @param context the context of the request
* @param request the servlet request
* @param response the servlet response
*/
private void showLinkPage(
Context context, HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException, SQLException, AuthorizeException {
// get all the groups
Group[] groups = Group.findAll(context, 1);
// get all the workspace items
WorkspaceItem[] wsItems = WorkspaceItem.findAll(context);
// set the attributes for the JSP
request.setAttribute("groups", groups);
request.setAttribute("wsItems", wsItems);
JSPManager.showJSP(request, response, "/dspace-admin/supervise-link.jsp");
}