/*
* Add authenticated users to the group defined in dspace.cfg by
* the login.specialgroup key.
*/
@Override
public List<Group> getSpecialGroups(Context context, HttpServletRequest request) {
// Prevents anonymous users from being added to this group, and the second check
// ensures they are LDAP users
try {
if (!context.getCurrentUser().getNetid().equals("")) {
String groupName =
ConfigurationManager.getProperty("authentication-ldap", "login.specialgroup");
if ((groupName != null) && (!groupName.trim().equals(""))) {
Group ldapGroup = groupService.findByName(context, groupName);
if (ldapGroup == null) {
// Oops - the group isn't there.
log.warn(
LogManager.getHeader(
context,
"ldap_specialgroup",
"Group defined in login.specialgroup does not exist"));
return ListUtils.EMPTY_LIST;
} else {
return Arrays.asList(ldapGroup);
}
}
}
} catch (Exception npe) {
// The user is not an LDAP user, so we don't need to worry about them
}
return ListUtils.EMPTY_LIST;
}
/*
* Add authenticated users to the group defined in dspace.cfg by
* the authentication-ldap.login.groupmap.* key.
*/
private void assignGroups(String dn, String group, Context context) {
if (StringUtils.isNotBlank(dn)) {
System.out.println("dn:" + dn);
int i = 1;
String groupMap =
ConfigurationManager.getProperty("authentication-ldap", "login.groupmap." + i);
boolean cmp;
while (groupMap != null) {
String t[] = groupMap.split(":");
String ldapSearchString = t[0];
String dspaceGroupName = t[1];
if (group == null) {
cmp = StringUtils.containsIgnoreCase(dn, ldapSearchString + ",");
} else {
cmp = StringUtils.equalsIgnoreCase(group, ldapSearchString);
}
if (cmp) {
// assign user to this group
try {
Group ldapGroup = groupService.findByName(context, dspaceGroupName);
if (ldapGroup != null) {
groupService.addMember(context, ldapGroup, context.getCurrentUser());
groupService.update(context, ldapGroup);
} else {
// The group does not exist
log.warn(
LogManager.getHeader(
context,
"ldap_assignGroupsBasedOnLdapDn",
"Group defined in authentication-ldap.login.groupmap."
+ i
+ " does not exist :: "
+ dspaceGroupName));
}
} catch (AuthorizeException ae) {
log.debug(
LogManager.getHeader(
context,
"assignGroupsBasedOnLdapDn could not authorize addition to group",
dspaceGroupName));
} catch (SQLException e) {
log.debug(
LogManager.getHeader(
context, "assignGroupsBasedOnLdapDn could not find group", dspaceGroupName));
}
}
groupMap = ConfigurationManager.getProperty("authentication-ldap", "login.groupmap." + ++i);
}
}
}
/**
* Generate Policies policies READ for the date in input adding reason. New policies are assigned
* automatically at the groups that have right on the collection. E.g., if the anonymous can
* access the collection policies are assigned to anonymous.
*
* @param context The relevant DSpace Context.
* @param embargoDate embargo end date
* @param reason embargo reason
* @param dso DSpace object
* @param owningCollection collection to get group policies from
* @throws SQLException if database error
* @throws AuthorizeException if authorization error
*/
@Override
public void generateAutomaticPolicies(
Context context,
Date embargoDate,
String reason,
DSpaceObject dso,
Collection owningCollection)
throws SQLException, AuthorizeException {
if (embargoDate != null || (embargoDate == null && dso instanceof Bitstream)) {
List<Group> authorizedGroups =
getAuthorizedGroups(context, owningCollection, Constants.DEFAULT_ITEM_READ);
removeAllPoliciesByDSOAndType(context, dso, ResourcePolicy.TYPE_CUSTOM);
// look for anonymous
boolean isAnonymousInPlace = false;
for (Group g : authorizedGroups) {
if (StringUtils.equals(g.getName(), Group.ANONYMOUS)) {
isAnonymousInPlace = true;
}
}
if (!isAnonymousInPlace) {
// add policies for all the groups
for (Group g : authorizedGroups) {
ResourcePolicy rp =
createOrModifyPolicy(
null, context, null, g, null, embargoDate, Constants.READ, reason, dso);
if (rp != null) resourcePolicyService.update(context, rp);
}
} else {
// add policy just for anonymous
ResourcePolicy rp =
createOrModifyPolicy(
null,
context,
null,
groupService.findByName(context, Group.ANONYMOUS),
null,
embargoDate,
Constants.READ,
reason,
dso);
if (rp != null) resourcePolicyService.update(context, rp);
}
}
}
public void addListGroups(String groupID, List form, int errorFlag, Collection owningCollection)
throws WingException, SQLException {
if (isAdvancedFormEnabled) {
// currently set group
form.addLabel(T_groups);
Select groupSelect = form.addItem().addSelect("group_id");
groupSelect.setMultiple(false);
java.util.List<Group> loadedGroups = null;
// retrieve groups
String name = ConfigurationManager.getProperty("webui.submission.restrictstep.groups");
if (name != null) {
Group uiGroup = groupService.findByName(context, name);
if (uiGroup != null) loadedGroups = uiGroup.getMemberGroups();
}
if (loadedGroups == null || loadedGroups.size() == 0) {
loadedGroups = groupService.findAll(context, GroupService.NAME);
}
// if no group selected for default set anonymous
if (groupID == null || groupID.equals("")) groupID = "0";
// when we're just loading the main step, also default to anonymous
if (errorFlag == AccessStep.STATUS_COMPLETE) {
groupID = "0";
}
for (Group group : loadedGroups) {
boolean selectGroup = group.getID().toString().equals(groupID);
groupSelect.addOption(selectGroup, group.getID().toString(), group.getName());
}
if (errorFlag == AccessStep.STATUS_DUPLICATED_POLICY
|| errorFlag == AccessStep.EDIT_POLICY_STATUS_DUPLICATED_POLICY
|| errorFlag == UploadWithEmbargoStep.STATUS_EDIT_POLICIES_DUPLICATED_POLICY
|| errorFlag == UploadWithEmbargoStep.STATUS_EDIT_POLICY_DUPLICATED_POLICY) {
groupSelect.addError(T_error_duplicated_policy);
}
}
}
@Override
public Community create(Community parent, Context context, String handle)
throws SQLException, AuthorizeException {
if (!(authorizeService.isAdmin(context)
|| (parent != null
&& authorizeService.authorizeActionBoolean(context, parent, Constants.ADD)))) {
throw new AuthorizeException("Only administrators can create communities");
}
Community newCommunity = communityDAO.create(context, new Community());
try {
if (handle == null) {
handleService.createHandle(context, newCommunity);
} else {
handleService.createHandle(context, newCommunity, handle);
}
} catch (IllegalStateException ie) {
// If an IllegalStateException is thrown, then an existing object is already using this handle
throw ie;
}
if (parent != null) {
parent.addSubCommunity(newCommunity);
newCommunity.addParentCommunity(parent);
}
// create the default authorization policy for communities
// of 'anonymous' READ
Group anonymousGroup = groupService.findByName(context, Group.ANONYMOUS);
authorizeService.createResourcePolicy(
context, newCommunity, anonymousGroup, null, Constants.READ, null);
communityDAO.save(context, newCommunity);
context.addEvent(
new Event(
Event.CREATE,
Constants.COMMUNITY,
newCommunity.getID(),
newCommunity.getHandle(),
getIdentifiers(context, newCommunity)));
// if creating a top-level Community, simulate an ADD event at the Site.
if (parent == null) {
context.addEvent(
new Event(
Event.ADD,
Constants.SITE,
siteService.findSite(context).getID(),
Constants.COMMUNITY,
newCommunity.getID(),
newCommunity.getHandle(),
getIdentifiers(context, newCommunity)));
}
log.info(
LogManager.getHeader(context, "create_community", "community_id=" + newCommunity.getID())
+ ",handle="
+ newCommunity.getHandle());
return newCommunity;
}