/** * Get an array of all the communities that the current SWORD context will allow deposit onto in * the given DSpace context * * <p>The user may submit to a community if the following conditions are met: * * <p>IF: the authenticated user is an administrator AND: (the on-behalf-of user is an * administrator OR the on-behalf-of user is authorised to READ OR the on-behalf-of user is null) * OR IF: the authenticated user is authorised to READ AND: (the on-behalf-of user is an * administrator OR the on-behalf-of user is authorised to READ OR the on-behalf-of user is null) * * @param swordContext * @return the array of allowed collections * @throws DSpaceSwordException */ public List<Community> getAllowedCommunities(SwordContext swordContext) throws DSpaceSwordException { // a community is allowed if the following conditions are met // // - the authenticated user is an administrator // -- the on-behalf-of user is an administrator // -- the on-behalf-of user is authorised to READ // -- the on-behalf-of user is null // - the authenticated user is authorised to READ // -- the on-behalf-of user is an administrator // -- the on-behalf-of user is authorised to READ // -- the on-behalf-of user is null try { // locate all the top level communities Context context = swordContext.getContext(); List<Community> allowed = new ArrayList<Community>(); Community[] comms = Community.findAllTop(context); for (int i = 0; i < comms.length; i++) { boolean authAllowed = false; boolean oboAllowed = false; // check for obo null if (swordContext.getOnBehalfOf() == null) { oboAllowed = true; } // look up the READ policy on the community. This will include determining if the user is // an administrator // so we do not need to check that separately if (!authAllowed) { authAllowed = AuthorizeManager.authorizeActionBoolean( swordContext.getAuthenticatorContext(), comms[i], Constants.READ); } // if we have not already determined that the obo user is ok to submit, look up the READ // policy on the // community. THis will include determining if the user is an administrator. if (!oboAllowed) { oboAllowed = AuthorizeManager.authorizeActionBoolean( swordContext.getOnBehalfOfContext(), comms[i], Constants.READ); } // final check to see if we are allowed to READ if (authAllowed && oboAllowed) { allowed.add(comms[i]); } } return allowed; } catch (SQLException e) { log.error("Caught exception: ", e); throw new DSpaceSwordException(e); } }
public Statement getStatement( String stateIRI, Map<String, String> accept, AuthCredentials authCredentials, SwordConfiguration swordConfig) throws SwordServerException, SwordError, SwordAuthException { SwordContext sc = null; try { SwordConfigurationDSpace config = (SwordConfigurationDSpace) swordConfig; SwordAuthenticator auth = new SwordAuthenticator(); sc = auth.authenticate(authCredentials); Context context = sc.getContext(); if (log.isDebugEnabled()) { log.debug(LogManager.getHeader(context, "sword_get_statement", "")); } // log the request String un = authCredentials.getUsername() != null ? authCredentials.getUsername() : "NONE"; String obo = authCredentials.getOnBehalfOf() != null ? authCredentials.getOnBehalfOf() : "NONE"; log.info( LogManager.getHeader( context, "sword_get_statement", "username="******",on_behalf_of=" + obo)); // first thing is to figure out what we're being asked to work on SwordUrlManager urlManager = config.getUrlManager(context, config); Item item = urlManager.getItem(context, stateIRI); if (item == null) { throw new SwordError(404); } // find out if we are allowed to read the item's statement AuthorizeManager.authorizeAction(context, item, Constants.READ); // find out, now we know what we're being asked for, whether this is allowed WorkflowManagerFactory.getInstance().retrieveStatement(context, item); String suffix = urlManager.getTypeSuffix(context, stateIRI); SwordStatementDisseminator disseminator = null; if (suffix != null) { Map<Float, List<String>> analysed = new HashMap<Float, List<String>>(); List<String> list = new ArrayList<String>(); list.add(suffix); analysed.put((float) 1.0, list); disseminator = SwordDisseminatorFactory.getStatementInstance(analysed); } else { // we rely on the content negotiation to do the work String acceptContentType = this.getHeader(accept, "Accept", null); // we extract from the Accept header the ordered list of content types TreeMap<Float, List<String>> analysed = this.analyseAccept(acceptContentType); // the meat of this is done by the package disseminator disseminator = SwordDisseminatorFactory.getStatementInstance(analysed); } Statement statement = disseminator.disseminate(context, item); return statement; } catch (AuthorizeException e) { throw new SwordAuthException(); } catch (SQLException e) { throw new SwordServerException(e); } catch (DSpaceSwordException e) { throw new SwordServerException(e); } finally { if (sc != null) { sc.abort(); } } }