예제 #1
0
파일: FeedServlet.java 프로젝트: ekate/fda5
  // returns recently changed items, checking for accessibility
  private Item[] getItems(Context context, DSpaceObject dso) throws IOException, SQLException {
    try {
      // new method of doing the browse:
      String idx = ConfigurationManager.getProperty("recent.submissions.sort-option");
      if (idx == null) {
        throw new IOException(
            "There is no configuration supplied for: recent.submissions.sort-option");
      }
      BrowseIndex bix = BrowseIndex.getItemBrowseIndex();
      if (bix == null) {
        throw new IOException("There is no browse index with the name: " + idx);
      }

      BrowserScope scope = new BrowserScope(context);
      scope.setBrowseIndex(bix);
      if (dso != null) {
        scope.setBrowseContainer(dso);
      }

      for (SortOption so : SortOption.getSortOptions()) {
        if (so.getName().equals(idx)) {
          scope.setSortBy(so.getNumber());
        }
      }
      scope.setOrder(SortOption.DESCENDING);
      scope.setResultsPerPage(itemCount);

      // gather & add items to the feed.
      BrowseEngine be = new BrowseEngine(context);
      BrowseInfo bi = be.browseMini(scope);
      Item[] results = bi.getItemResults(context);

      if (includeAll) {
        return results;
      } else {
        // Check to see if we can include this item
        // Group[] authorizedGroups = AuthorizeManager.getAuthorizedGroups(context, results[i],
        // Constants.READ);
        // boolean added = false;
        List<Item> items = new ArrayList<Item>();
        for (Item result : results) {
          checkAccess:
          for (Group group :
              AuthorizeManager.getAuthorizedGroups(context, result, Constants.READ)) {
            if ((group.getID() == Group.ANONYMOUS_ID)) {
              items.add(result);
              break checkAccess;
            }
          }
        }
        return items.toArray(new Item[items.size()]);
      }
    } catch (SortException se) {
      log.error("caught exception: ", se);
      throw new IOException(se.getMessage(), se);
    } catch (BrowseException e) {
      log.error("caught exception: ", e);
      throw new IOException(e.getMessage(), e);
    }
  }
예제 #2
0
  @RequestMapping(method = RequestMethod.GET)
  protected String processGet(
      @RequestAttribute Context context,
      ModelMap model,
      HttpServletRequest request,
      HttpServletResponse response)
      throws ServletException, IOException, SQLException, AuthorizeException {

    Group group = null;
    group = checkGroup(context, request);

    if (group != null) {

      // unknown action, show edit page
      model.addAttribute("group", group);
      model.addAttribute("members", group.getMembers());
      model.addAttribute("membergroups", group.getMemberGroups());

      String utilsGrpName = Utils.addEntities(group.getName());
      model.addAttribute("utilsGrpName", utilsGrpName);
      return "pages/admin/group-edit";

    } else {

      return showMainPage(context, model, request, response);
    }
  } // end processGet
예제 #3
0
  /**
   * Change the default read privileges to the anonymous group.
   *
   * <p>If getCollectionDefaultRead() returns -1 or the anonymous group then nothing is done.
   *
   * @param context The current DSpace context.
   * @param collectionID The collection id.
   * @return A process result's object.
   */
  public static FlowResult changeCollectionDefaultReadToAnonymous(Context context, int collectionID)
      throws SQLException, AuthorizeException, UIException {
    FlowResult result = new FlowResult();

    int roleID = getCollectionDefaultRead(context, collectionID);

    if (roleID < 1) {
      throw new UIException(
          "Unable to delete the default read role because the role is either already assigned to the anonymous group or multiple groups are assigned the default privileges.");
    }

    Collection collection = Collection.find(context, collectionID);
    Group role = Group.find(context, roleID);
    Group anonymous = Group.find(context, 0);

    // Delete the old role, this will remove the default privileges.
    role.delete();

    // Set anonymous as the default read group.
    AuthorizeManager.addPolicy(context, collection, Constants.DEFAULT_ITEM_READ, anonymous);
    AuthorizeManager.addPolicy(context, collection, Constants.DEFAULT_BITSTREAM_READ, anonymous);

    // Commit the changes
    context.commit();

    result.setContinue(true);
    result.setOutcome(true);
    result.setMessage(
        new Message(
            "default",
            "All new items submitted to this collection will default to anonymous read."));
    return result;
  }
예제 #4
0
  /**
   * Delete one of a community's roles
   *
   * @param context The current DSpace context.
   * @param communityID The community id.
   * @param roleName ADMIN.
   * @param groupID The id of the group associated with this role.
   * @return A process result's object.
   */
  public static FlowResult processDeleteCommunityRole(
      Context context, int communityID, String roleName, int groupID)
      throws SQLException, UIException, IOException, AuthorizeException {
    FlowResult result = new FlowResult();

    Community community = Community.find(context, communityID);
    Group role = Group.find(context, groupID);

    // First, unregister the role
    if (ROLE_ADMIN.equals(roleName)) {
      community.removeAdministrators();
    }

    // Second, remove all authorizations for this role by searching for all policies that this
    // group has on the collection and remove them otherwise the delete will fail because
    // there are dependencies.
    @SuppressWarnings("unchecked") // the cast is correct
    List<ResourcePolicy> policies = AuthorizeManager.getPolicies(context, community);
    for (ResourcePolicy policy : policies) {
      if (policy.getGroupID() == groupID) {
        policy.delete();
      }
    }

    // Finally, delete the role's actual group.
    community.update();
    role.delete();
    context.commit();

    result.setContinue(true);
    result.setOutcome(true);
    result.setMessage(new Message("default", "The role was successfully deleted."));
    return result;
  }
예제 #5
0
  /**
   * Change default privileges from the anonymous group to a new group that will be created and
   * appropriate privileges assigned. The id of this new group will be returned.
   *
   * @param context The current DSpace context.
   * @param collectionID The collection id.
   * @return The group ID of the new group.
   */
  public static int createCollectionDefaultReadGroup(Context context, int collectionID)
      throws SQLException, AuthorizeException, UIException {
    int roleID = getCollectionDefaultRead(context, collectionID);

    if (roleID != 0) {
      throw new UIException(
          "Unable to create a new default read group because either the group already exists or multiple groups are assigned the default privileges.");
    }

    Collection collection = Collection.find(context, collectionID);
    Group role = Group.create(context);
    role.setName("COLLECTION_" + collection.getID() + "_DEFAULT_READ");

    // Remove existing privileges from the anonymous group.
    AuthorizeManager.removePoliciesActionFilter(context, collection, Constants.DEFAULT_ITEM_READ);
    AuthorizeManager.removePoliciesActionFilter(
        context, collection, Constants.DEFAULT_BITSTREAM_READ);

    // Grant our new role the default privileges.
    AuthorizeManager.addPolicy(context, collection, Constants.DEFAULT_ITEM_READ, role);
    AuthorizeManager.addPolicy(context, collection, Constants.DEFAULT_BITSTREAM_READ, role);

    // Commit the changes
    role.update();
    context.commit();

    return role.getID();
  }
예제 #6
0
  /**
   * Look up the id of a group authorized for one of the given roles. If no group is currently
   * authorized to perform this role then a new group will be created and assigned the role.
   *
   * @param context The current DSpace context.
   * @param collectionID The collection id.
   * @return The id of the group associated with that particular role or -1
   */
  public static int getCollectionDefaultRead(Context context, int collectionID)
      throws SQLException, AuthorizeException {
    Collection collection = Collection.find(context, collectionID);

    Group[] itemGroups =
        AuthorizeManager.getAuthorizedGroups(context, collection, Constants.DEFAULT_ITEM_READ);
    Group[] bitstreamGroups =
        AuthorizeManager.getAuthorizedGroups(context, collection, Constants.DEFAULT_BITSTREAM_READ);

    int itemGroupID = -1;

    // If there are more than one groups assigned either of these privileges then this role based
    // method will not work.
    // The user will need to go to the authorization section to manually straighten this out.
    if (itemGroups.length != 1 || bitstreamGroups.length != 1) {
      // do nothing the itemGroupID is already set to -1
    } else {
      Group itemGroup = itemGroups[0];
      Group bitstreamGroup = bitstreamGroups[0];

      // If the same group is not assigned both of these privileges then this role based method will
      // not work. The user
      // will need to go to the authorization section to manually straighten this out.
      if (itemGroup.getID() != bitstreamGroup.getID()) {
        // do nothing the itemGroupID is already set to -1
      } else {
        itemGroupID = itemGroup.getID();
      }
    }

    return itemGroupID;
  }
예제 #7
0
  /**
   * Look up the id of a group authorized for one of the given roles. If no group is currently
   * authorized to perform this role then a new group will be created and assigned the role.
   *
   * @param context The current DSpace context.
   * @param collectionID The collection id.
   * @param roleName ADMIN, WF_STEP1, WF_STEP2, WF_STEP3, SUBMIT, DEFAULT_READ.
   * @return The id of the group associated with that particular role, or -1 if the role was not
   *     found.
   */
  public static int getCollectionRole(Context context, int collectionID, String roleName)
      throws SQLException, AuthorizeException, IOException, TransformerException, SAXException,
          WorkflowConfigurationException, ParserConfigurationException {
    Collection collection = Collection.find(context, collectionID);

    // Determine the group based upon wich role we are looking for.
    Group roleGroup = null;
    if (ROLE_ADMIN.equals(roleName)) {
      roleGroup = collection.getAdministrators();
      if (roleGroup == null) {
        roleGroup = collection.createAdministrators();
      }
    } else if (ROLE_SUBMIT.equals(roleName)) {
      roleGroup = collection.getSubmitters();
      if (roleGroup == null) roleGroup = collection.createSubmitters();
    } else {
      if (ConfigurationManager.getProperty("workflow", "workflow.framework")
          .equals("xmlworkflow")) { // Resolve our id to a role
        roleGroup = getXMLWorkflowRole(context, collectionID, roleName, collection, roleGroup);
      } else {
        roleGroup = getOriginalWorkflowRole(roleName, collection, roleGroup);
      }
    }

    // In case we needed to create a group, save our changes
    collection.update();
    context.commit();

    // If the role name was valid then role should be non null,
    if (roleGroup != null) return roleGroup.getID();

    return -1;
  }
예제 #8
0
파일: Group.java 프로젝트: seesmith/DSpace
  /** Update the group - writing out group object and EPerson list if necessary */
  public void update() throws SQLException, AuthorizeException {
    // FIXME: Check authorisation
    DatabaseManager.update(myContext, myRow);

    if (modifiedMetadata) {
      myContext.addEvent(new Event(Event.MODIFY_METADATA, Constants.GROUP, getID(), getDetails()));
      modifiedMetadata = false;
      clearDetails();
    }

    // Redo eperson mappings if they've changed
    if (epeopleChanged) {
      // Remove any existing mappings
      DatabaseManager.updateQuery(
          myContext, "delete from epersongroup2eperson where eperson_group_id= ? ", getID());

      // Add new mappings
      Iterator<EPerson> i = epeople.iterator();

      while (i.hasNext()) {
        EPerson e = i.next();

        TableRow mappingRow = DatabaseManager.row("epersongroup2eperson");
        mappingRow.setColumn("eperson_id", e.getID());
        mappingRow.setColumn("eperson_group_id", getID());
        DatabaseManager.insert(myContext, mappingRow);
      }

      epeopleChanged = false;
    }

    // Redo Group mappings if they've changed
    if (groupsChanged) {
      // Remove any existing mappings
      DatabaseManager.updateQuery(
          myContext, "delete from group2group where parent_id= ? ", getID());

      // Add new mappings
      Iterator<Group> i = groups.iterator();

      while (i.hasNext()) {
        Group g = i.next();

        TableRow mappingRow = DatabaseManager.row("group2group");
        mappingRow.setColumn("parent_id", getID());
        mappingRow.setColumn("child_id", g.getID());
        DatabaseManager.insert(myContext, mappingRow);
      }

      // groups changed, now change group cache
      rethinkGroupCache();

      groupsChanged = false;
    }

    log.info(LogManager.getHeader(myContext, "update_group", "group_id=" + getID()));
  }
예제 #9
0
파일: Group.java 프로젝트: seesmith/DSpace
  /**
   * remove group from this group
   *
   * @param g
   */
  public void removeMember(Group g) {
    loadData(); // make sure Group has data loaded

    if (groups.remove(g)) {
      groupsChanged = true;
      myContext.addEvent(
          new Event(
              Event.REMOVE, Constants.GROUP, getID(), Constants.GROUP, g.getID(), g.getName()));
    }
  }
예제 #10
0
 /**
  * Return <code>true</code> if <code>other</code> is the same Group as this object, <code>false
  * </code> otherwise
  *
  * @param obj object to compare to
  * @return <code>true</code> if object passed in represents the same group as this object
  */
 @Override
 public boolean equals(Object obj) {
   if (obj == null) {
     return false;
   }
   Class<?> objClass = HibernateProxyHelper.getClassWithoutInitializingProxy(obj);
   if (getClass() != objClass) {
     return false;
   }
   final Group other = (Group) obj;
   return this.getID().equals(other.getID());
 }
예제 #11
0
  /**
   * Delete one of collection's roles
   *
   * @param context The current DSpace context.
   * @param collectionID The collection id.
   * @param roleName ADMIN, WF_STEP1, WF_STEP2, WF_STEP3, SUBMIT, DEFAULT_READ.
   * @param groupID The id of the group associated with this role.
   * @return A process result's object.
   */
  public static FlowResult processDeleteCollectionRole(
      Context context, int collectionID, String roleName, int groupID)
      throws SQLException, UIException, IOException, AuthorizeException,
          WorkflowConfigurationException {
    FlowResult result = new FlowResult();

    Collection collection = Collection.find(context, collectionID);
    Group role = Group.find(context, groupID);

    // First, Unregister the role
    if (ROLE_ADMIN.equals(roleName)) {
      collection.removeAdministrators();
    } else if (ROLE_SUBMIT.equals(roleName)) {
      collection.removeSubmitters();
    } else {
      WorkflowUtils.deleteRoleGroup(context, collection, roleName);
    }
    //		else if (ROLE_WF_STEP1.equals(roleName))
    //		{
    //			collection.setWorkflowGroup(1, null);
    //		}
    //		else if (ROLE_WF_STEP2.equals(roleName))
    //		{
    //			collection.setWorkflowGroup(2, null);
    //		}
    //		else if (ROLE_WF_STEP3.equals(roleName))
    //		{
    //			collection.setWorkflowGroup(3, null);
    //
    //		}

    // Second, remove all authorizations for this role by searching for all policies that this
    // group has on the collection and remove them otherwise the delete will fail because
    // there are dependencies.
    @SuppressWarnings("unchecked") // the cast is correct
    List<ResourcePolicy> policies = AuthorizeManager.getPolicies(context, collection);
    for (ResourcePolicy policy : policies) {
      if (policy.getGroupID() == groupID) {
        policy.delete();
      }
    }

    // Finally, Delete the role's actual group.
    collection.update();
    role.delete();
    context.commit();

    result.setContinue(true);
    result.setOutcome(true);
    result.setMessage(new Message("default", "The role was successfully deleted."));
    return result;
  }
예제 #12
0
파일: Group.java 프로젝트: seesmith/DSpace
 /**
  * Return <code>true</code> if <code>other</code> is the same Group as this object, <code>false
  * </code> otherwise
  *
  * @param obj object to compare to
  * @return <code>true</code> if object passed in represents the same group as this object
  */
 @Override
 public boolean equals(Object obj) {
   if (obj == null) {
     return false;
   }
   if (getClass() != obj.getClass()) {
     return false;
   }
   final Group other = (Group) obj;
   if (this.getID() != other.getID()) {
     return false;
   }
   return true;
 }
예제 #13
0
  /**
   * Generate Policies policies READ for the date in input adding reason. New policies are assigned
   * automatically at the groups that have right on the collection. E.g., if the anonymous can
   * access the collection policies are assigned to anonymous.
   *
   * @param context The relevant DSpace Context.
   * @param embargoDate embargo end date
   * @param reason embargo reason
   * @param dso DSpace object
   * @param owningCollection collection to get group policies from
   * @throws SQLException if database error
   * @throws AuthorizeException if authorization error
   */
  @Override
  public void generateAutomaticPolicies(
      Context context,
      Date embargoDate,
      String reason,
      DSpaceObject dso,
      Collection owningCollection)
      throws SQLException, AuthorizeException {

    if (embargoDate != null || (embargoDate == null && dso instanceof Bitstream)) {

      List<Group> authorizedGroups =
          getAuthorizedGroups(context, owningCollection, Constants.DEFAULT_ITEM_READ);

      removeAllPoliciesByDSOAndType(context, dso, ResourcePolicy.TYPE_CUSTOM);

      // look for anonymous
      boolean isAnonymousInPlace = false;
      for (Group g : authorizedGroups) {
        if (StringUtils.equals(g.getName(), Group.ANONYMOUS)) {
          isAnonymousInPlace = true;
        }
      }
      if (!isAnonymousInPlace) {
        // add policies for all the groups
        for (Group g : authorizedGroups) {
          ResourcePolicy rp =
              createOrModifyPolicy(
                  null, context, null, g, null, embargoDate, Constants.READ, reason, dso);
          if (rp != null) resourcePolicyService.update(context, rp);
        }

      } else {
        // add policy just for anonymous
        ResourcePolicy rp =
            createOrModifyPolicy(
                null,
                context,
                null,
                groupService.findByName(context, Group.ANONYMOUS),
                null,
                embargoDate,
                Constants.READ,
                reason,
                dso);
        if (rp != null) resourcePolicyService.update(context, rp);
      }
    }
  }
예제 #14
0
파일: Group.java 프로젝트: seesmith/DSpace
  /**
   * add group to this group
   *
   * @param g
   */
  public void addMember(Group g) {
    loadData(); // make sure Group has data loaded

    // don't add if it's already a member
    // and don't add itself
    if (isMember(g) || getID() == g.getID()) {
      return;
    }

    groups.add(g);
    groupsChanged = true;

    myContext.addEvent(
        new Event(Event.ADD, Constants.GROUP, getID(), Constants.GROUP, g.getID(), g.getName()));
  }
예제 #15
0
  /**
   * Return a List of the policies for a group
   *
   * @param c current context
   * @param g group to retrieve policies for
   * @return List of <code>ResourcePolicy</code> objects
   */
  public static List<ResourcePolicy> getPoliciesForGroup(Context c, Group g) throws SQLException {
    TableRowIterator tri =
        DatabaseManager.queryTable(
            c,
            "resourcepolicy",
            "SELECT * FROM resourcepolicy WHERE epersongroup_id= ? ",
            g.getID());

    List<ResourcePolicy> policies = new ArrayList<ResourcePolicy>();

    try {
      while (tri.hasNext()) {
        TableRow row = tri.next();

        // first check the cache (FIXME: is this right?)
        ResourcePolicy cachepolicy =
            (ResourcePolicy) c.fromCache(ResourcePolicy.class, row.getIntColumn("policy_id"));

        if (cachepolicy != null) {
          policies.add(cachepolicy);
        } else {
          policies.add(new ResourcePolicy(c, row));
        }
      }
    } finally {
      if (tri != null) {
        tri.close();
      }
    }

    return policies;
  }
예제 #16
0
 protected void grantGroupAllItemPolicies(Context context, Item item, Group group)
     throws AuthorizeException, SQLException {
   if (group != null) {
     // A list of policies the user has for this item
     List<Integer> groupHasPolicies = new ArrayList<Integer>();
     List<ResourcePolicy> itempols = authorizeService.getPolicies(context, item);
     for (ResourcePolicy resourcePolicy : itempols) {
       if (group.equals(resourcePolicy.getGroup())) {
         // The user has already got this policy so it it to the list
         groupHasPolicies.add(resourcePolicy.getAction());
       }
     }
     // Make sure we don't add duplicate policies
     if (!groupHasPolicies.contains(Constants.READ))
       addGroupPolicyToItem(context, item, Constants.READ, group);
     if (!groupHasPolicies.contains(Constants.WRITE))
       addGroupPolicyToItem(context, item, Constants.WRITE, group);
     if (!groupHasPolicies.contains(Constants.DELETE))
       addGroupPolicyToItem(context, item, Constants.DELETE, group);
     if (!groupHasPolicies.contains(Constants.ADD))
       addGroupPolicyToItem(context, item, Constants.ADD, group);
     if (!groupHasPolicies.contains(Constants.REMOVE))
       addGroupPolicyToItem(context, item, Constants.REMOVE, group);
   }
 }
  private void populateTableRowFromCollection(Collection collection, TableRow row) {
    int id = collection.getID();
    Bitstream logo = collection.getLogo();
    Item templateItem = collection.getTemplateItem();
    Group admins = collection.getAdministrators();
    Group[] workflowGroups = collection.getWorkflowGroups();

    if (logo == null) {
      row.setColumnNull("logo_bitstream_id");
    } else {
      row.setColumn("logo_bitstream_id", logo.getID());
    }

    if (templateItem == null) {
      row.setColumnNull("template_item_id");
    } else {
      row.setColumn("template_item_id", templateItem.getID());
    }

    if (admins == null) {
      row.setColumnNull("admin");
    } else {
      row.setColumn("admin", admins.getID());
    }

    for (int i = 1; i <= workflowGroups.length; i++) {
      Group g = workflowGroups[i - 1];
      if (g == null) {
        row.setColumnNull("workflow_step_" + i);
      } else {
        row.setColumn("workflow_step_" + i, g.getID());
      }
    }

    // Now loop over all allowed metadata fields and set the value into the
    // TableRow.
    for (CollectionMetadataField field : CollectionMetadataField.values()) {
      String value = collection.getMetadata(field.toString());
      if (value == null) {
        row.setColumnNull(field.toString());
      } else {
        row.setColumn(field.toString(), value);
      }
    }

    row.setColumn("uuid", collection.getIdentifier().getUUID().toString());
  }
예제 #18
0
파일: Group.java 프로젝트: seesmith/DSpace
  /**
   * Create a new group
   *
   * @param context DSpace context object
   */
  public static Group create(Context context) throws SQLException, AuthorizeException {
    // FIXME - authorization?
    if (!AuthorizeManager.isAdmin(context)) {
      throw new AuthorizeException("You must be an admin to create an EPerson Group");
    }

    // Create a table row
    TableRow row = DatabaseManager.create(context, "epersongroup");

    Group g = new Group(context, row);

    log.info(LogManager.getHeader(context, "create_group", "group_id=" + g.getID()));

    context.addEvent(new Event(Event.CREATE, Constants.GROUP, g.getID(), null));

    return g;
  }
예제 #19
0
 /**
  * Removes all policies from a group for a particular object that belong to a Group. FIXME doesn't
  * check authorization
  *
  * @param c current context
  * @param o the object
  * @param g the group
  * @throws SQLException if there's a database problem
  */
 public static void removeGroupPolicies(Context c, DSpaceObject o, Group g) throws SQLException {
   DatabaseManager.updateQuery(
       c,
       "DELETE FROM resourcepolicy WHERE "
           + "resource_type_id= ? AND resource_id= ? AND epersongroup_id= ? ",
       o.getType(),
       o.getID(),
       g.getID());
 }
예제 #20
0
파일: Group.java 프로젝트: seesmith/DSpace
  /** Return true if group has no direct or indirect members */
  public boolean isEmpty() {
    loadData(); // make sure all data is loaded

    // the only fast check available is on epeople...
    boolean hasMembers = (epeople.size() != 0);

    if (hasMembers) {
      return false;
    } else {
      // well, groups is never null...
      for (Group subGroup : groups) {
        hasMembers = !subGroup.isEmpty();
        if (hasMembers) {
          return false;
        }
      }
      return !hasMembers;
    }
  }
예제 #21
0
  private String showMainPage(
      Context context, ModelMap model, HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException, SQLException, AuthorizeException {
    Group[] groups = Group.findAll(context, Group.NAME);

    // if( groups == null ) { System.out.println("groups are null"); }
    // else System.out.println("# of groups: " + groups.length);
    model.addAttribute("groups", groups);
    context.commit();
    return "pages/admin/group-list";
  }
예제 #22
0
  /**
   * Set the Permission on a Bitstream.
   *
   * @param c
   * @param g
   * @param actionID
   * @param bs
   * @throws SQLException
   * @throws AuthorizeException
   */
  private void setPermission(Context c, Group g, int actionID, Bitstream bs)
      throws SQLException, AuthorizeException {
    if (!isTest) {
      // remove the default policy
      AuthorizeManager.removeAllPolicies(c, bs);

      // add the policy
      ResourcePolicy rp = ResourcePolicy.create(c);

      rp.setResource(bs);
      rp.setAction(actionID);
      rp.setGroup(g);

      rp.update();
    } else {
      if (actionID == Constants.READ) {
        System.out.println("\t\tpermissions: READ for " + g.getName());
      } else if (actionID == Constants.WRITE) {
        System.out.println("\t\tpermissions: WRITE for " + g.getName());
      }
    }
  }
예제 #23
0
파일: Group.java 프로젝트: seesmith/DSpace
  /**
   * Get all of the groups that an eperson is a member of
   *
   * @param c
   * @param e
   * @return
   * @throws SQLException
   */
  public static Group[] allMemberGroups(Context c, EPerson e) throws SQLException {
    List<Group> groupList = new ArrayList<Group>();

    Set<Integer> myGroups = allMemberGroupIDs(c, e);
    // now convert those Integers to Groups
    Iterator<Integer> i = myGroups.iterator();

    while (i.hasNext()) {
      groupList.add(Group.find(c, (i.next()).intValue()));
    }

    return groupList.toArray(new Group[groupList.size()]);
  }
예제 #24
0
  protected Group checkGroup(Context context, HttpServletRequest request)
      throws ServletException, IOException, SQLException, AuthorizeException {

    // Find out if there's a group parameter
    int groupID = Util.getIntParameter(request, "group_id");
    Group group = null;

    if (groupID >= 0) {
      group = Group.find(context, groupID);
    }

    return group;
  } // end checkGroup
예제 #25
0
  @Override
  public Group createAdministrators(Context context, Community community)
      throws SQLException, AuthorizeException {
    // Check authorisation - Must be an Admin to create more Admins
    AuthorizeUtil.authorizeManageAdminGroup(context, community);

    Group admins = community.getAdministrators();
    if (admins == null) {
      // turn off authorization so that Community Admins can create Sub-Community Admins
      context.turnOffAuthorisationSystem();
      admins = groupService.create(context);
      context.restoreAuthSystemState();

      admins.setName(context, "COMMUNITY_" + community.getID() + "_ADMIN");
      groupService.update(context, admins);
    }

    authorizeService.addPolicy(context, community, Constants.ADMIN, admins);

    // register this as the admin group
    community.setAdmins(admins);
    return admins;
  }
예제 #26
0
  /**
   * Check to see if the current user is a System Admin. Always return <code>true</code> if
   * c.ignoreAuthorization is set. Anonymous users can't be Admins (EPerson set to NULL)
   *
   * @param c current context
   * @return <code>true</code> if user is an admin or ignore authorization flag set
   */
  public static boolean isAdmin(Context c) throws SQLException {
    // if we're ignoring authorization, user is member of admin
    if (c.ignoreAuthorization()) {
      return true;
    }

    EPerson e = c.getCurrentUser();

    if (e == null) {
      return false; // anonymous users can't be admins....
    } else {
      return Group.isMember(c, 1);
    }
  }
예제 #27
0
 private static Group getXMLWorkflowRole(
     Context context, int collectionID, String roleName, Collection collection, Group roleGroup)
     throws IOException, WorkflowConfigurationException, SQLException, AuthorizeException {
   Role role = WorkflowUtils.getCollectionAndRepositoryRoles(collection).get(roleName);
   if (role.getScope() == Role.Scope.COLLECTION || role.getScope() == Role.Scope.REPOSITORY) {
     roleGroup = WorkflowUtils.getRoleGroup(context, collectionID, role);
     if (roleGroup == null) {
       AuthorizeManager.authorizeAction(context, collection, Constants.WRITE);
       roleGroup = Group.create(context);
       if (role.getScope() == Role.Scope.COLLECTION) {
         roleGroup.setName("COLLECTION_" + collection.getID() + "_WORKFLOW_ROLE_" + roleName);
       } else {
         roleGroup.setName(role.getName());
       }
       roleGroup.update();
       AuthorizeManager.addPolicy(context, collection, Constants.ADD, roleGroup);
       if (role.getScope() == Role.Scope.COLLECTION) {
         WorkflowUtils.createCollectionWorkflowRole(context, collectionID, roleName, roleGroup);
       }
     }
   }
   return roleGroup;
 }
예제 #28
0
  /**
   * Is the given eperson in the given group, or any of the groups that are also members of that
   * group. This method recurses until it has exhausted the tree of groups or finds the given
   * eperson
   *
   * @param group
   * @param eperson
   * @return true if in group, false if not
   */
  public boolean isInGroup(Group group, EPerson eperson) {
    EPerson[] eps = group.getMembers();
    Group[] groups = group.getMemberGroups();

    // is the user in the current group
    for (int i = 0; i < eps.length; i++) {
      if (eperson.getID() == eps[i].getID()) {
        return true;
      }
    }

    // is the eperson in the sub-groups (recurse)
    if (groups != null && groups.length > 0) {
      for (int j = 0; j < groups.length; j++) {
        if (isInGroup(groups[j], eperson)) {
          return true;
        }
      }
    }

    // ok, we didn't find you
    return false;
  }
예제 #29
0
  /**
   * Check to see if the current user is an Administrator of a given object within DSpace. Always
   * return <code>true</code> if the user is a System Admin
   *
   * @param c current context
   * @param o current DSpace Object, if <code>null</code> the call will be equivalent to a call to
   *     the <code>isAdmin(Context c)</code> method
   * @return <code>true</code> if user has administrative privileges on the given DSpace object
   */
  public static boolean isAdmin(Context c, DSpaceObject o) throws SQLException {

    // return true if user is an Administrator
    if (isAdmin(c)) {
      return true;
    }

    if (o == null) {
      return false;
    }

    // is eperson set? if not, userid = 0 (anonymous)
    int userid = 0;
    EPerson e = c.getCurrentUser();
    if (e != null) {
      userid = e.getID();
    }

    //
    // First, check all Resource Policies directly on this object
    //
    List<ResourcePolicy> policies = getPoliciesActionFilter(c, o, Constants.ADMIN);

    for (ResourcePolicy rp : policies) {
      // check policies for date validity
      if (rp.isDateValid()) {
        if ((rp.getEPersonID() != -1) && (rp.getEPersonID() == userid)) {
          return true; // match
        }

        if ((rp.getGroupID() != -1) && (Group.isMember(c, rp.getGroupID()))) {
          // group was set, and eperson is a member
          // of that group
          return true;
        }
      }
    }

    // If user doesn't have specific Admin permissions on this object,
    // check the *parent* objects of this object.  This allows Admin
    // permissions to be inherited automatically (e.g. Admin on Community
    // is also an Admin of all Collections/Items in that Community)
    DSpaceObject parent = o.getParentObject();
    if (parent != null) {
      return isAdmin(c, parent);
    }

    return false;
  }
  /**
   * Displays the form to link groups to workspace items
   *
   * @param context the context of the request
   * @param request the servlet request
   * @param response the servlet response
   */
  private void showLinkPage(
      Context context, HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException, SQLException, AuthorizeException {
    // get all the groups
    Group[] groups = Group.findAll(context, 1);

    // get all the workspace items
    WorkspaceItem[] wsItems = WorkspaceItem.findAll(context);

    // set the attributes for the JSP
    request.setAttribute("groups", groups);
    request.setAttribute("wsItems", wsItems);

    JSPManager.showJSP(request, response, "/dspace-admin/supervise-link.jsp");
  }