예제 #1
0
  /**
   * Check to see if the current user is a System Admin. Always return <code>true</code> if
   * c.ignoreAuthorization is set. Anonymous users can't be Admins (EPerson set to NULL)
   *
   * @param c current context
   * @return <code>true</code> if user is an admin or ignore authorization flag set
   */
  public static boolean isAdmin(Context c) throws SQLException {
    // if we're ignoring authorization, user is member of admin
    if (c.ignoreAuthorization()) {
      return true;
    }

    EPerson e = c.getCurrentUser();

    if (e == null) {
      return false; // anonymous users can't be admins....
    } else {
      return Group.isMember(c, 1);
    }
  }
예제 #2
0
  /**
   * Check to see if the current user is an Administrator of a given object within DSpace. Always
   * return <code>true</code> if the user is a System Admin
   *
   * @param c current context
   * @param o current DSpace Object, if <code>null</code> the call will be equivalent to a call to
   *     the <code>isAdmin(Context c)</code> method
   * @return <code>true</code> if user has administrative privileges on the given DSpace object
   */
  public static boolean isAdmin(Context c, DSpaceObject o) throws SQLException {

    // return true if user is an Administrator
    if (isAdmin(c)) {
      return true;
    }

    if (o == null) {
      return false;
    }

    // is eperson set? if not, userid = 0 (anonymous)
    int userid = 0;
    EPerson e = c.getCurrentUser();
    if (e != null) {
      userid = e.getID();
    }

    //
    // First, check all Resource Policies directly on this object
    //
    List<ResourcePolicy> policies = getPoliciesActionFilter(c, o, Constants.ADMIN);

    for (ResourcePolicy rp : policies) {
      // check policies for date validity
      if (rp.isDateValid()) {
        if ((rp.getEPersonID() != -1) && (rp.getEPersonID() == userid)) {
          return true; // match
        }

        if ((rp.getGroupID() != -1) && (Group.isMember(c, rp.getGroupID()))) {
          // group was set, and eperson is a member
          // of that group
          return true;
        }
      }
    }

    // If user doesn't have specific Admin permissions on this object,
    // check the *parent* objects of this object.  This allows Admin
    // permissions to be inherited automatically (e.g. Admin on Community
    // is also an Admin of all Collections/Items in that Community)
    DSpaceObject parent = o.getParentObject();
    if (parent != null) {
      return isAdmin(c, parent);
    }

    return false;
  }
예제 #3
0
  /**
   * Check to see if the given user can perform the given action on the given object. Always returns
   * true if the ignore authorization flat is set in the current context.
   *
   * @param c current context. User is irrelevant; "ignore authorization" flag is relevant
   * @param o object action is being attempted on
   * @param action ID of action being attempted, from <code>org.dspace.core.Constants</code>
   * @param e user attempting action
   * @param useInheritance flag to say if ADMIN action on the current object or parent object can be
   *     used
   * @return <code>true</code> if user is authorized to perform the given action, <code>false</code>
   *     otherwise
   * @throws SQLException
   */
  private static boolean authorize(
      Context c, DSpaceObject o, int action, EPerson e, boolean useInheritance)
      throws SQLException {
    // return FALSE if there is no DSpaceObject
    if (o == null) {
      return false;
    }

    // is authorization disabled for this context?
    if (c.ignoreAuthorization()) {
      return true;
    }

    // is eperson set? if not, userid = 0 (anonymous)
    int userid = 0;
    if (e != null) {
      userid = e.getID();

      // perform isAdmin check to see
      // if user is an Admin on this object
      DSpaceObject testObject = useInheritance ? o.getAdminObject(action) : null;

      if (isAdmin(c, testObject)) {
        return true;
      }
    }

    for (ResourcePolicy rp : getPoliciesActionFilter(c, o, action)) {
      // check policies for date validity
      if (rp.isDateValid()) {
        if ((rp.getEPersonID() != -1) && (rp.getEPersonID() == userid)) {
          return true; // match
        }

        if ((rp.getGroupID() != -1) && (Group.isMember(c, rp.getGroupID()))) {
          // group was set, and eperson is a member
          // of that group
          return true;
        }
      }
    }

    // default authorization is denial
    return false;
  }