예제 #1
0
  /**
   * Change default privileges from the anonymous group to a new group that will be created and
   * appropriate privileges assigned. The id of this new group will be returned.
   *
   * @param context The current DSpace context.
   * @param collectionID The collection id.
   * @return The group ID of the new group.
   */
  public static int createCollectionDefaultReadGroup(Context context, int collectionID)
      throws SQLException, AuthorizeException, UIException {
    int roleID = getCollectionDefaultRead(context, collectionID);

    if (roleID != 0) {
      throw new UIException(
          "Unable to create a new default read group because either the group already exists or multiple groups are assigned the default privileges.");
    }

    Collection collection = Collection.find(context, collectionID);
    Group role = Group.create(context);
    role.setName("COLLECTION_" + collection.getID() + "_DEFAULT_READ");

    // Remove existing privileges from the anonymous group.
    AuthorizeManager.removePoliciesActionFilter(context, collection, Constants.DEFAULT_ITEM_READ);
    AuthorizeManager.removePoliciesActionFilter(
        context, collection, Constants.DEFAULT_BITSTREAM_READ);

    // Grant our new role the default privileges.
    AuthorizeManager.addPolicy(context, collection, Constants.DEFAULT_ITEM_READ, role);
    AuthorizeManager.addPolicy(context, collection, Constants.DEFAULT_BITSTREAM_READ, role);

    // Commit the changes
    role.update();
    context.commit();

    return role.getID();
  }
예제 #2
0
 private static Group getXMLWorkflowRole(
     Context context, int collectionID, String roleName, Collection collection, Group roleGroup)
     throws IOException, WorkflowConfigurationException, SQLException, AuthorizeException {
   Role role = WorkflowUtils.getCollectionAndRepositoryRoles(collection).get(roleName);
   if (role.getScope() == Role.Scope.COLLECTION || role.getScope() == Role.Scope.REPOSITORY) {
     roleGroup = WorkflowUtils.getRoleGroup(context, collectionID, role);
     if (roleGroup == null) {
       AuthorizeManager.authorizeAction(context, collection, Constants.WRITE);
       roleGroup = Group.create(context);
       if (role.getScope() == Role.Scope.COLLECTION) {
         roleGroup.setName("COLLECTION_" + collection.getID() + "_WORKFLOW_ROLE_" + roleName);
       } else {
         roleGroup.setName(role.getName());
       }
       roleGroup.update();
       AuthorizeManager.addPolicy(context, collection, Constants.ADD, roleGroup);
       if (role.getScope() == Role.Scope.COLLECTION) {
         WorkflowUtils.createCollectionWorkflowRole(context, collectionID, roleName, roleGroup);
       }
     }
   }
   return roleGroup;
 }
예제 #3
0
  @Override
  public Group createAdministrators(Context context, Community community)
      throws SQLException, AuthorizeException {
    // Check authorisation - Must be an Admin to create more Admins
    AuthorizeUtil.authorizeManageAdminGroup(context, community);

    Group admins = community.getAdministrators();
    if (admins == null) {
      // turn off authorization so that Community Admins can create Sub-Community Admins
      context.turnOffAuthorisationSystem();
      admins = groupService.create(context);
      context.restoreAuthSystemState();

      admins.setName(context, "COMMUNITY_" + community.getID() + "_ADMIN");
      groupService.update(context, admins);
    }

    authorizeService.addPolicy(context, community, Constants.ADMIN, admins);

    // register this as the admin group
    community.setAdmins(admins);
    return admins;
  }
예제 #4
0
  @RequestMapping(method = RequestMethod.POST)
  protected String processPost(
      @RequestAttribute Context context,
      ModelMap model,
      HttpServletRequest request,
      HttpServletResponse response)
      throws ServletException, IOException, SQLException, AuthorizeException {

    Group group = null;
    group = checkGroup(context, request);

    if (group != null) {

      // is this user authorized to edit this group?
      AuthorizeManager.authorizeAction(context, group, Constants.ADD);

      boolean submit_edit = (request.getParameter("submit_edit") != null);
      boolean submit_group_update = (request.getParameter("submit_group_update") != null);
      boolean submit_group_delete = (request.getParameter("submit_group_delete") != null);
      boolean submit_confirm_delete = (request.getParameter("submit_confirm_delete") != null);
      boolean submit_cancel_delete = (request.getParameter("submit_cancel_delete") != null);

      // just chosen a group to edit - get group and pass it to
      // group-edit.jsp
      if (submit_edit && !submit_group_update && !submit_group_delete) {
        model.addAttribute("group", group);
        model.addAttribute("members", group.getMembers());
        model.addAttribute("membergroups", group.getMemberGroups());
        String utilsGrpName = Utils.addEntities(group.getName());
        model.addAttribute("utilsGrpName", utilsGrpName);

        return "pages/admin/group-edit";
      } // update the members of the group
      else if (submit_group_update) {
        // first off, did we change the group name?
        String newName = request.getParameter("group_name");

        if (!newName.equals(group.getName())) {
          group.setName(newName);
          group.update();
        }

        int[] eperson_ids = Util.getIntParameters(request, "eperson_id");
        int[] group_ids = Util.getIntParameters(request, "group_ids");

        // now get members, and add new ones and remove missing ones
        EPerson[] members = group.getMembers();
        Group[] membergroups = group.getMemberGroups();

        if (eperson_ids != null) {
          // some epeople were listed, now make group's epeople match
          // given epeople
          Set memberSet = new HashSet();
          Set epersonIDSet = new HashSet();

          // add all members to a set
          for (int x = 0; x < members.length; x++) {
            Integer epersonID = Integer.valueOf(members[x].getID());
            memberSet.add(epersonID);
          }

          // now all eperson_ids are put in a set
          for (int x = 0; x < eperson_ids.length; x++) {
            epersonIDSet.add(Integer.valueOf(eperson_ids[x]));
          }

          // process eperson_ids, adding those to group not already
          // members
          Iterator i = epersonIDSet.iterator();

          while (i.hasNext()) {
            Integer currentID = (Integer) i.next();

            if (!memberSet.contains(currentID)) {
              group.addMember(EPerson.find(context, currentID.intValue()));
            }
          }

          // process members, removing any that aren't in eperson_ids
          for (int x = 0; x < members.length; x++) {
            EPerson e = members[x];

            if (!epersonIDSet.contains(Integer.valueOf(e.getID()))) {
              group.removeMember(e);
            }
          }
        } else {
          // no members found (ids == null), remove them all!

          for (int y = 0; y < members.length; y++) {
            group.removeMember(members[y]);
          }
        }

        if (group_ids != null) {
          // some groups were listed, now make group's member groups
          // match given group IDs
          Set memberSet = new HashSet();
          Set groupIDSet = new HashSet();

          // add all members to a set
          for (int x = 0; x < membergroups.length; x++) {
            Integer myID = Integer.valueOf(membergroups[x].getID());
            memberSet.add(myID);
          }

          // now all eperson_ids are put in a set
          for (int x = 0; x < group_ids.length; x++) {
            groupIDSet.add(Integer.valueOf(group_ids[x]));
          }

          // process group_ids, adding those to group not already
          // members
          Iterator i = groupIDSet.iterator();

          while (i.hasNext()) {
            Integer currentID = (Integer) i.next();

            if (!memberSet.contains(currentID)) {
              group.addMember(Group.find(context, currentID.intValue()));
            }
          }

          // process members, removing any that aren't in eperson_ids
          for (int x = 0; x < membergroups.length; x++) {
            Group g = membergroups[x];

            if (!groupIDSet.contains(Integer.valueOf(g.getID()))) {
              group.removeMember(g);
            }
          }

        } else {
          // no members found (ids == null), remove them all!
          for (int y = 0; y < membergroups.length; y++) {
            group.removeMember(membergroups[y]);
          }
        }

        group.update();

        model.addAttribute("group", group);
        model.addAttribute("members", group.getMembers());
        model.addAttribute("membergroups", group.getMemberGroups());
        String utilsGrpName = Utils.addEntities(group.getName());
        model.addAttribute("utilsGrpName", utilsGrpName);

        context.commit();
        return "pages/admin/group-edit";
      } else if (submit_group_delete) {
        // direct to a confirmation step
        model.addAttribute("group", group);
        return "pages/admin/group-confirm-delete";
      } else if (submit_confirm_delete) {
        // phony authorize, only admins can do this
        AuthorizeManager.authorizeAction(context, group, Constants.WRITE);

        // delete group, return to group-list.jsp
        group.delete();

        return showMainPage(context, model, request, response);
      } else if (submit_cancel_delete) {
        // show group list
        return showMainPage(context, model, request, response);
      } else {
        // unknown action, show edit page
        model.addAttribute("group", group);
        model.addAttribute("members", group.getMembers());
        model.addAttribute("membergroups", group.getMemberGroups());
        String utilsGrpName = Utils.addEntities(group.getName());
        model.addAttribute("utilsGrpName", utilsGrpName);

        return "pages/admin/group-edit";
      }
    } else {

      // want to add a group - create a blank one, and pass to
      // group_edit.jsp
      String button = UIUtil.getSubmitButton(request, "submit");

      if (button.equals("submit_add")) {
        group = Group.create(context);

        group.setName("new group" + group.getID());
        group.update();

        model.addAttribute("group", group);
        model.addAttribute("members", group.getMembers());
        model.addAttribute("membergroups", group.getMemberGroups());
        String utilsGrpName = Utils.addEntities(group.getName());
        model.addAttribute("utilsGrpName", utilsGrpName);

        context.commit();
        return "pages/admin/group-edit";

      } else {
        // show the main page (select groups)
        return showMainPage(context, model, request, response);
      }
    } // end
  } // end processGet