예제 #1
0
 // check whether any bundle belongs to any item that passed submission
 // and workflow process
 protected boolean isAnyItemInstalled(Context ctx, List<Bundle> bundles) throws SQLException {
   for (Bundle bundle : bundles) {
     for (Item item : bundle.getItems()) {
       if (workspaceItemService.findByItem(ctx, item) == null
           && workflowItemService.findByItem(ctx, item) == null) {
         return true;
       }
     }
   }
   return false;
 }
예제 #2
0
  /**
   * Return the InProgressSubmission, either workspaceItem or workflowItem, depending on the id
   * provided. If the id begins with an S then it is a considered a workspaceItem. If the id begins
   * with a W then it is considered a workflowItem.
   *
   * @param context
   * @param inProgressSubmissionID
   * @return The InprogressSubmission or null if non found
   */
  public static InProgressSubmission findSubmission(Context context, String inProgressSubmissionID)
      throws SQLException, AuthorizeException, IOException {
    char type = inProgressSubmissionID.charAt(0);
    int id = Integer.valueOf(inProgressSubmissionID.substring(1));

    if (type == 'S') {
      return workspaceItemService.find(context, id);
    } else if (type == 'W' || type == 'X') {
      return workflowService.find(context, id);
    }
    return null;
  }
예제 #3
0
  /**
   * Check to see if the given user can perform the given action on the given object. Always returns
   * true if the ignore authorization flat is set in the current context.
   *
   * @param c current context. User is irrelevant; "ignore authorization" flag is relevant
   * @param o object action is being attempted on
   * @param action ID of action being attempted, from <code>org.dspace.core.Constants</code>
   * @param e user attempting action
   * @param useInheritance flag to say if ADMIN action on the current object or parent object can be
   *     used
   * @return <code>true</code> if user is authorized to perform the given action, <code>false</code>
   *     otherwise
   * @throws SQLException if database error
   */
  protected boolean authorize(
      Context c, DSpaceObject o, int action, EPerson e, boolean useInheritance)
      throws SQLException {
    // return FALSE if there is no DSpaceObject
    if (o == null) {
      return false;
    }

    // is authorization disabled for this context?
    if (c.ignoreAuthorization()) {
      return true;
    }

    // is eperson set? if not, userToCheck = null (anonymous)
    EPerson userToCheck = null;
    if (e != null) {
      userToCheck = e;

      // perform isAdmin check to see
      // if user is an Admin on this object
      DSpaceObject adminObject =
          useInheritance
              ? serviceFactory.getDSpaceObjectService(o).getAdminObject(c, o, action)
              : null;

      if (isAdmin(c, adminObject)) {
        return true;
      }
    }

    // In case the dso is an bundle or bitstream we must ignore custom
    // policies if it does not belong to at least one installed item (see
    // DS-2614).
    // In case the dso is an item and a corresponding workspace or workflow
    // item exist, we have to ignore custom policies (see DS-2614).
    boolean ignoreCustomPolicies = false;
    if (o instanceof Bitstream) {
      Bitstream b = (Bitstream) o;

      // Ensure that this is not a collection or community logo
      DSpaceObject parent = bitstreamService.getParentObject(c, b);
      if (!(parent instanceof Collection) && !(parent instanceof Community)) {
        ignoreCustomPolicies = !isAnyItemInstalled(c, b.getBundles());
      }
    }
    if (o instanceof Bundle) {
      ignoreCustomPolicies = !isAnyItemInstalled(c, Arrays.asList(((Bundle) o)));
    }
    if (o instanceof Item) {
      if (workspaceItemService.findByItem(c, (Item) o) != null
          || workflowItemService.findByItem(c, (Item) o) != null) {
        ignoreCustomPolicies = true;
      }
    }

    for (ResourcePolicy rp : getPoliciesActionFilter(c, o, action)) {

      if (ignoreCustomPolicies && ResourcePolicy.TYPE_CUSTOM.equals(rp.getRpType())) {
        continue;
      }

      // check policies for date validity
      if (resourcePolicyService.isDateValid(rp)) {
        if (rp.getEPerson() != null && rp.getEPerson().equals(userToCheck)) {
          return true; // match
        }

        if ((rp.getGroup() != null) && (groupService.isMember(c, rp.getGroup()))) {
          // group was set, and eperson is a member
          // of that group
          return true;
        }
      }
    }

    // default authorization is denial
    return false;
  }