hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 01:54:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

[DS-247] Access control on Statistics pages.

Browse Source 
git-svn-id: http://scm.dspace.org/svn/repo/dspace/trunk@4564 9c30dcfa-912a-0410-8fc2-9e0234be79fd
This commit is contained in:
Mark Diggory
2009-11-25 19:24:00 +00:00
parent 4efbd22a5a
commit ea88f7e272
4 changed files with 157 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
dspace-xmlui/dspace-xmlui-api/src/main/java/org/dspace/app/xmlui/aspect/statistics/StatisticsAuthorizedMatcher.java Normal file
View File

@@ -0,0 +1,128 @@
/**
* $Id: $
* $URL: $
* *************************************************************************
* Copyright (c) 2002-2009, DuraSpace. All rights reserved
* Licensed under the DuraSpace Foundation License.
*
* A copy of the DuraSpace License has been included in this
* distribution and is available at: http://scm.dspace.org/svn/repo/licenses/LICENSE.txt
*/
package org.dspace.app.xmlui.aspect.statistics;
import org.apache.cocoon.matching.Matcher;
import org.apache.cocoon.sitemap.PatternException;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.avalon.framework.logger.AbstractLogEnabled;
import org.dspace.core.Context;
import org.dspace.core.ConfigurationManager;
import org.dspace.app.xmlui.utils.ContextUtil;
import org.dspace.app.xmlui.utils.HandleUtil;
import org.dspace.content.DSpaceObject;
import org.dspace.content.Community;
import org.dspace.content.Collection;
import org.dspace.content.Item;
import org.dspace.authorize.AuthorizeManager;
import java.util.Map;
import java.util.HashMap;
import java.sql.SQLException;
/**
* User: @author kevinvandevelde (kevin at atmire.com)
* Date: 19-nov-2009
* Time: 17:19:56
*/
public class StatisticsAuthorizedMatcher extends AbstractLogEnabled implements Matcher{
public Map match(String pattern, Map objectModel, Parameters parameters) throws PatternException {
// Are we checking for *NOT* the action or the action.
boolean not = false;
int action = -1; // the action to check
if (pattern.startsWith("!"))
{
not = true;
pattern = pattern.substring(1);
}
if(!pattern.equals("READ"))
{
getLogger().warn("Invalid action: '"+pattern+"'");
return null;
}
try
{
Context context = ContextUtil.obtainContext(objectModel);
DSpaceObject dso = HandleUtil.obtainHandle(objectModel);
if (dso == null)
return null;
boolean authorized = AuthorizeManager.authorizeActionBoolean(context, dso, action, false);
//If we are not authorized check for any other authorizations present
if(!authorized && context.getCurrentUser() != null
&& ConfigurationManager.getBooleanProperty("statistics.item.authorization.admin"))
{
//Check for admin
authorized = AuthorizeManager.isAdmin(context);
if(!authorized)
//Check if we have authorization for the owning colls, comms, ...
authorized = checkParentAuthorization(context, dso);
}
// XOR
if (not ^ authorized)
{
return new HashMap();
}
else
{
return null;
}
}
catch (SQLException sqle)
{
throw new PatternException("Unable to obtain DSpace Context", sqle);
}
}
public static boolean checkParentAuthorization(Context context, DSpaceObject dso) throws SQLException {
if(dso instanceof Community)
{
Community comm = (Community) dso;
if(AuthorizeManager.isAdmin(context, comm))
return true;
else if(comm.getParentCommunity() != null)
return checkParentAuthorization(context, comm);
}else
if(dso instanceof Collection)
{
Collection coll = (Collection) dso;
if(AuthorizeManager.isAdmin(context, coll))
return true;
else{
//Check if any of our parent communities has authorization
for (int i = 0; i < coll.getCommunities().length; i++) {
Community community = coll.getCommunities()[i];
boolean authorized = checkParentAuthorization(context, community);
if(authorized)
return true;
}
}
}else
if(dso instanceof Item){
//Check if we have read rights for our owning collections
for(Collection coll : ((Item) dso).getCollections()){
boolean authorized = checkParentAuthorization(context, coll);
if(authorized)
return true;
}
}
return false;
}
}

11
dspace-xmlui/dspace-xmlui-api/src/main/java/org/dspace/app/xmlui/aspect/statistics/StatisticsTransformer.java
View File

@@ -48,10 +48,8 @@ public class StatisticsTransformer extends AbstractDSpaceTransformer {
* Add a page title and trail links
*/
public void addPageMeta(PageMeta pageMeta) throws SAXException, WingException, UIException, SQLException, IOException, AuthorizeException {
String handle = parameters.getParameter("handle", null);
DSpaceObject dso = null;
if(handle != null)
dso = HandleManager.resolveToObject(context, handle);
//Try to find our dspace object
DSpaceObject dso = HandleUtil.obtainHandle(objectModel);
pageMeta.addTrailLink(contextPath + "/",T_dspace_home);
@@ -70,10 +68,7 @@ public class StatisticsTransformer extends AbstractDSpaceTransformer {
UIException, SQLException, IOException, AuthorizeException {
//Try to find our dspace object
String handle = parameters.getParameter("handle", null);
DSpaceObject dso = null;
if(handle != null)
dso = HandleManager.resolveToObject(context, handle);
DSpaceObject dso = HandleUtil.obtainHandle(objectModel);
try
{

29
dspace-xmlui/dspace-xmlui-api/src/main/resources/aspects/Statistics/sitemap.xmap
View File

@@ -16,11 +16,15 @@
<map:transformers>
<map:transformer name="StatisticsTransformer" src="org.dspace.app.xmlui.aspect.statistics.StatisticsTransformer"/>
<map:transformer name="Navigation" src="org.dspace.app.xmlui.aspect.statistics.Navigation"/>
<map:transformer name="RestrictedItem" src="org.dspace.app.xmlui.aspect.artifactbrowser.RestrictedItem"/>
</map:transformers>
<map:matchers default="wildcard">
<map:matcher name="HandleTypeMatcher" src="org.dspace.app.xmlui.aspect.general.HandleTypeMatcher"/>
<map:matcher name="HandleAuthorizedMatcher" src="org.dspace.app.xmlui.aspect.general.HandleAuthorizedMatcher"/>
<map:matcher name="StatisticsAuthorizedMatcher" src="org.dspace.app.xmlui.aspect.statistics.StatisticsAuthorizedMatcher"/>
</map:matchers>
<map:selectors>
<map:selector name="AuthenticatedSelector" src="org.dspace.app.xmlui.aspect.general.AuthenticatedSelector"/>
</map:selectors>
</map:components>
<map:pipelines>
@@ -32,10 +36,25 @@
<!--Match our statistics-->
<map:match pattern="handle/*/*/statistics">
<map:transform type="StatisticsTransformer">
<!--Pass along our handle-->
<map:parameter name="handle" value="{1}/{2}" />
</map:transform>
<map:match type="StatisticsAuthorizedMatcher" pattern="READ">
<map:transform type="StatisticsTransformer"/>
</map:match>
</map:match>
<map:match type="StatisticsAuthorizedMatcher" pattern="!READ">
<map:select type="AuthenticatedSelector">
<map:when test="eperson">
<map:transform type="RestrictedItem"/>
<map:serialize/>
</map:when>
<map:otherwise>
<map:act type="StartAuthentication">
<map:parameter name="header" value="xmlui.ArtifactBrowser.RestrictedItem.auth_header"/>
<map:parameter name="message" value="xmlui.ArtifactBrowser.RestrictedItem.auth_message"/>
</map:act>
<map:serialize/>
</map:otherwise>
</map:select>
</map:match>
<map:match pattern="">

2
dspace/config/dspace.cfg
View File

@@ -1903,6 +1903,8 @@ statistics.items.type.1=dcinput
statistics.items.type.2=date
statistics.default.start.datepick = 01/01/1977
statistics.item.authorization.admin=true
##### Authority Control Settings #####
#plugin.named.org.dspace.content.authority.ChoiceAuthority = \