Code
/
islandora
7
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
Browse Source

implement ds xacml checks

pull/544/head
Nelson Hart 10 years ago
parent
a944030c71
commit
9446b04e79
2 changed files with 83 additions and 80 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      ObjectHelper.inc
  2. 11
      fedora_repository.module

10
ObjectHelper.inc
Unescape View File

@ -93,7 +93,7 @@ class ObjectHelper {
return ' ';
}
if (!fedora_repository_check_perm(OBJECTHELPER :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user)) {
if (!fedora_repository_check_perm(OBJECTHELPER :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user, TRUE, $dsID)) {
drupal_set_message(t("You do not have access Fedora objects within the attempted namespace."), 'error');
drupal_access_denied();
return ' ';
@ -137,6 +137,8 @@ class ObjectHelper {
$fedoraPass = $user->pass;
}
if (function_exists("curl_init")) {
$url = variable_get('fedora_base_url', 'http://localhost:8080/fedora') . '/objects/' . $pid . '/datastreams/' . $dsID . '/content';
$query_options = array();
@ -148,6 +150,7 @@ class ObjectHelper {
'query' => $query_options,
));
}
$ch = curl_init($url);
$user_agent = "Mozilla/4.0 pp(compatible; MSIE 5.01; Windows NT 5.0)";
@ -215,7 +218,6 @@ class ObjectHelper {
}
$effective_url = $info['url'];
//dd($info, 'header/nobody info');
if ($url !== $effective_url) { //Handle redirect streams (the final URL is not the same as the Fedora URL)
//Add the parameters passed to Drupal, leaving out the 'q'
@ -298,7 +300,7 @@ class ObjectHelper {
drupal_set_message(t('You must specify an object pid and datastream ID.'), 'error');
return '';
}
if (!fedora_repository_check_perm(ObjectHelper :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user)) {
if (!fedora_repository_check_perm(ObjectHelper :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user, TRUE, $dsID)) {
drupal_set_message(t('You do not have the appropriate permissions'), 'error');
return;
}
@ -333,7 +335,7 @@ class ObjectHelper {
drupal_set_message(t('You must specify an object pid and datastream ID.'), 'error');
return '';
}
if (!fedora_repository_check_perm(ObjectHelper :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user)) {
if (!fedora_repository_check_perm(ObjectHelper :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user, TRUE, $dsID)) {
drupal_set_message(t('You do not have the appropriate permissions'), 'error');
return;
}

11
fedora_repository.module
Unescape View File

@ -962,7 +962,7 @@ function makeObject($pid, $dsID) {
return ' ';
}
global $user, $conf;
if (!fedora_repository_check_perm(OBJECTHELPER :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user)) {
if (!fedora_repository_check_perm(OBJECTHELPER :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user, TRUE, $dsID)) {
drupal_access_denied();
return;
drupal_set_message(t("You do not have access to Fedora objects within the attempted namespace."), 'error');
@ -1077,7 +1077,8 @@ function fedora_repository_get_items($pid = NULL, $dsId = NULL, $collection = NU
module_load_include('inc', 'fedora_repository', 'ObjectHelper');
module_load_include('inc', 'fedora_repository', 'api/fedora_utils');
module_load_include('inc', 'fedora_repository', 'api/fedora_item');
global $user;
global $user, $conf;;
$conf['cache'] = CACHE_DISABLED;
if (!fedora_available()) {
drupal_set_message(t('The Fedora repository server is currently unavailable. Please contact the site administrator.'), 'warning', FALSE);
@ -1108,7 +1109,7 @@ function fedora_repository_get_items($pid = NULL, $dsId = NULL, $collection = NU
drupal_set_message(t("Invalid dsID!"), 'error');
return ' ';
}
if (!fedora_repository_check_perm(OBJECTHELPER::$OBJECT_HELPER_VIEW_FEDORA, $pid, $user)) {
if (!fedora_repository_check_perm(OBJECTHELPER::$OBJECT_HELPER_VIEW_FEDORA, $pid, $user, TRUE, $dsId)) {
if (user_access('access administration pages')) {
drupal_set_message(t("PIDs may be added to allowed namespaces, or all namespace restrictions removed !here", array('!here' => l('here', 'admin/settings/fedora_repository'))), 'warning');
}
@ -1702,7 +1703,7 @@ function fedora_repository_access() {
* A boolean indicating if the operation should be permitted (TRUE) or denied
* (FALSE).
*/
function fedora_repository_check_perm($op, $pid = NULL, $as_user = NULL, $reset_cache = FALSE) {
function fedora_repository_check_perm($op, $pid = NULL, $as_user = NULL, $reset_cache = FALSE, $dsid = NULL) {
static $cache = array();
if ($reset_cache) {
@ -1719,7 +1720,7 @@ function fedora_repository_check_perm($op, $pid = NULL, $as_user = NULL, $reset_
// Populate the cache on a miss.
if (!isset($cache[$op][$pid][$as_user->uid])) {
$results = module_invoke_all('fedora_repository_check_perm', $op, $pid, $as_user);
$results = module_invoke_all('fedora_repository_check_perm', $op, $pid, $as_user, $dsid);
// Nothing returned FALSE, and something returned TRUE.
$cache[$op][$pid][$as_user->uid] = (!in_array(FALSE, $results, TRUE) && in_array(TRUE, $results, TRUE));
}

Write Preview
Loading…
Cancel
Save