Code
/
islandora
7
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
Browse Source

Connectionhelper is session aware SecurityClass now uses xacml api

pull/93/head
ppound 13 years ago
parent
d5d2a36e4f
commit
a2c4b5d374
2 changed files with 16 additions and 13 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      ConnectionHelper.inc
  2. 27
      SecurityClass.inc

2
ConnectionHelper.inc
Unescape View File

@ -95,10 +95,10 @@ class ConnectionHelper {
try { try {
//we need to make a call to set the cookie this extra call would only happen once per session //we need to make a call to set the cookie this extra call would only happen once per session
$client->__soapCall('describeRepository', array()); $client->__soapCall('describeRepository', array());
$_SESSION['islandora_soapcookies'] = $client->_cookies;
} catch (exception $e) { } catch (exception $e) {
//connection is tested elsewhere so eat this for now here we just want the cookie //connection is tested elsewhere so eat this for now here we just want the cookie
} }
$_SESSION['islandora_soapcookies'] = $client->_cookies;
} }

27
SecurityClass.inc
Unescape View File

@ -22,15 +22,17 @@ class SecurityClass {
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
} }
/** /**
* canIngestHere ?? * reads the specified stream of the parent object to see if the user can ingest in this collection.
* @global type $user *
* @param type $collection_pid * @global object $user
* @return type * @param string $collection_pid
* @return boolean
*/ */
function canIngestHere($collection_pid) { function canIngestHere($collection_pid) {
global $user; global $user;
module_load_include('inc', 'fedora_repository', 'ObjectHelper'); module_load_include('inc', 'fedora_repository', 'ObjectHelper');
module_load_include('inc', 'islandora_xacml_api', 'Xacml');
$objectHelper = new ObjectHelper(); $objectHelper = new ObjectHelper();
// get the childsecurity policy from the collection. // get the childsecurity policy from the collection.
$policyStream = $objectHelper->getStream($collection_pid, SECURITYCLASS :: $SECURITY_CLASS_SECURITY_STREAM, FALSE); $policyStream = $objectHelper->getStream($collection_pid, SECURITYCLASS :: $SECURITY_CLASS_SECURITY_STREAM, FALSE);
@ -39,13 +41,9 @@ class SecurityClass {
// maybe we should return FALSE here?? would be more secure. // maybe we should return FALSE here?? would be more secure.
return TRUE; return TRUE;
} }
$allowedUsersAndRoles = $this->getAllowedUsersAndRoles($policyStream); $xacml = new Xacml($policyStream);
if (!$allowedUsersAndRoles) { $allowedUsers = $xacml->managementRule->getUsers();
// error processing stream so don't let them ingest here. $allowedRoles = $xacml->managementRule->getRoles();
return FALSE;
}
$allowedUsers = $allowedUsersAndRoles["users"];
$allowedRoles = $allowedUsersAndRoles["roles"];
foreach ($user->roles as $role) { foreach ($user->roles as $role) {
if (in_array($role, $allowedRoles)) { if (in_array($role, $allowedRoles)) {
@ -60,7 +58,10 @@ class SecurityClass {
} }
/** /**
* Depracated should use the xacml api for this
*
* parses our simple xacml policies checking for users or roles that are allowed to ingest * parses our simple xacml policies checking for users or roles that are allowed to ingest
*
* @param type $policyStream * @param type $policyStream
* @return type * @return type
*/ */
@ -153,6 +154,8 @@ class SecurityClass {
} }
/** /**
* Depracated should use the xacml api for this
*
* Add a list of allowed users and roles to the given policy stream and return it. * Add a list of allowed users and roles to the given policy stream and return it.
* *
* @param string $policy_stream * @param string $policy_stream

Write Preview
Loading…
Cancel
Save