Code
/
islandora
7
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
Browse Source

Connectionhelper is session aware SecurityClass now uses xacml api

pull/93/head
ppound 13 years ago
parent
d5d2a36e4f
commit
a2c4b5d374
2 changed files with 16 additions and 13 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      ConnectionHelper.inc
  2. 25
      SecurityClass.inc

2
ConnectionHelper.inc
Unescape View File

@ -95,10 +95,10 @@ class ConnectionHelper {
try {
//we need to make a call to set the cookie this extra call would only happen once per session
$client->__soapCall('describeRepository', array());
$_SESSION['islandora_soapcookies'] = $client->_cookies;
} catch (exception $e) {
//connection is tested elsewhere so eat this for now here we just want the cookie
}
$_SESSION['islandora_soapcookies'] = $client->_cookies;
}

25
SecurityClass.inc
Unescape View File

@ -23,14 +23,16 @@ class SecurityClass {
}
/**
* canIngestHere ??
* @global type $user
* @param type $collection_pid
* @return type
* reads the specified stream of the parent object to see if the user can ingest in this collection.
*
* @global object $user
* @param string $collection_pid
* @return boolean
*/
function canIngestHere($collection_pid) {
global $user;
module_load_include('inc', 'fedora_repository', 'ObjectHelper');
module_load_include('inc', 'islandora_xacml_api', 'Xacml');
$objectHelper = new ObjectHelper();
// get the childsecurity policy from the collection.
$policyStream = $objectHelper->getStream($collection_pid, SECURITYCLASS :: $SECURITY_CLASS_SECURITY_STREAM, FALSE);
@ -39,13 +41,9 @@ class SecurityClass {
// maybe we should return FALSE here?? would be more secure.
return TRUE;
}
$allowedUsersAndRoles = $this->getAllowedUsersAndRoles($policyStream);
if (!$allowedUsersAndRoles) {
// error processing stream so don't let them ingest here.
return FALSE;
}
$allowedUsers = $allowedUsersAndRoles["users"];
$allowedRoles = $allowedUsersAndRoles["roles"];
$xacml = new Xacml($policyStream);
$allowedUsers = $xacml->managementRule->getUsers();
$allowedRoles = $xacml->managementRule->getRoles();
foreach ($user->roles as $role) {
if (in_array($role, $allowedRoles)) {
@ -60,7 +58,10 @@ class SecurityClass {
}
/**
* Depracated should use the xacml api for this
*
* parses our simple xacml policies checking for users or roles that are allowed to ingest
*
* @param type $policyStream
* @return type
*/
@ -153,6 +154,8 @@ class SecurityClass {
}
/**
* Depracated should use the xacml api for this
*
* Add a list of allowed users and roles to the given policy stream and return it.
*
* @param string $policy_stream

Write Preview
Loading…
Cancel
Save