Browse Source

Fix for Islandora 504 reverted SecurityClass changes

pull/96/head
Paul Pound 13 years ago
parent
commit
a41a256be2
  1. 25
      SecurityClass.inc

25
SecurityClass.inc

@ -23,16 +23,14 @@ class SecurityClass {
}
/**
* reads the specified stream of the parent object to see if the user can ingest in this collection.
*
* @global object $user
* @param string $collection_pid
* @return boolean
* canIngestHere ??
* @global type $user
* @param type $collection_pid
* @return type
*/
function canIngestHere($collection_pid) {
global $user;
module_load_include('inc', 'fedora_repository', 'ObjectHelper');
module_load_include('inc', 'islandora_xacml_api', 'Xacml');
$objectHelper = new ObjectHelper();
// get the childsecurity policy from the collection.
$policyStream = $objectHelper->getStream($collection_pid, SECURITYCLASS :: $SECURITY_CLASS_SECURITY_STREAM, FALSE);
@ -41,9 +39,13 @@ class SecurityClass {
// maybe we should return FALSE here?? would be more secure.
return TRUE;
}
$xacml = new Xacml($policyStream);
$allowedUsers = $xacml->managementRule->getUsers();
$allowedRoles = $xacml->managementRule->getRoles();
$allowedUsersAndRoles = $this->getAllowedUsersAndRoles($policyStream);
if (!$allowedUsersAndRoles) {
// error processing stream so don't let them ingest here.
return FALSE;
}
$allowedUsers = $allowedUsersAndRoles["users"];
$allowedRoles = $allowedUsersAndRoles["roles"];
foreach ($user->roles as $role) {
if (in_array($role, $allowedRoles)) {
@ -58,10 +60,7 @@ class SecurityClass {
}
/**
* Depracated should use the xacml api for this
*
* parses our simple xacml policies checking for users or roles that are allowed to ingest
*
* @param type $policyStream
* @return type
*/
@ -154,8 +153,6 @@ class SecurityClass {
}
/**
* Depracated should use the xacml api for this
*
* Add a list of allowed users and roles to the given policy stream and return it.
*
* @param string $policy_stream

Loading…
Cancel
Save