From d7de3a51bfe150cdbb13e7606b5330f8de98f078 Mon Sep 17 00:00:00 2001 From: ppound Date: Mon, 31 Oct 2011 15:43:13 -0300 Subject: [PATCH 1/6] partial fix for ISLANDORA-403 --- CollectionClass.inc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CollectionClass.inc b/CollectionClass.inc index 82e4739e..87ab1d63 100644 --- a/CollectionClass.inc +++ b/CollectionClass.inc @@ -519,7 +519,9 @@ class CollectionClass { $show_batch_tab = TRUE; $policy = CollectionPolicy::loadFromCollection($this->pid, TRUE); - $content_models = $policy->getContentModels(); + if(!empty($policy)){ + $content_models = $policy->getContentModels(); + } if (count($content_models) == 1 && $content_models[0]->pid == "islandora:collectionCModel") { $show_batch_tab = FALSE; } From b195d45b1e8517d747c04a19284c1c8f8f0b34f0 Mon Sep 17 00:00:00 2001 From: jonathangreen Date: Tue, 8 Nov 2011 21:28:00 -0400 Subject: [PATCH 2/6] Cleanup some TRUE that should be true When you do a repository search in Fedora_Item the URL it creates requires that the boolean be true. This got changed to TRUE in the code cleanup. Changed this back. --- api/fedora_item.inc | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/api/fedora_item.inc b/api/fedora_item.inc index 54a9158b..a79749a7 100644 --- a/api/fedora_item.inc +++ b/api/fedora_item.inc @@ -43,7 +43,7 @@ class Fedora_Item { } $raw_objprofile = $this->soap_call('getObjectProfile', array('pid' => $this->pid, 'asOfDateTime' => "")); - + if (!empty($raw_objprofile)) { $this->objectProfile = $raw_objprofile->objectProfile; $this->datastreams = $this->get_datastreams_list_as_array(); @@ -297,18 +297,17 @@ class Fedora_Item { $i++; $url = variable_get('fedora_base_url', 'http://localhost:8080/fedora'); if ($cursor == 0) { - $url .= "/objects?query=$field~$pattern&pid=TRUE&title=TRUE&resultFormat=xml&maxResults=$max_results"; + $url .= "/objects?query=$field~$pattern&pid=true&title=TRUE&resultFormat=xml&maxResults=$max_results"; } else { - $url .= "/objects?pid=TRUE&title=TRUEsessionToken=$session_token&resultFormat=xml&maxResults=$max_results"; + $url .= "/objects?pid=true&title=true&sessionToken=$session_token&resultFormat=xml&maxResults=$max_results"; } if (count($resultFields) > 0) { - $url .= '&' . join('=TRUE&', $resultFields) . '=TRUE'; + $url .= '&' . join('=true&', $resultFields) . '=true'; } $resultxml = do_curl($url); - libxml_use_internal_errors(TRUE); $resultelements = simplexml_load_string($resultxml); if ($resultelements === FALSE) { From 4ef6faa2fb5a774bb29ef8cb1dc2e648a73ca626 Mon Sep 17 00:00:00 2001 From: discoverygnoye Date: Tue, 15 Nov 2011 11:41:49 -0400 Subject: [PATCH 3/6] COLORADO-1628 Fix the breadcrumb path calculation to remove blanks The current breadcrumb calculation takes the first tag in the DC datastream. The sorting order of the tags (in the case of more than one tag) has empty tags appearing as the first items to be selected by the query. This fix alters the query to change the sort order to make empty tags the last items to be selected and thus, if a non-empty tag exists it will be selected as the name of the breadcrumb. There is also a problem with the breadcrumb query processing that will attempt to process failed queries. The test for failure was incorrect and allowed some failed queries to be treated as successes. This resulted in recursively calling the breadcrumb processing an additional 10 times and failing each time. This resulted in 10 '>' symbols instead of an error message. This fix tests for falure and puts up an error message in the breadcrumb trail. The breadcrumb calculation should be rewritten to be more robust. --- ObjectHelper.inc | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/ObjectHelper.inc b/ObjectHelper.inc index 70f73d4b..d1e73b8c 100644 --- a/ObjectHelper.inc +++ b/ObjectHelper.inc @@ -937,18 +937,22 @@ class ObjectHelper { or $parentObject) and $parentObject ) minus $content - order by $title'; + order by $title desc'; $query_string = htmlentities(urlencode($query_string)); $url = variable_get('fedora_repository_url', 'http://localhost:8080/fedora/risearch'); $url .= "?type=tuples&flush=TRUE&format=CSV&limit=1&offset=0&lang=itql&stream=on&query=" . $query_string; - + $result = preg_split('/[\r\n]+/', do_curl($url)); array_shift($result); // throw away first line $matches = str_getcsv(join("\n", $result)); - if ($matches !== FALSE) { + if (count($matches) >= 2) { $parent = preg_replace('/^info:fedora\//', '', $matches[0]); + if (0 == strlen($matches[1])) { + $matches[1] = "Unlabeled Object"; + } + $breadcrumbs[] = l($matches[1], 'fedora/repository/' . $pid); if ($parent == variable_get('fedora_repository_pid', 'islandora:root')) { $breadcrumbs[] = l(t('Digital repository'), 'fedora/repository'); @@ -958,6 +962,10 @@ class ObjectHelper { $this->getBreadcrumbs($parent, $breadcrumbs, $level - 1); } } + + else { + $breadcrumbs[] = l("Path Calculation Error", 'fedora/repository/' . $pid); + } } } From 35a7d19f37006eef829c76ce6cea27e40464bd6e Mon Sep 17 00:00:00 2001 From: jonathangreen Date: Wed, 16 Nov 2011 11:14:21 -0400 Subject: [PATCH 4/6] Updated SecurityClass to properly search XACML The SecurityClass module does a naive search of an XACML policy to pull out the users and roles listed. Assuming that they are who can edit the object. With certain policies this was failing, and only returning the users, not the roles. This became a problem with the XACML editor in use because this class was used more often. I updated the XPATH expressions that it uses to find the users and roles, so it should find them in all cases now. We should update the security class to call the more precise XACML class first and only fall back on the security class if XACML fails to parse the file, however this would mean moving the XACML stuff into core. --- SecurityClass.inc | 35 ++++++++++------------------------- 1 file changed, 10 insertions(+), 25 deletions(-) diff --git a/SecurityClass.inc b/SecurityClass.inc index 1e2b1835..1f3df0eb 100644 --- a/SecurityClass.inc +++ b/SecurityClass.inc @@ -34,7 +34,6 @@ class SecurityClass { $objectHelper = new ObjectHelper(); // get the childsecurity policy from the collection. $policyStream = $objectHelper->getStream($collection_pid, SECURITYCLASS :: $SECURITY_CLASS_SECURITY_STREAM, FALSE); - if ($policyStream == NULL) { // no child policy stream so collection is wide open to anyone to ingest, that has the permission ingest in Drupal. // maybe we should return FALSE here?? would be more secure. @@ -79,34 +78,20 @@ class SecurityClass { } $xml->registerXPathNamespace('default', 'urn:oasis:names:tc:xacml:1.0:policy'); - $conditions = $xml->xpath("//default:Condition"); - - foreach ($conditions as $condition) { - $designator = $condition->Apply->SubjectAttributeDesignator; - if (empty($designator)) {//$disignator may be wrapped by an or - $designator = $condition->Apply->Apply->SubjectAttributeDesignator; - } - $attributeId = strip_tags($designator['AttributeId']); + $roles = $xml->xpath('//default:SubjectAttributeDesignator[@AttributeId="fedoraRole"]/../default:Apply/default:AttributeValue'); + $users = $xml->xpath('//default:SubjectAttributeDesignator[@AttributeId="urn:fedora:names:fedora:2.1:subject:loginId"]/../default:Apply/default:AttributeValue'); - if ($attributeId == "fedoraRole") { - foreach ($condition->Apply->Apply->AttributeValue as $attributeValue) { - $allowedRoles[] = strip_tags($attributeValue->asXML()); - } - foreach ($condition->Apply->Apply->Apply->AttributeValue as $attributeValue) { - $allowedRoles[] = strip_tags($attributeValue->asXML()); - } - } - if ($attributeId == "urn:fedora:names:fedora:2.1:subject:loginId") { - foreach ($condition->Apply->Apply->AttributeValue as $attributeValue) { - $allowedUsers[] = strip_tags($attributeValue->asXML()); - } - foreach ($condition->Apply->Apply->Apply->AttributeValue as $attributeValue) { - $allowedUsers[] = strip_tags($attributeValue->asXML()); - } - } + foreach($roles as $role) { + $allowedRoles[] = (string)$role; } + foreach($users as $user) { + $allowedUsers[] = (string)$user; + } + $usersAndRoles['users'] = $allowedUsers; $usersAndRoles['roles'] = $allowedRoles; + + dd($usersAndRoles); return $usersAndRoles; } From 4d9c4cd00615b511ba70eb71d882f352d291e454 Mon Sep 17 00:00:00 2001 From: jonathangreen Date: Wed, 16 Nov 2011 15:08:50 -0400 Subject: [PATCH 5/6] Forgot to remove a debug statement before I committed. Woops. This fixes it all up. --- SecurityClass.inc | 1 - 1 file changed, 1 deletion(-) diff --git a/SecurityClass.inc b/SecurityClass.inc index 1f3df0eb..67bc9c43 100644 --- a/SecurityClass.inc +++ b/SecurityClass.inc @@ -91,7 +91,6 @@ class SecurityClass { $usersAndRoles['users'] = $allowedUsers; $usersAndRoles['roles'] = $allowedRoles; - dd($usersAndRoles); return $usersAndRoles; } From 288125ea855d428b98541592f8e1e6717a566ef3 Mon Sep 17 00:00:00 2001 From: Ben Woodhead Date: Thu, 17 Nov 2011 14:45:46 -0400 Subject: [PATCH 6/6] Set the version to 11.3.beta1 --- fedora_repository.info | 2 +- plugins/fedora_imageapi.info | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fedora_repository.info b/fedora_repository.info index 99cb3d6f..45564e20 100644 --- a/fedora_repository.info +++ b/fedora_repository.info @@ -5,5 +5,5 @@ dependencies[] = tabs dependencies[] = islandora_content_model_forms description = Shows a list of items in a fedora collection. package = Islandora -version = 11.2.0 +version = 11.3beta1 core = 6.x diff --git a/plugins/fedora_imageapi.info b/plugins/fedora_imageapi.info index af50a614..ea14fb07 100644 --- a/plugins/fedora_imageapi.info +++ b/plugins/fedora_imageapi.info @@ -3,5 +3,5 @@ description = Adds image manipulation support through a REST interface package = Islandora Dependencies dependencies[] = fedora_repository dependencies[] = imageapi -version = 11.2.0 +version = 11.3beta1 core = 6.x