From 15a09635819b9489075b6db7c2e961f0ab9fc7a2 Mon Sep 17 00:00:00 2001
From: ppound <paul.pound@gmail.com>
Date: Thu, 2 Feb 2012 13:07:07 -0400
Subject: [PATCH 1/3] updated soap connection to be session aware

---
 ConnectionHelper.inc | 35 +++++++++++++++++++++++++----------
 1 file changed, 25 insertions(+), 10 deletions(-)

diff --git a/ConnectionHelper.inc b/ConnectionHelper.inc
index 59f811e2..71a83bc9 100644
--- a/ConnectionHelper.inc
+++ b/ConnectionHelper.inc
@@ -1,7 +1,5 @@
 <?php
 
-
-
 /**
  * @file 
  * Connection Helper Class
@@ -66,10 +64,10 @@ class ConnectionHelper {
       //with the appropriate entry for a username of anonymous password of anonymous
       try {
         $client = new SoapClient($this->_fixURL($url, 'anonymous', 'anonymous'), array(
-            'login' => 'anonymous',
-            'password' => 'anonymous',
-            'exceptions' => $exceptions,
-          ));
+              'login' => 'anonymous',
+              'password' => 'anonymous',
+              'exceptions' => $exceptions,
+            ));
       } catch (SoapFault $e) {
         drupal_set_message(t('@e', array('@e' => check_plain($e->getMessage()))));
         return NULL;
@@ -78,15 +76,32 @@ class ConnectionHelper {
     else {
       try {
         $client = new SoapClient($this->_fixURL($url, $user->name, $user->pass), array(
-            'login' => $user->name,
-            'password' => $user->pass,
-            'exceptions' => TRUE,
-          ));
+              'login' => $user->name,
+              'password' => $user->pass,
+              'exceptions' => TRUE,
+            ));
       } catch (SoapFault $e) {
         drupal_set_message(t('@e', array('@e' => check_plain($e->getMessage()))));
         return NULL;
       }
     }
+    if (isset($_SESSION['islandora_soapcookies'])) {
+
+      // just set the cookies
+
+      $client->_cookies = ($_SESSION['islandora_soapcookies']);
+    }
+    else {
+      try {
+        //we need to make a call to set the cookie this extra call would only happen once per session
+        $client->__soapCall('describeRepository', array());
+      } catch (exception $e) {
+        //connection is tested elsewhere so eat this for now here we just want the cookie
+      }
+      $_SESSION['islandora_soapcookies'] = $client->_cookies;
+    }
+
+
     return $client;
   }
 

From a2c4b5d374c344093807c35959bab07c1b88cc60 Mon Sep 17 00:00:00 2001
From: ppound <paul.pound@gmail.com>
Date: Tue, 10 Apr 2012 09:15:35 -0300
Subject: [PATCH 2/3] Connectionhelper is session aware SecurityClass now uses
 xacml api

---
 ConnectionHelper.inc |  2 +-
 SecurityClass.inc    | 27 +++++++++++++++------------
 2 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/ConnectionHelper.inc b/ConnectionHelper.inc
index 71a83bc9..4dce9a0d 100644
--- a/ConnectionHelper.inc
+++ b/ConnectionHelper.inc
@@ -95,10 +95,10 @@ class ConnectionHelper {
       try {
         //we need to make a call to set the cookie this extra call would only happen once per session
         $client->__soapCall('describeRepository', array());
+        $_SESSION['islandora_soapcookies'] = $client->_cookies;
       } catch (exception $e) {
         //connection is tested elsewhere so eat this for now here we just want the cookie
       }
-      $_SESSION['islandora_soapcookies'] = $client->_cookies;
     }
 
 
diff --git a/SecurityClass.inc b/SecurityClass.inc
index 970b108b..ced11ba7 100644
--- a/SecurityClass.inc
+++ b/SecurityClass.inc
@@ -22,15 +22,17 @@ class SecurityClass {
     drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
   }
 
-  /**
-   * canIngestHere ??
-   * @global type $user
-   * @param type $collection_pid
-   * @return type 
+   /**
+   * reads the specified stream of the parent object to see if the user can ingest in this collection.
+   * 
+   * @global object $user
+   * @param string $collection_pid
+   * @return boolean 
    */
   function canIngestHere($collection_pid) {
     global $user;
     module_load_include('inc', 'fedora_repository', 'ObjectHelper');
+    module_load_include('inc', 'islandora_xacml_api', 'Xacml');
     $objectHelper = new ObjectHelper();
     // get the childsecurity policy from the collection.
     $policyStream = $objectHelper->getStream($collection_pid, SECURITYCLASS :: $SECURITY_CLASS_SECURITY_STREAM, FALSE);
@@ -39,13 +41,9 @@ class SecurityClass {
       // maybe we should return FALSE here?? would be more secure.
       return TRUE;
     }
-    $allowedUsersAndRoles = $this->getAllowedUsersAndRoles($policyStream);
-    if (!$allowedUsersAndRoles) {
-      // error processing stream so don't let them ingest here.
-      return FALSE;
-    }
-    $allowedUsers = $allowedUsersAndRoles["users"];
-    $allowedRoles = $allowedUsersAndRoles["roles"];
+    $xacml = new Xacml($policyStream);
+    $allowedUsers = $xacml->managementRule->getUsers();
+    $allowedRoles = $xacml->managementRule->getRoles();
 
     foreach ($user->roles as $role) {
       if (in_array($role, $allowedRoles)) {
@@ -60,7 +58,10 @@ class SecurityClass {
   }
 
   /**
+   * Depracated should use the xacml api for this
+   * 
    * parses our simple xacml policies checking for users or roles that are allowed to ingest
+   * 
    * @param type $policyStream
    * @return type 
    */
@@ -153,6 +154,8 @@ class SecurityClass {
   }
 
   /**
+   * Depracated should use the xacml api for this
+   * 
    * Add a list of allowed users and roles to the given policy stream and return it.
    *
    * @param string $policy_stream

From a41a256be20dcd6e72efd52947e8ec4a40c0543b Mon Sep 17 00:00:00 2001
From: Paul Pound <ppound@upei.ca>
Date: Fri, 13 Apr 2012 09:41:09 -0300
Subject: [PATCH 3/3] Fix for Islandora 504 reverted SecurityClass changes

---
 SecurityClass.inc | 27 ++++++++++++---------------
 1 file changed, 12 insertions(+), 15 deletions(-)

diff --git a/SecurityClass.inc b/SecurityClass.inc
index ced11ba7..970b108b 100644
--- a/SecurityClass.inc
+++ b/SecurityClass.inc
@@ -22,17 +22,15 @@ class SecurityClass {
     drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
   }
 
-   /**
-   * reads the specified stream of the parent object to see if the user can ingest in this collection.
-   * 
-   * @global object $user
-   * @param string $collection_pid
-   * @return boolean 
+  /**
+   * canIngestHere ??
+   * @global type $user
+   * @param type $collection_pid
+   * @return type 
    */
   function canIngestHere($collection_pid) {
     global $user;
     module_load_include('inc', 'fedora_repository', 'ObjectHelper');
-    module_load_include('inc', 'islandora_xacml_api', 'Xacml');
     $objectHelper = new ObjectHelper();
     // get the childsecurity policy from the collection.
     $policyStream = $objectHelper->getStream($collection_pid, SECURITYCLASS :: $SECURITY_CLASS_SECURITY_STREAM, FALSE);
@@ -41,9 +39,13 @@ class SecurityClass {
       // maybe we should return FALSE here?? would be more secure.
       return TRUE;
     }
-    $xacml = new Xacml($policyStream);
-    $allowedUsers = $xacml->managementRule->getUsers();
-    $allowedRoles = $xacml->managementRule->getRoles();
+    $allowedUsersAndRoles = $this->getAllowedUsersAndRoles($policyStream);
+    if (!$allowedUsersAndRoles) {
+      // error processing stream so don't let them ingest here.
+      return FALSE;
+    }
+    $allowedUsers = $allowedUsersAndRoles["users"];
+    $allowedRoles = $allowedUsersAndRoles["roles"];
 
     foreach ($user->roles as $role) {
       if (in_array($role, $allowedRoles)) {
@@ -58,10 +60,7 @@ class SecurityClass {
   }
 
   /**
-   * Depracated should use the xacml api for this
-   * 
    * parses our simple xacml policies checking for users or roles that are allowed to ingest
-   * 
    * @param type $policyStream
    * @return type 
    */
@@ -154,8 +153,6 @@ class SecurityClass {
   }
 
   /**
-   * Depracated should use the xacml api for this
-   * 
    * Add a list of allowed users and roles to the given policy stream and return it.
    *
    * @param string $policy_stream