From ce049c07300b678d2580e022d0c4354e25f292c8 Mon Sep 17 00:00:00 2001 From: Alan Stanley Date: Fri, 14 Jan 2011 10:32:37 -0400 Subject: [PATCH] Ensured that both namespace user permissions are checked --- ObjectHelper.inc | 266 +++++++++++++++++++++++------------------------ 1 file changed, 133 insertions(+), 133 deletions(-) diff --git a/ObjectHelper.inc b/ObjectHelper.inc index 3d59c795..55e285ca 100644 --- a/ObjectHelper.inc +++ b/ObjectHelper.inc @@ -32,7 +32,7 @@ class ObjectHelper { //$this->fedoraPass = $connectionHelper->getPassword(); } - /** + /** * Grabs a stream from fedora sets the mimetype and returns it. $dsID is the * datastream id. If $forceSoap is set, the function will always buffer the datastream from fedora. Otherwise, it will * try and use a redirect if possible. @@ -41,7 +41,7 @@ class ObjectHelper { */ function makeObject($pid, $dsID, $asAttachment = FALSE, $label = NULL, $filePath=FALSE, $version=NULL, $forceSoap = FALSE) { global $user; - module_load_include('inc','fedora_repository','ContentModel'); + module_load_include('inc', 'fedora_repository', 'ContentModel'); if ($pid == NULL || $dsID == NULL) { drupal_set_message(t("no pid or dsid given to create an object with"), 'error'); return ' '; @@ -58,21 +58,21 @@ class ObjectHelper { drupal_set_message(t("You do not have access Fedora objects within the attempted namespace."), 'error'); drupal_access_denied(); return ' '; - } + } - - if (variable_get('fedora_object_restrict_datastreams', FALSE) == TRUE ) { + + if (variable_get('fedora_object_restrict_datastreams', FALSE) == TRUE) { if (($cm = ContentModel::loadFromObject($pid)) == FALSE) { - drupal_set_message(t("You do not have access to objects without an Islandora Content Model."), 'error'); - drupal_access_denied(); - return ' '; + drupal_set_message(t("You do not have access to objects without an Islandora Content Model."), 'error'); + drupal_access_denied(); + return ' '; } $cmDatastreams = $cm->listDatastreams(); - if ( !((isset($user) && in_array('administrator',$user->roles)) || in_array($dsID,$cmDatastreams))) { - drupal_set_message(t("You do not have access to the specified datastream."), 'error'); - drupal_access_denied(); - return ' '; + if (!((isset($user) && in_array('administrator', $user->roles)) || in_array($dsID, $cmDatastreams))) { + drupal_set_message(t("You do not have access to the specified datastream."), 'error'); + drupal_access_denied(); + return ' '; } } @@ -81,9 +81,9 @@ class ObjectHelper { if (isset($item->datastreams[$dsID])) { - $mimeType=$item->datastreams[$dsID]['MIMEType']; - if ($label == NULL) { - $label = $item->datastreams[$dsID]['label']; + $mimeType = $item->datastreams[$dsID]['MIMEType']; + if ($label == NULL) { + $label = $item->datastreams[$dsID]['label']; } } else { drupal_not_found(); @@ -94,7 +94,7 @@ class ObjectHelper { if ((!isset($user)) || $user->uid == 0) { $fedoraUser = 'anonymous'; $fedoraPass = 'anonymous'; - $contentSize= 0; + $contentSize = 0; } else { $fedoraUser = $user->name; $fedoraPass = $user->pass; @@ -102,7 +102,7 @@ class ObjectHelper { $contentSize = $dataStreamInfo->datastream->size; } - if (function_exists("curl_init")) { + if (function_exists("curl_init")) { if (!isset($mimeType)) { $pid = variable_get('fedora_default_display_pid', 'demo:10'); $dsID = variable_get('fedora_default_display_dsid', 'TN'); @@ -137,10 +137,10 @@ class ObjectHelper { fclose($fp); } else { - header("Content-type: $mimeType"); - if ($contentSize > 0) { - header("Content-length: $contentSize"); - } + header("Content-type: $mimeType"); + if ($contentSize > 0) { + header("Content-length: $contentSize"); + } if ($asAttachment) { $suggestedFileName = "$label"; @@ -165,18 +165,18 @@ class ObjectHelper { header('Content-Disposition: attachment; filename="' . $suggestedFileName . '"'); } - - if ( (isset($user) && $user->uid != 0) || $forceSoap || isset($_SERVER['HTTPS'])) { - curl_exec($ch); - } else { - header('Location: '.$url); - } + + if ((isset($user) && $user->uid != 0) || $forceSoap || isset($_SERVER['HTTPS'])) { + curl_exec($ch); + } else { + header('Location: ' . $url); + } } curl_close($ch); } else { drupal_set_message(t('No curl support.'), 'error'); } - } + } //Gets collection objects t function getCollectionInfo($pid, $query = NULL) { @@ -258,14 +258,14 @@ class ObjectHelper { $item = new Fedora_Item($pid); if (user_access(ObjectHelper :: $PURGE_FEDORA_OBJECTSANDSTREAMS)) { - $allow=TRUE; - if (module_exists('fedora_fesl')) { - $allow= fedora_fesl_check_roles($pid,'write'); + $allow = TRUE; + if (module_exists('fedora_fesl')) { + $allow = fedora_fesl_check_roles($pid, 'write'); } if ($allow) { - $purgeImage = 'purge datastream'; + $purgeImage = 'purge datastream'; } } else { $purgeImage = ' '; @@ -274,16 +274,16 @@ class ObjectHelper { // Add an icon to replace a datastream // @TODO Note: using l(theme_image(..), ...); for these image links (and other links) may remove the need to have clean urls enabled. - $replaceImage= ' '; + $replaceImage = ' '; if (user_access(ObjectHelper :: $ADD_FEDORA_STREAMS)) { - $allow=TRUE; - if (module_exists('fedora_fesl')) { - $allow= fedora_fesl_check_roles($pid,'write'); + $allow = TRUE; + if (module_exists('fedora_fesl')) { + $allow = fedora_fesl_check_roles($pid, 'write'); } if ($allow) { - $replaceImage = 'label . '" href="' . $base_url . '/fedora/repository/replaceStream/' . $pid . '/' . $dataStreamValue->ID . '/' . $dataStreamValue->label . '">replace datastream'; + $replaceImage = 'label . '" href="' . $base_url . '/fedora/repository/replaceStream/' . $pid . '/' . $dataStreamValue->ID . '/' . $dataStreamValue->label . '">replace datastream'; } - } + } $content = ''; $id = $dataStreamValue->ID; @@ -292,7 +292,7 @@ class ObjectHelper { $mimeType = $dataStreamValue->MIMEType; $view = '' . t('View') . ''; + '" target="_blank" >' . t('View') . ''; $action = "$base_url/fedora/repository/object_download/" . drupal_urlencode($pid) . '/' . $id . '/' . drupal_urlencode(preg_replace('/\//i', '${1}_', $label)); // Necessary to handle the case of Datastream labels that contain slashes. Ugh. $downloadVersion = '
'; if (user_access(ObjectHelper :: $EDIT_FEDORA_METADATA)) { @@ -331,25 +331,25 @@ class ObjectHelper { $dsId = 'QDC'; $params = array( - 'pid' => "$pid", - 'dsID' => "$dsId", - 'asOfDateTime' => "" + 'pid' => "$pid", + 'dsID' => "$dsId", + 'asOfDateTime' => "" ); try { $object = $client->__soapCAll('getDatastreamDissemination', array( - 'parameters' => $params - )); + 'parameters' => $params + )); } catch (Exception $e) { try { //probably no QDC so we will try for the DC stream. $dsId = 'DC'; $params = array( - 'pid' => "$pid", - 'dsID' => "$dsId", - 'asOfDateTime' => "" + 'pid' => "$pid", + 'dsID' => "$dsId", + 'asOfDateTime' => "" ); $object = $client->__soapCAll('getDatastreamDissemination', array( - 'parameters' => $params - )); + 'parameters' => $params + )); } catch (exception $e2) { drupal_set_message($e2->getMessage(), 'error'); return; @@ -380,13 +380,13 @@ class ObjectHelper { $baseUrl = base_path(); //$baseUrl=substr($baseUrl, 0, (strpos($baseUrl, "/")-1)); if (user_access(ObjectHelper :: $EDIT_FEDORA_METADATA)) { - $allow=TRUE; - if (module_exists('fedora_fesl')) { - $allow= fedora_fesl_check_roles($pid,'write'); + $allow = TRUE; + if (module_exists('fedora_fesl')) { + $allow = fedora_fesl_check_roles($pid, 'write'); } if ($allow) { - $output .= '
' . t('Edit Meta Data') . ''; + $output .= '
' . t('Edit Meta Data') . ''; } } return $output; @@ -411,7 +411,7 @@ class ObjectHelper { module_load_include('inc', 'fedora_repository', 'ObjectHelper'); module_load_include('inc', 'fedora_repository', 'api/fedora_item'); module_load_include('inc', 'fedora_repository', 'ContentModel'); - + $path = drupal_get_path('module', 'fedora_repository'); $dataStreamBody = ''; $fedoraItem = new Fedora_Item($object_pid); @@ -428,47 +428,47 @@ class ObjectHelper { $hasOBJStream = NULL; $hasTNStream = FALSE; $dataStreamBody = "
\n"; - + $cmDatastreams = array(); if (variable_get('fedora_object_restrict_datastreams', FALSE) == TRUE && ($cm = ContentModel::loadFromObject($object_pid)) !== FALSE) { - $cmDatastreams = $cm->listDatastreams(); + $cmDatastreams = $cm->listDatastreams(); } $dataStreamBody .= $this->get_parent_objects_asHTML($object_pid); $dataStreamBody .= ''; foreach ($object as $datastream) { foreach ($datastream as $datastreamValue) { - - if (variable_get('fedora_object_restrict_datastreams', FALSE) == FALSE || ((isset($user) && in_array('administrator',$user->roles)) || in_array($datastreamValue->ID,$cmDatastreams))) { - if ($datastreamValue->ID == 'OBJ') { - $hasOBJStream = '1'; - $mainStreamLabel = $datastreamValue->label; - $mainStreamLabel = str_replace("_", " ", $mainStreamLabel); - } - if ($datastreamValue->ID == 'TN') { - $hasTNStream = TRUE; - } - //create the links to each datastream - $dataStreamBody .= $this->create_link_for_ds($object_pid, $datastreamValue); //"\n"; - } + + if (variable_get('fedora_object_restrict_datastreams', FALSE) == FALSE || ((isset($user) && in_array('administrator', $user->roles)) || in_array($datastreamValue->ID, $cmDatastreams))) { + if ($datastreamValue->ID == 'OBJ') { + $hasOBJStream = '1'; + $mainStreamLabel = $datastreamValue->label; + $mainStreamLabel = str_replace("_", " ", $mainStreamLabel); + } + if ($datastreamValue->ID == 'TN') { + $hasTNStream = TRUE; + } + //create the links to each datastream + $dataStreamBody .= $this->create_link_for_ds($object_pid, $datastreamValue); //"\n"; + } } } $dataStreamBody .= "

' . t("!text", array('!text' => $availableDataStreamsText)) . '

$key :$value
$key :$value
\n"; //if they have access let them add a datastream if (user_access(ObjectHelper :: $ADD_FEDORA_STREAMS)) { - $allow=TRUE; - if (module_exists('fedora_fesl')) { - $allow= fedora_fesl_check_roles($object_pid,'write'); - } - if ($allow) { - $dataStreamBody .= drupal_get_form('add_stream_form', $object_pid); - } + $allow = TRUE; + if (module_exists('fedora_fesl')) { + $allow = fedora_fesl_check_roles($object_pid, 'write'); + } + if ($allow) { + $dataStreamBody .= drupal_get_form('add_stream_form', $object_pid); + } } $fieldset = array( - '#title' => t("!text", array('!text' => $availableDataStreamsText)), - '#collapsible' => TRUE, - '#collapsed' => TRUE, - '#value' => $dataStreamBody + '#title' => t("!text", array('!text' => $availableDataStreamsText)), + '#collapsible' => TRUE, + '#collapsed' => TRUE, + '#value' => $dataStreamBody ); $dataStreamBody = '
' . theme('fieldset', $fieldset) . '
'; } @@ -493,15 +493,15 @@ class ObjectHelper { $content .= $dataStreamBody; if (user_access(ObjectHelper :: $PURGE_FEDORA_OBJECTSANDSTREAMS)) { - $allow=TRUE; - if (module_exists('fedora_fesl')) { - $allow= fedora_fesl_check_roles($object_pid,'write'); - } - if ($allow) { - //$purgeObject = '' . t('Purge Object') . '' . t('Purge Object') . ''; - $purgeObject = drupal_get_form('fedora_repository_purge_object_form', $object_pid, check_plain(substr(request_uri(), strlen(base_path())))); - } + $allow = TRUE; + if (module_exists('fedora_fesl')) { + $allow = fedora_fesl_check_roles($object_pid, 'write'); + } + if ($allow) { + //$purgeObject = '' . t('Purge Object') . '' . t('Purge Object') . ''; + $purgeObject = drupal_get_form('fedora_repository_purge_object_form', $object_pid, check_plain(substr(request_uri(), strlen(base_path())))); + } } else { $purgeObject = ' '; } @@ -540,9 +540,9 @@ class ObjectHelper { try { $client = $soapHelper->getSoapClient(variable_get('fedora_soap_url', 'http://localhost:8080/fedora/services/access?wsdl')); $params = array( - 'pid' => "$pid", - 'dsID' => "$dsid", - 'asOfDateTime' => "" + 'pid' => "$pid", + 'dsID' => "$dsid", + 'asOfDateTime' => "" ); if (!isset($client)) { @@ -602,20 +602,21 @@ class ObjectHelper { /* * determines whether we can see the object or not + * checks PID namespace permissions, and user permissions */ function fedora_repository_access($op, $pid) { global $user; $returnValue = FALSE; - $isRestricted = variable_get('fedora_namespace_restriction_enforced',TRUE); - if(!$isRestricted){ - return TRUE; + $isRestricted = variable_get('fedora_namespace_restriction_enforced', TRUE); + if (!$isRestricted) { + $returnValue = TRUE; } if ($pid == NULL) { $pid = variable_get('fedora_repository_pid', 'islandora:top'); } - $nameSpaceAllowed = explode(" ", variable_get('fedora_pids_allowed', 'default: demo: changeme: Islandora: ilives: ')); + $nameSpaceAllowed = explode(" ", variable_get('fedora_pids_allowed', 'default: demo: changeme: islandora: ilives: ')); $pos = NULL; foreach ($nameSpaceAllowed as $nameSpace) { $pos = stripos($pid, $nameSpace); @@ -729,19 +730,18 @@ class ObjectHelper { $collectionPolicyExists = $objectHelper->getMimeType($pid, CollectionPolicy::getDefaultDSID()); if (user_access(ObjectHelper :: $INGEST_FEDORA_OBJECTS) && $collectionPolicyExists) { if (!empty($collectionPolicyExists)) { - $allow=TRUE; - if (module_exists('fedora_fesl')) { - $allow= fedora_fesl_check_roles($pid,'write'); - } - if ($allow) { - // $ingestObject = ' $collectionName, '!collection_pid' => $collection_pid)) . '" href="' . base_path() . - 'fedora/ingestObject/' . $collection_pid . '/' . $collectionName . '">' . t('Add a New Object') . '' . t(' Add to this Collection'); - } - } - } - else { + $allow = TRUE; + if (module_exists('fedora_fesl')) { + $allow = fedora_fesl_check_roles($pid, 'write'); + } + if ($allow) { + // $ingestObject = ' $collectionName, '!collection_pid' => $collection_pid)) . '" href="' . base_path() . + 'fedora/ingestObject/' . $collection_pid . '/' . $collectionName . '">' . t('Add a New Object') . '' . t(' Add to this Collection'); + } + } + } else { $ingestObject = ' '; } @@ -751,20 +751,20 @@ class ObjectHelper { $objectListOut = ''; if (isset($objectList)) { $object_list_fieldset = array( - '#title' => t('Items in this collection'), - '#collapsible' => TRUE, - '#collapsed' => FALSE, - '#value' => (isset($objectList) ? $objectList : ''), //collection list + '#title' => t('Items in this collection'), + '#collapsible' => TRUE, + '#collapsed' => FALSE, + '#value' => (isset($objectList) ? $objectList : ''), //collection list ); $objectListOut = theme('fieldset', $object_list_fieldset); } } else { //$collectionName=''; $collection_fieldset = array( - '#title' => "", - '#collapsible' => TRUE, - '#collapsed' => FALSE, - '#value' => $datastreams, + '#title' => "", + '#collapsible' => TRUE, + '#collapsed' => FALSE, + '#value' => $datastreams, ); $objectListOut = ''; //no collection objects to show so don't show field set } @@ -805,10 +805,10 @@ class ObjectHelper { $metaDataText = t('Description'); $body = $this->getQDC($pid); $fieldset = array( - '#title' => t("!metaDataText", array('!metaDataText' => $metaDataText)), - '#collapsible' => TRUE, - '#collapsed' => TRUE, - '#value' => $body + '#title' => t("!metaDataText", array('!metaDataText' => $metaDataText)), + '#collapsible' => TRUE, + '#collapsed' => TRUE, + '#value' => $body ); $output .= theme('fieldset', $fieldset); } @@ -949,10 +949,10 @@ class ObjectHelper { // Get pid, title and description for children of object $pid $query_string = 'select $o $title from <#ri> ' . // $query_string = 'select $o $title $desc from <#ri> '. - 'where $s $o ' . - 'and $o $title ' . + 'where $s $o ' . + 'and $o $title ' . // 'and $o $desc '. - 'and ( '; + 'and ( '; foreach ($pids as $pid) { $query_string .= '$s or '; @@ -1017,11 +1017,11 @@ class ObjectHelper { $url = variable_get('fedora_repository_url', 'http://localhost:8080/fedora/risearch'); $url .= "?type=tuples&flush=TRUE&format=CSV&limit=1&offset=0&lang=itql&stream=on&query=" . $query_string; - $result = preg_split('/[\r\n]+/',do_curl($url)); - array_shift($result); // throw away first line - $matches =str_getcsv(join("\n",$result)); + $result = preg_split('/[\r\n]+/', do_curl($url)); + array_shift($result); // throw away first line + $matches = str_getcsv(join("\n", $result)); if ($matches !== NULL) { - $parent = preg_replace('/^info:fedora\//','',$matches[0]); + $parent = preg_replace('/^info:fedora\//', '', $matches[0]); $breadcrumbs[] = l($matches[1], 'fedora/repository/' . $pid); if ($parent == variable_get('fedora_repository_pid', 'islandora:top')) { $breadcrumbs[] = l(t('Home'), ''); // l(t('Digital repository'), 'fedora/repository'); @@ -1033,9 +1033,9 @@ class ObjectHelper { function warnIfMisconfigured($app) { $messMap = array( - 'Kakadu' => 'Full installation instructions for Kakadu can be found + 'Kakadu' => 'Full installation instructions for Kakadu can be found Here', - 'ImageMagick' => 'Check the path settings in the configuration of your imageapi module.
+ 'ImageMagick' => 'Check the path settings in the configuration of your imageapi module.
Further details can be found Here', );