<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ page trimDirectiveWhitespaces="true" %> <%@ page import="org.crosswire.utils.Utils" %> <%@ page import="org.crosswire.utils.Sessions" %> <%@ page import="org.crosswire.utils.HTTPUtils" %> <%@ page import="org.crosswire.xml.XMLBlock" %> <%@ page import="org.crosswire.community.projects.ntmss.data.Transcription" %> <%@ page import="org.crosswire.community.projects.ntmss.data.ProjectManagement" %> <%@ page import="org.crosswire.community.projects.ntmss.data.ProjectManagement.Project" %> <%@ page import="java.nio.charset.StandardCharsets" %> <%@ page import="org.crosswire.webtools.RightsAndRoles" %> <%@ page import="org.crosswire.webtools.RightsAndRoles.User" %> <%@ page import="org.crosswire.webtools.RightsAndRoles.UserGroup" %> <%@ page import="org.crosswire.webtools.*" %> <%@ page import="org.crosswire.webtools.annotation.*" %> <%@ page import="javax.validation.constraints.NotNull" %> <%@ page import="java.util.HashMap" %> <%@ page import="org.apache.log4j.Logger" %> <%! @Description(value = "Check if user has been granted a particular role", name = "auth/hasrole") public static class MyParameters extends Parameters { protected ProjectManagement.Project project = null; protected long userID = -1; protected User user = null; protected String sessionHash = null; @NotNull @Description(value = "role name", example = "VMR Administrator") public String role; @Description(value = "userName to check", example = "jsmith", defaultValue = "self") public String userName; @Description(value = "userGroupID within which user privilege should be retrieved", example = "1") public Integer userGroupID; @Description(value = "userGroupName from which data should be retrieved", example = "ECM Matthew") public String userGroupName; @Description(value = "Project ID within which user privilege should be retrieved", example = "1") public Integer projectID; @Description(value = "Project Name from which data should be retrieved", example = "ECM Matthew") public String projectName; @Description(value = "Include a list of roles for the user", defaultValue = "false", example = "true") public boolean includeRoleList = false; @Override protected void customValidation() { sessionHash = RightsAndRoles.getInstance().getCurrentSession(request, response); try { userID = (int)((Long)Sessions.getInstance().getSessionAttribute(sessionHash, "userID")).longValue(); } catch (Exception e) {} user = (userID > -1) ? RightsAndRoles.getInstance().getUser(userID) : RightsAndRoles.getInstance().getUser(userName); projectName = Transcription.assureUnicode(projectName); if (projectID != null || projectName != null) { project = projectID != null ? ProjectManagement.getProject(projectID) : ProjectManagement.getProject(projectName); if (project == null) { addError(-7, "Project not found."); return; } } userName = Transcription.assureUnicode(userName); if (userName == null) userName = (String)Sessions.getInstance().getSessionAttribute(sessionHash, "userName"); } } %> <% MyParameters params = new MyParameters().loadFromRequest(request, response, false); if (params.getErrors().size() == 0) { // ok, so, we support all kinds of crazy combinations here of: // user(userName, userID, none- currently logged in user), and // userGroup(userGroupID, userGroupName, projectID) if (params.project != null) params.userGroupName = params.project.getProjectName(); String userGroupOut = ""; String projectIDOut = ""; response.setContentType("text/xml"); UserGroup userGroup = null; if (params.userGroupName != null) { userGroup = RightsAndRoles.getInstance().getUserGroup(params.userGroupName); } else if (params.userGroupID != null) { userGroup = RightsAndRoles.getInstance().getUserGroup(params.userGroupID); } if (userGroup != null) { userGroupOut = " userGroupName=\""+userGroup.getUserGroupName()+"\""; Project proj = ProjectManagement.getProject(userGroup.getUserGroupName()); if (proj != null) params.projectID = proj.getProjectID(); } if (params.projectID != null) { projectIDOut = " projectID=\""+params.projectID+"\""; } boolean hasRole = false; if (params.user != null) { hasRole = params.user.hasRole(params.role, userGroup); } String userNameOut = params.userName == null ? " error=\"invalid session\"" : " userName=\""+ params.userName + "\""; // NB: "Referer" below is misspelled properly, according to the RFC String referrer = request.getHeader("Referer"); // this makes gadget referrers much more readable if (referrer != null) { referrer = java.net.URLDecoder.decode(referrer, StandardCharsets.UTF_8.name()); referrer = referrer.replaceAll("^http.*ifr.aid=.*&checksum=.*&url=(.*&parent=h.*)/https?::.*&st=.*", "$1"); } params.getLogger().info("auth/hasrole: from: " + referrer + "; userName: " + params.userName + "; role: " + params.role + "; userGroupName: " + (userGroup != null ? userGroup.getUserGroupName() : null) + ": " + hasRole); // params.getLogger().debug("auth/hasrole: from: " + referrer + "; userID: " + params.userID + "; userName: " + params.userName + "; role: " + params.role + "; projectID: " + params.projectID + "; userGroupName: " + params.userGroupName + "; userGroupID: " + params.userGroupID + "; sessionHash:" + params.sessionHash + ": " + hasRole); out.print(""); params.user.includeUserRoles(); XMLBlock r = params.user.getBlock("userRoles"); if (r != null) out.print(r); out.print(""); } else out.print("/>"); return; } params.format = "html"; if (params.getErrors().size() == 0) params.addError(0, "usage"); Serializer.reportErrors(request, response, out, params); %>