/** * Throw an AuthorizeException if the current user is not a System Admin * * @param context the DSpace Context Object * @throws AuthorizeException if authorization error * if the current user is not a System Admin * @throws SQLException if database error * if a db error occur */ public static void requireAdminRole(Context context) throws AuthorizeException, SQLException { if (!authorizeService.isAdmin(context)) { throw new AuthorizeException( "Only system admin are allowed to perform this action"); } }
@Override public boolean isItemListedForUser(Context context, Item item) { try { if (authorizeService.isAdmin(context)) { return true; } if (authorizeService.authorizeActionBoolean(context, item, org.dspace.core.Constants.READ)) { if (item.isDiscoverable()) { return true; } } log.debug("item(" + item.getID() + ") " + item.getName() + " is unlisted."); return false; } catch (SQLException e) { log.error(e.getMessage()); return false; } }
@Override public Boolean isCitationEnabledForBitstream(Bitstream bitstream, Context context) throws SQLException { if (isCitationEnabledGlobally() || isCitationEnabledThroughCollection(context, bitstream)) { boolean adminUser = authorizeService.isAdmin(context); if (!adminUser && canGenerateCitationVersion(context, bitstream)) { return true; } } // If previous logic didn't return true, then we're false. return false; }
/** * Is the given onBehalfOf user DSpace administrator? This translates * as asking the question of whether the given eperson is a member * of the special DSpace group Administrator, with id 1 * * @param swordContext The relevant SWORD Context. * @return true if administrator, false if not * @throws DSpaceSWORDException can be thrown by the internals of the DSpace SWORD implementation */ public boolean isOnBehalfOfAdmin(SWORDContext swordContext) throws DSpaceSWORDException { EPerson onBehalfOf = swordContext.getOnBehalfOf(); try { return onBehalfOf != null && authorizeService.isAdmin( swordContext.getOnBehalfOfContext()); } catch (SQLException e) { log.error("Caught exception: ", e); throw new DSpaceSWORDException(e); } }
@Override public void delete(Context context, MetadataSchema metadataSchema) throws SQLException, AuthorizeException { // Check authorisation: Only admins may create DC types if (!authorizeService.isAdmin(context)) { throw new AuthorizeException( "Only administrators may modify the metadata registry"); } log.info(LogManager.getHeader(context, "delete_metadata_schema", "metadata_schema_id=" + metadataSchema.getID())); metadataSchemaDAO.delete(context, metadataSchema); }
@Override public void update(Context context, List<BitstreamFormat> bitstreamFormats) throws SQLException, AuthorizeException { if (CollectionUtils.isNotEmpty(bitstreamFormats)) { // Check authorisation - only administrators can change formats if (!authorizeService.isAdmin(context)) { throw new AuthorizeException( "Only administrators can modify bitstream formats"); } for (BitstreamFormat bitstreamFormat : bitstreamFormats) { log.info(LogManager.getHeader(context, "update_bitstream_format", "bitstream_format_id=" + bitstreamFormat.getID())); bitstreamFormatDAO.save(context, bitstreamFormat); } } }
/** * Is the given onBehalfOf user DSpace administrator? This translates * as asking the question of whether the given eperson is a member * of the special DSpace group Administrator, with id 1 * * @param swordContext The relevant SWORD Context. * @return true if administrator, false if not * @throws DSpaceSwordException can be thrown by the internals of the DSpace SWORD implementation */ public boolean isOnBehalfOfAdmin(SwordContext swordContext) throws DSpaceSwordException { EPerson onBehalfOf = swordContext.getOnBehalfOf(); try { if (onBehalfOf != null) { return authorizeService.isAdmin( swordContext.getOnBehalfOfContext()); } return false; } catch (SQLException e) { log.error("Caught exception: ", e); throw new DSpaceSwordException(e); } }
/** * Is the authenticated user a DSpace administrator? This translates * as asking the question of whether the given eperson is a member * of the special DSpace group Administrator, with id 1 * * @param swordContext The relevant SWORD Context. * @return true if administrator, false if not * @throws DSpaceSWORDException can be thrown by the internals of the DSpace SWORD implementation */ public boolean isUserAdmin(SWORDContext swordContext) throws DSpaceSWORDException { try { EPerson authenticated = swordContext.getAuthenticated(); return authenticated != null && authorizeService.isAdmin( swordContext.getAuthenticatorContext()); } catch (SQLException e) { log.error("Caught exception: ", e); throw new DSpaceSWORDException(e); } }
@Override public BitstreamFormat create(Context context) throws SQLException, AuthorizeException { // Check authorisation - only administrators can create new formats if (!authorizeService.isAdmin(context)) { throw new AuthorizeException( "Only administrators can create bitstream formats"); } // Create a table row BitstreamFormat bitstreamFormat = bitstreamFormatDAO.create(context, new BitstreamFormat()); log.info(LogManager.getHeader(context, "create_bitstream_format", "bitstream_format_id=" + bitstreamFormat.getID())); return bitstreamFormat; }
@Override public boolean canCreateNewVersion(Context context, Item item) throws SQLException { if (authorizeService.isAdmin(context, item)) { return true; } if (context.getCurrentUser() != null && context.getCurrentUser().equals(item.getSubmitter())) { return configurationService.getPropertyAsType( "versioning.submitterCanCreateNewVersion", false); } return false; } }
private void addStatusFilter(DiscoverQuery query) { if (itemsWithdrawn) { query.addFilterQueries("withdrawn:true"); } else if (!itemsDiscoverable) { query.addFilterQueries("discoverable:false"); // TODO try { if (!authorizeService.isAdmin(context) && (authorizeService.isCommunityAdmin(context) || authorizeService.isCollectionAdmin(context))) { query.addFilterQueries(searcher.createLocationQueryForAdministrableItems(context)); } } catch (SQLException ex) { log.error(ex); } } }
@Override public void delete(Context context, BitstreamFormat bitstreamFormat) throws SQLException, AuthorizeException { // Check authorisation - only administrators can delete formats if (!authorizeService.isAdmin(context)) { throw new AuthorizeException( "Only administrators can delete bitstream formats"); } // Find "unknown" type BitstreamFormat unknown = findUnknown(context); if (unknown.getID() == bitstreamFormat.getID()) { throw new IllegalArgumentException("The Unknown bitstream format may not be deleted."); } // Set bitstreams with this format to "unknown" int numberChanged = bitstreamFormatDAO.updateRemovedBitstreamFormat(context, bitstreamFormat, unknown); // Delete this format from database bitstreamFormatDAO.delete(context, bitstreamFormat); log.info(LogManager.getHeader(context, "delete_bitstream_format", "bitstream_format_id=" + bitstreamFormat.getID() + ",bitstreams_changed=" + numberChanged)); }
@Override public EPerson create(Context context) throws SQLException, AuthorizeException { // authorized? if (!authorizeService.isAdmin(context)) { throw new AuthorizeException( "You must be an admin to create an EPerson"); } // Create a table row EPerson e = ePersonDAO.create(context, new EPerson()); log.info(LogManager.getHeader(context, "create_eperson", "eperson_id=" + e.getID())); context.addEvent(new Event(Event.CREATE, Constants.EPERSON, e.getID(), null, getIdentifiers(context, e))); return e; }
@Override public WorkspaceItem abort(Context context, BasicWorkflowItem workflowItem, EPerson e) throws SQLException, AuthorizeException, IOException { // authorize a DSpaceActions.ABORT if (!authorizeService.isAdmin(context)) { throw new AuthorizeException( "You must be an admin to abort a workflow"); } // stop workflow regardless of its state taskListItemService.deleteByWorkflowItem(context, workflowItem); log.info(LogManager.getHeader(context, "abort_workflow", "workflow_item_id=" + workflowItem.getID() + "item_id=" + workflowItem.getItem().getID() + "collection_id=" + workflowItem.getCollection().getID() + "eperson_id=" + e.getID())); // convert into personal workspace return returnToWorkspace(context, workflowItem); }
@Override public Group create(Context context) throws SQLException, AuthorizeException { // FIXME - authorization? if (!authorizeService.isAdmin(context)) { throw new AuthorizeException( "You must be an admin to create an EPerson Group"); } // Create a table row Group g = groupDAO.create(context, new Group()); log.info(LogManager.getHeader(context, "create_group", "group_id=" + g.getID())); context.addEvent(new Event(Event.CREATE, Constants.GROUP, g.getID(), null, getIdentifiers(context, g))); update(context, g); return g; }
@Override public void subscribe(Context context, EPerson eperson, Collection collection) throws SQLException, AuthorizeException { // Check authorisation. Must be administrator, or the eperson. if (authorizeService.isAdmin(context) || ((context.getCurrentUser() != null) && (context .getCurrentUser().getID().equals(eperson.getID())))) { if (!isSubscribed(context, eperson, collection)) { Subscription subscription = subscriptionDAO.create(context, new Subscription()); subscription.setCollection(collection); subscription.setePerson(eperson); } } else { throw new AuthorizeException( "Only admin or e-person themselves can subscribe"); } }
@Override public WorkspaceItem abort(Context c, XmlWorkflowItem wi, EPerson e) throws AuthorizeException, SQLException, IOException { if (!authorizeService.isAdmin(c)) { throw new AuthorizeException( "You must be an admin to abort a workflow"); } c.turnOffAuthorisationSystem(); //Restore permissions for the submitter // convert into personal workspace WorkspaceItem wsi = returnToWorkspace(c, wi); log.info(LogManager.getHeader(c, "abort_workflow", "workflow_item_id=" + wi.getID() + "item_id=" + wsi.getItem().getID() + "collection_id=" + wi.getCollection().getID() + "eperson_id=" + e.getID())); c.restoreAuthSystemState(); return wsi; }
@Override public void update(Context context, MetadataSchema metadataSchema) throws SQLException, AuthorizeException, NonUniqueMetadataException { // Check authorisation: Only admins may update the metadata registry if (!authorizeService.isAdmin(context)) { throw new AuthorizeException( "Only administrators may modify the metadata registry"); } // Ensure the schema name is unique if (!uniqueShortName(context, metadataSchema.getID(), metadataSchema.getName())) { throw new NonUniqueMetadataException("Please make the name " + metadataSchema.getName() + " unique"); } // Ensure the schema namespace is unique if (!uniqueNamespace(context, metadataSchema.getID(), metadataSchema.getNamespace())) { throw new NonUniqueMetadataException("Please make the namespace " + metadataSchema.getNamespace() + " unique"); } metadataSchemaDAO.save(context, metadataSchema); log.info(LogManager.getHeader(context, "update_metadata_schema", "metadata_schema_id=" + metadataSchema.getID() + "namespace=" + metadataSchema.getNamespace() + "name=" + metadataSchema.getName())); }
@Override public void update(Context context, MetadataField metadataField) throws SQLException, AuthorizeException, NonUniqueMetadataException, IOException { // Check authorisation: Only admins may update the metadata registry if (!authorizeService.isAdmin(context)) { throw new AuthorizeException( "Only administrators may modiffy the Dublin Core registry"); } // Ensure the element and qualifier are unique within a given schema. if (hasElement(context, metadataField.getID(), metadataField.getMetadataSchema(), metadataField.getElement(), metadataField.getQualifier())) { throw new NonUniqueMetadataException( "Please make " + metadataField.getMetadataSchema().getName() + "." + metadataField.getElement() + "." + metadataField.getQualifier()); } metadataFieldDAO.save(context, metadataField); log.info(LogManager.getHeader(context, "update_metadatafieldregistry", "metadata_field_id=" + metadataField.getID() + "element=" + metadataField .getElement() + "qualifier=" + metadataField.getQualifier())); }
@Override public void update(Context context, Site site) throws SQLException, AuthorizeException { if (!authorizeService.isAdmin(context)) { throw new AuthorizeException(); } super.update(context, site); if (site.isMetadataModified()) { context.addEvent(new Event(Event.MODIFY_METADATA, site.getType(), site.getID(), site.getDetails(), getIdentifiers(context, site))); } if (site.isModified()) { context.addEvent(new Event(Event.MODIFY, site.getType(), site.getID(), site.getDetails(), getIdentifiers(context, site))); } site.clearModified(); site.clearDetails(); siteDAO.save(context, site); }