1 | <accessor debug="false"> |
---|
2 | <name>ISOcat.manage.access.cr.dg</name> |
---|
3 | <descr>Check if the user indicated by the credentials is allowed to access this CR decision group.</descr> |
---|
4 | <param manadatory="true"> |
---|
5 | <name>cr</name> |
---|
6 | <descr>the CR</descr> |
---|
7 | <source> |
---|
8 | <param/> |
---|
9 | <nvp/> |
---|
10 | <session/> |
---|
11 | </source> |
---|
12 | <type canonical="true">string</type> |
---|
13 | </param> |
---|
14 | <param manadatory="true"> |
---|
15 | <name>dg</name> |
---|
16 | <descr>the CR decision group</descr> |
---|
17 | <source> |
---|
18 | <param/> |
---|
19 | <nvp/> |
---|
20 | <session/> |
---|
21 | </source> |
---|
22 | <type canonical="true">string</type> |
---|
23 | </param> |
---|
24 | <param mandatory="true"> |
---|
25 | <name>credentials</name> |
---|
26 | <descr>the credentials of the user trying to access the DC</descr> |
---|
27 | <type canonical="true">string</type> |
---|
28 | </param> |
---|
29 | <idoc> |
---|
30 | <accessor-debug> |
---|
31 | <instr> |
---|
32 | <type>sloot.log</type> |
---|
33 | <operator> |
---|
34 | <msg>DBG:.....:ISOcat.manage.access.cr.dg(CR[{string($cr)}],dg[{string($dg)}],credentials[{string($credentials)}])</msg> |
---|
35 | </operator> |
---|
36 | <cr>var:cr</cr> |
---|
37 | <dg>var:dg</dg> |
---|
38 | <credentials>var:credentials</credentials> |
---|
39 | </instr> |
---|
40 | </accessor-debug> |
---|
41 | <instr> |
---|
42 | <type>copy</type> |
---|
43 | <operand> |
---|
44 | <string/> |
---|
45 | </operand> |
---|
46 | <target>var:mode</target> |
---|
47 | </instr> |
---|
48 | <!-- check if the credentials are a valid pair --> |
---|
49 | <instr> |
---|
50 | <type>ISOcat.access.data.credentials</type> |
---|
51 | <credentials>var:credentials</credentials> |
---|
52 | <target>var:access</target> |
---|
53 | </instr> |
---|
54 | <!-- check if the user has access to the CR decision group --> |
---|
55 | <if> |
---|
56 | <cond> |
---|
57 | <instr> |
---|
58 | <type>copy</type> |
---|
59 | <operand>var:access</operand> |
---|
60 | <target>this:cond</target> |
---|
61 | </instr> |
---|
62 | </cond> |
---|
63 | <then> |
---|
64 | <instr> |
---|
65 | <type>sloot.xpath2eval</type> |
---|
66 | <operand>var:credentials</operand> |
---|
67 | <operator> |
---|
68 | <xpath>substring-before(.,':')</xpath> |
---|
69 | </operator> |
---|
70 | <param> |
---|
71 | <return> |
---|
72 | <canonical/> |
---|
73 | <string/> |
---|
74 | </return> |
---|
75 | </param> |
---|
76 | <target>var:user</target> |
---|
77 | </instr> |
---|
78 | <instr> |
---|
79 | <type>ISOcat.manage.user.id</type> |
---|
80 | <user>var:user</user> |
---|
81 | <target>var:uid</target> |
---|
82 | </instr> |
---|
83 | <instr> |
---|
84 | <type>ISOcat.manage.cr.scope</type> |
---|
85 | <cr>var:cr</cr> |
---|
86 | <target>var:scope</target> |
---|
87 | </instr> |
---|
88 | <instr> |
---|
89 | <type>sloot.xquery</type> |
---|
90 | <operator> |
---|
91 | <string> |
---|
92 | { |
---|
93 | if (($scope//tdg/@ref=string($dg)) and exists($scope//account[@ref=string($uid)][@cr-role='tdg-chair'])) |
---|
94 | then ('ru') (: TDG decision group and the user is the TDG chair :) |
---|
95 | else ( |
---|
96 | if (($scope//dcrb/@ref=string($dg)) and exists($scope//account[@ref=string($uid)][@cr-role='dcrb-chair'])) |
---|
97 | then ('ru') (: DCR Board decision group and the user is the DCR Board chair :) |
---|
98 | else ( |
---|
99 | if (exists($scope//account[@ref=string($uid)])) |
---|
100 | then ('r') |
---|
101 | else ('') |
---|
102 | ) |
---|
103 | ) |
---|
104 | } |
---|
105 | </string> |
---|
106 | </operator> |
---|
107 | <scope>var:scope</scope> |
---|
108 | <dg>var:dg</dg> |
---|
109 | <uid>var:uid</uid> |
---|
110 | <target>var:mode</target> |
---|
111 | </instr> |
---|
112 | <accessor-debug> |
---|
113 | <instr> |
---|
114 | <type>sloot.log</type> |
---|
115 | <operator> |
---|
116 | <msg>DBG:.....:ISOcat.manage.access.cr.dg(CR[{string($cr)}],dg[{string($dg)}],credentials[{string($credentials)}]):CR access mode:{string($mode)}</msg> |
---|
117 | </operator> |
---|
118 | <cr>var:cr</cr> |
---|
119 | <dg>var:dg</dg> |
---|
120 | <credentials>var:credentials</credentials> |
---|
121 | <mode>var:mode</mode> |
---|
122 | </instr> |
---|
123 | </accessor-debug> |
---|
124 | </then> |
---|
125 | <else> |
---|
126 | <accessor-debug> |
---|
127 | <instr> |
---|
128 | <type>sloot.log</type> |
---|
129 | <operator> |
---|
130 | <msg>DBG:.....:ISOcat.manage.access.cr.dg(CR[{string($cr)}],dg[{string($dg)}],credentials[{string($credentials)}]):invalid credentials</msg> |
---|
131 | </operator> |
---|
132 | <cr>var:cr</cr> |
---|
133 | <dg>var:dg</dg> |
---|
134 | <credentials>var:credentials</credentials> |
---|
135 | <target>var:msg</target> |
---|
136 | </instr> |
---|
137 | <instr> |
---|
138 | <type>sloot.log</type> |
---|
139 | <operand>var:msg</operand> |
---|
140 | </instr> |
---|
141 | </accessor-debug> |
---|
142 | </else> |
---|
143 | </if> |
---|
144 | <instr> |
---|
145 | <type>copy</type> |
---|
146 | <operand>var:mode</operand> |
---|
147 | <target>this:response</target> |
---|
148 | </instr> |
---|
149 | </idoc> |
---|
150 | <exception> |
---|
151 | <debug/> |
---|
152 | <trace>ffcpl:/trace/cr_dg.exception.xml</trace> |
---|
153 | <response> |
---|
154 | <string/> |
---|
155 | </response> |
---|
156 | </exception> |
---|
157 | <response> |
---|
158 | <debug>ffcpl:/trace/cr_dg.response.xml</debug> |
---|
159 | <mime>application/xml</mime> |
---|
160 | </response> |
---|
161 | </accessor> |
---|