| 1 | <accessor debug="false"> |
|---|
| 2 | <name>ISOcat.manage.access.cr.dg</name> |
|---|
| 3 | <descr>Check if the user indicated by the credentials is allowed to access this CR decision group.</descr> |
|---|
| 4 | <param manadatory="true"> |
|---|
| 5 | <name>cr</name> |
|---|
| 6 | <descr>the CR</descr> |
|---|
| 7 | <source> |
|---|
| 8 | <param/> |
|---|
| 9 | <nvp/> |
|---|
| 10 | <session/> |
|---|
| 11 | </source> |
|---|
| 12 | <type canonical="true">string</type> |
|---|
| 13 | </param> |
|---|
| 14 | <param manadatory="true"> |
|---|
| 15 | <name>dg</name> |
|---|
| 16 | <descr>the CR decision group</descr> |
|---|
| 17 | <source> |
|---|
| 18 | <param/> |
|---|
| 19 | <nvp/> |
|---|
| 20 | <session/> |
|---|
| 21 | </source> |
|---|
| 22 | <type canonical="true">string</type> |
|---|
| 23 | </param> |
|---|
| 24 | <param mandatory="true"> |
|---|
| 25 | <name>credentials</name> |
|---|
| 26 | <descr>the credentials of the user trying to access the DC</descr> |
|---|
| 27 | <type canonical="true">string</type> |
|---|
| 28 | </param> |
|---|
| 29 | <idoc> |
|---|
| 30 | <accessor-debug> |
|---|
| 31 | <instr> |
|---|
| 32 | <type>sloot.log</type> |
|---|
| 33 | <operator> |
|---|
| 34 | <msg>DBG:.....:ISOcat.manage.access.cr.dg(CR[{string($cr)}],dg[{string($dg)}],credentials[{string($credentials)}])</msg> |
|---|
| 35 | </operator> |
|---|
| 36 | <cr>var:cr</cr> |
|---|
| 37 | <dg>var:dg</dg> |
|---|
| 38 | <credentials>var:credentials</credentials> |
|---|
| 39 | </instr> |
|---|
| 40 | </accessor-debug> |
|---|
| 41 | <instr> |
|---|
| 42 | <type>copy</type> |
|---|
| 43 | <operand> |
|---|
| 44 | <string/> |
|---|
| 45 | </operand> |
|---|
| 46 | <target>var:mode</target> |
|---|
| 47 | </instr> |
|---|
| 48 | <!-- check if the credentials are a valid pair --> |
|---|
| 49 | <instr> |
|---|
| 50 | <type>ISOcat.access.data.credentials</type> |
|---|
| 51 | <credentials>var:credentials</credentials> |
|---|
| 52 | <target>var:access</target> |
|---|
| 53 | </instr> |
|---|
| 54 | <!-- check if the user has access to the CR decision group --> |
|---|
| 55 | <if> |
|---|
| 56 | <cond> |
|---|
| 57 | <instr> |
|---|
| 58 | <type>copy</type> |
|---|
| 59 | <operand>var:access</operand> |
|---|
| 60 | <target>this:cond</target> |
|---|
| 61 | </instr> |
|---|
| 62 | </cond> |
|---|
| 63 | <then> |
|---|
| 64 | <instr> |
|---|
| 65 | <type>sloot.xpath2eval</type> |
|---|
| 66 | <operand>var:credentials</operand> |
|---|
| 67 | <operator> |
|---|
| 68 | <xpath>substring-before(.,':')</xpath> |
|---|
| 69 | </operator> |
|---|
| 70 | <param> |
|---|
| 71 | <return> |
|---|
| 72 | <canonical/> |
|---|
| 73 | <string/> |
|---|
| 74 | </return> |
|---|
| 75 | </param> |
|---|
| 76 | <target>var:user</target> |
|---|
| 77 | </instr> |
|---|
| 78 | <instr> |
|---|
| 79 | <type>ISOcat.manage.user.id</type> |
|---|
| 80 | <user>var:user</user> |
|---|
| 81 | <target>var:uid</target> |
|---|
| 82 | </instr> |
|---|
| 83 | <instr> |
|---|
| 84 | <type>ISOcat.manage.cr.scope</type> |
|---|
| 85 | <cr>var:cr</cr> |
|---|
| 86 | <target>var:scope</target> |
|---|
| 87 | </instr> |
|---|
| 88 | <instr> |
|---|
| 89 | <type>sloot.xquery</type> |
|---|
| 90 | <operator> |
|---|
| 91 | <string> |
|---|
| 92 | { |
|---|
| 93 | if (($scope//tdg/@ref=string($dg)) and exists($scope//account[@ref=string($uid)][@cr-role='tdg-chair'])) |
|---|
| 94 | then ('ru') (: TDG decision group and the user is the TDG chair :) |
|---|
| 95 | else ( |
|---|
| 96 | if (($scope//dcrb/@ref=string($dg)) and exists($scope//account[@ref=string($uid)][@cr-role='dcrb-chair'])) |
|---|
| 97 | then ('ru') (: DCR Board decision group and the user is the DCR Board chair :) |
|---|
| 98 | else ( |
|---|
| 99 | if (exists($scope//account[@ref=string($uid)])) |
|---|
| 100 | then ('r') |
|---|
| 101 | else ('') |
|---|
| 102 | ) |
|---|
| 103 | ) |
|---|
| 104 | } |
|---|
| 105 | </string> |
|---|
| 106 | </operator> |
|---|
| 107 | <scope>var:scope</scope> |
|---|
| 108 | <dg>var:dg</dg> |
|---|
| 109 | <uid>var:uid</uid> |
|---|
| 110 | <target>var:mode</target> |
|---|
| 111 | </instr> |
|---|
| 112 | <accessor-debug> |
|---|
| 113 | <instr> |
|---|
| 114 | <type>sloot.log</type> |
|---|
| 115 | <operator> |
|---|
| 116 | <msg>DBG:.....:ISOcat.manage.access.cr.dg(CR[{string($cr)}],dg[{string($dg)}],credentials[{string($credentials)}]):CR access mode:{string($mode)}</msg> |
|---|
| 117 | </operator> |
|---|
| 118 | <cr>var:cr</cr> |
|---|
| 119 | <dg>var:dg</dg> |
|---|
| 120 | <credentials>var:credentials</credentials> |
|---|
| 121 | <mode>var:mode</mode> |
|---|
| 122 | </instr> |
|---|
| 123 | </accessor-debug> |
|---|
| 124 | </then> |
|---|
| 125 | <else> |
|---|
| 126 | <accessor-debug> |
|---|
| 127 | <instr> |
|---|
| 128 | <type>sloot.log</type> |
|---|
| 129 | <operator> |
|---|
| 130 | <msg>DBG:.....:ISOcat.manage.access.cr.dg(CR[{string($cr)}],dg[{string($dg)}],credentials[{string($credentials)}]):invalid credentials</msg> |
|---|
| 131 | </operator> |
|---|
| 132 | <cr>var:cr</cr> |
|---|
| 133 | <dg>var:dg</dg> |
|---|
| 134 | <credentials>var:credentials</credentials> |
|---|
| 135 | <target>var:msg</target> |
|---|
| 136 | </instr> |
|---|
| 137 | <instr> |
|---|
| 138 | <type>sloot.log</type> |
|---|
| 139 | <operand>var:msg</operand> |
|---|
| 140 | </instr> |
|---|
| 141 | </accessor-debug> |
|---|
| 142 | </else> |
|---|
| 143 | </if> |
|---|
| 144 | <instr> |
|---|
| 145 | <type>copy</type> |
|---|
| 146 | <operand>var:mode</operand> |
|---|
| 147 | <target>this:response</target> |
|---|
| 148 | </instr> |
|---|
| 149 | </idoc> |
|---|
| 150 | <exception> |
|---|
| 151 | <debug/> |
|---|
| 152 | <trace>ffcpl:/trace/cr_dg.exception.xml</trace> |
|---|
| 153 | <response> |
|---|
| 154 | <string/> |
|---|
| 155 | </response> |
|---|
| 156 | </exception> |
|---|
| 157 | <response> |
|---|
| 158 | <debug>ffcpl:/trace/cr_dg.response.xml</debug> |
|---|
| 159 | <mime>application/xml</mime> |
|---|
| 160 | </response> |
|---|
| 161 | </accessor> |
|---|
