Changeset 5507


Ignore:
Timestamp:
07/31/14 13:13:46 (10 years ago)
Author:
Twan Goosen
Message:

Admin can now edit, delete and publish any user's private collections
Refs #589

Location:
VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry/AdminUsersServiceImpl.java

    r5506 r5507  
    2828    @Override
    2929    public final boolean isAdmin(String user) {
     30        logger.debug("Checking admin rights of {}", user);
    3031        return adminUsers.contains(user);
    3132    }

  • VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry/VirtualCollectionRegistry.java

    r5505 r5507  
    4848    @Autowired
    4949    private VirtualCollectionValidatorFactory validatorFactory;
     50    @Autowired
     51    private AdminUsersService adminUsersService;
    5052
    5153    private static final Logger logger
     
    167169                throw new VirtualCollectionNotFoundException(id);
    168170            }
    169             if (!c.getOwner().equalsPrincipal(principal)) {
     171            if (!isAllowedToModify(principal, c)) {
    170172                throw new VirtualCollectionRegistryPermissionException(
    171173                        "permission denied for user \""
     
    212214                throw new VirtualCollectionNotFoundException(id);
    213215            }
    214             if (!vc.getOwner().equalsPrincipal(principal)) {
     216            if (!isAllowedToModify(principal, vc)) {
    215217                logger.debug("virtual collection (id={}) not owned by "
    216218                        + "user '{}'", id, principal.getName());
     
    298300                throw new VirtualCollectionNotFoundException(id);
    299301            }
    300             if (!vc.getOwner().equalsPrincipal(principal)) {
     302            if (!isAllowedToModify(principal, vc)) {
    301303                logger.debug("virtual collection (id={}) not owned by "
    302304                        + "user '{}'", id, principal.getName());
     
    684686        });
    685687    }
     688   
     689    private boolean isAllowedToModify(Principal principal, VirtualCollection c) {
     690        // admin and owner are allowed to modify collections
     691        return adminUsersService.isAdmin(principal.getName())
     692                || c.getOwner().equalsPrincipal(principal);
     693    }
    686694
    687695} // class VirtualCollectionRegistry
Note: See TracChangeset for help on using the changeset viewer.