Skip to content
Snippets Groups Projects
Commit 8f0f0f82 authored by Mike McKay's avatar Mike McKay
Browse files

XNAT-4519 Prevented guest user from being given owner/member/collaborator... 

XNAT-4519 Prevented guest user from being given owner/member/collaborator access to a project through project page or xapi.
parent 82e8eefe
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/main/java/org/nrg/xapi/rest/users/UsersApi.java
+ 3
0
View file @ 8f0f0f82
......@@ -599,6 +599,9 @@ public class UsersApi extends AbstractXapiRestController {
if (user == null) {
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
}
if(user.getID().equals(Users.getGuest().getID())){
return new ResponseEntity<>(HttpStatus.PRECONDITION_FAILED);
}
try {
Groups.addUserToGroup(group, user, getSessionUser(), null);
return new ResponseEntity<>(HttpStatus.OK);
......
src/main/java/org/nrg/xnat/restlet/resources/ProjectMemberResource.java
+ 47
43
View file @ 8f0f0f82
......@@ -188,64 +188,68 @@ public class ProjectMemberResource extends SecureResource {
try {
final UserI user = getUser();
if(Permissions.canDelete(user,proj)){
if (unknown.size()>0){
//NEW USER
try {
for(String uID : unknown){
if (unknown.size() > 0) {
//NEW USER
try {
for (String uID : unknown) {
VelocityContext context = new VelocityContext();
context.put("user",user);
context.put("server",TurbineUtils.GetFullServerPath(request));
context.put("process","Transfer to the archive.");
context.put("system",TurbineUtils.GetSystemName());
context.put("access_level",gID);
context.put("admin_email",XDAT.getSiteConfigPreferences().getAdminEmail());
context.put("projectOM",proj);
//SEND email to user
final PersistentWorkflowI wrk=PersistentWorkflowUtils.getOrCreateWorkflowData(null, user, XnatProjectdata.SCHEMA_ELEMENT_NAME, proj.getId(), proj.getId(), newEventInstance(EventUtils.CATEGORY.PROJECT_ACCESS, EventUtils.INVITE_USER_TO_PROJECT + " (" + uID + ")"));
try {
context.put("user", user);
context.put("server", TurbineUtils.GetFullServerPath(request));
context.put("process", "Transfer to the archive.");
context.put("system", TurbineUtils.GetSystemName());
context.put("access_level", gID);
context.put("admin_email", XDAT.getSiteConfigPreferences().getAdminEmail());
context.put("projectOM", proj);
//SEND email to user
final PersistentWorkflowI wrk = PersistentWorkflowUtils.getOrCreateWorkflowData(null, user, XnatProjectdata.SCHEMA_ELEMENT_NAME, proj.getId(), proj.getId(), newEventInstance(EventUtils.CATEGORY.PROJECT_ACCESS, EventUtils.INVITE_USER_TO_PROJECT + " (" + uID + ")"));
try {
ProjectAccessRequest.InviteUser(context, uID, user, user.getFirstname() + " " + user.getLastname() + " has invited you to join the " + proj.getName() + " " + DisplayManager.GetInstance().getSingularDisplayNameForProject().toLowerCase() + ".");
WorkflowUtils.complete(wrk, wrk.buildEvent());
} catch (Exception e) {
WorkflowUtils.fail(wrk, wrk.buildEvent());
logger.error("",e);
logger.error("", e);
}
}
} catch (Throwable e) {
logger.error("",e);
logger.error("", e);
}
}
if (newUsers.size()>0){
if (newUsers.size() > 0) {
//CURRENT USER
String email=(this.isQueryVariableTrue("sendemail"))?"true":"false";
boolean sendmail=Boolean.parseBoolean(email);
for(UserI newUser: newUsers){
final PersistentWorkflowI wrk=PersistentWorkflowUtils.getOrCreateWorkflowData(null, user, Users.getUserDataType(),newUser.getID().toString(),proj.getId(),newEventInstance(EventUtils.CATEGORY.PROJECT_ACCESS, EventUtils.ADD_USER_TO_PROJECT));
EventMetaI c=wrk.buildEvent();
String email = (this.isQueryVariableTrue("sendemail")) ? "true" : "false";
boolean sendmail = Boolean.parseBoolean(email);
proj.addGroupMember(group.getId(), newUser, user,WorkflowUtils.setStep(wrk, "Add " + newUser.getLogin()));
WorkflowUtils.complete(wrk, c);
for (UserI newUser : newUsers) {
if(newUser!=null && newUser.getID().equals(Users.getGuest().getID())){
getResponse().setStatus(Status.CLIENT_ERROR_PRECONDITION_FAILED);
} else {
final PersistentWorkflowI wrk = PersistentWorkflowUtils.getOrCreateWorkflowData(null, user, Users.getUserDataType(), newUser.getID().toString(), proj.getId(), newEventInstance(EventUtils.CATEGORY.PROJECT_ACCESS, EventUtils.ADD_USER_TO_PROJECT));
EventMetaI c = wrk.buildEvent();
if (sendmail){
try {
VelocityContext context = new VelocityContext();
proj.addGroupMember(group.getId(), newUser, user, WorkflowUtils.setStep(wrk, "Add " + newUser.getLogin()));
WorkflowUtils.complete(wrk, c);
context.put("user",user);
context.put("server",TurbineUtils.GetFullServerPath(request));
context.put("process","Transfer to the archive.");
context.put("system",TurbineUtils.GetSystemName());
context.put("access_level","member");
context.put("admin_email", XDAT.getSiteConfigPreferences().getAdminEmail());
context.put("projectOM",proj);
org.nrg.xnat.turbine.modules.actions.ProcessAccessRequest.SendAccessApprovalEmail(context, newUser.getEmail(), user, TurbineUtils.GetSystemName() + " Access Granted for " + proj.getName());
} catch (Throwable e) {
logger.error("",e);
}
}
if (sendmail) {
try {
VelocityContext context = new VelocityContext();
context.put("user", user);
context.put("server", TurbineUtils.GetFullServerPath(request));
context.put("process", "Transfer to the archive.");
context.put("system", TurbineUtils.GetSystemName());
context.put("access_level", "member");
context.put("admin_email", XDAT.getSiteConfigPreferences().getAdminEmail());
context.put("projectOM", proj);
org.nrg.xnat.turbine.modules.actions.ProcessAccessRequest.SendAccessApprovalEmail(context, newUser.getEmail(), user, TurbineUtils.GetSystemName() + " Access Granted for " + proj.getName());
} catch (Throwable e) {
logger.error("", e);
}
}
}
}
}
}else{
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment