fixed bug where comparisons didn't work because of my change this morning
made this method more robust
fixed bug in new code
fixed bug where permission would get set to -1 for no good reason
change AccessControlForSingleFile to only be instantiated for one file. move ACL methods to AccessControlForSingleFile. Change format of access sections returned to EML 2.1.0.
Move access control source to it's own directory.
Add ability for doc owner to add user access to workflows.
Change location of PropertyService to properties directory
Create database and shared directories for database management code and shared code respectively.
Roll back replication user changes. Fix code that converts access levels to integer and to text.
Renamed MetaCatUtil to MetacatUtil
Add check for null access control list
translate numeric permission to text permission when serializing.
Move the DBAdaptor accessor into a DatabaseService class
qualify xml and eml properties with an xml. prefix
Continue to qualify property names
Add sql debug statements
Append context url onto system id instead of server url.
Merge 1.9 changes into Head
Removed the release ant token from all files in 'src'.
release
Change the code to make sure DocumentImpl class's constructor should have rev attached.
Change setString to setInt for ticket account because driver changes.
Delete a debug line.
using toDate method rather than to_date function directly.
Move the permission checking part.
Get rid of the permission code to handle ticket count and duration.
Remove some genric stuff to AccessControlInterface.
Delete the code that adding access rule for access file itself.
In creating xml_access table, add a condition for assigning a access document to itself: if there is not triple. If there is a triple that access file points itself, we don't need inserting again. Otherwise we will get duplicate records.
Merge branch to head.
Change to using Connection back rather than DBConnection. DBConnection will be store in a cvs branch.
Make a every method check in and check out DBConnection if this method need a connection.
Add debugMessage level in this class
In hasPermission method, a situation was considered: if no user and group, the permssion will be true. This is for the command line invocation.
Method endElement in AccessControList was revised. A feature that put access document itset into xml_access was added.
In hasPermission method, a rule for access document is implements. If user want to write a access document, it should hhave "all" permission.The permission for access document now is looking up in xml_access table directly, rather get same permission to data set document.
We decided that the permission for a user to an access documents is as same as to the data set document(which contains the access document). In order to do this, we need to look-up xml-relation table. If we could find the data set document id, just check the id. If we couldn't find one, we need check if the user is owner. If it is, has permission. Otherwise, doesn't have.
Add a new method getDataSetId to the class. The permission policy for access documents is: the user will have the same permission as data set file. (There is no entry in xml_access table for access document.
The method - hasAllowRule was revised. If a action -read or update was approved, all ticket count of allow rule entries for this action will minus one if the entries have ticket count number (not null).
The two hasPermission methods were rewritten. Some logic bugs were fixed. Now user, public and group will not be checked speratedly, but they will be check together as string array. In order to do this, private methods isAccessDocument, containDocumentOwner, isAllowFirst, hasAllowRule, hasExplicitDenyRule, hasImplicitDenyRule, and createUsersPackage were added.
Code to handle "read" permission was changed in hasPermission method. The old code used old way to look up the public_access field in xml_documents table.
made a ton of changes related to keeping oracle SQL code out of the main classes. fixed a bug where the timing of the index thread was off so when it went to index a document, the document was not already in xml_documents thus breaking the FK relation between xml_documents and xml_index. I think that bug might be the reason for the blank resultset screens in morpho. made the postgres implementation much more robust.
made it so we can now use multiple accessfilestypes and packagdfiletypes in the metacat.properties file. Also fixed a bug introduced when the 'http://' was removed from behind the server name in the loaddtd.sql script and the knb.xml file
fixed error where person with 'all' permission could not update the access file.
added new permission 'changepermission' and made 'all' inclusive for all permissions
fixed access control bug. the character data in the sax parser was not getting trimmed and causing problems. also fixed hard coded eml-dataset public id in the web index file
Removed the requirement that the relationship for ACL associations be"isRelatedTo". Now the relationship in the triple can be anything, like"describes access control rules for". This doesn't affect the ACLprocessing because it is based on the ACL document type, not the...
- when the Access file goes first before the Package file (eml-dataset-2.0)relations are not available in xml_relation, thus updated the codeto check and run ACL also after the Package file is saved.- cut out the rev# from subject and object in xml_relation as needed by ACL...
look for relationship "isRelatedTo" b' that is the word that is used in the triples
added support for multiple group membership
changed all mentions of DBAdapter to the new name AbstractDatabase
use the non-null function name from db adapter
changedSELECT ... WHERE LIKE ? ...to:SELECT ... WHERE = ? ...
It should be changed everywhere it is found
added new "getaccesscontrol" action for a given docid
Solving the problem with relication of access file where access files were rejected from the replication servers.In AccessControlList check for serverCode is included,so only on the local server the connected user is checked for having "all" permissions on the resources specified in it...
fixed typo
added location info to catch statements
included implementation for public "read" access as specified from the access file
Added license terms to source code files, and cleaned up some javadocdocumentation in a few places.
closed all preparedStatement variables
implementation for multiple <resourceIndentifier> tags under <resource>
- turned on the validation in order only valid xml docs comformed to the specified dtd (if any) to be submitted in metacat- with validation "on" white spaces are reported from ignorableWhitespace() callback, not from characters() (as with validation "off")...
unified getting "docid" value from metacat URLs specified in <resourceIdentifier> tagsby using MetaCatUtil.parseQuery() method in the same way as in MetaCatServlet.
- appling acl through access files only- clearing around update/delete of access files - to delete the related records from both xml_access and xml_relation tables- included check for user permissions for setting acl on the resources in the access file- moved RelationHandler.deleteRelations(docid) down in RelationHandler obj just before the write of the new relations
included support for submition of access files+ storing the acl info in xml_access table and relationship records in xml_relation table like<aclfile, "isaclfilefor", recourceIdentifier> for every resource included in the access file
problems with passing the connection between objects
problem with passing the connection between objects
DBEntityResolver: - added new parameter dtd for upload on Metacat file system; optional; Reader - new routines to upload dtd if provided - systemID of metadata document is used to exctract the filename of new dtd; - the new dtd is uploaded on Metacat file system as specified by dtdPath property;...
AccessControlList - methods for parsing and loading acl file - checkup method for permission for given principal on given resourceDBQuery - checkup for READ permission using AccessControlList.hasPermission()DocumentImpl - using AccessControlList object to parse and load an acl file into xml_access table...
new class for parsing ACL XML file and loading acl data into metacat db