Revision 1123
Added by Jing Tao over 22 years ago
| src/edu/ucsb/nceas/metacat/AccessControlList.java | ||
|---|---|---|
| 104 | 104 |
* |
| 105 | 105 |
* @param conn the JDBC connection where acl info is get |
| 106 | 106 |
*/ |
| 107 |
public AccessControlList(Connection conn) throws SQLException
|
|
| 107 |
public AccessControlList() throws SQLException |
|
| 108 | 108 |
{
|
| 109 |
this.conn = conn; |
|
| 109 |
|
|
| 110 | 110 |
} |
| 111 | 111 |
|
| 112 | 112 |
/** |
| ... | ... | |
| 121 | 121 |
* @param serverCode the serverid from xml_replication on which this document |
| 122 | 122 |
* resides. |
| 123 | 123 |
*/ |
| 124 |
public AccessControlList(Connection conn, String aclid, //Reader acl,
|
|
| 124 |
public AccessControlList(String aclid, //Reader acl, |
|
| 125 | 125 |
String user, String[] groups, int serverCode) |
| 126 | 126 |
throws SAXException, IOException, McdbException |
| 127 | 127 |
{
|
| ... | ... | |
| 129 | 129 |
this.server = MetaCatUtil.getOption("server");
|
| 130 | 130 |
this.sep = MetaCatUtil.getOption("accNumSeparator");
|
| 131 | 131 |
|
| 132 |
this.conn = conn; |
|
| 132 |
//this.conn = conn;
|
|
| 133 | 133 |
this.parserName = parserName; |
| 134 | 134 |
this.processingDTD = false; |
| 135 | 135 |
this.elementStack = new Stack(); |
| ... | ... | |
| 194 | 194 |
|
| 195 | 195 |
// make a DBEntityResolver instance |
| 196 | 196 |
// Set the EntityReslover to DBEntityResolver instance |
| 197 |
EntityResolver eresolver = new DBEntityResolver(conn,this,null);
|
|
| 197 |
EntityResolver eresolver = new DBEntityResolver(this,null); |
|
| 198 | 198 |
parser.setEntityResolver((EntityResolver)eresolver); |
| 199 | 199 |
|
| 200 | 200 |
// Set the ErrorHandler to this instance |
| ... | ... | |
| 410 | 410 |
throws SQLException |
| 411 | 411 |
{
|
| 412 | 412 |
Vector aclObjects = new Vector(); |
| 413 |
// delete all acl records for resources related to @aclid if any |
|
| 414 |
PreparedStatement pstmt = conn.prepareStatement( |
|
| 413 |
DBConnection conn = null; |
|
| 414 |
int serialNumber = -1; |
|
| 415 |
PreparedStatement pstmt = null; |
|
| 416 |
try |
|
| 417 |
{
|
|
| 418 |
//get connection from DBConnectionPool |
|
| 419 |
conn=DBConnectionPool.getDBConnection("AccessControlList.getACLObject");
|
|
| 420 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 421 |
|
|
| 422 |
// delete all acl records for resources related to @aclid if any |
|
| 423 |
pstmt = conn.prepareStatement( |
|
| 415 | 424 |
"SELECT object FROM xml_relation " + |
| 416 | 425 |
"WHERE subject = ? "); |
| 417 |
pstmt.setString(1,aclid); |
|
| 418 |
pstmt.execute(); |
|
| 419 |
ResultSet rs = pstmt.getResultSet(); |
|
| 420 |
boolean hasRows = rs.next(); |
|
| 421 |
while (hasRows) {
|
|
| 422 |
aclObjects.addElement(rs.getString(1)); |
|
| 423 |
hasRows = rs.next(); |
|
| 426 |
pstmt.setString(1,aclid); |
|
| 427 |
pstmt.execute(); |
|
| 428 |
ResultSet rs = pstmt.getResultSet(); |
|
| 429 |
boolean hasRows = rs.next(); |
|
| 430 |
while (hasRows) {
|
|
| 431 |
aclObjects.addElement(rs.getString(1)); |
|
| 432 |
hasRows = rs.next(); |
|
| 433 |
}//whil |
|
| 424 | 434 |
} |
| 435 |
catch (SQLException e) |
|
| 436 |
{
|
|
| 437 |
throw e; |
|
| 438 |
} |
|
| 439 |
finally |
|
| 440 |
{
|
|
| 441 |
pstmt.close(); |
|
| 442 |
//retrun DBConnection |
|
| 443 |
DBConnectionPool.returnDBConnection(conn,serialNumber); |
|
| 444 |
} |
|
| 425 | 445 |
|
| 426 |
pstmt.close(); |
|
| 427 |
|
|
| 428 | 446 |
return aclObjects; |
| 429 | 447 |
} |
| 430 | 448 |
|
| ... | ... | |
| 432 | 450 |
private void deletePermissionsForRelatedResources(String aclid) |
| 433 | 451 |
throws SQLException |
| 434 | 452 |
{
|
| 435 |
// delete all acl records for resources related to @aclid if any |
|
| 436 |
Statement stmt = conn.createStatement(); |
|
| 437 |
stmt.execute("DELETE FROM xml_access WHERE accessfileid = '" + aclid + "'");
|
|
| 438 |
stmt.close(); |
|
| 453 |
DBConnection conn = null; |
|
| 454 |
int serialNumber = -1; |
|
| 455 |
Statement stmt = null; |
|
| 456 |
try |
|
| 457 |
{
|
|
| 458 |
//check out DBConenction |
|
| 459 |
conn=DBConnectionPool.getDBConnection("AccessControlList.deltePerm");
|
|
| 460 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 461 |
// delete all acl records for resources related to @aclid if any |
|
| 462 |
stmt = conn.createStatement(); |
|
| 463 |
stmt.execute("DELETE FROM xml_access WHERE accessfileid = '" + aclid
|
|
| 464 |
+ "'"); |
|
| 465 |
} |
|
| 466 |
catch (SQLException e) |
|
| 467 |
{
|
|
| 468 |
throw e; |
|
| 469 |
} |
|
| 470 |
finally |
|
| 471 |
{
|
|
| 472 |
stmt.close(); |
|
| 473 |
//retrun DBConnection |
|
| 474 |
DBConnectionPool.returnDBConnection(conn,serialNumber); |
|
| 475 |
} |
|
| 439 | 476 |
} |
| 440 | 477 |
|
| 441 | 478 |
/* Insert into db calculated permission for the list of principals */ |
| ... | ... | |
| 443 | 480 |
throws SQLException |
| 444 | 481 |
{
|
| 445 | 482 |
PreparedStatement pstmt; |
| 483 |
DBConnection conn = null; |
|
| 484 |
int serialNumber = -1; |
|
| 446 | 485 |
try {
|
| 486 |
//Check out DBConnection |
|
| 487 |
conn=DBConnectionPool.getDBConnection("AccessControlList.insertPerm");
|
|
| 488 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 489 |
|
|
| 447 | 490 |
pstmt = conn.prepareStatement( |
| 448 | 491 |
"INSERT INTO xml_access " + |
| 449 | 492 |
"(docid, principal_name, permission, perm_type, perm_order," + |
| ... | ... | |
| 490 | 533 |
throw new |
| 491 | 534 |
SQLException("AccessControlList.insertPermissions(): " + e.getMessage());
|
| 492 | 535 |
} |
| 536 |
finally |
|
| 537 |
{
|
|
| 538 |
//return the DBConnection |
|
| 539 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 540 |
} |
|
| 493 | 541 |
} |
| 494 | 542 |
|
| 495 | 543 |
/* Get permissions with permission order different than @permOrder. */ |
| ... | ... | |
| 497 | 545 |
String docid, String permOrder) |
| 498 | 546 |
throws SQLException |
| 499 | 547 |
{
|
| 500 |
PreparedStatement pstmt; |
|
| 501 |
pstmt = conn.prepareStatement( |
|
| 548 |
PreparedStatement pstmt = null; |
|
| 549 |
DBConnection conn = null; |
|
| 550 |
int serialNumber = -1; |
|
| 551 |
try |
|
| 552 |
{
|
|
| 553 |
//check out DBConnection |
|
| 554 |
conn=DBConnectionPool.getDBConnection("AccessControlList.getPermissions");
|
|
| 555 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 556 |
pstmt = conn.prepareStatement( |
|
| 502 | 557 |
"SELECT permission FROM xml_access " + |
| 503 | 558 |
"WHERE docid = ? " + |
| 504 | 559 |
"AND principal_name = ? " + |
| 505 | 560 |
"AND perm_order NOT = ?"); |
| 506 |
pstmt.setString(1, docid); |
|
| 507 |
pstmt.setString(2, principal); |
|
| 508 |
pstmt.setString(3, permOrder); |
|
| 509 |
pstmt.execute(); |
|
| 510 |
ResultSet rs = pstmt.getResultSet(); |
|
| 511 |
boolean hasRow = rs.next(); |
|
| 512 |
int perm = 0; |
|
| 513 |
while ( hasRow ) {
|
|
| 514 |
perm = rs.getInt(1); |
|
| 515 |
perm = permission & perm; |
|
| 516 |
if ( perm != 0 ) {
|
|
| 517 |
pstmt.close(); |
|
| 518 |
return perm; |
|
| 561 |
pstmt.setString(1, docid); |
|
| 562 |
pstmt.setString(2, principal); |
|
| 563 |
pstmt.setString(3, permOrder); |
|
| 564 |
pstmt.execute(); |
|
| 565 |
ResultSet rs = pstmt.getResultSet(); |
|
| 566 |
boolean hasRow = rs.next(); |
|
| 567 |
int perm = 0; |
|
| 568 |
while ( hasRow ) {
|
|
| 569 |
perm = rs.getInt(1); |
|
| 570 |
perm = permission & perm; |
|
| 571 |
if ( perm != 0 ) {
|
|
| 572 |
pstmt.close(); |
|
| 573 |
return perm; |
|
| 574 |
} |
|
| 575 |
hasRow = rs.next(); |
|
| 519 | 576 |
} |
| 520 |
hasRow = rs.next(); |
|
| 577 |
}//try |
|
| 578 |
catch (SQLException e) |
|
| 579 |
{
|
|
| 580 |
throw e; |
|
| 521 | 581 |
} |
| 522 |
pstmt.close(); |
|
| 582 |
finally |
|
| 583 |
{
|
|
| 584 |
pstmt.close(); |
|
| 585 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 586 |
} |
|
| 523 | 587 |
return 0; |
| 524 | 588 |
} |
| 525 | 589 |
|
| ... | ... | |
| 567 | 631 |
//detele the rev number if docid contains it |
| 568 | 632 |
docId=MetaCatUtil.getDocIdFromString(docId); |
| 569 | 633 |
PreparedStatement pStmt=null; |
| 634 |
DBConnection conn = null; |
|
| 635 |
int serialNumber = -1; |
|
| 570 | 636 |
try |
| 571 | 637 |
{
|
| 638 |
//check out DBConnection |
|
| 639 |
conn=DBConnectionPool.getDBConnection("AccessControlList.isAccessDoc");
|
|
| 640 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 572 | 641 |
pStmt = conn.prepareStatement("select 'x' from xml_access where " +
|
| 573 | 642 |
"accessfileid like '" + docId + "'"); |
| 574 | 643 |
pStmt.execute(); |
| ... | ... | |
| 587 | 656 |
"Error checking ownership for " + principal + |
| 588 | 657 |
" on document #" + docId + ". " + e.getMessage()); |
| 589 | 658 |
} |
| 659 |
finally |
|
| 660 |
{
|
|
| 661 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 662 |
} |
|
| 590 | 663 |
return false; |
| 591 | 664 |
}//isAccessDocument |
| 592 | 665 |
|
| ... | ... | |
| 626 | 699 |
int lengthOfArray=principals.length; |
| 627 | 700 |
boolean hasRow; |
| 628 | 701 |
PreparedStatement pStmt=null; |
| 702 |
DBConnection conn = null; |
|
| 703 |
int serialNumber = -1; |
|
| 704 |
|
|
| 629 | 705 |
try |
| 630 | 706 |
{
|
| 707 |
//check out DBConnection |
|
| 708 |
conn=DBConnectionPool.getDBConnection("AccessControlList.containDocOnwer");
|
|
| 709 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 631 | 710 |
pStmt = conn.prepareStatement( |
| 632 | 711 |
"SELECT 'x' FROM xml_documents " + |
| 633 | 712 |
"WHERE docid = ? AND user_owner = ?"); |
| ... | ... | |
| 660 | 739 |
"Error checking ownership for " + principals[0] + |
| 661 | 740 |
" on document #" + docId + ". " + e.getMessage()); |
| 662 | 741 |
}//catch |
| 663 |
|
|
| 664 |
|
|
| 665 |
pStmt.close(); |
|
| 666 |
|
|
| 742 |
finally |
|
| 743 |
{
|
|
| 744 |
pStmt.close(); |
|
| 745 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 746 |
} |
|
| 667 | 747 |
return false; |
| 668 | 748 |
}//containDocumentOwner |
| 669 | 749 |
|
| ... | ... | |
| 677 | 757 |
{
|
| 678 | 758 |
int lengthOfArray=principals.length; |
| 679 | 759 |
boolean hasRow; |
| 760 |
PreparedStatement pStmt = null; |
|
| 761 |
DBConnection conn = null; |
|
| 762 |
int serialNumber = -1; |
|
| 763 |
try |
|
| 764 |
{
|
|
| 765 |
//check out DBConnection |
|
| 766 |
conn=DBConnectionPool.getDBConnection("AccessControlList.isAllowFirst");
|
|
| 767 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 680 | 768 |
|
| 681 |
//select permission order from database |
|
| 682 |
PreparedStatement pStmt = conn.prepareStatement(
|
|
| 769 |
//select permission order from database
|
|
| 770 |
pStmt = conn.prepareStatement(
|
|
| 683 | 771 |
"SELECT perm_order FROM xml_access " + |
| 684 | 772 |
"WHERE principal_name= ? AND docid = ?"); |
| 685 | 773 |
|
| 686 |
//check every name in the array |
|
| 687 |
for (int i=0; i<lengthOfArray;i++) |
|
| 688 |
{
|
|
| 689 |
//bind value |
|
| 690 |
pStmt.setString(1, principals[i]);//user name |
|
| 691 |
pStmt.setString(2, docId);//docid |
|
| 774 |
//check every name in the array
|
|
| 775 |
for (int i=0; i<lengthOfArray;i++)
|
|
| 776 |
{
|
|
| 777 |
//bind value
|
|
| 778 |
pStmt.setString(1, principals[i]);//user name
|
|
| 779 |
pStmt.setString(2, docId);//docid
|
|
| 692 | 780 |
|
| 693 |
pStmt.execute(); |
|
| 694 |
ResultSet rs = pStmt.getResultSet(); |
|
| 695 |
hasRow=rs.next(); |
|
| 696 |
if (hasRow) |
|
| 697 |
{
|
|
| 698 |
//get the permission order from data base |
|
| 699 |
String permissionOrder=rs.getString(1); |
|
| 700 |
//if the permission order is "allowFirst |
|
| 701 |
if (permissionOrder.equalsIgnoreCase(ALLOWFIRST)) |
|
| 781 |
pStmt.execute(); |
|
| 782 |
ResultSet rs = pStmt.getResultSet(); |
|
| 783 |
hasRow=rs.next(); |
|
| 784 |
if (hasRow) |
|
| 702 | 785 |
{
|
| 703 |
pStmt.close(); |
|
| 704 |
return true; |
|
| 705 |
} |
|
| 706 |
else |
|
| 707 |
{
|
|
| 708 |
pStmt.close(); |
|
| 709 |
return false; |
|
| 710 |
} |
|
| 711 |
}//if |
|
| 712 |
}//for |
|
| 786 |
//get the permission order from data base |
|
| 787 |
String permissionOrder=rs.getString(1); |
|
| 788 |
//if the permission order is "allowFirst |
|
| 789 |
if (permissionOrder.equalsIgnoreCase(ALLOWFIRST)) |
|
| 790 |
{
|
|
| 791 |
pStmt.close(); |
|
| 792 |
return true; |
|
| 793 |
} |
|
| 794 |
else |
|
| 795 |
{
|
|
| 796 |
pStmt.close(); |
|
| 797 |
return false; |
|
| 798 |
} |
|
| 799 |
}//if |
|
| 800 |
}//for |
|
| 801 |
}//try |
|
| 802 |
catch (SQLException e) |
|
| 803 |
{
|
|
| 804 |
throw e; |
|
| 805 |
} |
|
| 806 |
finally |
|
| 807 |
{
|
|
| 808 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 809 |
} |
|
| 713 | 810 |
|
| 714 | 811 |
//if reach here, means there is no permssion record for given names and |
| 715 | 812 |
//docid. So throw a exception. |
| ... | ... | |
| 735 | 832 |
int lengthOfArray=principals.length; |
| 736 | 833 |
boolean allow=false;//initial value is no allow rule |
| 737 | 834 |
ResultSet rs; |
| 738 |
PreparedStatement pStmt; |
|
| 835 |
PreparedStatement pStmt = null;
|
|
| 739 | 836 |
int permissionValue=intValue(permission); |
| 740 | 837 |
int permissionValueInTable; |
| 741 | 838 |
int ticketCount; |
| 742 |
|
|
| 743 |
//This sql statement will select entry with |
|
| 744 |
//begin_time<=currentTime<=end_time in xml_access table |
|
| 745 |
//If begin_time or end_time is null in table, isnull(begin_time, sysdate) |
|
| 746 |
//function will assign begin_time=sysdate |
|
| 747 |
pStmt = conn.prepareStatement( |
|
| 839 |
DBConnection conn = null; |
|
| 840 |
int serialNumber = -1; |
|
| 841 |
try |
|
| 842 |
{
|
|
| 843 |
//check out DBConnection |
|
| 844 |
conn=DBConnectionPool.getDBConnection("AccessControlList.hasAllowRule");
|
|
| 845 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 846 |
//This sql statement will select entry with |
|
| 847 |
//begin_time<=currentTime<=end_time in xml_access table |
|
| 848 |
//If begin_time or end_time is null in table, isnull(begin_time, sysdate) |
|
| 849 |
//function will assign begin_time=sysdate |
|
| 850 |
pStmt = conn.prepareStatement( |
|
| 748 | 851 |
"SELECT permission, ticket_count " + |
| 749 | 852 |
"FROM xml_access " + |
| 750 | 853 |
"WHERE docid = ? " + |
| ... | ... | |
| 753 | 856 |
"AND " + sysdate + |
| 754 | 857 |
" BETWEEN " + isnull + "(begin_time," + sysdate + ") " + |
| 755 | 858 |
"AND " + isnull + "(end_time," + sysdate + ")"); |
| 756 |
//bind docid, perm_type |
|
| 757 |
pStmt.setString(1, docId); |
|
| 758 |
pStmt.setString(3, ALLOW); |
|
| 859 |
//bind docid, perm_type
|
|
| 860 |
pStmt.setString(1, docId);
|
|
| 861 |
pStmt.setString(3, ALLOW);
|
|
| 759 | 862 |
|
| 760 |
//bind every elenment in user name array |
|
| 863 |
//bind every elenment in user name array
|
|
| 761 | 864 |
for (int i=0;i<lengthOfArray; i++) |
| 762 | 865 |
{
|
| 763 | 866 |
pStmt.setString(2, principals[i]); |
| ... | ... | |
| 791 | 894 |
}//if |
| 792 | 895 |
}//while |
| 793 | 896 |
}//for |
| 794 |
pStmt.close(); |
|
| 897 |
}//try |
|
| 898 |
catch (SQLException sqlE) |
|
| 899 |
{
|
|
| 900 |
throw sqlE; |
|
| 901 |
} |
|
| 902 |
catch (Exception e) |
|
| 903 |
{
|
|
| 904 |
throw e; |
|
| 905 |
} |
|
| 906 |
finally |
|
| 907 |
{
|
|
| 908 |
pStmt.close(); |
|
| 909 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 910 |
} |
|
| 795 | 911 |
return allow; |
| 796 | 912 |
}//hasAllowRule |
| 797 | 913 |
|
| 798 |
/** |
|
| 799 |
* Check if the users array has allow rules for given users, docid and |
|
| 800 |
* permission. |
|
| 801 |
* If it has permission rule and ticket count is greater than 0, the ticket |
|
| 802 |
* number will decrease one |
|
| 803 |
* @param principals, list of names of principals to check for |
|
| 804 |
* @param docid, document identifier to check for |
|
| 805 |
* @param permission, the permssion need to check |
|
| 806 |
*/ |
|
| 807 |
private boolean hasAllowRuleBackup(String [] principals, String docId, |
|
| 808 |
String permission) |
|
| 809 |
throws SQLException, Exception |
|
| 810 |
{
|
|
| 811 |
int lengthOfArray=principals.length; |
|
| 812 |
ResultSet rs; |
|
| 813 |
PreparedStatement pStmt; |
|
| 814 |
int permissionValue=intValue(permission); |
|
| 815 |
int permissionValueInTable; |
|
| 816 |
int ticketCount; |
|
| 914 |
|
|
| 817 | 915 |
|
| 818 |
//This sql statement will select entry with |
|
| 819 |
//begin_time<=currentTime<=end_time in xml_access table |
|
| 820 |
//If begin_time or end_time is null in table, isnull(begin_time, sysdate) |
|
| 821 |
//function will assign begin_time=sysdate |
|
| 822 |
pStmt = conn.prepareStatement( |
|
| 823 |
"SELECT permission, ticket_count " + |
|
| 824 |
"FROM xml_access " + |
|
| 825 |
"WHERE docid = ? " + |
|
| 826 |
"AND principal_name = ? " + |
|
| 827 |
"AND perm_type = ? " + |
|
| 828 |
"AND " + sysdate + |
|
| 829 |
" BETWEEN " + isnull + "(begin_time," + sysdate + ") " + |
|
| 830 |
"AND " + isnull + "(end_time," + sysdate + ")"); |
|
| 831 |
//bind docid, perm_type |
|
| 832 |
pStmt.setString(1, docId); |
|
| 833 |
pStmt.setString(3, ALLOW); |
|
| 834 |
|
|
| 835 |
//bind every elenment in user name array |
|
| 836 |
for (int i=0;i<lengthOfArray; i++) |
|
| 837 |
{
|
|
| 838 |
pStmt.setString(2, principals[i]); |
|
| 839 |
pStmt.execute(); |
|
| 840 |
rs=pStmt.getResultSet(); |
|
| 841 |
while (rs.next())//check every entry for one user |
|
| 842 |
{
|
|
| 843 |
permissionValueInTable=rs.getInt(1); |
|
| 844 |
ticketCount=rs.getInt(2); |
|
| 845 |
|
|
| 846 |
//permission is ok and ticketcount geat than 0 or ticket is null, |
|
| 847 |
//the user have a permission to access the file |
|
| 848 |
if ((( permissionValueInTable & permissionValue )== permissionValue ) |
|
| 849 |
&& (rs.wasNull()||ticketCount > 0)) |
|
| 850 |
{
|
|
| 851 |
//ticket count should minus one |
|
| 852 |
//ticketCount isnot null and greater than 0, order is allowfirst |
|
| 853 |
if (!rs.wasNull() && ticketCount>0 && isAllowFirst(principals,docId)) |
|
| 854 |
{
|
|
| 855 |
decreaseNumberOfAccess(permissionValueInTable, principals[i], |
|
| 856 |
docId, ALLOW, ALLOWFIRST); |
|
| 857 |
} |
|
| 858 |
//ticketCount isnot null and greater than 0, order is not allowfirst |
|
| 859 |
if (!rs.wasNull() &&ticketCount>0 && !isAllowFirst(principals,docId)) |
|
| 860 |
{
|
|
| 861 |
decreaseNumberOfAccess(permissionValueInTable, principals[i], |
|
| 862 |
docId, ALLOW, DENYFIRST); |
|
| 863 |
} |
|
| 864 |
pStmt.close(); |
|
| 865 |
return true; |
|
| 866 |
}//if |
|
| 867 |
}//while |
|
| 868 |
}//for |
|
| 869 |
pStmt.close(); |
|
| 870 |
return false;//no allow rule |
|
| 871 |
}//hasAllowRule |
|
| 872 |
|
|
| 873 | 916 |
/** |
| 874 | 917 |
* Check if the users array has explicit deny rules for given users, docid |
| 875 | 918 |
* and permission. That means the perm_type is deny and current time is |
| ... | ... | |
| 884 | 927 |
{
|
| 885 | 928 |
int lengthOfArray=principals.length; |
| 886 | 929 |
ResultSet rs; |
| 887 |
PreparedStatement pStmt; |
|
| 930 |
PreparedStatement pStmt = null;
|
|
| 888 | 931 |
int permissionValue=intValue(permission); |
| 889 | 932 |
int permissionValueInTable; |
| 890 |
|
|
| 933 |
DBConnection conn = null; |
|
| 934 |
int serialNumber = -1; |
|
| 891 | 935 |
|
| 892 |
//This sql statement will select entry with |
|
| 893 |
//begin_time<=currentTime<=end_time in xml_access table |
|
| 894 |
//If begin_time or end_time is null in table, isnull(begin_time, sysdate) |
|
| 895 |
//function will assign begin_time=sysdate |
|
| 896 |
pStmt = conn.prepareStatement( |
|
| 936 |
try |
|
| 937 |
{
|
|
| 938 |
//check out DBConnection |
|
| 939 |
conn=DBConnectionPool.getDBConnection("AccessControlList.hasExplicitDeny");
|
|
| 940 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 941 |
|
|
| 942 |
//This sql statement will select entry with |
|
| 943 |
//begin_time<=currentTime<=end_time in xml_access table |
|
| 944 |
//If begin_time or end_time is null in table, isnull(begin_time, sysdate) |
|
| 945 |
//function will assign begin_time=sysdate |
|
| 946 |
pStmt = conn.prepareStatement( |
|
| 897 | 947 |
"SELECT permission " + |
| 898 | 948 |
"FROM xml_access " + |
| 899 | 949 |
"WHERE docid = ? " + |
| ... | ... | |
| 902 | 952 |
"AND " + sysdate + |
| 903 | 953 |
" BETWEEN " + isnull + "(begin_time," + sysdate + ") " + |
| 904 | 954 |
"AND " + isnull + "(end_time," + sysdate + ")"); |
| 905 |
//bind docid, perm_type |
|
| 906 |
pStmt.setString(1, docId); |
|
| 907 |
pStmt.setString(3, DENY); |
|
| 955 |
//bind docid, perm_type
|
|
| 956 |
pStmt.setString(1, docId);
|
|
| 957 |
pStmt.setString(3, DENY);
|
|
| 908 | 958 |
|
| 909 |
//bind every elenment in user name array |
|
| 959 |
//bind every elenment in user name array
|
|
| 910 | 960 |
for (int i=0;i<lengthOfArray; i++) |
| 911 | 961 |
{
|
| 912 | 962 |
pStmt.setString(2, principals[i]); |
| ... | ... | |
| 925 | 975 |
}//if |
| 926 | 976 |
}//while |
| 927 | 977 |
}//for |
| 928 |
pStmt.close(); |
|
| 929 |
return false;//no deny rule |
|
| 978 |
}//try |
|
| 979 |
catch (SQLException e) |
|
| 980 |
{
|
|
| 981 |
throw e; |
|
| 982 |
}//catch |
|
| 983 |
finally |
|
| 984 |
{
|
|
| 985 |
pStmt.close(); |
|
| 986 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 987 |
}//finally |
|
| 988 |
return false;//no deny rule |
|
| 930 | 989 |
}//hasExplicitDenyRule |
| 931 | 990 |
|
| 932 | 991 |
/** |
| ... | ... | |
| 944 | 1003 |
{
|
| 945 | 1004 |
int lengthOfArray=principals.length; |
| 946 | 1005 |
ResultSet rs; |
| 947 |
PreparedStatement pStmt; |
|
| 1006 |
PreparedStatement pStmt = null;
|
|
| 948 | 1007 |
int permissionValue=intValue(permission); |
| 949 | 1008 |
int permissionValueInTable; |
| 1009 |
DBConnection conn = null; |
|
| 1010 |
int serialNumber = -1; |
|
| 1011 |
|
|
| 950 | 1012 |
|
| 951 |
|
|
| 952 |
//This sql statement will select entry with perm_type =allow and |
|
| 953 |
//currentTime is less than begin_time or greater than end time |
|
| 954 |
//in xml_access table. This is an implicit deny rule (allow is out of date) |
|
| 955 |
pStmt = conn.prepareStatement( |
|
| 1013 |
try |
|
| 1014 |
{
|
|
| 1015 |
//check out DBConnection |
|
| 1016 |
conn=DBConnectionPool.getDBConnection("AccessControlList.hasImplicitDeny");
|
|
| 1017 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 1018 |
//This sql statement will select entry with perm_type =allow and |
|
| 1019 |
//currentTime is less than begin_time or greater than end time |
|
| 1020 |
//in xml_access table. This is an implicit deny rule (allow is out of date) |
|
| 1021 |
pStmt = conn.prepareStatement( |
|
| 956 | 1022 |
"SELECT permission " + |
| 957 | 1023 |
"FROM xml_access " + |
| 958 | 1024 |
"WHERE docid = ? " + |
| ... | ... | |
| 961 | 1027 |
"AND " + sysdate + |
| 962 | 1028 |
" < " + isnull + "(begin_time," + sysdate + ") " + |
| 963 | 1029 |
"OR " + sysdate + " > "+ isnull + "(end_time," + sysdate + ")"); |
| 964 |
//bind docid, perm_type |
|
| 965 |
pStmt.setString(1, docId); |
|
| 966 |
pStmt.setString(3, ALLOW);//It is allow |
|
| 1030 |
//bind docid, perm_type
|
|
| 1031 |
pStmt.setString(1, docId);
|
|
| 1032 |
pStmt.setString(3, ALLOW);//It is allow
|
|
| 967 | 1033 |
|
| 968 |
//bind every elenment in user name array |
|
| 1034 |
//bind every elenment in user name array
|
|
| 969 | 1035 |
for (int i=0;i<lengthOfArray; i++) |
| 970 | 1036 |
{
|
| 971 | 1037 |
pStmt.setString(2, principals[i]); |
| ... | ... | |
| 997 | 1063 |
"AND principal_name = ? " + |
| 998 | 1064 |
"AND perm_type = ? " + |
| 999 | 1065 |
"AND ticket_count = ?"); |
| 1000 |
//bind docid, perm_type, ticket_count |
|
| 1001 |
pStmt.setString(1, docId); |
|
| 1002 |
pStmt.setString(3, ALLOW);//It is allow! |
|
| 1003 |
pStmt.setInt(4,0); |
|
| 1004 |
|
|
| 1005 |
//bind every elenment in user name array |
|
| 1066 |
//bind docid, perm_type, ticket_count |
|
| 1067 |
pStmt.setString(1, docId); |
|
| 1068 |
pStmt.setString(3, ALLOW);//It is allow! |
|
| 1069 |
pStmt.setInt(4,0); |
|
| 1070 |
|
|
| 1071 |
//Because this DBConnection used twice in this method. But we only count one |
|
| 1072 |
//when it checked out. So we should increase another one |
|
| 1073 |
conn.increaseUsageCount(1); |
|
| 1074 |
|
|
| 1075 |
//bind every elenment in user name array |
|
| 1006 | 1076 |
for (int i=0;i<lengthOfArray; i++) |
| 1007 | 1077 |
{
|
| 1008 | 1078 |
pStmt.setString(2, principals[i]); |
| ... | ... | |
| 1023 | 1093 |
}//if |
| 1024 | 1094 |
}//while |
| 1025 | 1095 |
}//for |
| 1026 |
|
|
| 1027 |
pStmt.close(); |
|
| 1096 |
}//try |
|
| 1097 |
finally |
|
| 1098 |
{
|
|
| 1099 |
pStmt.close(); |
|
| 1100 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 1101 |
}//finally |
|
| 1028 | 1102 |
return false;//no implicit deny rule |
| 1029 | 1103 |
}//hasImplicitDenyRule |
| 1030 | 1104 |
|
| ... | ... | |
| 1103 | 1177 |
throws SQLException |
| 1104 | 1178 |
{
|
| 1105 | 1179 |
String dataSetId=null; |
| 1106 |
PreparedStatement pStmt; |
|
| 1180 |
PreparedStatement pStmt=null;
|
|
| 1107 | 1181 |
ResultSet rs=null; |
| 1182 |
DBConnection conn=null; |
|
| 1183 |
int serialNumber=-1; |
|
| 1108 | 1184 |
String query="SELECT docId from xml_relation where subject = ? or " |
| 1109 | 1185 |
+"object = ?"; |
| 1110 | 1186 |
|
| 1111 |
pStmt=conn.prepareStatement(query); |
|
| 1112 |
//bind the value to query |
|
| 1113 |
pStmt.setString(1, accessDocId); |
|
| 1114 |
pStmt.setString(2, accessDocId); |
|
| 1115 |
//execute the query |
|
| 1116 |
pStmt.execute(); |
|
| 1117 |
rs=pStmt.getResultSet(); |
|
| 1118 |
//process the result |
|
| 1119 |
if (rs.next()) //There are some records for the data set id for access id |
|
| 1187 |
try |
|
| 1120 | 1188 |
{
|
| 1121 |
dataSetId=rs.getString(1); |
|
| 1122 |
} |
|
| 1123 |
else //No data set id for the given access id in xml_relation table |
|
| 1189 |
//check out DBConnection |
|
| 1190 |
conn=DBConnectionPool.getDBConnection("AccessControlList.getDataSetId");
|
|
| 1191 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 1192 |
|
|
| 1193 |
pStmt=conn.prepareStatement(query); |
|
| 1194 |
//bind the value to query |
|
| 1195 |
pStmt.setString(1, accessDocId); |
|
| 1196 |
pStmt.setString(2, accessDocId); |
|
| 1197 |
//execute the query |
|
| 1198 |
pStmt.execute(); |
|
| 1199 |
rs=pStmt.getResultSet(); |
|
| 1200 |
//process the result |
|
| 1201 |
if (rs.next()) //There are some records for the data set id for access id |
|
| 1202 |
{
|
|
| 1203 |
dataSetId=rs.getString(1); |
|
| 1204 |
} |
|
| 1205 |
else //No data set id for the given access id in xml_relation table |
|
| 1206 |
{
|
|
| 1207 |
dataSetId=null; |
|
| 1208 |
} |
|
| 1209 |
}//try |
|
| 1210 |
finally |
|
| 1124 | 1211 |
{
|
| 1125 |
dataSetId=null; |
|
| 1212 |
pStmt.close(); |
|
| 1213 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 1126 | 1214 |
} |
| 1127 |
|
|
| 1128 |
|
|
| 1129 |
pStmt.close(); |
|
| 1130 | 1215 |
return dataSetId; |
| 1131 | 1216 |
}//getDataPackageId() |
| 1132 | 1217 |
|
| ... | ... | |
| 1239 | 1324 |
return false; |
| 1240 | 1325 |
}//hasPermission |
| 1241 | 1326 |
|
| 1242 |
private boolean hasValidDenyEntry(String persmission, String principal, |
|
| 1243 |
String docId) |
|
| 1244 |
throws SQLException |
|
| 1245 |
{
|
|
| 1246 |
//detele the rev number if docid contains it |
|
| 1247 |
docId=MetaCatUtil.getDocIdFromString(docId); |
|
| 1248 |
PreparedStatement pStmt; |
|
| 1249 |
String permissionType; |
|
| 1250 |
int accessValue; |
|
| 1251 |
|
|
| 1252 |
|
|
| 1253 |
try |
|
| 1254 |
{
|
|
| 1255 |
pStmt = conn.prepareStatement("select perm_type, permission, begin_time"
|
|
| 1256 |
+ ", end_time from xml_access where " + |
|
| 1257 |
"docid like '" + docId + "' and " |
|
| 1258 |
+ "principal_name like '"+principal+"'"); |
|
| 1259 |
pStmt.execute(); |
|
| 1260 |
ResultSet rs = pStmt.getResultSet(); |
|
| 1261 |
boolean hasRow = rs.next(); |
|
| 1262 |
pStmt.close(); |
|
| 1263 |
if(hasRow) |
|
| 1264 |
{
|
|
| 1265 |
return true; |
|
| 1266 |
} |
|
| 1267 |
} |
|
| 1268 |
catch(SQLException e) |
|
| 1269 |
{
|
|
| 1270 |
throw new SQLException("AccessControlList.hasPermission():2 " +
|
|
| 1271 |
"Error checking ownership for " + principal + |
|
| 1272 |
" on document #" + docId + ". " + e.getMessage()); |
|
| 1273 |
} |
|
| 1274 |
return false; |
|
| 1275 |
} |
|
| 1327 |
|
|
| 1276 | 1328 |
/* Decrease the number of access to @docid for @principal in db. */ |
| 1277 | 1329 |
private void decreaseNumberOfAccess(int permission, String principal, |
| 1278 | 1330 |
String docid, String permType, |
| 1279 | 1331 |
String permOrder) |
| 1280 | 1332 |
throws SQLException |
| 1281 | 1333 |
{
|
| 1282 |
PreparedStatement pstmt; |
|
| 1283 |
pstmt = conn.prepareStatement( |
|
| 1334 |
PreparedStatement pstmt = null; |
|
| 1335 |
DBConnection conn = null; |
|
| 1336 |
int serialNumber = -1; |
|
| 1337 |
try |
|
| 1338 |
{
|
|
| 1339 |
//check out DBConnection |
|
| 1340 |
conn=DBConnectionPool.getDBConnection("AccessControlList.decreaseNumOfA");
|
|
| 1341 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 1342 |
|
|
| 1343 |
pstmt = conn.prepareStatement( |
|
| 1284 | 1344 |
"UPDATE xml_access SET ticket_count = ticket_count - 1 " + |
| 1285 | 1345 |
"WHERE docid = ? " + |
| 1286 | 1346 |
"AND principal_name = ? " + |
| ... | ... | |
| 1290 | 1350 |
"AND " + sysdate + |
| 1291 | 1351 |
" BETWEEN " + isnull + "(begin_time," + sysdate + ") " + |
| 1292 | 1352 |
"AND " + isnull + "(end_time," + sysdate + ")"); |
| 1293 |
// Bind the values to the query |
|
| 1294 |
pstmt.setString(1, docid); |
|
| 1295 |
pstmt.setString(2, principal); |
|
| 1296 |
pstmt.setInt(3, permission); |
|
| 1297 |
pstmt.setString(4, permType); |
|
| 1298 |
pstmt.setString(5, permOrder); |
|
| 1353 |
// Bind the values to the query
|
|
| 1354 |
pstmt.setString(1, docid);
|
|
| 1355 |
pstmt.setString(2, principal);
|
|
| 1356 |
pstmt.setInt(3, permission);
|
|
| 1357 |
pstmt.setString(4, permType);
|
|
| 1358 |
pstmt.setString(5, permOrder);
|
|
| 1299 | 1359 |
|
| 1300 |
pstmt.execute(); |
|
| 1301 |
pstmt.close(); |
|
| 1360 |
pstmt.execute(); |
|
| 1361 |
}//try |
|
| 1362 |
finally |
|
| 1363 |
{
|
|
| 1364 |
pstmt.close(); |
|
| 1365 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 1366 |
}//finally |
|
| 1302 | 1367 |
} |
| 1303 | 1368 |
|
| 1304 | 1369 |
|
| ... | ... | |
| 1339 | 1404 |
String end_prev = ""; |
| 1340 | 1405 |
int ticketCount = -1; |
| 1341 | 1406 |
int ticket_prev = -1; |
| 1407 |
DBConnection conn = null; |
|
| 1408 |
int serialNumber = -1; |
|
| 1342 | 1409 |
|
| 1343 | 1410 |
try {
|
| 1344 | 1411 |
|
| 1412 |
//check out DBConnection |
|
| 1413 |
conn=DBConnectionPool.getDBConnection("AccessControlList.getACL");
|
|
| 1414 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 1415 |
|
|
| 1345 | 1416 |
isOwned = isOwned(docid, user); |
| 1346 | 1417 |
systemID = getSystemID((String)MetaCatUtil. |
| 1347 | 1418 |
getOptionList(accDoctype).elementAt(0)); |
| ... | ... | |
| 1482 | 1553 |
throw new |
| 1483 | 1554 |
SQLException("AccessControlList.getACL(). " + e.getMessage());
|
| 1484 | 1555 |
} |
| 1556 |
finally |
|
| 1557 |
{
|
|
| 1558 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 1559 |
} |
|
| 1485 | 1560 |
} |
| 1486 | 1561 |
|
| 1487 | 1562 |
/* Check if @user is owner of @docid from db conn. */ |
| 1488 | 1563 |
private boolean isOwned(String docid, String user) throws SQLException {
|
| 1489 | 1564 |
|
| 1490 |
PreparedStatement pstmt; |
|
| 1491 |
pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents " +
|
|
| 1565 |
PreparedStatement pstmt = null; |
|
| 1566 |
DBConnection conn = null; |
|
| 1567 |
int serialNumber = -1; |
|
| 1568 |
try |
|
| 1569 |
{
|
|
| 1570 |
//check out DBConnection |
|
| 1571 |
conn=DBConnectionPool.getDBConnection("AccessControlList.isOwned");
|
|
| 1572 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 1573 |
pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents " +
|
|
| 1492 | 1574 |
"WHERE docid = ? " + |
| 1493 | 1575 |
"AND user_owner = ?"); |
| 1494 |
pstmt.setString(1, docid); |
|
| 1495 |
pstmt.setString(2, user); |
|
| 1496 |
pstmt.execute(); |
|
| 1497 |
ResultSet rs = pstmt.getResultSet(); |
|
| 1498 |
boolean hasRow = rs.next(); |
|
| 1499 |
|
|
| 1500 |
return hasRow; |
|
| 1576 |
pstmt.setString(1, docid); |
|
| 1577 |
pstmt.setString(2, user); |
|
| 1578 |
pstmt.execute(); |
|
| 1579 |
ResultSet rs = pstmt.getResultSet(); |
|
| 1580 |
boolean hasRow = rs.next(); |
|
| 1581 |
return hasRow; |
|
| 1582 |
} |
|
| 1583 |
finally |
|
| 1584 |
{
|
|
| 1585 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 1586 |
} |
|
| 1501 | 1587 |
} |
| 1502 | 1588 |
|
| 1503 | 1589 |
/* Get the flag for public "read" access for @docid from db conn. */ |
| 1504 | 1590 |
private String getPublicAccess(String docid) throws SQLException {
|
| 1505 | 1591 |
|
| 1506 | 1592 |
int publicAcc = 0; |
| 1507 |
PreparedStatement pstmt; |
|
| 1508 |
pstmt = conn.prepareStatement("SELECT public_access FROM xml_documents " +
|
|
| 1593 |
PreparedStatement pstmt = null; |
|
| 1594 |
DBConnection conn = null; |
|
| 1595 |
int serialNumber = -1; |
|
| 1596 |
try |
|
| 1597 |
{
|
|
| 1598 |
//check out DBConnection |
|
| 1599 |
conn=DBConnectionPool.getDBConnection("AccessControlList.getPublicAcces");
|
|
| 1600 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 1601 |
pstmt = conn.prepareStatement("SELECT public_access FROM xml_documents " +
|
|
| 1509 | 1602 |
"WHERE docid = ?"); |
| 1510 |
pstmt.setString(1, docid); |
|
| 1511 |
pstmt.execute(); |
|
| 1512 |
ResultSet rs = pstmt.getResultSet(); |
|
| 1513 |
boolean hasRow = rs.next(); |
|
| 1514 |
if ( hasRow ) {
|
|
| 1515 |
publicAcc = rs.getInt(1); |
|
| 1603 |
pstmt.setString(1, docid); |
|
| 1604 |
pstmt.execute(); |
|
| 1605 |
ResultSet rs = pstmt.getResultSet(); |
|
| 1606 |
boolean hasRow = rs.next(); |
|
| 1607 |
if ( hasRow ) {
|
|
| 1608 |
publicAcc = rs.getInt(1); |
|
| 1609 |
} |
|
| 1610 |
|
|
| 1611 |
return (publicAcc == 1) ? "yes" : "no"; |
|
| 1516 | 1612 |
} |
| 1517 |
|
|
| 1518 |
return (publicAcc == 1) ? "yes" : "no"; |
|
| 1613 |
finally |
|
| 1614 |
{
|
|
| 1615 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 1616 |
} |
|
| 1519 | 1617 |
} |
| 1520 | 1618 |
|
| 1521 | 1619 |
/* Get SystemID for @publicID from Metacat DB Catalog. */ |
| 1522 | 1620 |
private String getSystemID(String publicID) throws SQLException {
|
| 1523 | 1621 |
|
| 1524 | 1622 |
String systemID = ""; |
| 1525 |
PreparedStatement pstmt; |
|
| 1526 |
pstmt = conn.prepareStatement("SELECT system_id FROM xml_catalog " +
|
|
| 1623 |
PreparedStatement pstmt = null; |
|
| 1624 |
DBConnection conn = null; |
|
| 1625 |
int serialNumber = -1; |
|
| 1626 |
|
|
| 1627 |
try |
|
| 1628 |
{
|
|
| 1629 |
//check out DBConnection |
|
| 1630 |
conn=DBConnectionPool.getDBConnection("AccessControlList.getSystemID");
|
|
| 1631 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 1632 |
|
|
| 1633 |
pstmt = conn.prepareStatement("SELECT system_id FROM xml_catalog " +
|
|
| 1527 | 1634 |
"WHERE entry_type = 'DTD' " + |
| 1528 | 1635 |
"AND public_id = ?"); |
| 1529 |
pstmt.setString(1, publicID); |
|
| 1530 |
pstmt.execute(); |
|
| 1531 |
ResultSet rs = pstmt.getResultSet(); |
|
| 1532 |
boolean hasRow = rs.next(); |
|
| 1533 |
if ( hasRow ) {
|
|
| 1534 |
systemID = rs.getString(1); |
|
| 1535 |
} |
|
| 1636 |
pstmt.setString(1, publicID);
|
|
| 1637 |
pstmt.execute();
|
|
| 1638 |
ResultSet rs = pstmt.getResultSet();
|
|
| 1639 |
boolean hasRow = rs.next();
|
|
| 1640 |
if ( hasRow ) {
|
|
| 1641 |
systemID = rs.getString(1);
|
|
| 1642 |
}
|
|
| 1536 | 1643 |
|
| 1537 |
return systemID; |
|
| 1644 |
return systemID; |
|
| 1645 |
}//try |
|
| 1646 |
finally |
|
| 1647 |
{
|
|
| 1648 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 1649 |
}//finally |
|
| 1538 | 1650 |
} |
| 1539 | 1651 |
|
| 1540 | 1652 |
} |
Also available in: Unified diff
Make a every method check in and check out DBConnection if this method need a connection.