Revision 1139
Added by Jing Tao over 22 years ago
src/edu/ucsb/nceas/metacat/AccessControlList.java | ||
---|---|---|
26 | 26 |
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
27 | 27 |
*/ |
28 | 28 |
|
29 |
|
|
29 | 30 |
package edu.ucsb.nceas.metacat; |
30 | 31 |
|
31 | 32 |
import java.io.*; |
... | ... | |
104 | 105 |
* |
105 | 106 |
* @param conn the JDBC connection where acl info is get |
106 | 107 |
*/ |
107 |
public AccessControlList() throws SQLException |
|
108 |
public AccessControlList(Connection conn) throws SQLException
|
|
108 | 109 |
{ |
109 |
|
|
110 |
this.conn = conn; |
|
110 | 111 |
} |
111 | 112 |
|
112 | 113 |
/** |
... | ... | |
121 | 122 |
* @param serverCode the serverid from xml_replication on which this document |
122 | 123 |
* resides. |
123 | 124 |
*/ |
124 |
public AccessControlList(String aclid, //Reader acl, |
|
125 |
public AccessControlList(Connection conn, String aclid, //Reader acl,
|
|
125 | 126 |
String user, String[] groups, int serverCode) |
126 | 127 |
throws SAXException, IOException, McdbException |
127 | 128 |
{ |
... | ... | |
129 | 130 |
this.server = MetaCatUtil.getOption("server"); |
130 | 131 |
this.sep = MetaCatUtil.getOption("accNumSeparator"); |
131 | 132 |
|
132 |
//this.conn = conn;
|
|
133 |
this.conn = conn; |
|
133 | 134 |
this.parserName = parserName; |
134 | 135 |
this.processingDTD = false; |
135 | 136 |
this.elementStack = new Stack(); |
... | ... | |
194 | 195 |
|
195 | 196 |
// make a DBEntityResolver instance |
196 | 197 |
// Set the EntityReslover to DBEntityResolver instance |
197 |
EntityResolver eresolver = new DBEntityResolver(this,null); |
|
198 |
EntityResolver eresolver = new DBEntityResolver(conn,this,null);
|
|
198 | 199 |
parser.setEntityResolver((EntityResolver)eresolver); |
199 | 200 |
|
200 | 201 |
// Set the ErrorHandler to this instance |
... | ... | |
410 | 411 |
throws SQLException |
411 | 412 |
{ |
412 | 413 |
Vector aclObjects = new Vector(); |
413 |
DBConnection conn = null; |
|
414 |
int serialNumber = -1; |
|
415 |
PreparedStatement pstmt = null; |
|
416 |
try |
|
417 |
{ |
|
418 |
//get connection from DBConnectionPool |
|
419 |
conn=DBConnectionPool.getDBConnection("AccessControlList.getACLObject"); |
|
420 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
421 |
|
|
422 |
// delete all acl records for resources related to @aclid if any |
|
423 |
pstmt = conn.prepareStatement( |
|
414 |
// delete all acl records for resources related to @aclid if any |
|
415 |
PreparedStatement pstmt = conn.prepareStatement( |
|
424 | 416 |
"SELECT object FROM xml_relation " + |
425 | 417 |
"WHERE subject = ? "); |
426 |
pstmt.setString(1,aclid); |
|
427 |
pstmt.execute(); |
|
428 |
ResultSet rs = pstmt.getResultSet(); |
|
429 |
boolean hasRows = rs.next(); |
|
430 |
while (hasRows) { |
|
431 |
aclObjects.addElement(rs.getString(1)); |
|
432 |
hasRows = rs.next(); |
|
433 |
}//whil |
|
418 |
pstmt.setString(1,aclid); |
|
419 |
pstmt.execute(); |
|
420 |
ResultSet rs = pstmt.getResultSet(); |
|
421 |
boolean hasRows = rs.next(); |
|
422 |
while (hasRows) { |
|
423 |
aclObjects.addElement(rs.getString(1)); |
|
424 |
hasRows = rs.next(); |
|
434 | 425 |
} |
435 |
catch (SQLException e) |
|
436 |
{ |
|
437 |
throw e; |
|
438 |
} |
|
439 |
finally |
|
440 |
{ |
|
441 |
pstmt.close(); |
|
442 |
//retrun DBConnection |
|
443 |
DBConnectionPool.returnDBConnection(conn,serialNumber); |
|
444 |
} |
|
445 | 426 |
|
427 |
pstmt.close(); |
|
428 |
|
|
446 | 429 |
return aclObjects; |
447 | 430 |
} |
448 | 431 |
|
... | ... | |
450 | 433 |
private void deletePermissionsForRelatedResources(String aclid) |
451 | 434 |
throws SQLException |
452 | 435 |
{ |
453 |
DBConnection conn = null; |
|
454 |
int serialNumber = -1; |
|
455 |
Statement stmt = null; |
|
456 |
try |
|
457 |
{ |
|
458 |
//check out DBConenction |
|
459 |
conn=DBConnectionPool.getDBConnection("AccessControlList.deltePerm"); |
|
460 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
461 |
// delete all acl records for resources related to @aclid if any |
|
462 |
stmt = conn.createStatement(); |
|
463 |
stmt.execute("DELETE FROM xml_access WHERE accessfileid = '" + aclid |
|
464 |
+ "'"); |
|
465 |
} |
|
466 |
catch (SQLException e) |
|
467 |
{ |
|
468 |
throw e; |
|
469 |
} |
|
470 |
finally |
|
471 |
{ |
|
472 |
stmt.close(); |
|
473 |
//retrun DBConnection |
|
474 |
DBConnectionPool.returnDBConnection(conn,serialNumber); |
|
475 |
} |
|
436 |
// delete all acl records for resources related to @aclid if any |
|
437 |
Statement stmt = conn.createStatement(); |
|
438 |
stmt.execute("DELETE FROM xml_access WHERE accessfileid = '" + aclid + "'"); |
|
439 |
stmt.close(); |
|
476 | 440 |
} |
477 | 441 |
|
478 | 442 |
/* Insert into db calculated permission for the list of principals */ |
... | ... | |
480 | 444 |
throws SQLException |
481 | 445 |
{ |
482 | 446 |
PreparedStatement pstmt; |
483 |
DBConnection conn = null; |
|
484 |
int serialNumber = -1; |
|
485 | 447 |
try { |
486 |
//Check out DBConnection |
|
487 |
conn=DBConnectionPool.getDBConnection("AccessControlList.insertPerm"); |
|
488 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
489 |
|
|
490 | 448 |
pstmt = conn.prepareStatement( |
491 | 449 |
"INSERT INTO xml_access " + |
492 | 450 |
"(docid, principal_name, permission, perm_type, perm_order," + |
... | ... | |
533 | 491 |
throw new |
534 | 492 |
SQLException("AccessControlList.insertPermissions(): " + e.getMessage()); |
535 | 493 |
} |
536 |
finally |
|
537 |
{ |
|
538 |
//return the DBConnection |
|
539 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
540 |
} |
|
541 | 494 |
} |
542 | 495 |
|
543 | 496 |
/* Get permissions with permission order different than @permOrder. */ |
... | ... | |
545 | 498 |
String docid, String permOrder) |
546 | 499 |
throws SQLException |
547 | 500 |
{ |
548 |
PreparedStatement pstmt = null; |
|
549 |
DBConnection conn = null; |
|
550 |
int serialNumber = -1; |
|
551 |
try |
|
552 |
{ |
|
553 |
//check out DBConnection |
|
554 |
conn=DBConnectionPool.getDBConnection("AccessControlList.getPermissions"); |
|
555 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
556 |
pstmt = conn.prepareStatement( |
|
501 |
PreparedStatement pstmt; |
|
502 |
pstmt = conn.prepareStatement( |
|
557 | 503 |
"SELECT permission FROM xml_access " + |
558 | 504 |
"WHERE docid = ? " + |
559 | 505 |
"AND principal_name = ? " + |
560 | 506 |
"AND perm_order NOT = ?"); |
561 |
pstmt.setString(1, docid); |
|
562 |
pstmt.setString(2, principal); |
|
563 |
pstmt.setString(3, permOrder); |
|
564 |
pstmt.execute(); |
|
565 |
ResultSet rs = pstmt.getResultSet(); |
|
566 |
boolean hasRow = rs.next(); |
|
567 |
int perm = 0; |
|
568 |
while ( hasRow ) { |
|
569 |
perm = rs.getInt(1); |
|
570 |
perm = permission & perm; |
|
571 |
if ( perm != 0 ) { |
|
572 |
pstmt.close(); |
|
573 |
return perm; |
|
574 |
} |
|
575 |
hasRow = rs.next(); |
|
507 |
pstmt.setString(1, docid); |
|
508 |
pstmt.setString(2, principal); |
|
509 |
pstmt.setString(3, permOrder); |
|
510 |
pstmt.execute(); |
|
511 |
ResultSet rs = pstmt.getResultSet(); |
|
512 |
boolean hasRow = rs.next(); |
|
513 |
int perm = 0; |
|
514 |
while ( hasRow ) { |
|
515 |
perm = rs.getInt(1); |
|
516 |
perm = permission & perm; |
|
517 |
if ( perm != 0 ) { |
|
518 |
pstmt.close(); |
|
519 |
return perm; |
|
576 | 520 |
} |
577 |
}//try |
|
578 |
catch (SQLException e) |
|
579 |
{ |
|
580 |
throw e; |
|
521 |
hasRow = rs.next(); |
|
581 | 522 |
} |
582 |
finally |
|
583 |
{ |
|
584 |
pstmt.close(); |
|
585 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
586 |
} |
|
523 |
pstmt.close(); |
|
587 | 524 |
return 0; |
588 | 525 |
} |
589 | 526 |
|
... | ... | |
631 | 568 |
//detele the rev number if docid contains it |
632 | 569 |
docId=MetaCatUtil.getDocIdFromString(docId); |
633 | 570 |
PreparedStatement pStmt=null; |
634 |
DBConnection conn = null; |
|
635 |
int serialNumber = -1; |
|
636 | 571 |
try |
637 | 572 |
{ |
638 |
//check out DBConnection |
|
639 |
conn=DBConnectionPool.getDBConnection("AccessControlList.isAccessDoc"); |
|
640 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
641 | 573 |
pStmt = conn.prepareStatement("select 'x' from xml_access where " + |
642 | 574 |
"accessfileid like '" + docId + "'"); |
643 | 575 |
pStmt.execute(); |
... | ... | |
656 | 588 |
"Error checking ownership for " + principal + |
657 | 589 |
" on document #" + docId + ". " + e.getMessage()); |
658 | 590 |
} |
659 |
finally |
|
660 |
{ |
|
661 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
662 |
} |
|
663 | 591 |
return false; |
664 | 592 |
}//isAccessDocument |
665 | 593 |
|
... | ... | |
699 | 627 |
int lengthOfArray=principals.length; |
700 | 628 |
boolean hasRow; |
701 | 629 |
PreparedStatement pStmt=null; |
702 |
DBConnection conn = null; |
|
703 |
int serialNumber = -1; |
|
704 |
|
|
705 | 630 |
try |
706 | 631 |
{ |
707 |
//check out DBConnection |
|
708 |
conn=DBConnectionPool.getDBConnection("AccessControlList.containDocOnwer"); |
|
709 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
710 | 632 |
pStmt = conn.prepareStatement( |
711 | 633 |
"SELECT 'x' FROM xml_documents " + |
712 | 634 |
"WHERE docid = ? AND user_owner = ?"); |
... | ... | |
739 | 661 |
"Error checking ownership for " + principals[0] + |
740 | 662 |
" on document #" + docId + ". " + e.getMessage()); |
741 | 663 |
}//catch |
742 |
finally |
|
743 |
{ |
|
744 |
pStmt.close(); |
|
745 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
746 |
} |
|
664 |
|
|
665 |
|
|
666 |
pStmt.close(); |
|
667 |
|
|
747 | 668 |
return false; |
748 | 669 |
}//containDocumentOwner |
749 | 670 |
|
... | ... | |
757 | 678 |
{ |
758 | 679 |
int lengthOfArray=principals.length; |
759 | 680 |
boolean hasRow; |
760 |
PreparedStatement pStmt = null; |
|
761 |
DBConnection conn = null; |
|
762 |
int serialNumber = -1; |
|
763 |
try |
|
764 |
{ |
|
765 |
//check out DBConnection |
|
766 |
conn=DBConnectionPool.getDBConnection("AccessControlList.isAllowFirst"); |
|
767 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
768 | 681 |
|
769 |
//select permission order from database
|
|
770 |
pStmt = conn.prepareStatement(
|
|
682 |
//select permission order from database |
|
683 |
PreparedStatement pStmt = conn.prepareStatement(
|
|
771 | 684 |
"SELECT perm_order FROM xml_access " + |
772 | 685 |
"WHERE principal_name= ? AND docid = ?"); |
773 | 686 |
|
774 |
//check every name in the array |
|
775 |
for (int i=0; i<lengthOfArray;i++) |
|
687 |
//check every name in the array |
|
688 |
for (int i=0; i<lengthOfArray;i++) |
|
689 |
{ |
|
690 |
//bind value |
|
691 |
pStmt.setString(1, principals[i]);//user name |
|
692 |
pStmt.setString(2, docId);//docid |
|
693 |
|
|
694 |
pStmt.execute(); |
|
695 |
ResultSet rs = pStmt.getResultSet(); |
|
696 |
hasRow=rs.next(); |
|
697 |
if (hasRow) |
|
776 | 698 |
{ |
777 |
//bind value |
|
778 |
pStmt.setString(1, principals[i]);//user name |
|
779 |
pStmt.setString(2, docId);//docid |
|
780 |
|
|
781 |
pStmt.execute(); |
|
782 |
ResultSet rs = pStmt.getResultSet(); |
|
783 |
hasRow=rs.next(); |
|
784 |
if (hasRow) |
|
699 |
//get the permission order from data base |
|
700 |
String permissionOrder=rs.getString(1); |
|
701 |
//if the permission order is "allowFirst |
|
702 |
if (permissionOrder.equalsIgnoreCase(ALLOWFIRST)) |
|
785 | 703 |
{ |
786 |
//get the permission order from data base |
|
787 |
String permissionOrder=rs.getString(1); |
|
788 |
//if the permission order is "allowFirst |
|
789 |
if (permissionOrder.equalsIgnoreCase(ALLOWFIRST)) |
|
790 |
{ |
|
791 |
pStmt.close(); |
|
792 |
return true; |
|
793 |
} |
|
794 |
else |
|
795 |
{ |
|
796 |
pStmt.close(); |
|
797 |
return false; |
|
798 |
} |
|
799 |
}//if |
|
800 |
}//for |
|
801 |
}//try |
|
802 |
catch (SQLException e) |
|
803 |
{ |
|
804 |
throw e; |
|
805 |
} |
|
806 |
finally |
|
807 |
{ |
|
808 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
809 |
} |
|
704 |
pStmt.close(); |
|
705 |
return true; |
|
706 |
} |
|
707 |
else |
|
708 |
{ |
|
709 |
pStmt.close(); |
|
710 |
return false; |
|
711 |
} |
|
712 |
}//if |
|
713 |
}//for |
|
810 | 714 |
|
811 | 715 |
//if reach here, means there is no permssion record for given names and |
812 | 716 |
//docid. So throw a exception. |
... | ... | |
832 | 736 |
int lengthOfArray=principals.length; |
833 | 737 |
boolean allow=false;//initial value is no allow rule |
834 | 738 |
ResultSet rs; |
835 |
PreparedStatement pStmt = null;
|
|
739 |
PreparedStatement pStmt; |
|
836 | 740 |
int permissionValue=intValue(permission); |
837 | 741 |
int permissionValueInTable; |
838 | 742 |
int ticketCount; |
839 |
DBConnection conn = null; |
|
840 |
int serialNumber = -1; |
|
841 |
try |
|
842 |
{ |
|
843 |
//check out DBConnection |
|
844 |
conn=DBConnectionPool.getDBConnection("AccessControlList.hasAllowRule"); |
|
845 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
846 |
//This sql statement will select entry with |
|
847 |
//begin_time<=currentTime<=end_time in xml_access table |
|
848 |
//If begin_time or end_time is null in table, isnull(begin_time, sysdate) |
|
849 |
//function will assign begin_time=sysdate |
|
850 |
pStmt = conn.prepareStatement( |
|
743 |
|
|
744 |
//This sql statement will select entry with |
|
745 |
//begin_time<=currentTime<=end_time in xml_access table |
|
746 |
//If begin_time or end_time is null in table, isnull(begin_time, sysdate) |
|
747 |
//function will assign begin_time=sysdate |
|
748 |
pStmt = conn.prepareStatement( |
|
851 | 749 |
"SELECT permission, ticket_count " + |
852 | 750 |
"FROM xml_access " + |
853 | 751 |
"WHERE docid = ? " + |
... | ... | |
856 | 754 |
"AND " + sysdate + |
857 | 755 |
" BETWEEN " + isnull + "(begin_time," + sysdate + ") " + |
858 | 756 |
"AND " + isnull + "(end_time," + sysdate + ")"); |
859 |
//bind docid, perm_type
|
|
860 |
pStmt.setString(1, docId);
|
|
861 |
pStmt.setString(3, ALLOW);
|
|
757 |
//bind docid, perm_type |
|
758 |
pStmt.setString(1, docId); |
|
759 |
pStmt.setString(3, ALLOW); |
|
862 | 760 |
|
863 |
//bind every elenment in user name array
|
|
761 |
//bind every elenment in user name array |
|
864 | 762 |
for (int i=0;i<lengthOfArray; i++) |
865 | 763 |
{ |
866 | 764 |
pStmt.setString(2, principals[i]); |
... | ... | |
894 | 792 |
}//if |
895 | 793 |
}//while |
896 | 794 |
}//for |
897 |
}//try |
|
898 |
catch (SQLException sqlE) |
|
899 |
{ |
|
900 |
throw sqlE; |
|
901 |
} |
|
902 |
catch (Exception e) |
|
903 |
{ |
|
904 |
throw e; |
|
905 |
} |
|
906 |
finally |
|
907 |
{ |
|
908 |
pStmt.close(); |
|
909 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
910 |
} |
|
795 |
pStmt.close(); |
|
911 | 796 |
return allow; |
912 | 797 |
}//hasAllowRule |
913 | 798 |
|
914 |
|
|
799 |
/** |
|
800 |
* Check if the users array has allow rules for given users, docid and |
|
801 |
* permission. |
|
802 |
* If it has permission rule and ticket count is greater than 0, the ticket |
|
803 |
* number will decrease one |
|
804 |
* @param principals, list of names of principals to check for |
|
805 |
* @param docid, document identifier to check for |
|
806 |
* @param permission, the permssion need to check |
|
807 |
*/ |
|
808 |
private boolean hasAllowRuleBackup(String [] principals, String docId, |
|
809 |
String permission) |
|
810 |
throws SQLException, Exception |
|
811 |
{ |
|
812 |
int lengthOfArray=principals.length; |
|
813 |
ResultSet rs; |
|
814 |
PreparedStatement pStmt; |
|
815 |
int permissionValue=intValue(permission); |
|
816 |
int permissionValueInTable; |
|
817 |
int ticketCount; |
|
915 | 818 |
|
819 |
//This sql statement will select entry with |
|
820 |
//begin_time<=currentTime<=end_time in xml_access table |
|
821 |
//If begin_time or end_time is null in table, isnull(begin_time, sysdate) |
|
822 |
//function will assign begin_time=sysdate |
|
823 |
pStmt = conn.prepareStatement( |
|
824 |
"SELECT permission, ticket_count " + |
|
825 |
"FROM xml_access " + |
|
826 |
"WHERE docid = ? " + |
|
827 |
"AND principal_name = ? " + |
|
828 |
"AND perm_type = ? " + |
|
829 |
"AND " + sysdate + |
|
830 |
" BETWEEN " + isnull + "(begin_time," + sysdate + ") " + |
|
831 |
"AND " + isnull + "(end_time," + sysdate + ")"); |
|
832 |
//bind docid, perm_type |
|
833 |
pStmt.setString(1, docId); |
|
834 |
pStmt.setString(3, ALLOW); |
|
835 |
|
|
836 |
//bind every elenment in user name array |
|
837 |
for (int i=0;i<lengthOfArray; i++) |
|
838 |
{ |
|
839 |
pStmt.setString(2, principals[i]); |
|
840 |
pStmt.execute(); |
|
841 |
rs=pStmt.getResultSet(); |
|
842 |
while (rs.next())//check every entry for one user |
|
843 |
{ |
|
844 |
permissionValueInTable=rs.getInt(1); |
|
845 |
ticketCount=rs.getInt(2); |
|
846 |
|
|
847 |
//permission is ok and ticketcount geat than 0 or ticket is null, |
|
848 |
//the user have a permission to access the file |
|
849 |
if ((( permissionValueInTable & permissionValue )== permissionValue ) |
|
850 |
&& (rs.wasNull()||ticketCount > 0)) |
|
851 |
{ |
|
852 |
//ticket count should minus one |
|
853 |
//ticketCount isnot null and greater than 0, order is allowfirst |
|
854 |
if (!rs.wasNull() && ticketCount>0 && isAllowFirst(principals,docId)) |
|
855 |
{ |
|
856 |
decreaseNumberOfAccess(permissionValueInTable, principals[i], |
|
857 |
docId, ALLOW, ALLOWFIRST); |
|
858 |
} |
|
859 |
//ticketCount isnot null and greater than 0, order is not allowfirst |
|
860 |
if (!rs.wasNull() &&ticketCount>0 && !isAllowFirst(principals,docId)) |
|
861 |
{ |
|
862 |
decreaseNumberOfAccess(permissionValueInTable, principals[i], |
|
863 |
docId, ALLOW, DENYFIRST); |
|
864 |
} |
|
865 |
pStmt.close(); |
|
866 |
return true; |
|
867 |
}//if |
|
868 |
}//while |
|
869 |
}//for |
|
870 |
pStmt.close(); |
|
871 |
return false;//no allow rule |
|
872 |
}//hasAllowRule |
|
873 |
|
|
916 | 874 |
/** |
917 | 875 |
* Check if the users array has explicit deny rules for given users, docid |
918 | 876 |
* and permission. That means the perm_type is deny and current time is |
... | ... | |
927 | 885 |
{ |
928 | 886 |
int lengthOfArray=principals.length; |
929 | 887 |
ResultSet rs; |
930 |
PreparedStatement pStmt = null;
|
|
888 |
PreparedStatement pStmt; |
|
931 | 889 |
int permissionValue=intValue(permission); |
932 | 890 |
int permissionValueInTable; |
933 |
DBConnection conn = null; |
|
934 |
int serialNumber = -1; |
|
891 |
|
|
935 | 892 |
|
936 |
try |
|
937 |
{ |
|
938 |
//check out DBConnection |
|
939 |
conn=DBConnectionPool.getDBConnection("AccessControlList.hasExplicitDeny"); |
|
940 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
941 |
|
|
942 |
//This sql statement will select entry with |
|
943 |
//begin_time<=currentTime<=end_time in xml_access table |
|
944 |
//If begin_time or end_time is null in table, isnull(begin_time, sysdate) |
|
945 |
//function will assign begin_time=sysdate |
|
946 |
pStmt = conn.prepareStatement( |
|
893 |
//This sql statement will select entry with |
|
894 |
//begin_time<=currentTime<=end_time in xml_access table |
|
895 |
//If begin_time or end_time is null in table, isnull(begin_time, sysdate) |
|
896 |
//function will assign begin_time=sysdate |
|
897 |
pStmt = conn.prepareStatement( |
|
947 | 898 |
"SELECT permission " + |
948 | 899 |
"FROM xml_access " + |
949 | 900 |
"WHERE docid = ? " + |
... | ... | |
952 | 903 |
"AND " + sysdate + |
953 | 904 |
" BETWEEN " + isnull + "(begin_time," + sysdate + ") " + |
954 | 905 |
"AND " + isnull + "(end_time," + sysdate + ")"); |
955 |
//bind docid, perm_type
|
|
956 |
pStmt.setString(1, docId);
|
|
957 |
pStmt.setString(3, DENY);
|
|
906 |
//bind docid, perm_type |
|
907 |
pStmt.setString(1, docId); |
|
908 |
pStmt.setString(3, DENY); |
|
958 | 909 |
|
959 |
//bind every elenment in user name array
|
|
910 |
//bind every elenment in user name array |
|
960 | 911 |
for (int i=0;i<lengthOfArray; i++) |
961 | 912 |
{ |
962 | 913 |
pStmt.setString(2, principals[i]); |
... | ... | |
975 | 926 |
}//if |
976 | 927 |
}//while |
977 | 928 |
}//for |
978 |
}//try |
|
979 |
catch (SQLException e) |
|
980 |
{ |
|
981 |
throw e; |
|
982 |
}//catch |
|
983 |
finally |
|
984 |
{ |
|
985 |
pStmt.close(); |
|
986 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
987 |
}//finally |
|
988 |
return false;//no deny rule |
|
929 |
pStmt.close(); |
|
930 |
return false;//no deny rule |
|
989 | 931 |
}//hasExplicitDenyRule |
990 | 932 |
|
991 | 933 |
/** |
... | ... | |
1003 | 945 |
{ |
1004 | 946 |
int lengthOfArray=principals.length; |
1005 | 947 |
ResultSet rs; |
1006 |
PreparedStatement pStmt = null;
|
|
948 |
PreparedStatement pStmt; |
|
1007 | 949 |
int permissionValue=intValue(permission); |
1008 | 950 |
int permissionValueInTable; |
1009 |
DBConnection conn = null; |
|
1010 |
int serialNumber = -1; |
|
951 |
|
|
1011 | 952 |
|
1012 |
|
|
1013 |
try |
|
1014 |
{ |
|
1015 |
//check out DBConnection |
|
1016 |
conn=DBConnectionPool.getDBConnection("AccessControlList.hasImplicitDeny"); |
|
1017 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
1018 |
//This sql statement will select entry with perm_type =allow and |
|
1019 |
//currentTime is less than begin_time or greater than end time |
|
1020 |
//in xml_access table. This is an implicit deny rule (allow is out of date) |
|
1021 |
pStmt = conn.prepareStatement( |
|
953 |
//This sql statement will select entry with perm_type =allow and |
|
954 |
//currentTime is less than begin_time or greater than end time |
|
955 |
//in xml_access table. This is an implicit deny rule (allow is out of date) |
|
956 |
pStmt = conn.prepareStatement( |
|
1022 | 957 |
"SELECT permission " + |
1023 | 958 |
"FROM xml_access " + |
1024 | 959 |
"WHERE docid = ? " + |
... | ... | |
1027 | 962 |
"AND " + sysdate + |
1028 | 963 |
" < " + isnull + "(begin_time," + sysdate + ") " + |
1029 | 964 |
"OR " + sysdate + " > "+ isnull + "(end_time," + sysdate + ")"); |
1030 |
//bind docid, perm_type
|
|
1031 |
pStmt.setString(1, docId);
|
|
1032 |
pStmt.setString(3, ALLOW);//It is allow
|
|
965 |
//bind docid, perm_type |
|
966 |
pStmt.setString(1, docId); |
|
967 |
pStmt.setString(3, ALLOW);//It is allow |
|
1033 | 968 |
|
1034 |
//bind every elenment in user name array
|
|
969 |
//bind every elenment in user name array |
|
1035 | 970 |
for (int i=0;i<lengthOfArray; i++) |
1036 | 971 |
{ |
1037 | 972 |
pStmt.setString(2, principals[i]); |
... | ... | |
1063 | 998 |
"AND principal_name = ? " + |
1064 | 999 |
"AND perm_type = ? " + |
1065 | 1000 |
"AND ticket_count = ?"); |
1066 |
//bind docid, perm_type, ticket_count |
|
1067 |
pStmt.setString(1, docId); |
|
1068 |
pStmt.setString(3, ALLOW);//It is allow! |
|
1069 |
pStmt.setInt(4,0); |
|
1070 |
|
|
1071 |
//Because this DBConnection used twice in this method. But we only count one |
|
1072 |
//when it checked out. So we should increase another one |
|
1073 |
conn.increaseUsageCount(1); |
|
1074 |
|
|
1075 |
//bind every elenment in user name array |
|
1001 |
//bind docid, perm_type, ticket_count |
|
1002 |
pStmt.setString(1, docId); |
|
1003 |
pStmt.setString(3, ALLOW);//It is allow! |
|
1004 |
pStmt.setInt(4,0); |
|
1005 |
|
|
1006 |
//bind every elenment in user name array |
|
1076 | 1007 |
for (int i=0;i<lengthOfArray; i++) |
1077 | 1008 |
{ |
1078 | 1009 |
pStmt.setString(2, principals[i]); |
... | ... | |
1093 | 1024 |
}//if |
1094 | 1025 |
}//while |
1095 | 1026 |
}//for |
1096 |
}//try |
|
1097 |
finally |
|
1098 |
{ |
|
1099 |
pStmt.close(); |
|
1100 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
1101 |
}//finally |
|
1027 |
|
|
1028 |
pStmt.close(); |
|
1102 | 1029 |
return false;//no implicit deny rule |
1103 | 1030 |
}//hasImplicitDenyRule |
1104 | 1031 |
|
... | ... | |
1177 | 1104 |
throws SQLException |
1178 | 1105 |
{ |
1179 | 1106 |
String dataSetId=null; |
1180 |
PreparedStatement pStmt=null;
|
|
1107 |
PreparedStatement pStmt; |
|
1181 | 1108 |
ResultSet rs=null; |
1182 |
DBConnection conn=null; |
|
1183 |
int serialNumber=-1; |
|
1184 | 1109 |
String query="SELECT docId from xml_relation where subject = ? or " |
1185 | 1110 |
+"object = ?"; |
1186 | 1111 |
|
1187 |
try |
|
1112 |
pStmt=conn.prepareStatement(query); |
|
1113 |
//bind the value to query |
|
1114 |
pStmt.setString(1, accessDocId); |
|
1115 |
pStmt.setString(2, accessDocId); |
|
1116 |
//execute the query |
|
1117 |
pStmt.execute(); |
|
1118 |
rs=pStmt.getResultSet(); |
|
1119 |
//process the result |
|
1120 |
if (rs.next()) //There are some records for the data set id for access id |
|
1188 | 1121 |
{ |
1189 |
//check out DBConnection |
|
1190 |
conn=DBConnectionPool.getDBConnection("AccessControlList.getDataSetId"); |
|
1191 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
1192 |
|
|
1193 |
pStmt=conn.prepareStatement(query); |
|
1194 |
//bind the value to query |
|
1195 |
pStmt.setString(1, accessDocId); |
|
1196 |
pStmt.setString(2, accessDocId); |
|
1197 |
//execute the query |
|
1198 |
pStmt.execute(); |
|
1199 |
rs=pStmt.getResultSet(); |
|
1200 |
//process the result |
|
1201 |
if (rs.next()) //There are some records for the data set id for access id |
|
1202 |
{ |
|
1203 |
dataSetId=rs.getString(1); |
|
1204 |
} |
|
1205 |
else //No data set id for the given access id in xml_relation table |
|
1206 |
{ |
|
1207 |
dataSetId=null; |
|
1208 |
} |
|
1209 |
}//try |
|
1210 |
finally |
|
1122 |
dataSetId=rs.getString(1); |
|
1123 |
} |
|
1124 |
else //No data set id for the given access id in xml_relation table |
|
1211 | 1125 |
{ |
1212 |
pStmt.close(); |
|
1213 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
1126 |
dataSetId=null; |
|
1214 | 1127 |
} |
1128 |
|
|
1129 |
|
|
1130 |
pStmt.close(); |
|
1215 | 1131 |
return dataSetId; |
1216 | 1132 |
}//getDataPackageId() |
1217 | 1133 |
|
... | ... | |
1324 | 1240 |
return false; |
1325 | 1241 |
}//hasPermission |
1326 | 1242 |
|
1327 |
|
|
1243 |
private boolean hasValidDenyEntry(String persmission, String principal, |
|
1244 |
String docId) |
|
1245 |
throws SQLException |
|
1246 |
{ |
|
1247 |
//detele the rev number if docid contains it |
|
1248 |
docId=MetaCatUtil.getDocIdFromString(docId); |
|
1249 |
PreparedStatement pStmt; |
|
1250 |
String permissionType; |
|
1251 |
int accessValue; |
|
1252 |
|
|
1253 |
|
|
1254 |
try |
|
1255 |
{ |
|
1256 |
pStmt = conn.prepareStatement("select perm_type, permission, begin_time" |
|
1257 |
+ ", end_time from xml_access where " + |
|
1258 |
"docid like '" + docId + "' and " |
|
1259 |
+ "principal_name like '"+principal+"'"); |
|
1260 |
pStmt.execute(); |
|
1261 |
ResultSet rs = pStmt.getResultSet(); |
|
1262 |
boolean hasRow = rs.next(); |
|
1263 |
pStmt.close(); |
|
1264 |
if(hasRow) |
|
1265 |
{ |
|
1266 |
return true; |
|
1267 |
} |
|
1268 |
} |
|
1269 |
catch(SQLException e) |
|
1270 |
{ |
|
1271 |
throw new SQLException("AccessControlList.hasPermission():2 " + |
|
1272 |
"Error checking ownership for " + principal + |
|
1273 |
" on document #" + docId + ". " + e.getMessage()); |
|
1274 |
} |
|
1275 |
return false; |
|
1276 |
} |
|
1328 | 1277 |
/* Decrease the number of access to @docid for @principal in db. */ |
1329 | 1278 |
private void decreaseNumberOfAccess(int permission, String principal, |
1330 | 1279 |
String docid, String permType, |
1331 | 1280 |
String permOrder) |
1332 | 1281 |
throws SQLException |
1333 | 1282 |
{ |
1334 |
PreparedStatement pstmt = null; |
|
1335 |
DBConnection conn = null; |
|
1336 |
int serialNumber = -1; |
|
1337 |
try |
|
1338 |
{ |
|
1339 |
//check out DBConnection |
|
1340 |
conn=DBConnectionPool.getDBConnection("AccessControlList.decreaseNumOfA"); |
|
1341 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
1342 |
|
|
1343 |
pstmt = conn.prepareStatement( |
|
1283 |
PreparedStatement pstmt; |
|
1284 |
pstmt = conn.prepareStatement( |
|
1344 | 1285 |
"UPDATE xml_access SET ticket_count = ticket_count - 1 " + |
1345 | 1286 |
"WHERE docid = ? " + |
1346 | 1287 |
"AND principal_name = ? " + |
... | ... | |
1350 | 1291 |
"AND " + sysdate + |
1351 | 1292 |
" BETWEEN " + isnull + "(begin_time," + sysdate + ") " + |
1352 | 1293 |
"AND " + isnull + "(end_time," + sysdate + ")"); |
1353 |
// Bind the values to the query
|
|
1354 |
pstmt.setString(1, docid);
|
|
1355 |
pstmt.setString(2, principal);
|
|
1356 |
pstmt.setInt(3, permission);
|
|
1357 |
pstmt.setString(4, permType);
|
|
1358 |
pstmt.setString(5, permOrder);
|
|
1294 |
// Bind the values to the query |
|
1295 |
pstmt.setString(1, docid); |
|
1296 |
pstmt.setString(2, principal); |
|
1297 |
pstmt.setInt(3, permission); |
|
1298 |
pstmt.setString(4, permType); |
|
1299 |
pstmt.setString(5, permOrder); |
|
1359 | 1300 |
|
1360 |
pstmt.execute(); |
|
1361 |
}//try |
|
1362 |
finally |
|
1363 |
{ |
|
1364 |
pstmt.close(); |
|
1365 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
1366 |
}//finally |
|
1301 |
pstmt.execute(); |
|
1302 |
pstmt.close(); |
|
1367 | 1303 |
} |
1368 | 1304 |
|
1369 | 1305 |
|
... | ... | |
1404 | 1340 |
String end_prev = ""; |
1405 | 1341 |
int ticketCount = -1; |
1406 | 1342 |
int ticket_prev = -1; |
1407 |
DBConnection conn = null; |
|
1408 |
int serialNumber = -1; |
|
1409 | 1343 |
|
1410 | 1344 |
try { |
1411 | 1345 |
|
1412 |
//check out DBConnection |
|
1413 |
conn=DBConnectionPool.getDBConnection("AccessControlList.getACL"); |
|
1414 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
1415 |
|
|
1416 | 1346 |
isOwned = isOwned(docid, user); |
1417 | 1347 |
systemID = getSystemID((String)MetaCatUtil. |
1418 | 1348 |
getOptionList(accDoctype).elementAt(0)); |
... | ... | |
1553 | 1483 |
throw new |
1554 | 1484 |
SQLException("AccessControlList.getACL(). " + e.getMessage()); |
1555 | 1485 |
} |
1556 |
finally |
|
1557 |
{ |
|
1558 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
1559 |
} |
|
1560 | 1486 |
} |
1561 | 1487 |
|
1562 | 1488 |
/* Check if @user is owner of @docid from db conn. */ |
1563 | 1489 |
private boolean isOwned(String docid, String user) throws SQLException { |
1564 | 1490 |
|
1565 |
PreparedStatement pstmt = null; |
|
1566 |
DBConnection conn = null; |
|
1567 |
int serialNumber = -1; |
|
1568 |
try |
|
1569 |
{ |
|
1570 |
//check out DBConnection |
|
1571 |
conn=DBConnectionPool.getDBConnection("AccessControlList.isOwned"); |
|
1572 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
1573 |
pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents " + |
|
1491 |
PreparedStatement pstmt; |
|
1492 |
pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents " + |
|
1574 | 1493 |
"WHERE docid = ? " + |
1575 | 1494 |
"AND user_owner = ?"); |
1576 |
pstmt.setString(1, docid); |
|
1577 |
pstmt.setString(2, user); |
|
1578 |
pstmt.execute(); |
|
1579 |
ResultSet rs = pstmt.getResultSet(); |
|
1580 |
boolean hasRow = rs.next(); |
|
1581 |
return hasRow; |
|
1582 |
} |
|
1583 |
finally |
|
1584 |
{ |
|
1585 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
1586 |
} |
|
1495 |
pstmt.setString(1, docid); |
|
1496 |
pstmt.setString(2, user); |
|
1497 |
pstmt.execute(); |
|
1498 |
ResultSet rs = pstmt.getResultSet(); |
|
1499 |
boolean hasRow = rs.next(); |
|
1500 |
|
|
1501 |
return hasRow; |
|
1587 | 1502 |
} |
1588 | 1503 |
|
1589 | 1504 |
/* Get the flag for public "read" access for @docid from db conn. */ |
1590 | 1505 |
private String getPublicAccess(String docid) throws SQLException { |
1591 | 1506 |
|
1592 | 1507 |
int publicAcc = 0; |
1593 |
PreparedStatement pstmt = null; |
|
1594 |
DBConnection conn = null; |
|
1595 |
int serialNumber = -1; |
|
1596 |
try |
|
1597 |
{ |
|
1598 |
//check out DBConnection |
|
1599 |
conn=DBConnectionPool.getDBConnection("AccessControlList.getPublicAcces"); |
|
1600 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
1601 |
pstmt = conn.prepareStatement("SELECT public_access FROM xml_documents " + |
|
1508 |
PreparedStatement pstmt; |
|
1509 |
pstmt = conn.prepareStatement("SELECT public_access FROM xml_documents " + |
|
1602 | 1510 |
"WHERE docid = ?"); |
1603 |
pstmt.setString(1, docid);
|
|
1604 |
pstmt.execute();
|
|
1605 |
ResultSet rs = pstmt.getResultSet();
|
|
1606 |
boolean hasRow = rs.next();
|
|
1607 |
if ( hasRow ) {
|
|
1608 |
publicAcc = rs.getInt(1);
|
|
1609 |
}
|
|
1511 |
pstmt.setString(1, docid); |
|
1512 |
pstmt.execute(); |
|
1513 |
ResultSet rs = pstmt.getResultSet(); |
|
1514 |
boolean hasRow = rs.next(); |
|
1515 |
if ( hasRow ) { |
|
1516 |
publicAcc = rs.getInt(1); |
|
1517 |
} |
|
1610 | 1518 |
|
1611 |
return (publicAcc == 1) ? "yes" : "no"; |
|
1612 |
} |
|
1613 |
finally |
|
1614 |
{ |
|
1615 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
1616 |
} |
|
1519 |
return (publicAcc == 1) ? "yes" : "no"; |
|
1617 | 1520 |
} |
1618 | 1521 |
|
1619 | 1522 |
/* Get SystemID for @publicID from Metacat DB Catalog. */ |
1620 | 1523 |
private String getSystemID(String publicID) throws SQLException { |
1621 | 1524 |
|
1622 | 1525 |
String systemID = ""; |
1623 |
PreparedStatement pstmt = null; |
|
1624 |
DBConnection conn = null; |
|
1625 |
int serialNumber = -1; |
|
1626 |
|
|
1627 |
try |
|
1628 |
{ |
|
1629 |
//check out DBConnection |
|
1630 |
conn=DBConnectionPool.getDBConnection("AccessControlList.getSystemID"); |
|
1631 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
1632 |
|
|
1633 |
pstmt = conn.prepareStatement("SELECT system_id FROM xml_catalog " + |
|
1526 |
PreparedStatement pstmt; |
|
1527 |
pstmt = conn.prepareStatement("SELECT system_id FROM xml_catalog " + |
|
1634 | 1528 |
"WHERE entry_type = 'DTD' " + |
1635 | 1529 |
"AND public_id = ?"); |
1636 |
pstmt.setString(1, publicID);
|
|
1637 |
pstmt.execute();
|
|
1638 |
ResultSet rs = pstmt.getResultSet();
|
|
1639 |
boolean hasRow = rs.next();
|
|
1640 |
if ( hasRow ) {
|
|
1641 |
systemID = rs.getString(1);
|
|
1642 |
}
|
|
1530 |
pstmt.setString(1, publicID); |
|
1531 |
pstmt.execute(); |
|
1532 |
ResultSet rs = pstmt.getResultSet(); |
|
1533 |
boolean hasRow = rs.next(); |
|
1534 |
if ( hasRow ) { |
|
1535 |
systemID = rs.getString(1); |
|
1536 |
} |
|
1643 | 1537 |
|
1644 |
return systemID; |
|
1645 |
}//try |
|
1646 |
finally |
|
1647 |
{ |
|
1648 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
1649 |
}//finally |
|
1538 |
return systemID; |
|
1650 | 1539 |
} |
1651 | 1540 |
|
1652 | 1541 |
} |
Also available in: Unified diff
Change to using Connection back rather than DBConnection. DBConnection will be store in a cvs branch.