Project

General

Profile

« Previous | Next » 

Revision 1139

Added by Jing Tao over 22 years ago

Change to using Connection back rather than DBConnection. DBConnection will be store in a cvs branch.

View differences:

src/edu/ucsb/nceas/metacat/AccessControlList.java
26 26
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
27 27
 */
28 28

  
29

  
29 30
package edu.ucsb.nceas.metacat;
30 31

  
31 32
import java.io.*;
......
104 105
   *
105 106
   * @param conn the JDBC connection where acl info is get
106 107
   */
107
  public AccessControlList() throws SQLException
108
  public AccessControlList(Connection conn) throws SQLException
108 109
  {
109
    
110
    this.conn = conn;
110 111
  }
111 112

  
112 113
  /**
......
121 122
   * @param serverCode the serverid from xml_replication on which this document
122 123
   *        resides.
123 124
   */
124
  public AccessControlList(String aclid, //Reader acl,
125
  public AccessControlList(Connection conn, String aclid, //Reader acl,
125 126
                           String user, String[] groups, int serverCode)
126 127
                  throws SAXException, IOException, McdbException
127 128
  {
......
129 130
    this.server = MetaCatUtil.getOption("server");
130 131
    this.sep = MetaCatUtil.getOption("accNumSeparator");
131 132

  
132
    //this.conn = conn;
133
    this.conn = conn;
133 134
    this.parserName = parserName;
134 135
    this.processingDTD = false;
135 136
    this.elementStack = new Stack();
......
194 195

  
195 196
    // make a DBEntityResolver instance
196 197
    // Set the EntityReslover to DBEntityResolver instance
197
    EntityResolver eresolver = new DBEntityResolver(this,null);
198
    EntityResolver eresolver = new DBEntityResolver(conn,this,null);
198 199
    parser.setEntityResolver((EntityResolver)eresolver);
199 200

  
200 201
    // Set the ErrorHandler to this instance
......
410 411
          throws SQLException 
411 412
  {
412 413
    Vector aclObjects = new Vector();
413
    DBConnection conn = null;
414
    int serialNumber = -1;
415
    PreparedStatement pstmt = null;
416
    try
417
    {
418
      //get connection from DBConnectionPool
419
      conn=DBConnectionPool.getDBConnection("AccessControlList.getACLObject");
420
      serialNumber=conn.getCheckOutSerialNumber();
421
      
422
      // delete all acl records for resources related to @aclid if any
423
      pstmt = conn.prepareStatement(
414
    // delete all acl records for resources related to @aclid if any
415
    PreparedStatement pstmt = conn.prepareStatement(
424 416
                             "SELECT object FROM xml_relation " +
425 417
                             "WHERE subject = ? ");
426
      pstmt.setString(1,aclid);
427
      pstmt.execute();
428
      ResultSet rs = pstmt.getResultSet();
429
      boolean hasRows = rs.next();
430
      while (hasRows) {
431
        aclObjects.addElement(rs.getString(1));
432
        hasRows = rs.next();
433
      }//whil
418
    pstmt.setString(1,aclid);
419
    pstmt.execute();
420
    ResultSet rs = pstmt.getResultSet();
421
    boolean hasRows = rs.next();
422
    while (hasRows) {
423
      aclObjects.addElement(rs.getString(1));
424
      hasRows = rs.next();
434 425
    }
435
    catch (SQLException e)
436
    {
437
      throw e;
438
    }
439
    finally
440
    {
441
      pstmt.close();
442
      //retrun DBConnection
443
      DBConnectionPool.returnDBConnection(conn,serialNumber);
444
    }
445 426
    
427
    pstmt.close();
428
    
446 429
    return aclObjects;
447 430
  }
448 431

  
......
450 433
  private void deletePermissionsForRelatedResources(String aclid) 
451 434
          throws SQLException 
452 435
  {
453
    DBConnection conn = null;
454
    int serialNumber = -1;
455
    Statement stmt = null;
456
    try
457
    {
458
      //check out DBConenction
459
      conn=DBConnectionPool.getDBConnection("AccessControlList.deltePerm");
460
      serialNumber=conn.getCheckOutSerialNumber();
461
      // delete all acl records for resources related to @aclid if any
462
      stmt = conn.createStatement();
463
      stmt.execute("DELETE FROM xml_access WHERE accessfileid = '" + aclid 
464
                                                                      + "'");
465
    }
466
    catch (SQLException e)
467
    {
468
      throw e;
469
    }
470
    finally
471
    {
472
      stmt.close();
473
      //retrun DBConnection
474
      DBConnectionPool.returnDBConnection(conn,serialNumber);
475
    }
436
    // delete all acl records for resources related to @aclid if any
437
    Statement stmt = conn.createStatement();
438
    stmt.execute("DELETE FROM xml_access WHERE accessfileid = '" + aclid + "'");
439
    stmt.close();
476 440
  }
477 441

  
478 442
  /* Insert into db calculated permission for the list of principals */
......
480 444
          throws SQLException 
481 445
  {
482 446
    PreparedStatement pstmt;
483
    DBConnection conn = null;
484
    int serialNumber = -1;
485 447
    try {
486
      //Check out DBConnection
487
      conn=DBConnectionPool.getDBConnection("AccessControlList.insertPerm");
488
      serialNumber=conn.getCheckOutSerialNumber();
489
      
490 448
      pstmt = conn.prepareStatement(
491 449
              "INSERT INTO xml_access " + 
492 450
              "(docid, principal_name, permission, perm_type, perm_order," +
......
533 491
      throw new 
534 492
      SQLException("AccessControlList.insertPermissions(): " + e.getMessage());
535 493
    }
536
    finally
537
    {
538
      //return the DBConnection
539
      DBConnectionPool.returnDBConnection(conn, serialNumber);
540
    }
541 494
  }
542 495

  
543 496
  /* Get permissions with permission order different than @permOrder. */
......
545 498
                             String docid, String permOrder)
546 499
          throws SQLException 
547 500
  {
548
    PreparedStatement pstmt = null;
549
    DBConnection conn = null;
550
    int serialNumber = -1;
551
    try
552
    {
553
      //check out DBConnection
554
      conn=DBConnectionPool.getDBConnection("AccessControlList.getPermissions");
555
      serialNumber=conn.getCheckOutSerialNumber();
556
      pstmt = conn.prepareStatement(
501
    PreparedStatement pstmt;
502
    pstmt = conn.prepareStatement(
557 503
            "SELECT permission FROM xml_access " +
558 504
            "WHERE docid = ? " +
559 505
            "AND principal_name = ? " +
560 506
            "AND perm_order NOT = ?");
561
      pstmt.setString(1, docid);
562
      pstmt.setString(2, principal);
563
      pstmt.setString(3, permOrder);
564
      pstmt.execute();
565
      ResultSet rs = pstmt.getResultSet();
566
      boolean hasRow = rs.next();
567
      int perm = 0;
568
      while ( hasRow ) {
569
        perm = rs.getInt(1);
570
        perm = permission & perm;
571
        if ( perm != 0 ) {
572
          pstmt.close();
573
          return perm;
574
        }
575
        hasRow = rs.next();
507
    pstmt.setString(1, docid);
508
    pstmt.setString(2, principal);
509
    pstmt.setString(3, permOrder);
510
    pstmt.execute();
511
    ResultSet rs = pstmt.getResultSet();
512
    boolean hasRow = rs.next();
513
    int perm = 0;
514
    while ( hasRow ) {
515
      perm = rs.getInt(1);
516
      perm = permission & perm;
517
      if ( perm != 0 ) {
518
        pstmt.close();
519
        return perm;
576 520
      }
577
    }//try
578
    catch (SQLException e)
579
    {
580
      throw e;
521
      hasRow = rs.next();
581 522
    }
582
    finally
583
    {
584
      pstmt.close();
585
      DBConnectionPool.returnDBConnection(conn, serialNumber);
586
    }
523
    pstmt.close();
587 524
    return 0;
588 525
  }
589 526

  
......
631 568
      //detele the rev number if docid contains it
632 569
      docId=MetaCatUtil.getDocIdFromString(docId);
633 570
      PreparedStatement pStmt=null;
634
      DBConnection conn = null;
635
      int serialNumber = -1;
636 571
      try
637 572
      {
638
        //check out DBConnection
639
        conn=DBConnectionPool.getDBConnection("AccessControlList.isAccessDoc");
640
        serialNumber=conn.getCheckOutSerialNumber();
641 573
        pStmt = conn.prepareStatement("select 'x' from xml_access where " +
642 574
                                      "accessfileid like '" + docId +  "'");
643 575
        pStmt.execute();
......
656 588
                     "Error checking ownership for " + principal +
657 589
                     " on document #" + docId + ". " + e.getMessage());
658 590
      }
659
      finally
660
      {
661
        DBConnectionPool.returnDBConnection(conn, serialNumber);
662
      }
663 591
      return false;
664 592
    }//isAccessDocument
665 593
     
......
699 627
    int lengthOfArray=principals.length;
700 628
    boolean hasRow; 
701 629
    PreparedStatement pStmt=null;
702
    DBConnection conn = null;
703
    int serialNumber = -1;
704
    
705 630
    try
706 631
    {
707
      //check out DBConnection
708
     conn=DBConnectionPool.getDBConnection("AccessControlList.containDocOnwer");
709
      serialNumber=conn.getCheckOutSerialNumber();
710 632
      pStmt = conn.prepareStatement(
711 633
                "SELECT 'x' FROM xml_documents " +
712 634
                "WHERE docid = ? AND user_owner = ?"); 
......
739 661
                     "Error checking ownership for " + principals[0] +
740 662
                     " on document #" + docId + ". " + e.getMessage());
741 663
    }//catch
742
    finally
743
    {
744
      pStmt.close();
745
      DBConnectionPool.returnDBConnection(conn, serialNumber);
746
    }
664
     
665
    
666
    pStmt.close();
667
   
747 668
    return false; 
748 669
  }//containDocumentOwner
749 670
  
......
757 678
  {
758 679
    int lengthOfArray=principals.length;
759 680
    boolean hasRow;
760
    PreparedStatement pStmt = null;
761
    DBConnection conn = null;
762
    int serialNumber = -1;
763
    try
764
    {
765
      //check out DBConnection
766
      conn=DBConnectionPool.getDBConnection("AccessControlList.isAllowFirst");
767
      serialNumber=conn.getCheckOutSerialNumber();
768 681
    
769
      //select permission order from database
770
      pStmt = conn.prepareStatement(
682
    //select permission order from database
683
    PreparedStatement pStmt = conn.prepareStatement(
771 684
                "SELECT perm_order FROM xml_access " +
772 685
                "WHERE principal_name= ? AND docid = ?");
773 686
   
774
      //check every name in the array
775
      for (int i=0; i<lengthOfArray;i++)
687
   //check every name in the array
688
    for (int i=0; i<lengthOfArray;i++)
689
    {
690
      //bind value
691
      pStmt.setString(1, principals[i]);//user name
692
      pStmt.setString(2, docId);//docid
693
    
694
      pStmt.execute();
695
      ResultSet rs = pStmt.getResultSet();
696
      hasRow=rs.next();
697
      if (hasRow)
776 698
      {
777
        //bind value
778
        pStmt.setString(1, principals[i]);//user name
779
        pStmt.setString(2, docId);//docid
780
    
781
        pStmt.execute();
782
        ResultSet rs = pStmt.getResultSet();
783
        hasRow=rs.next();
784
        if (hasRow)
699
        //get the permission order from data base
700
        String permissionOrder=rs.getString(1);
701
        //if the permission order is "allowFirst
702
        if (permissionOrder.equalsIgnoreCase(ALLOWFIRST))
785 703
        {
786
          //get the permission order from data base
787
          String permissionOrder=rs.getString(1);
788
          //if the permission order is "allowFirst
789
          if (permissionOrder.equalsIgnoreCase(ALLOWFIRST))
790
          {
791
            pStmt.close();
792
            return true;
793
          }
794
          else
795
          {
796
            pStmt.close();
797
            return false;
798
          }
799
        }//if
800
      }//for
801
    }//try
802
    catch (SQLException e)
803
    {
804
      throw e;
805
    }
806
    finally
807
    {
808
      DBConnectionPool.returnDBConnection(conn, serialNumber);
809
    }
704
          pStmt.close();
705
          return true;
706
        }
707
        else
708
        {
709
          pStmt.close();
710
          return false;
711
        }
712
      }//if
713
    }//for
810 714
    
811 715
    //if reach here, means there is no permssion record for given names and 
812 716
    //docid. So throw a exception.
......
832 736
   int lengthOfArray=principals.length;
833 737
   boolean allow=false;//initial value is no allow rule
834 738
   ResultSet rs;
835
   PreparedStatement pStmt = null;
739
   PreparedStatement pStmt;
836 740
   int permissionValue=intValue(permission);
837 741
   int permissionValueInTable;
838 742
   int ticketCount;
839
   DBConnection conn = null;
840
   int serialNumber = -1;
841
   try
842
   {
843
     //check out DBConnection
844
     conn=DBConnectionPool.getDBConnection("AccessControlList.hasAllowRule");
845
     serialNumber=conn.getCheckOutSerialNumber();
846
    //This sql statement will select entry with 
847
    //begin_time<=currentTime<=end_time in xml_access table
848
    //If begin_time or end_time is null in table, isnull(begin_time, sysdate)
849
    //function will assign begin_time=sysdate
850
    pStmt = conn.prepareStatement(
743
   
744
   //This sql statement will select entry with 
745
   //begin_time<=currentTime<=end_time in xml_access table
746
   //If begin_time or end_time is null in table, isnull(begin_time, sysdate)
747
   //function will assign begin_time=sysdate
748
   pStmt = conn.prepareStatement(
851 749
                "SELECT permission, ticket_count " +
852 750
                "FROM xml_access " +
853 751
                "WHERE docid = ? " + 
......
856 754
                "AND " + sysdate + 
857 755
                " BETWEEN " + isnull + "(begin_time," + sysdate + ") " +
858 756
                     "AND " + isnull + "(end_time," + sysdate + ")");
859
    //bind docid, perm_type
860
    pStmt.setString(1, docId);
861
    pStmt.setString(3, ALLOW);
757
   //bind docid, perm_type
758
   pStmt.setString(1, docId);
759
   pStmt.setString(3, ALLOW);
862 760
   
863
    //bind every elenment in user name array
761
   //bind every elenment in user name array
864 762
    for (int i=0;i<lengthOfArray; i++)
865 763
    {
866 764
      pStmt.setString(2, principals[i]);
......
894 792
         }//if
895 793
      }//while
896 794
    }//for
897
   }//try
898
   catch (SQLException sqlE)
899
   {
900
     throw sqlE;
901
   }
902
   catch (Exception e)
903
   {
904
     throw e;
905
   }
906
   finally
907
   {
908
     pStmt.close();
909
     DBConnectionPool.returnDBConnection(conn, serialNumber);
910
   }
795
    pStmt.close();
911 796
    return allow;
912 797
 }//hasAllowRule
913 798
 
914
 
799
  /**
800
    * Check if the users array has allow rules for given users, docid and 
801
    * permission.
802
    * If it has permission rule and ticket count is greater than 0, the ticket
803
    * number will decrease one
804
    * @param principals, list of names of principals to check for 
805
    * @param docid, document identifier to check for
806
    * @param permission, the permssion need to check
807
    */
808
  private boolean hasAllowRuleBackup(String [] principals, String docId, 
809
                                  String permission)
810
                  throws SQLException, Exception
811
 {
812
   int lengthOfArray=principals.length;
813
   ResultSet rs;
814
   PreparedStatement pStmt;
815
   int permissionValue=intValue(permission);
816
   int permissionValueInTable;
817
   int ticketCount;
915 818
   
819
   //This sql statement will select entry with 
820
   //begin_time<=currentTime<=end_time in xml_access table
821
   //If begin_time or end_time is null in table, isnull(begin_time, sysdate)
822
   //function will assign begin_time=sysdate
823
   pStmt = conn.prepareStatement(
824
                "SELECT permission, ticket_count " +
825
                "FROM xml_access " +
826
                "WHERE docid = ? " + 
827
                "AND principal_name = ? " +
828
                "AND perm_type = ? " +
829
                "AND " + sysdate + 
830
                " BETWEEN " + isnull + "(begin_time," + sysdate + ") " +
831
                     "AND " + isnull + "(end_time," + sysdate + ")");
832
   //bind docid, perm_type
833
   pStmt.setString(1, docId);
834
   pStmt.setString(3, ALLOW);
835
   
836
   //bind every elenment in user name array
837
    for (int i=0;i<lengthOfArray; i++)
838
    {
839
      pStmt.setString(2, principals[i]);
840
      pStmt.execute();
841
      rs=pStmt.getResultSet();
842
      while (rs.next())//check every entry for one user
843
      {
844
        permissionValueInTable=rs.getInt(1);
845
        ticketCount=rs.getInt(2);
846
       
847
        //permission is ok and ticketcount geat than 0 or ticket is null, 
848
        //the user have a permission to access the file
849
        if ((( permissionValueInTable & permissionValue )== permissionValue )
850
              && (rs.wasNull()||ticketCount > 0))
851
        {
852
           //ticket count should minus one 
853
           //ticketCount isnot null and greater than 0, order is allowfirst
854
           if (!rs.wasNull() && ticketCount>0 && isAllowFirst(principals,docId))
855
           {
856
              decreaseNumberOfAccess(permissionValueInTable, principals[i],
857
                                              docId, ALLOW, ALLOWFIRST);
858
            }
859
           //ticketCount isnot null and greater than 0, order is not allowfirst
860
           if (!rs.wasNull() &&ticketCount>0 && !isAllowFirst(principals,docId))
861
           {
862
              decreaseNumberOfAccess(permissionValueInTable, principals[i],
863
                                              docId, ALLOW, DENYFIRST);
864
           }
865
           pStmt.close();
866
           return true;
867
         }//if
868
      }//while
869
    }//for
870
    pStmt.close();
871
    return false;//no allow rule
872
 }//hasAllowRule
873
   
916 874
   /**
917 875
    * Check if the users array has explicit deny rules for given users, docid 
918 876
    * and permission. That means the perm_type is deny and current time is
......
927 885
 {
928 886
   int lengthOfArray=principals.length;
929 887
   ResultSet rs;
930
   PreparedStatement pStmt = null;
888
   PreparedStatement pStmt;
931 889
   int permissionValue=intValue(permission);
932 890
   int permissionValueInTable;
933
   DBConnection conn = null;
934
   int serialNumber = -1;
891
 
935 892
   
936
   try
937
   {
938
     //check out DBConnection
939
     conn=DBConnectionPool.getDBConnection("AccessControlList.hasExplicitDeny");
940
     serialNumber=conn.getCheckOutSerialNumber();
941
   
942
    //This sql statement will select entry with 
943
    //begin_time<=currentTime<=end_time in xml_access table
944
    //If begin_time or end_time is null in table, isnull(begin_time, sysdate)
945
    //function will assign begin_time=sysdate
946
    pStmt = conn.prepareStatement(
893
   //This sql statement will select entry with 
894
   //begin_time<=currentTime<=end_time in xml_access table
895
   //If begin_time or end_time is null in table, isnull(begin_time, sysdate)
896
   //function will assign begin_time=sysdate
897
   pStmt = conn.prepareStatement(
947 898
                "SELECT permission " +
948 899
                "FROM xml_access " +
949 900
                "WHERE docid = ? " + 
......
952 903
                "AND " + sysdate + 
953 904
                " BETWEEN " + isnull + "(begin_time," + sysdate + ") " +
954 905
                     "AND " + isnull + "(end_time," + sysdate + ")");
955
    //bind docid, perm_type
956
    pStmt.setString(1, docId);
957
    pStmt.setString(3, DENY);
906
   //bind docid, perm_type
907
   pStmt.setString(1, docId);
908
   pStmt.setString(3, DENY);
958 909
   
959
    //bind every elenment in user name array
910
   //bind every elenment in user name array
960 911
    for (int i=0;i<lengthOfArray; i++)
961 912
    {
962 913
      pStmt.setString(2, principals[i]);
......
975 926
         }//if
976 927
      }//while
977 928
    }//for
978
   }//try
979
   catch (SQLException e)
980
   {
981
     throw e;
982
   }//catch
983
   finally
984
   {
985
     pStmt.close();
986
     DBConnectionPool.returnDBConnection(conn, serialNumber);
987
   }//finally
988
   return false;//no deny rule
929
    pStmt.close();
930
    return false;//no deny rule
989 931
  }//hasExplicitDenyRule 
990 932
   
991 933
   /**
......
1003 945
 {
1004 946
   int lengthOfArray=principals.length;
1005 947
   ResultSet rs;
1006
   PreparedStatement pStmt = null;
948
   PreparedStatement pStmt;
1007 949
   int permissionValue=intValue(permission);
1008 950
   int permissionValueInTable;
1009
   DBConnection conn = null;
1010
   int serialNumber = -1;
951
 
1011 952
   
1012
 
1013
   try
1014
   {
1015
    //check out DBConnection
1016
    conn=DBConnectionPool.getDBConnection("AccessControlList.hasImplicitDeny");
1017
    serialNumber=conn.getCheckOutSerialNumber();
1018
    //This sql statement will select entry with  perm_type =allow and
1019
    //currentTime is less than begin_time or greater than end time
1020
    //in xml_access table. This is an implicit deny rule (allow is out of date) 
1021
    pStmt = conn.prepareStatement(
953
   //This sql statement will select entry with  perm_type =allow and
954
   //currentTime is less than begin_time or greater than end time
955
   //in xml_access table. This is an implicit deny rule (allow is out of date) 
956
   pStmt = conn.prepareStatement(
1022 957
                "SELECT permission " +
1023 958
                "FROM xml_access " +
1024 959
                "WHERE docid = ? " + 
......
1027 962
                "AND " + sysdate + 
1028 963
                " < " + isnull + "(begin_time," + sysdate + ") " +
1029 964
                "OR " + sysdate + " > "+ isnull + "(end_time," + sysdate + ")");
1030
    //bind docid, perm_type
1031
    pStmt.setString(1, docId);
1032
    pStmt.setString(3, ALLOW);//It is allow
965
   //bind docid, perm_type
966
   pStmt.setString(1, docId);
967
   pStmt.setString(3, ALLOW);//It is allow
1033 968
   
1034
    //bind every elenment in user name array
969
   //bind every elenment in user name array
1035 970
    for (int i=0;i<lengthOfArray; i++)
1036 971
    {
1037 972
      pStmt.setString(2, principals[i]);
......
1063 998
                "AND principal_name = ? " +
1064 999
                "AND perm_type = ? " +
1065 1000
                "AND ticket_count = ?");
1066
    //bind docid, perm_type, ticket_count
1067
    pStmt.setString(1, docId);
1068
    pStmt.setString(3, ALLOW);//It is allow!
1069
    pStmt.setInt(4,0);
1070
    
1071
    //Because this DBConnection used twice in this method. But we only count one
1072
    //when it checked out. So we should increase another one
1073
    conn.increaseUsageCount(1);
1074
    
1075
    //bind every elenment in user name array
1001
   //bind docid, perm_type, ticket_count
1002
   pStmt.setString(1, docId);
1003
   pStmt.setString(3, ALLOW);//It is allow!
1004
   pStmt.setInt(4,0);
1005
   
1006
   //bind every elenment in user name array
1076 1007
    for (int i=0;i<lengthOfArray; i++)
1077 1008
    {
1078 1009
      pStmt.setString(2, principals[i]);
......
1093 1024
         }//if
1094 1025
      }//while
1095 1026
    }//for
1096
   }//try
1097
   finally
1098
   {
1099
     pStmt.close();
1100
     DBConnectionPool.returnDBConnection(conn, serialNumber);
1101
   }//finally
1027
    
1028
    pStmt.close();
1102 1029
    return false;//no implicit deny rule
1103 1030
  }//hasImplicitDenyRule
1104 1031
  
......
1177 1104
                              throws SQLException
1178 1105
  {
1179 1106
    String dataSetId=null;
1180
    PreparedStatement pStmt=null;
1107
    PreparedStatement pStmt;
1181 1108
    ResultSet rs=null;
1182
    DBConnection conn=null;
1183
    int serialNumber=-1;
1184 1109
    String query="SELECT docId from xml_relation where subject = ? or "
1185 1110
                                                +"object = ?";
1186 1111
    
1187
    try
1112
    pStmt=conn.prepareStatement(query);
1113
    //bind the value to query
1114
    pStmt.setString(1, accessDocId);
1115
    pStmt.setString(2, accessDocId);
1116
    //execute the query
1117
    pStmt.execute();
1118
    rs=pStmt.getResultSet();
1119
    //process the result
1120
    if (rs.next()) //There are some records for the data set id for access id
1188 1121
    {
1189
      //check out DBConnection
1190
      conn=DBConnectionPool.getDBConnection("AccessControlList.getDataSetId");
1191
      serialNumber=conn.getCheckOutSerialNumber();
1192
      
1193
      pStmt=conn.prepareStatement(query);
1194
      //bind the value to query
1195
      pStmt.setString(1, accessDocId);
1196
      pStmt.setString(2, accessDocId);
1197
      //execute the query
1198
      pStmt.execute();
1199
      rs=pStmt.getResultSet();
1200
      //process the result
1201
      if (rs.next()) //There are some records for the data set id for access id
1202
      {
1203
        dataSetId=rs.getString(1);
1204
      }
1205
      else //No data set id for the given access id in xml_relation table
1206
      {
1207
        dataSetId=null;
1208
      }
1209
    }//try
1210
    finally
1122
      dataSetId=rs.getString(1);
1123
    }
1124
    else //No data set id for the given access id in xml_relation table
1211 1125
    {
1212
      pStmt.close();
1213
      DBConnectionPool.returnDBConnection(conn, serialNumber);
1126
      dataSetId=null;
1214 1127
    }
1128
    
1129
    
1130
    pStmt.close();
1215 1131
    return dataSetId;
1216 1132
  }//getDataPackageId() 
1217 1133
  
......
1324 1240
    return false;
1325 1241
  }//hasPermission
1326 1242
 
1327

  
1243
  private boolean hasValidDenyEntry(String persmission, String principal, 
1244
                                      String docId)
1245
                  throws SQLException
1246
  {
1247
  //detele the rev number if docid contains it
1248
      docId=MetaCatUtil.getDocIdFromString(docId);
1249
      PreparedStatement pStmt;
1250
      String permissionType;
1251
      int accessValue;
1252
      
1253
      
1254
      try
1255
      {
1256
        pStmt = conn.prepareStatement("select perm_type, permission, begin_time"
1257
                                    + ", end_time from xml_access where " +
1258
                                      "docid like '" + docId +  "' and "
1259
                                    + "principal_name like '"+principal+"'");
1260
        pStmt.execute();
1261
        ResultSet rs = pStmt.getResultSet();
1262
        boolean hasRow = rs.next();
1263
        pStmt.close();
1264
        if(hasRow)
1265
        {
1266
          return true;
1267
        }
1268
      }
1269
      catch(SQLException e)
1270
      {
1271
        throw new SQLException("AccessControlList.hasPermission():2 " +
1272
                     "Error checking ownership for " + principal +
1273
                     " on document #" + docId + ". " + e.getMessage());
1274
      }
1275
      return false;
1276
  }
1328 1277
  /* Decrease the number of access to @docid for @principal in db. */
1329 1278
  private void decreaseNumberOfAccess(int permission, String principal,
1330 1279
                                      String docid, String permType, 
1331 1280
                                      String permOrder) 
1332 1281
               throws SQLException
1333 1282
  {
1334
    PreparedStatement pstmt = null;
1335
    DBConnection conn = null;
1336
    int serialNumber = -1;
1337
    try
1338
    {
1339
      //check out DBConnection
1340
      conn=DBConnectionPool.getDBConnection("AccessControlList.decreaseNumOfA");
1341
      serialNumber=conn.getCheckOutSerialNumber();
1342
      
1343
      pstmt = conn.prepareStatement(
1283
    PreparedStatement pstmt;
1284
    pstmt = conn.prepareStatement(
1344 1285
            "UPDATE xml_access SET ticket_count = ticket_count - 1 " +
1345 1286
            "WHERE docid = ? " +
1346 1287
            "AND principal_name = ? " +
......
1350 1291
            "AND " + sysdate + 
1351 1292
            " BETWEEN " + isnull + "(begin_time," + sysdate + ") " +
1352 1293
                 "AND " + isnull + "(end_time," + sysdate + ")");
1353
      // Bind the values to the query
1354
      pstmt.setString(1, docid);
1355
      pstmt.setString(2, principal);
1356
      pstmt.setInt(3, permission);
1357
      pstmt.setString(4, permType);
1358
      pstmt.setString(5, permOrder);
1294
    // Bind the values to the query
1295
    pstmt.setString(1, docid);
1296
    pstmt.setString(2, principal);
1297
    pstmt.setInt(3, permission);
1298
    pstmt.setString(4, permType);
1299
    pstmt.setString(5, permOrder);
1359 1300

  
1360
      pstmt.execute();
1361
    }//try
1362
    finally
1363
    {
1364
      pstmt.close();
1365
      DBConnectionPool.returnDBConnection(conn, serialNumber);
1366
    }//finally
1301
    pstmt.execute();
1302
    pstmt.close();
1367 1303
  }
1368 1304
 
1369 1305
 
......
1404 1340
    String end_prev = "";
1405 1341
    int ticketCount = -1;
1406 1342
    int ticket_prev = -1;
1407
    DBConnection conn = null;
1408
    int serialNumber = -1;
1409 1343
    
1410 1344
    try {
1411 1345
      
1412
      //check out DBConnection
1413
      conn=DBConnectionPool.getDBConnection("AccessControlList.getACL");
1414
      serialNumber=conn.getCheckOutSerialNumber();
1415
      
1416 1346
      isOwned = isOwned(docid, user);
1417 1347
      systemID = getSystemID((String)MetaCatUtil.
1418 1348
                                      getOptionList(accDoctype).elementAt(0));
......
1553 1483
      throw new 
1554 1484
      SQLException("AccessControlList.getACL(). " + e.getMessage());
1555 1485
    }
1556
    finally
1557
    {
1558
      DBConnectionPool.returnDBConnection(conn, serialNumber);
1559
    }
1560 1486
  }
1561 1487
  
1562 1488
  /* Check if @user is owner of @docid from db conn. */
1563 1489
  private boolean isOwned(String docid, String user) throws SQLException {
1564 1490
    
1565
    PreparedStatement pstmt = null;
1566
    DBConnection conn = null;
1567
    int serialNumber = -1;
1568
    try
1569
    {
1570
      //check out DBConnection
1571
      conn=DBConnectionPool.getDBConnection("AccessControlList.isOwned");
1572
      serialNumber=conn.getCheckOutSerialNumber();
1573
      pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents " +
1491
    PreparedStatement pstmt;
1492
    pstmt = conn.prepareStatement("SELECT 'x' FROM xml_documents " +
1574 1493
                                  "WHERE docid = ? " + 
1575 1494
                                  "AND user_owner = ?");
1576
      pstmt.setString(1, docid);
1577
      pstmt.setString(2, user);
1578
      pstmt.execute();
1579
      ResultSet rs = pstmt.getResultSet();
1580
      boolean hasRow = rs.next();
1581
      return hasRow;
1582
    }
1583
    finally
1584
    {
1585
      DBConnectionPool.returnDBConnection(conn, serialNumber);
1586
    }
1495
    pstmt.setString(1, docid);
1496
    pstmt.setString(2, user);
1497
    pstmt.execute();
1498
    ResultSet rs = pstmt.getResultSet();
1499
    boolean hasRow = rs.next();
1500
    
1501
    return hasRow;
1587 1502
  }
1588 1503

  
1589 1504
  /* Get the flag for public "read" access for @docid from db conn. */
1590 1505
  private String getPublicAccess(String docid) throws SQLException {
1591 1506
    
1592 1507
    int publicAcc = 0;
1593
    PreparedStatement pstmt = null;
1594
    DBConnection conn = null;
1595
    int serialNumber = -1;
1596
    try
1597
    {
1598
      //check out DBConnection
1599
      conn=DBConnectionPool.getDBConnection("AccessControlList.getPublicAcces");
1600
      serialNumber=conn.getCheckOutSerialNumber();
1601
      pstmt = conn.prepareStatement("SELECT public_access FROM xml_documents " +
1508
    PreparedStatement pstmt;
1509
    pstmt = conn.prepareStatement("SELECT public_access FROM xml_documents " +
1602 1510
                                  "WHERE docid = ?");
1603
      pstmt.setString(1, docid);
1604
      pstmt.execute();
1605
      ResultSet rs = pstmt.getResultSet();
1606
      boolean hasRow = rs.next();
1607
      if ( hasRow ) {
1608
        publicAcc = rs.getInt(1);
1609
      }
1511
    pstmt.setString(1, docid);
1512
    pstmt.execute();
1513
    ResultSet rs = pstmt.getResultSet();
1514
    boolean hasRow = rs.next();
1515
    if ( hasRow ) {
1516
      publicAcc = rs.getInt(1);
1517
    }
1610 1518
    
1611
      return (publicAcc == 1) ? "yes" : "no";
1612
    }
1613
    finally
1614
    {
1615
      DBConnectionPool.returnDBConnection(conn, serialNumber);
1616
    }
1519
    return (publicAcc == 1) ? "yes" : "no";
1617 1520
  }
1618 1521

  
1619 1522
  /* Get SystemID for @publicID from Metacat DB Catalog. */
1620 1523
  private String getSystemID(String publicID) throws SQLException {
1621 1524
    
1622 1525
    String systemID = "";
1623
    PreparedStatement pstmt = null;
1624
    DBConnection conn = null;
1625
    int serialNumber = -1;
1626
    
1627
    try
1628
    {
1629
      //check out DBConnection
1630
      conn=DBConnectionPool.getDBConnection("AccessControlList.getSystemID");
1631
      serialNumber=conn.getCheckOutSerialNumber();
1632
    
1633
      pstmt = conn.prepareStatement("SELECT system_id FROM xml_catalog " +
1526
    PreparedStatement pstmt;
1527
    pstmt = conn.prepareStatement("SELECT system_id FROM xml_catalog " +
1634 1528
                                  "WHERE entry_type = 'DTD' " + 
1635 1529
                                  "AND public_id = ?");
1636
      pstmt.setString(1, publicID);
1637
      pstmt.execute();
1638
      ResultSet rs = pstmt.getResultSet();
1639
      boolean hasRow = rs.next();
1640
      if ( hasRow ) {
1641
        systemID = rs.getString(1);
1642
      }
1530
    pstmt.setString(1, publicID);
1531
    pstmt.execute();
1532
    ResultSet rs = pstmt.getResultSet();
1533
    boolean hasRow = rs.next();
1534
    if ( hasRow ) {
1535
      systemID = rs.getString(1);
1536
    }
1643 1537
    
1644
      return systemID;
1645
    }//try
1646
    finally
1647
    {
1648
      DBConnectionPool.returnDBConnection(conn, serialNumber);
1649
    }//finally
1538
    return systemID;
1650 1539
  }
1651 1540

  
1652 1541
}

Also available in: Unified diff