Revision 1301
Added by Jing Tao about 22 years ago
| src/edu/ucsb/nceas/metacat/QuerySpecification.java | ||
|---|---|---|
| 79 | 79 |
private String parserName = null; |
| 80 | 80 |
private String accNumberSeparator = null; |
| 81 | 81 |
private static final AbstractDatabase dbAdapter = MetaCatUtil.dbAdapter; |
| 82 |
|
|
| 83 |
private String userName = null; |
|
| 84 |
private static final String PUBLIC = "public"; |
|
| 85 |
private String [] group = null; |
|
| 82 | 86 |
|
| 83 | 87 |
|
| 84 | 88 |
/** |
| ... | ... | |
| 130 | 134 |
String accNumberSeparator) throws IOException {
|
| 131 | 135 |
this(new StringReader(queryspec), parserName, accNumberSeparator); |
| 132 | 136 |
} |
| 137 |
|
|
| 138 |
/** |
|
| 139 |
* Method to set user name |
|
| 140 |
* |
|
| 141 |
* @param myName the user name |
|
| 142 |
*/ |
|
| 143 |
public void setUserName(String myName) |
|
| 144 |
{
|
|
| 145 |
this.userName = myName; |
|
| 146 |
} |
|
| 147 |
|
|
| 148 |
/** |
|
| 149 |
* Method to set user group |
|
| 150 |
* |
|
| 151 |
* @param myGroup the user group |
|
| 152 |
*/ |
|
| 153 |
public void setGroup(String [] myGroup) |
|
| 154 |
{
|
|
| 155 |
this.group = myGroup; |
|
| 156 |
} |
|
| 157 |
|
|
| 158 |
/* |
|
| 159 |
* Method to get owner query. If it is owner it has all permission |
|
| 160 |
*/ |
|
| 161 |
private String createOwerQuery() |
|
| 162 |
{
|
|
| 163 |
String ownerQuery = null; |
|
| 164 |
ownerQuery = "SELECT docid FROM xml_documents WHERE user_owner ='" + |
|
| 165 |
PUBLIC + "'"; |
|
| 166 |
if (userName != null && !userName.equals(""))
|
|
| 167 |
{
|
|
| 168 |
ownerQuery = ownerQuery + " OR user_owner ='"+ userName +"'"; |
|
| 169 |
} |
|
| 170 |
|
|
| 171 |
if (group != null) |
|
| 172 |
{
|
|
| 173 |
for (int i = 0; i< group.length; i++) |
|
| 174 |
{
|
|
| 175 |
String groupUint = group[i]; |
|
| 176 |
if (groupUint != null && !groupUint.equals(""))
|
|
| 177 |
{
|
|
| 178 |
ownerQuery = ownerQuery +" OR user_owner = '" + groupUint + "'"; |
|
| 179 |
}//if |
|
| 180 |
}//for |
|
| 181 |
} |
|
| 182 |
MetaCatUtil.debugMessage("OwnerQuery: "+ownerQuery, 30);
|
|
| 183 |
return ownerQuery; |
|
| 184 |
} |
|
| 185 |
|
|
| 186 |
/* |
|
| 187 |
* Method to create query for xml_access, this part is to get docid list which |
|
| 188 |
* have a allow rule for a given user |
|
| 189 |
*/ |
|
| 190 |
private String createAllowRuleQuery() |
|
| 191 |
{
|
|
| 192 |
String allowQuery = null; |
|
| 193 |
allowQuery ="SELECT docid from xml_access WHERE "; |
|
| 194 |
// add allow rule for user name |
|
| 195 |
if (userName != null && !userName.equals(""))
|
|
| 196 |
{
|
|
| 197 |
allowQuery = allowQuery +"(principal_name = '" + userName |
|
| 198 |
+"' AND perm_type = 'allow')"; |
|
| 199 |
} |
|
| 200 |
// add allow rule for public |
|
| 201 |
allowQuery = allowQuery +"OR (principal_name = '" + PUBLIC |
|
| 202 |
+"' AND perm_type = 'allow')"; |
|
| 203 |
|
|
| 204 |
// add allow rule for group |
|
| 205 |
if (group != null) |
|
| 206 |
{
|
|
| 207 |
for (int i = 0; i< group.length; i++) |
|
| 208 |
{
|
|
| 209 |
String groupUint = group[i]; |
|
| 210 |
if (groupUint != null && !groupUint.equals(""))
|
|
| 211 |
{
|
|
| 212 |
allowQuery = allowQuery +" OR (principal_name = '" + groupUint |
|
| 213 |
+"' AND perm_type = 'allow')"; |
|
| 214 |
}//if |
|
| 215 |
}//for |
|
| 216 |
}//if |
|
| 217 |
MetaCatUtil.debugMessage("allow query is: "+ allowQuery, 30);
|
|
| 218 |
return allowQuery; |
|
| 219 |
|
|
| 220 |
} |
|
| 133 | 221 |
|
| 222 |
/* |
|
| 223 |
* Method to create query for xml_access, this part is to get docid list which |
|
| 224 |
* have a deny rule and perm_order is allowFirst for a given user. This means |
|
| 225 |
* the user will be denied to read |
|
| 226 |
*/ |
|
| 227 |
private String createDenyRuleQuery() |
|
| 228 |
{
|
|
| 229 |
String denyQuery = null; |
|
| 230 |
denyQuery ="SELECT docid from xml_access WHERE "; |
|
| 231 |
// add deny rule for user name |
|
| 232 |
if (userName != null && !userName.equals(""))
|
|
| 233 |
{
|
|
| 234 |
denyQuery = denyQuery +"(principal_name = '" + userName |
|
| 235 |
+"' AND perm_type = 'deny' " |
|
| 236 |
+"AND perm_order ='allowFirst')"; |
|
| 237 |
} |
|
| 238 |
// add deny rule for public |
|
| 239 |
denyQuery = denyQuery +"OR (principal_name = '" + PUBLIC |
|
| 240 |
+"' AND perm_type = 'deny' " |
|
| 241 |
+"AND perm_order ='allowFirst')"; |
|
| 242 |
|
|
| 243 |
// add allow rule for group |
|
| 244 |
if (group != null) |
|
| 245 |
{
|
|
| 246 |
for (int i = 0; i< group.length; i++) |
|
| 247 |
{
|
|
| 248 |
String groupUint = group[i]; |
|
| 249 |
if (groupUint != null && !groupUint.equals(""))
|
|
| 250 |
{
|
|
| 251 |
denyQuery = denyQuery +" OR (principal_name = '" + groupUint |
|
| 252 |
+"' AND perm_type = 'deny' " |
|
| 253 |
+"AND perm_order ='allowFirst')"; |
|
| 254 |
}//if |
|
| 255 |
}//for |
|
| 256 |
}//if |
|
| 257 |
MetaCatUtil.debugMessage("denyquery is: "+ denyQuery, 30);
|
|
| 258 |
return denyQuery; |
|
| 259 |
|
|
| 260 |
} |
|
| 261 |
|
|
| 262 |
/** |
|
| 263 |
* Method to append a access control query to SQL. So in DBQuery class, we can |
|
| 264 |
* get docid from both user specified query and access control query. We don't |
|
| 265 |
* need to checking permission after we get the doclist. It will be good to |
|
| 266 |
* performance |
|
| 267 |
* |
|
| 268 |
*/ |
|
| 269 |
public String getAccessQuery() |
|
| 270 |
{
|
|
| 271 |
String accessQuery = null; |
|
| 272 |
String onwer = createOwerQuery(); |
|
| 273 |
String allow = createAllowRuleQuery(); |
|
| 274 |
String deny = createDenyRuleQuery(); |
|
| 275 |
accessQuery = " AND (docid IN("+ onwer + ")";
|
|
| 276 |
accessQuery = accessQuery + " OR (docid IN (" + allow + ")"
|
|
| 277 |
+ " AND docid NOT IN ("+ deny + ")))";
|
|
| 278 |
MetaCatUtil.debugMessage("accessquery is: "+ accessQuery, 30);
|
|
| 279 |
return accessQuery; |
|
| 280 |
} |
|
| 281 |
|
|
| 134 | 282 |
/** Main routine for testing */ |
| 135 | 283 |
static public void main(String[] args) {
|
| 136 | 284 |
|
Also available in: Unified diff
Add three private method: createOwnerQuery, createAllowRuleQuery and createDenyRuleQuery. And three public methods: setUserName, setGroup and getAccessQuery.