Revision 1303
Added by Jing Tao about 22 years ago
| src/edu/ucsb/nceas/metacat/DBQuery.java | ||
|---|---|---|
| 228 | 228 |
QuerySpecification qspec = new QuerySpecification(xmlquery, |
| 229 | 229 |
parserName, |
| 230 | 230 |
util.getOption("accNumSeparator"));
|
| 231 |
// set user name and group |
|
| 232 |
qspec.setUserName(user); |
|
| 233 |
qspec.setGroup(groups); |
|
| 231 |
|
|
| 234 | 232 |
String query = qspec.printSQL(useXMLIndex); |
| 233 |
String ownerQuery = getOwnerQuery(user); |
|
| 235 | 234 |
MetaCatUtil.debugMessage("query: "+query, 30);
|
| 236 |
// Get access query |
|
| 237 |
String accessQuery = qspec.getAccessQuery(); |
|
| 238 |
query = query + accessQuery; |
|
| 239 |
MetaCatUtil.debugMessage(" final query: "+query, 30);
|
|
| 235 |
//MetaCatUtil.debugMessage("query: "+ownerQuery, 30);
|
|
| 236 |
// if query is not the owner query, we need to check the permission |
|
| 237 |
// otherwise we don't need (owner has all permission by default) |
|
| 238 |
if (!query.equals(ownerQuery)) |
|
| 239 |
{
|
|
| 240 |
// set user name and group |
|
| 241 |
qspec.setUserName(user); |
|
| 242 |
qspec.setGroup(groups); |
|
| 243 |
// Get access query |
|
| 244 |
String accessQuery = qspec.getAccessQuery(); |
|
| 245 |
query = query + accessQuery; |
|
| 246 |
MetaCatUtil.debugMessage(" final query: "+query, 30);
|
|
| 247 |
} |
|
| 240 | 248 |
|
| 241 | 249 |
double startTime = System.currentTimeMillis()/1000; |
| 242 | 250 |
pstmt = dbconn.prepareStatement(query); |
| ... | ... | |
| 544 | 552 |
return docListResult; |
| 545 | 553 |
} |
| 546 | 554 |
|
| 555 |
/* |
|
| 556 |
* A method to create a query to get owner's docid list |
|
| 557 |
*/ |
|
| 558 |
private String getOwnerQuery(String owner) |
|
| 559 |
{
|
|
| 560 |
StringBuffer self = new StringBuffer(); |
|
| 561 |
|
|
| 562 |
self.append("SELECT docid,docname,doctype,");
|
|
| 563 |
self.append("date_created, date_updated, rev ");
|
|
| 564 |
self.append("FROM xml_documents WHERE docid IN (");
|
|
| 565 |
self.append("(");
|
|
| 566 |
self.append("SELECT DISTINCT docid FROM xml_nodes WHERE \n");
|
|
| 567 |
self.append("nodedata LIKE '%%%' ");
|
|
| 568 |
self.append(") \n");
|
|
| 569 |
self.append(") ");
|
|
| 570 |
self.append(" AND (");
|
|
| 571 |
self.append(" user_owner = '" + owner + "'");
|
|
| 572 |
self.append(") ");
|
|
| 573 |
return self.toString(); |
|
| 574 |
} |
|
| 547 | 575 |
/** |
| 548 | 576 |
* returns a string array of the contents of a particular node. |
| 549 | 577 |
* If the node appears more than once, the contents are returned |
Also available in: Unified diff
Create a shortcut for the query to get user's onwer doc lists. Create a private method named getOwnerQuery. If the coming query equals the owner query, the access permission checking would NOT append to the comming query. Because the owner has all permission.