Revision 1369
Added by Jing Tao almost 22 years ago
| src/edu/ucsb/nceas/metacat/MetaCatServlet.java | ||
|---|---|---|
| 43 | 43 |
import java.util.ResourceBundle; |
| 44 | 44 |
import java.util.Random; |
| 45 | 45 |
import java.util.PropertyResourceBundle; |
| 46 |
import java.util.Vector; |
|
| 46 | 47 |
import java.net.URL; |
| 47 | 48 |
import java.net.MalformedURLException; |
| 48 | 49 |
import java.sql.PreparedStatement; |
| ... | ... | |
| 115 | 116 |
private PropertyResourceBundle options = null; |
| 116 | 117 |
private MetaCatUtil util = null; |
| 117 | 118 |
private DBConnectionPool connPool = null; |
| 119 |
private static final String PROLOG = "<?xml version=\"1.0\"?>"; |
|
| 120 |
private static final String SUCCESS = "<success>"; |
|
| 121 |
private static final String SUCCESSCLOSE = "</success>"; |
|
| 122 |
private static final String ERROR = "<error>"; |
|
| 123 |
private static final String ERRORCLOSE = "</error>"; |
|
| 118 | 124 |
|
| 119 | 125 |
/** |
| 120 | 126 |
* Initialize the servlet by creating appropriate database connections |
| ... | ... | |
| 341 | 347 |
PrintWriter out = response.getWriter(); |
| 342 | 348 |
handleValidateAction(out, params); |
| 343 | 349 |
out.close(); |
| 350 |
} else if (action.equals("setaccess")) {
|
|
| 351 |
PrintWriter out = response.getWriter(); |
|
| 352 |
handleSetAccessAction(out, params, username); |
|
| 353 |
out.close(); |
|
| 344 | 354 |
} else if (action.equals("getaccesscontrol")) {
|
| 345 | 355 |
PrintWriter out = response.getWriter(); |
| 346 | 356 |
handleGetAccessControlAction(out,params,response,username,groupnames); |
| ... | ... | |
| 2047 | 2057 |
out.println("</error>");
|
| 2048 | 2058 |
} |
| 2049 | 2059 |
} |
| 2060 |
|
|
| 2061 |
/* |
|
| 2062 |
* A method to handle set access action |
|
| 2063 |
*/ |
|
| 2064 |
private void handleSetAccessAction(PrintWriter out, |
|
| 2065 |
Hashtable params, |
|
| 2066 |
String username) |
|
| 2067 |
{
|
|
| 2068 |
String [] docList = null; |
|
| 2069 |
String [] principalList = null; |
|
| 2070 |
String [] permissionList = null; |
|
| 2071 |
String [] permTypeList = null; |
|
| 2072 |
String [] permOrderList = null; |
|
| 2073 |
String permission = null; |
|
| 2074 |
String permType = null; |
|
| 2075 |
String permOrder = null; |
|
| 2076 |
Vector errorList = new Vector(); |
|
| 2077 |
String error = null; |
|
| 2078 |
Vector successList = new Vector(); |
|
| 2079 |
String success = null; |
|
| 2080 |
|
|
| 2081 |
|
|
| 2082 |
// Get parameters |
|
| 2083 |
if (params.containsKey("docid"))
|
|
| 2084 |
{
|
|
| 2085 |
docList = (String[])params.get("docid");
|
|
| 2086 |
} |
|
| 2087 |
if (params.containsKey("principal"))
|
|
| 2088 |
{
|
|
| 2089 |
principalList = (String[])params.get("principal");
|
|
| 2090 |
} |
|
| 2091 |
if (params.containsKey("permission"))
|
|
| 2092 |
{
|
|
| 2093 |
permissionList = (String[])params.get("permission");
|
|
| 2094 |
|
|
| 2095 |
} |
|
| 2096 |
if (params.containsKey("permType"))
|
|
| 2097 |
{
|
|
| 2098 |
permTypeList = (String[])params.get("permType");
|
|
| 2099 |
|
|
| 2100 |
} |
|
| 2101 |
if (params.containsKey("permOrder"))
|
|
| 2102 |
{
|
|
| 2103 |
permOrderList = (String[])params.get("permOrder");
|
|
| 2104 |
|
|
| 2105 |
} |
|
| 2106 |
|
|
| 2107 |
// Make sure the parameter is not null |
|
| 2108 |
if (docList == null || principalList == null || permTypeList == null || |
|
| 2109 |
permissionList == null) |
|
| 2110 |
{
|
|
| 2111 |
error = "Please check your parameter list, it should look like: "+ |
|
| 2112 |
"?action=setaccess&docid=pipeline.1.1&principal=public" + |
|
| 2113 |
"&permission=read&permType=allow&permOrder=allowFirst"; |
|
| 2114 |
errorList.addElement(error); |
|
| 2115 |
outputResponse(successList, errorList, out); |
|
| 2116 |
return; |
|
| 2117 |
} |
|
| 2118 |
|
|
| 2119 |
// Only select first element for permission, type and order |
|
| 2120 |
permission = permissionList[0]; |
|
| 2121 |
permType = permTypeList[0]; |
|
| 2122 |
if (permOrderList != null) |
|
| 2123 |
{
|
|
| 2124 |
permOrder = permOrderList[0]; |
|
| 2125 |
} |
|
| 2126 |
|
|
| 2127 |
// Get package doctype set |
|
| 2128 |
Vector packageSet =MetaCatUtil.getOptionList( |
|
| 2129 |
MetaCatUtil.getOption("packagedoctypeset"));
|
|
| 2130 |
//debug |
|
| 2131 |
if (packageSet != null) |
|
| 2132 |
{
|
|
| 2133 |
for (int i = 0; i<packageSet.size(); i++) |
|
| 2134 |
{
|
|
| 2135 |
MetaCatUtil.debugMessage("doctype in package set: " +
|
|
| 2136 |
(String)packageSet.elementAt(i), 34); |
|
| 2137 |
} |
|
| 2138 |
}//if |
|
| 2139 |
|
|
| 2140 |
// handle every accessionNumber |
|
| 2141 |
for (int i=0; i <docList.length; i++) |
|
| 2142 |
{
|
|
| 2143 |
String accessionNumber = docList[i]; |
|
| 2144 |
String owner = null; |
|
| 2145 |
String publicId = null; |
|
| 2146 |
// Get document owner and public id |
|
| 2147 |
try |
|
| 2148 |
{
|
|
| 2149 |
owner = getFieldValueForDoc(accessionNumber, "user_owner"); |
|
| 2150 |
publicId = getFieldValueForDoc(accessionNumber, "doctype"); |
|
| 2151 |
}//try |
|
| 2152 |
catch (Exception e) |
|
| 2153 |
{
|
|
| 2154 |
MetaCatUtil.debugMessage("Error in handleSetAccessAction: " +
|
|
| 2155 |
e.getMessage(), 30); |
|
| 2156 |
error = "Error in set access control for document - " + accessionNumber+ |
|
| 2157 |
e.getMessage(); |
|
| 2158 |
errorList.addElement(error); |
|
| 2159 |
continue; |
|
| 2160 |
} |
|
| 2161 |
//check if user is the owner. Only owner can do owner |
|
| 2162 |
if (username == null || owner == null || !username.equals(owner)) |
|
| 2163 |
{
|
|
| 2164 |
error = "User - " + username + " does not have permission to set " + |
|
| 2165 |
"access control for docid - " + accessionNumber; |
|
| 2166 |
errorList.addElement(error); |
|
| 2167 |
continue; |
|
| 2168 |
} |
|
| 2169 |
|
|
| 2170 |
// If docid publicid is BIN data file or other beta4, 6 package document |
|
| 2171 |
// we could not do set access control. Because we don't want inconsistent |
|
| 2172 |
// to its access docuemnt |
|
| 2173 |
if (publicId!=null && packageSet!=null && packageSet.contains(publicId)) |
|
| 2174 |
{
|
|
| 2175 |
error = "Could not set access control to document "+ accessionNumber + |
|
| 2176 |
"because it is in a pakcage and it has a access file for it"; |
|
| 2177 |
errorList.addElement(error); |
|
| 2178 |
continue; |
|
| 2179 |
} |
|
| 2180 |
|
|
| 2181 |
// for every principle |
|
| 2182 |
for (int j = 0; j<principalList.length; j++) |
|
| 2183 |
{
|
|
| 2184 |
String principal = principalList[j]; |
|
| 2185 |
try |
|
| 2186 |
{
|
|
| 2187 |
//insert permission |
|
| 2188 |
AccessControlForSingleFile accessControl = new |
|
| 2189 |
AccessControlForSingleFile(accessionNumber, |
|
| 2190 |
principal, permission, permType, permOrder); |
|
| 2191 |
accessControl.insertPermissions(); |
|
| 2192 |
success = "Set access control to document "+ accessionNumber + |
|
| 2193 |
" successfully"; |
|
| 2194 |
successList.addElement(success); |
|
| 2195 |
} |
|
| 2196 |
catch (Exception ee) |
|
| 2197 |
{
|
|
| 2198 |
MetaCatUtil.debugMessage("Erorr in handleSetAccessAction2: " +
|
|
| 2199 |
ee.getMessage(), 30); |
|
| 2200 |
error = "Faild to set access control for document " + |
|
| 2201 |
accessionNumber + " because " + ee.getMessage(); |
|
| 2202 |
errorList.addElement(error); |
|
| 2203 |
continue; |
|
| 2204 |
} |
|
| 2205 |
}//for every principle |
|
| 2206 |
}//for every document |
|
| 2207 |
outputResponse(successList, errorList, out); |
|
| 2208 |
}//handleSetAccessAction |
|
| 2209 |
|
|
| 2210 |
|
|
| 2211 |
/* |
|
| 2212 |
* A method try to determin a docid's public id, if couldn't find null |
|
| 2213 |
* will be returned. |
|
| 2214 |
*/ |
|
| 2215 |
private String getFieldValueForDoc(String accessionNumber, String fieldName) |
|
| 2216 |
throws Exception |
|
| 2217 |
{
|
|
| 2218 |
if (accessionNumber==null || accessionNumber.equals("") ||fieldName == null
|
|
| 2219 |
|| fieldName.equals(""))
|
|
| 2220 |
{
|
|
| 2221 |
throw new Exception("Docid or field name was not specified");
|
|
| 2222 |
} |
|
| 2223 |
|
|
| 2224 |
PreparedStatement pstmt = null; |
|
| 2225 |
ResultSet rs = null; |
|
| 2226 |
String fieldValue = null; |
|
| 2227 |
String docId = null; |
|
| 2228 |
DBConnection conn = null; |
|
| 2229 |
int serialNumber = -1; |
|
| 2230 |
|
|
| 2231 |
// get rid of revision if access number has |
|
| 2232 |
docId = MetaCatUtil.getDocIdFromString(accessionNumber); |
|
| 2233 |
try |
|
| 2234 |
{
|
|
| 2235 |
//check out DBConnection |
|
| 2236 |
conn=DBConnectionPool.getDBConnection("MetaCatServlet.getPublicIdForDoc");
|
|
| 2237 |
serialNumber=conn.getCheckOutSerialNumber(); |
|
| 2238 |
pstmt = conn.prepareStatement( |
|
| 2239 |
"SELECT " + fieldName + " FROM xml_documents " + |
|
| 2240 |
"WHERE docid = ? "); |
|
| 2241 |
|
|
| 2242 |
pstmt.setString(1, docId); |
|
| 2243 |
pstmt.execute(); |
|
| 2244 |
rs = pstmt.getResultSet(); |
|
| 2245 |
boolean hasRow = rs.next(); |
|
| 2246 |
int perm = 0; |
|
| 2247 |
if ( hasRow ) |
|
| 2248 |
{
|
|
| 2249 |
fieldValue = rs.getString(1); |
|
| 2250 |
} |
|
| 2251 |
else |
|
| 2252 |
{
|
|
| 2253 |
throw new Exception("Could not find document: "+accessionNumber);
|
|
| 2254 |
} |
|
| 2255 |
}//try |
|
| 2256 |
catch (Exception e) |
|
| 2257 |
{
|
|
| 2258 |
MetaCatUtil.debugMessage("Exception in MetacatServlet.getPublicIdForDoc: "
|
|
| 2259 |
+ e.getMessage(), 30); |
|
| 2260 |
throw e; |
|
| 2261 |
} |
|
| 2262 |
finally |
|
| 2263 |
{
|
|
| 2264 |
try |
|
| 2265 |
{
|
|
| 2266 |
rs.close(); |
|
| 2267 |
pstmt.close(); |
|
| 2268 |
|
|
| 2269 |
} |
|
| 2270 |
finally |
|
| 2271 |
{
|
|
| 2272 |
DBConnectionPool.returnDBConnection(conn, serialNumber); |
|
| 2273 |
} |
|
| 2274 |
} |
|
| 2275 |
return fieldValue; |
|
| 2276 |
}//getFieldValueForDoc |
|
| 2277 |
|
|
| 2278 |
/* |
|
| 2279 |
* A method to output setAccess action result |
|
| 2280 |
*/ |
|
| 2281 |
private void outputResponse(Vector successList, |
|
| 2282 |
Vector errorList, |
|
| 2283 |
PrintWriter out) |
|
| 2284 |
{
|
|
| 2285 |
boolean error = false; |
|
| 2286 |
boolean success = false; |
|
| 2287 |
// Output prolog |
|
| 2288 |
out.println(PROLOG); |
|
| 2289 |
// output success message |
|
| 2290 |
if ( successList != null) |
|
| 2291 |
{
|
|
| 2292 |
for (int i = 0; i<successList.size(); i++) |
|
| 2293 |
{
|
|
| 2294 |
out.println(SUCCESS); |
|
| 2295 |
out.println((String)successList.elementAt(i)); |
|
| 2296 |
out.println(SUCCESSCLOSE); |
|
| 2297 |
success = true; |
|
| 2298 |
}//for |
|
| 2299 |
}//if |
|
| 2300 |
// output error message |
|
| 2301 |
if (errorList != null) |
|
| 2302 |
{
|
|
| 2303 |
for (int i = 0; i<errorList.size(); i++) |
|
| 2304 |
{
|
|
| 2305 |
out.println(ERROR); |
|
| 2306 |
out.println((String)errorList.elementAt(i)); |
|
| 2307 |
out.println(ERRORCLOSE); |
|
| 2308 |
error = true; |
|
| 2309 |
}//for |
|
| 2310 |
}//if |
|
| 2311 |
|
|
| 2312 |
// if no error and no success info, send a error that nothing happened |
|
| 2313 |
if( !error && !success) |
|
| 2314 |
{
|
|
| 2315 |
out.println(ERROR); |
|
| 2316 |
out.println("Nothing happend for setaccess action");
|
|
| 2317 |
out.println(ERRORCLOSE); |
|
| 2318 |
} |
|
| 2319 |
|
|
| 2320 |
}//outputResponse |
|
| 2050 | 2321 |
} |
Also available in: Unified diff
Create a action setaccess for assign access rule to single file.