Project

General

Profile

« Previous | Next » 

Revision 1427

Added by Jing Tao about 21 years ago

Change the code to handle permission checking.

View differences:

src/edu/ucsb/nceas/metacat/DBQuery.java
1000 1000 
                  throws SQLException, Exception
1001 1001 
  {
1002 1002 
    // Check for READ permission on @docid for @user and/or @groups
1003 
    //AccessControlList aclobj = new AccessControlList();
1004 
    //return aclobj.hasPermission("READ", user, groups, docid);
1005 
    return AccessControlList.hasPermission("READ", user, groups, docid);
1003 
   PermissionController controller = new PermissionController(docid);
1004 
   return controller.hasPermission(user,groups,
1005 
                                 AccessControlInterface.READSTRING);
1006 1006 
  }
1007 1007 

  		




  1008
  1008
  
    
  /**


  		












  

    
      src/edu/ucsb/nceas/metacat/DocumentImpl.java
    
  





  855
  855
  
    
        if ( currentNode.parentnodeid != currentElement.nodeid ) {


  		




  856
  856
  
    
          while ( currentNode.parentnodeid != currentElement.nodeid ) {


  		




  857
  857
  
    
            currentElement = (NodeRecord)openElements.pop();


  		




  858
  
  
    
            util.debugMessage("\n POPPED: " + currentElement.nodename);


  		




  
  858
  
    
            util.debugMessage("\n POPPED: " + currentElement.nodename, 50);


  		




  859
  859
  
    
            if (previousNodeWasElement) {


  		




  860
  860
  
    
              out.print(">");


  		




  861
  861
  
    
              previousNodeWasElement = false;


  		




  ......




  894
  894
  
    
          }


  		




  895
  895
  
    
        }


  		




  896
  896
  
    
        openElements.push(currentNode);


  		




  897
  
  
    
        util.debugMessage("\n PUSHED: " + currentNode.nodename);


  		




  
  897
  
    
        util.debugMessage("\n PUSHED: " + currentNode.nodename, 50);


  		




  898
  898
  
    
        previousNodeWasElement = true;


  		




  899
  899
  
    
        if ( currentNode.nodeprefix != null ) {


  		




  900
  900
  
    
          out.print("<" + currentNode.nodeprefix + ":" + currentNode.nodename);


  		




  ......




  954
  954
  
    
    while(!openElements.empty())


  		




  955
  955
  
    
    {


  		




  956
  956
  
    
      NodeRecord currentElement = (NodeRecord)openElements.pop();


  		




  957
  
  
    
      util.debugMessage("\n POPPED: " + currentElement.nodename);


  		




  
  957
  
    
      util.debugMessage("\n POPPED: " + currentElement.nodename, 50);


  		




  958
  958
  
    
      if ( currentElement.nodeprefix != null ) {


  		




  959
  959
  
    
        out.print("</" + currentElement.nodeprefix + ":" + 


  		




  960
  960
  
    
                  currentElement.nodename + ">" );


  		




  ......




  1475
  1475
  
    
      char istreamChar;


  		




  1476
  1476
  
    
     


  		




  1477
  1477
  
    
      // check for 'write' permission for 'user' to update this document


  		




  1478
  
  
    
      if ( !hasPermission(user, groups, docid) ) {


  		




  
  1478
  
    
      if ( !hasWritePermission(user, groups, docid) ) {


  		




  1479
  1479
  
    
        throw new Exception("User " + user + 


  		




  1480
  1480
  
    
              " does not have permission to update XML Document #" + accnum);


  		




  1481
  1481
  
    
      }        


  		




  ......




  1550
  1550
  
    
    if ( action.equals("UPDATE") ) {


  		




  1551
  1551
  
    
      // check for 'write' permission for 'user' to update this document


  		




  1552
  1552
  
    

  		




  1553
  
  
    
      if ( !hasPermission(user, groups, docid) ) {


  		




  
  1553
  
    
      if ( !hasWritePermission(user, groups, docid) ) {


  		




  1554
  1554
  
    
        throw new Exception("User " + user + 


  		




  1555
  1555
  
    
              " does not have permission to update XML Document #" + accnum);


  		




  1556
  1556
  
    
      }          


  		




  ......




  1735
  1735
  
    
    


  		




  1736
  1736
  
    

  		




  1737
  1737
  
    
    // check for 'write' permission for 'user' to delete this document


  		




  1738
  
  
    
      if ( !hasPermission(user, groups, docid) ) {


  		




  
  1738
  
    
      if ( !hasWritePermission(user, groups, docid) ) {


  		




  1739
  1739
  
    
        throw new Exception("User " + user + 


  		




  1740
  1740
  
    
              " does not have permission to delete XML Document #" + accnum);


  		




  1741
  1741
  
    
      }


  		




  ......




  1805
  1805
  
    
    * Check for "WRITE" permission on @docid for @user and/or @groups 


  		




  1806
  1806
  
    
    * from DB connection 


  		




  1807
  1807
  
    
    */


  		




  1808
  
  
    
  private static boolean hasPermission (String user,


  		




  
  1808
  
    
  private static boolean hasWritePermission (String user,


  		




  1809
  1809
  
    
                                  String[] groups, String docid ) 


  		




  1810
  1810
  
    
                  throws SQLException, Exception


  		




  1811
  1811
  
    
  {


  		




  1812
  1812
  
    
    // Check for WRITE permission on @docid for @user and/or @groups


  		




  1813
  
  
    
    //AccessControlList aclobj = new AccessControlList(dbconn);


  		




  1814
  
  
    
    return AccessControlList.hasPermission("WRITE", user, groups, docid);


  		




  1815
  
  
    
    //return aclobj.hasPermission("WRITE", user, groups, docid);


  		




  
  1813
  
    
    PermissionController controller = new PermissionController(docid);


  		




  
  1814
  
    
    return controller.hasPermission(user,groups,


  		




  
  1815
  
    
                                    AccessControlInterface.WRITESTRING);


  		




  1816
  1816
  
    
  }


  		




  1817
  1817
  
    

  		




  1818
  1818
  
    
  /** 


  		




  ......




  1827
  1827
  
    
                  throws SQLException, Exception


  		




  1828
  1828
  
    
  {


  		




  1829
  1829
  
    
    // Check for READ permission on @docid for @user and/or @groups


  		




  1830
  
  
    
    //AccessControlList aclObj = new AccessControlList(conn);


  		




  1831
  
  
    
    //return aclObj.hasPermission("READ", user, groups, docId);


  		




  1832
  
  
    
    return AccessControlList.hasPermission("READ", user, groups, docId);


  		




  
  1830
  
    
    PermissionController controller = 


  		




  
  1831
  
    
                        new PermissionController(docId);


  		




  
  1832
  
    
    return controller.hasPermission(user,groups,


  		




  
  1833
  
    
                                            AccessControlInterface.READSTRING);


  		




  1833
  1834
  
    
  }  


  		




  1834
  1835
  
    

  		




  1835
  1836
  
    
  


  		












Also available in:  Unified diff