Revision 1446
Added by Jing Tao over 21 years ago
| src/edu/ucsb/nceas/metacat/QuerySpecification.java | ||
|---|---|---|
| 203 | 203 |
private String createAllowRuleQuery() |
| 204 | 204 |
{
|
| 205 | 205 |
String allowQuery = null; |
| 206 |
allowQuery ="SELECT docid from xml_access WHERE "; |
|
| 207 |
// add allow rule for user name |
|
| 208 |
if (userName != null && !userName.equals(""))
|
|
| 206 |
String allowString = constructAllowString(); |
|
| 207 |
allowQuery ="SELECT docid from xml_access WHERE "+allowString; |
|
| 208 |
MetaCatUtil.debugMessage("allow query is: "+ allowQuery, 30);
|
|
| 209 |
return allowQuery; |
|
| 210 |
|
|
| 211 |
|
|
| 212 |
} |
|
| 213 |
|
|
| 214 |
/* Method to construct a allow rule string */ |
|
| 215 |
private String constructAllowString() |
|
| 216 |
{
|
|
| 217 |
String allowQuery =""; |
|
| 218 |
// add allow rule for user name |
|
| 219 |
if (userName != null && !userName.equals(""))
|
|
| 209 | 220 |
{
|
| 210 | 221 |
allowQuery = allowQuery +"(principal_name = '" + userName |
| 211 | 222 |
+"' AND perm_type = 'allow'" |
| ... | ... | |
| 230 | 241 |
}//if |
| 231 | 242 |
}//for |
| 232 | 243 |
}//if |
| 233 |
MetaCatUtil.debugMessage("allow query is: "+ allowQuery, 30);
|
|
| 244 |
MetaCatUtil.debugMessage("allow string is: "+ allowQuery, 40);
|
|
| 234 | 245 |
return allowQuery; |
| 235 |
|
|
| 236 | 246 |
} |
| 237 | 247 |
|
| 238 | 248 |
/* |
| ... | ... | |
| 243 | 253 |
private String createDenyRuleQuery() |
| 244 | 254 |
{
|
| 245 | 255 |
String denyQuery = null; |
| 246 |
denyQuery ="SELECT docid from xml_access WHERE "; |
|
| 256 |
String denyString = constructDenyString(); |
|
| 257 |
denyQuery ="SELECT docid from xml_access WHERE " + denyString; |
|
| 258 |
MetaCatUtil.debugMessage("denyquery is: "+ denyQuery, 30);
|
|
| 259 |
return denyQuery; |
|
| 260 |
|
|
| 261 |
} |
|
| 262 |
/* Construct deny string */ |
|
| 263 |
private String constructDenyString() |
|
| 264 |
{
|
|
| 265 |
String denyQuery =""; |
|
| 247 | 266 |
// add deny rule for user name |
| 248 | 267 |
if (userName != null && !userName.equals(""))
|
| 249 | 268 |
{
|
| ... | ... | |
| 273 | 292 |
}//if |
| 274 | 293 |
}//for |
| 275 | 294 |
}//if |
| 276 |
MetaCatUtil.debugMessage("denyquery is: "+ denyQuery, 30);
|
|
| 277 | 295 |
return denyQuery; |
| 278 |
|
|
| 279 | 296 |
} |
| 280 | 297 |
|
| 281 | 298 |
/** |
| ... | ... | |
| 707 | 724 |
return self.toString(); |
| 708 | 725 |
} |
| 709 | 726 |
|
| 727 |
/** This sql command will selecet startnodeid and endnodeid that user can NOT |
|
| 728 |
* access |
|
| 729 |
*/ |
|
| 730 |
public String printAccessControlSQLForReturnField(String doclist) |
|
| 731 |
{
|
|
| 732 |
StringBuffer sql = new StringBuffer(); |
|
| 733 |
String allowString = constructAllowString(); |
|
| 734 |
String denyString = constructDenyString(); |
|
| 735 |
sql.append("SELECT startnodeid, endnodeid from xml_access ");
|
|
| 736 |
sql.append("WHERE docid in (");
|
|
| 737 |
sql.append(doclist); |
|
| 738 |
sql.append(") AND subtreeid IS NOT NULL AND ");
|
|
| 739 |
sql.append("(");
|
|
| 740 |
sql.append("(subtreeid NOT IN (SELECT subtreeid from xml_access where ");
|
|
| 741 |
sql.append(allowString); |
|
| 742 |
sql.append(")");
|
|
| 743 |
sql.append(")");
|
|
| 744 |
sql.append(" OR (subtreeid IN (SELECT subtreeid from xml_access where ");
|
|
| 745 |
sql.append(denyString); |
|
| 746 |
sql.append(")");
|
|
| 747 |
sql.append(")");
|
|
| 748 |
sql.append(")");
|
|
| 749 |
MetaCatUtil.debugMessage("accessControlSQLForReturnField: " +
|
|
| 750 |
sql.toString(), 30); |
|
| 751 |
return sql.toString(); |
|
| 752 |
} |
|
| 753 |
|
|
| 710 | 754 |
/** |
| 711 | 755 |
* This method prints sql based upon the <returnfield> tag in the |
| 712 | 756 |
* pathquery document. This allows for customization of the |
Also available in: Unified diff
Add a access control query for return fields.