Revision 1452
Added by Jing Tao almost 22 years ago
| src/edu/ucsb/nceas/metacat/QuerySpecification.java | ||
|---|---|---|
| 174 | 174 |
private String createOwerQuery() |
| 175 | 175 |
{
|
| 176 | 176 |
String ownerQuery = null; |
| 177 |
ownerQuery = "SELECT docid FROM xml_documents WHERE user_owner ='" + |
|
| 178 |
PUBLIC + "'"; |
|
| 177 |
ownerQuery = "SELECT docid FROM xml_documents WHERE "; |
|
| 179 | 178 |
if (userName != null && !userName.equals(""))
|
| 180 | 179 |
{
|
| 181 |
ownerQuery = ownerQuery + " OR user_owner ='"+ userName +"'";
|
|
| 180 |
ownerQuery = ownerQuery + "user_owner ='"+ userName +"'"; |
|
| 182 | 181 |
} |
| 183 | 182 |
|
| 184 |
if (group != null) |
|
| 185 |
{
|
|
| 186 |
for (int i = 0; i< group.length; i++) |
|
| 187 |
{
|
|
| 188 |
String groupUint = group[i]; |
|
| 189 |
if (groupUint != null && !groupUint.equals(""))
|
|
| 190 |
{
|
|
| 191 |
ownerQuery = ownerQuery +" OR user_owner = '" + groupUint + "'"; |
|
| 192 |
}//if |
|
| 193 |
}//for |
|
| 194 |
} |
|
| 195 | 183 |
MetaCatUtil.debugMessage("OwnerQuery: "+ownerQuery, 30);
|
| 196 | 184 |
return ownerQuery; |
| 197 | 185 |
} |
| ... | ... | |
| 737 | 725 |
sql.append("SELECT distinct startnodeid, endnodeid from xml_access ");
|
| 738 | 726 |
sql.append("WHERE docid in (");
|
| 739 | 727 |
sql.append(doclist); |
| 740 |
sql.append(") AND subtreeid IS NOT NULL AND ");
|
|
| 728 |
sql.append(") AND startnodeid IS NOT NULL AND ");
|
|
| 741 | 729 |
sql.append("(");
|
| 742 |
sql.append("(subtreeid NOT IN (SELECT subtreeid from xml_access where ");
|
|
| 730 |
sql.append("(startnodeid NOT IN (SELECT startnodeid from xml_access where ");
|
|
| 743 | 731 |
sql.append(allowString); |
| 744 | 732 |
sql.append(")");
|
| 745 | 733 |
sql.append(")");
|
| 746 |
sql.append(" OR (subtreeid IN (SELECT subtreeid from xml_access where ");
|
|
| 734 |
sql.append(" OR (startnodeid IN (SELECT startnodeid from xml_access where ");
|
|
| 747 | 735 |
sql.append(denyString); |
| 748 | 736 |
sql.append(")");
|
| 749 | 737 |
sql.append(")");
|
Also available in: Unified diff
Add code to handle access control for return fields.